full
Breaking into Cybersecurity - Leadership - David Adeoye Abodunrin
Breaking into Cybersecurity Leadership - David Adeoye Abodunrin
David Adeoye Abodunrin on LinkedIn -
https://www.linkedin.com/in/abodunrinadeoyedavid/
Sponsored by CPF Coaching LLC - http://cpf-coaching.com
The Breaking into Cybersecurity: It’s a conversation about what they did
before, why did they pivot into cyber, what the process was they went
through Breaking Into Cybersecurity, how they keep up, and
advice/tips/tricks along the way.
The Breaking into Cybersecurity Leadership Series is an additional
series focused on cybersecurity leadership and hearing directly from
different leaders in cybersecurity (high and low) on what it takes to be
a successful leader. We focus on the skills and competencies associated
with cybersecurity leadership and tips/tricks/advice from cybersecurity
leaders.
This podcast runs on listener support and funding. Consider supporting
this podcast:
https://breaking-into-cybersecurity.captivate.fm/support
Check out our books:
Develop Your Cybersecurity Career Path: How to Break into Cybersecurity
at Any Level: https://amzn.to/3443AUI
Hack the Cybersecurity Interview: A complete interview preparation guide
for jumpstarting your cybersecurity career
https://www.amazon.com/dp/1801816638/
_________________________________________
About the hosts:
Christophe Foulon focuses on helping to secure people and processes with
a solid understanding of the technology involved. He has over ten years
of experience as an experienced Information Security Manager and
Cybersecurity Strategist with a passion for customer service, process
improvement, and information security. He has significant experience in
optimizing the use of technology while balancing the implications to
people, processes, and information security by using a consultative
approach.
https://www.linkedin.com/in/christophefoulon/
Find out more about CPF-Coaching at https://www.cpf-coaching.com
- Website: https://www.cyberhubpodcast.com/breakingintocybersecurity
- Podcast: https://feeds.captivate.fm/breaking-into-cybersecurity/
- YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity
- Linkedin:
https://www.linkedin.com/company/breaking-into-cybersecurity/
- Twitter: https://twitter.com/BreakintoCyber
- Twitch: https://www.twitch.tv/breakingintocybersecurity
Want to create live streams like this? Check out StreamYard:
https://streamyard.com/pal/d/6338015336071168
Mentioned in this episode:
Transcript
Welcome to another episode of Breaking into Cybersecurity Leadership,
2
:where we talk to cybersecurity leaders
about developing our next generation.
3
:Today we have David will be
sharing his experience of getting
4
:into cybersecurity leadership and
sharing his tips and tricks for you.
5
:Before we get started call for everyone.
6
:If you're seeing this,
share this with others.
7
:'cause we do need a diverse set of leaders
as well as a diverse set of individual
8
:contributors within the cybersecurity
environment so that we could tackle the
9
:complex problems of today and tomorrow.
10
:David tell us a little bit
about your background and what
11
:got you into cybersecurity.
12
:I.
13
:David Adeoye Abodunrin: All right.
14
:My joining to cybersecurity
is a very interesting one.
15
:Having started my career in core
technology telecommunications, Pure
16
:signaling, uh, long distance communication
stuff, antennas and all of those things.
17
:That was the beginning after
my first degree in electronics,
18
:computer engineering, telecoms was
my passion and my love at the time.
19
:So went round, did external line
plans switching some routing.
20
:So basic stuff for was
C-N-E-C-C-M-P certified.
21
:Worked with a few organizations
in network administration
22
:and all of those early stuff.
23
:And somewhere at the fourth to the
fifth year in my career I began
24
:to notice a couple of things.
25
:There was a lot of prestige
and respect around security.
26
:That was the days of the Cisco
CCDP certification, design,
27
:security, professional Security
Pro CCSP, security professional.
28
:There was a lot of respect and
prestige along those lines and just.
29
:And excited anytime the CCSP guys came
in, they came in only once in a while
30
:and they collected fat monies that the
c the CCMP guys weren't collecting.
31
:anD I was like, what is going on here?
32
:These guys and their
routers are very expensive.
33
:tHe switches are very expensive and they
don't they don't particularly do too much.
34
:They're just there.
35
:Not much was but they
got paid very highly.
36
:And so that was also about the time when
the telecoms revolution in my country
37
:started where we moved from the pt PSTN
network to the core select technology.
38
:I had the benefit and the advantage
of being part of that transition and
39
:having understanding about external.
40
:And also at the transmission centers the
long distance trans transmission centers.
41
:I got interested in security
after an incident as a young
42
:engineer where heads began to roll.
43
:There was a breach in the switch, uh,
the billing platform of the night tale.
44
:Tel is communications limited.
45
:There was a breach in billing, and
that breach was very significant.
46
:So my the entire, everyone caught cold.
47
:Everyone was very troubled
and that started, they had to
48
:implement some security features.
49
:In the switch.
50
:And that began my foray and my
interests beyond traditional signaling,
51
:beyond common channel signaling
seven systems and the common things
52
:we do both in switching and routing.
53
:That's apart from the traditional
network on the telco network side.
54
:So I read up a few of the chapters in
the security professional book and.
55
:Sensitized.
56
:Then we had as a network administrator,
one of the clients I worked for,
57
:we had a security breach where
someone's password was breached.
58
:As a network, as a young network
administrator, the amount of pressure
59
:that came with it, the user issues,
the stress and how much management
60
:hit energy on further securing.
61
:Those networks and those issues and
then it was amazing for the first time.
62
:It was an rare moment for me for
the first time when I saw how
63
:much potentially we could lose.
64
:In that case, we didn't lose much,
but how much we could potentially
65
:lose was a very big issue for me.
66
:It was, I kept turning and tossing
on my bed, what if the wrong, because
67
:that's a very small person who had.
68
:Access to very sensitive systems.
69
:He was the person who authorized
everything when payment is in
70
:and it's gonna go in hundreds of
millions, he was one to go to.
71
:So I was like, wait a minute guys,
what if something happens to this man?
72
:And his password is compromised, is beaten
up, and his password is compromised,
73
:and we have to, pay heavily for it.
74
:That began my strong journey
and my strong desire to ensure
75
:that I master cybersecurity.
76
:So I began to, get interested, do
conferences, read more around it.
77
:And that started the journey for me.
78
:And of course, I also, I made a good
transition into program management,
79
:where now implement projects and
for whatever reason, . Cybersecurity
80
:projects started getting thrust at
me strengthening infrastructure,
81
:toughening up infrastructure, improving
identity, uh, systems and all of that.
82
:And then along the line, I stumbled also
into card transactions and the import
83
:of those and the amount of fraud that
happens, or the amount of fraud that
84
:industry up because, geometric rise in
the transaction rates on the planet.
85
:thE internet has become the place.
86
:You have it online.
87
:You seldom buy.
88
:I use my phone, the NF NFC here right
now to, to all the way from taxis.
89
:To eating at the restaurant, to
ordering something on Amazon.
90
:Everything is up ally but then at
this time it was still starting.
91
:aNd so all of that energy and as I
observed the future trends and the
92
:challenges around cards, I got more
interested in cybersecurity and I've
93
:been on this journey in total for about.
94
:To decades kids been there, done that.
95
:I've worked within the ERP domain, rolled
out ERPs, rolled out infrastructure
96
:on the technology technical side,
been here, done that and it's been
97
:a very, pretty amazing experience.
98
:Loads of lessons lose of very
difficult moments, uh, where you had
99
:to answer questions of conscience.
100
:And think about the future, when
the future has not happened.
101
:How do you prepare for a future?
102
:You can't see, you can't crystallize, you
don't understand the risks, uh, because
103
:of the limitation of where you are.
104
:So this is a major challenge.
105
:I've also seen in my
journey over the years.
106
:How do you prepare for volume of
transactions that suddenly balloon up
107
:Christophe Foulon: Yeah.
108
:Thinking about the future
is definitely important.
109
:What, as you think about your journey
why did you decide to pivot to
110
:become a cybersecurity leader versus
staying an individual contributor?
111
:David Adeoye Abodunrin: I decided
on the leadership route be because
112
:anyway, leadership was thrust at me.
113
:In my role as a project manager, I
have been forced to, whether I like
114
:it or not, I have to take leadership,
, from a communication standpoint,, I
115
:had to be comfortable, for example,
with addressing the elephant in the
116
:room having difficult conversations
that nobody was willing to have.
117
:Collaborating with difficult stakeholders
because the success of and the
118
:failure of the project rests on me.
119
:Generally typically I'm in charge
of scheduling and ensuring that
120
:things happen as at when due.
121
:When you are in those kind of roles, you
are like the proverb proverbial dancer who
122
:cannot look at the noise of the markets.
123
:You got a job and everyone
depends on you as a driver to
124
:take them from point A to point B.
125
:Now that requires a lot of leadership,
a lot of excellence, a lot of dedication
126
:and passion beyond being an individual.
127
:And anyway, I enjoy their attention.
128
:It's not very easy being a leader must
confess to you because then you are
129
:much more aware of your own weaknesses.
130
:And your fullness are heightened.
131
:And indeed, your personal, uh,
private failing moments can be
132
:easily amplified and you can
cause damage at a bigger level.
133
:Now, awareness of those kind of
things make it very sobering and make
134
:it difficult for one to gloss over.
135
:But all in all, I'm grateful for
the opportunity first to serve.
136
:And to keep serving in leadership position
because, anyway, I always, when I talk
137
:online, I find myself in conversations all
of a sudden taking the lead, not because
138
:I want to demonstrate superior thoughts
or I want to show myself off, but it's
139
:coming more from a heart of service.
140
:A hat of help, a hat of a responsibility
that things could be better,
141
:and that is the driving force.
142
:Although over the years, that
has been misunderstood and people
143
:think you want to show off.
144
:People think you have a desire
to make others look stupid.
145
:But no, it's just that you
just want things to be better.
146
:Than they were and you think we
can all benefit from a better
147
:system and with no hidden agenda.
148
:This is what thrust me into
the leadership positions.
149
:I found myself either in the project room
or in the technology field or even in
150
:third leadership, that I championed a lot.
151
:I.
152
:Christophe Foulon: So A, as you look
to grow your leadership skills, what
153
:in your view are the critical skills
needed for a cybersecurity leader?
154
:I.
155
:David Adeoye Abodunrin: That's
a very deep question right
156
:there, . iT's multidimensional.
157
:Chris that's very deep.
158
:Let me say this.
159
:fIrst of all, you must want it.
160
:You must want it, and that is not
a skill you gather in any textbook
161
:or a skill in any material.
162
:It's pure personal desire when your PDI
Personal Desire index or indicator, which
163
:is a measure of your cautions, which
is a measure of PDQ, personal desire.
164
:. ENT when it's below a certain number
that is beyond the equilibrium of the
165
:industry and where you are in your life.
166
:Don't take the leadership position.
167
:When your internal willingness versus the
industry equilibrium and the strength of
168
:events in the environment is at a higher
level of turbulence than you can allow,
169
:for example, as one of the factors we are
measuring within your life at that time.
170
:Don't take that position when you,
where your desire is higher than that
171
:equilibrium point and the higher.
172
:To lead.
173
:This is genuine desire, not ambition,
because there's a difference
174
:between ambition and assistance.
175
:I call it assistance.
176
:The willingness to be good and to
help the willingness that everybody
177
:trusts me to stand at this door and
the willingness to serve rather than
178
:I want to be the most for the purposes
of advertisement and size, ego and all
179
:of those kind of things, and somewhere
in the future of your leadership.
180
:That metal will be tested.
181
:You will either be converted.
182
:A more humble leader or more
authentic leader, or you will grow
183
:much more narcissistic or something,
and eventually your time will pass
184
:without you having left any legacy
or you will learn the lesson.
185
:Or nature happens to
you, whatever happens, X.
186
:But I think that personal desire
is the place to start from.
187
:It's even a calibrator of how
far, how well you would do.
188
:So I don't sidetrack the conversation.
189
:So the rule is the hire your personal
desire to lead, especially from the
190
:positive psychologist standpoint.
191
:The higher it is than that equilibrium
point for the industry and the
192
:environment you are in at large, the
more your chances of success as a leader.
193
:That's the first one.
194
:Christophe Foulon: Can I stop you there?
195
:Because it's, that's something
that I have not heard about.
196
:For those that are looking to
learn more about this, where did.
197
:Where's this where did you find this from?
198
:Or where did you learn this so that
they could dig into this themselves.
199
:David Adeoye Abodunrin: I do a
lot of personal introspection
200
:and I try to find my answers.
201
:I don't find my, not pull, of course,
I've read a lot of things, but it's
202
:rooted in the materials of self-awareness
to be aware of your desires.
203
:Self-belief, first of all,
self-awareness, self-belief,
204
:self-esteem, self-acceptance and
self-promoting, and yet being selfless.
205
:Christophe Foulon: Makes sense.
206
:Makes sense.
207
:Yeah.
208
:I'm a big supporter of the north of
having your North Pole as well, to help
209
:David Adeoye Abodunrin: yeah, exactly.
210
:So having my north pull and then not
following the tide on the outside, but
211
:having my north pull on the inside was the
way I arrived at this particular solution.
212
:That my personal desire indicator based
on all of this foundations of my self
213
:understanding and awareness of where I am.
214
:Must be beyond a certain threshold of
the entropy or chaos of the environment.
215
:How difficult is the leadership role?
216
:How difficult is it to
be a leader in that time?
217
:What are the challenges the
organization or the context is facing?
218
:Who are the players there?
219
:Would they be willing to give
me a chance to succeed or fail?
220
:Is it context favorable?
221
:If you're gonna be a leader in a place
where you don't understand the language,
222
:maybe you should not take up the role.
223
:Maybe you should not just to be a
leader there, you don't even understand
224
:the language that you can't even
converse and you cannot even engineer.
225
:Meaning beyond communication.
226
:Communication is one thing, but
meaning is when David is able to put
227
:the exact signal in his mind, increase
his mind, and Chris's response.
228
:In such a manner that David knows
that what he was originally intended
229
:to pass across has been understood.
230
:This is basic communication engineering.
231
:So if you don't, if you're battling
language for example, then maybe
232
:you should humbly not take the
organization or that leadership role up.
233
:So those are the entropy factors.
234
:The questions the threshold points.
235
:For example, another one for example,
is if you don't understand the culture.
236
:Or you cannot fit it to the culture.
237
:Culture will always eat strategy
for lunch and dinner and breakfast.
238
:Culture will always destroy the
strongest of our good lofty idea.
239
:So as a leader, as a cyber leader,
if you don't have the cultural
240
:intelligence to lead in that environment,
maybe you should pursue that.
241
:But there are complement skillset,
like cultural adaptability.
242
:If you are culturally adaptable, you
know you are strong on the agility leg,
243
:which is another, that being agile or
understanding agile frameworks helps
244
:you to do when you're a cyber leader.
245
:So it's not a doom and gloom thing.
246
:If you notice that there's a gap between
where your personal desire index is.
247
:And where the level of the threshold
level is, then you can bridge
248
:the gap and yet you can lead.
249
:So it's not, but it's to be aware
that's a gap between your personal
250
:desire is and some of the person's
desires, mislead them your desire.
251
:You may not be ready,
you may not be competent.
252
:So desire is empty if it
does not pass through.
253
:Personal desire is empty if
it does not pass through the
254
:very lens of self discovery.
255
:Self-awareness, self-acceptance,
then self-esteem.
256
:And then before you now go
to self-promoting in all of
257
:these, yet being selfless.
258
:So that you're not full of
yourself, but you want to serve
259
:and really solve a problem.
260
:And if we were to choose between
Chris and I will vote for Chris if
261
:Chris is a better candidate than I
am to help us through the bridge.
262
:Chris knows how to swim.
263
:I don't know how to swim.
264
:So this organization is at the
point within their corporate
265
:lifecycle where they are rolling
out a lot of new products.
266
:And Chris has had experience in products
rollout and Chris understand the
267
:cybersecurity challenges and the risks
that happen in that particular sector.
268
:Why do I want to rob the organization?
269
:I.
270
:Of his expertise because I want
to earn a few dollars, or I want
271
:to be the known guy or want to be
the one who is leading the team.
272
:That's one thing ago.
273
:On the day, something critical
will happen then to a paid that.
274
:I don't know how to navigate that.
275
:Ben, Chris is the better driver there.
276
:Why don't I give him the leadership?
277
:You've been in podcasting for a while
and, there's audience intelligence,
278
:for example, that you have around
the cyber regime and cyber world.
279
:Why don't, I want Chris to
lead the conversation because
280
:everyone has what they're useful
for, even in cyber leadership.
281
:Everyone has a use.
282
:Every leader has the moment and
defined occasion of your use.
283
:There's your ah, in leadership and
do not stay longer than those hours.
284
:That's also a sub to council there.
285
:Your tenure may be two years.
286
:You may be a very strong risk
manager, or you are a strong
287
:infrastructure deployment leader.
288
:Because you have project management and
agile understanding, like me, and you
289
:could actually be a strong people leader
because the team needs more confidence as
290
:they need someone who is a CISO or a cyber
lead that understands that level of energy
291
:and intelligence, if you get what I mean.
292
:So at the end of the day, wisdom
is to select your location.
293
:A moment of brilliance and know your own
leadership, DNA, and leave that ethos and
294
:not be driven by external opportunity.
295
:Again, that cushions personal desire
that is intelligent, so we can call
296
:it intelligent personal desire that's
willing to be personally developed
297
:to meet the threshold and need of the
occasion, and the willingness to leave
298
:when the time is due, not necessarily
when the vision is loudest, when
299
:the time is due for that occasion.
300
:Christophe Foulon: So it, it
sounds like if I'm, if I could
301
:paraphrase, understanding.
302
:Your leadership abilities and your
readiness to be a leader is one of those
303
:core critical skills in your perspective.
304
:Are there any other critical skills.
305
:David Adeoye Abodunrin: yes,
there is what is called kudo or
306
:situational intelligence or awareness.
307
:The ability to understand situations
quickly and the ability to take decisions
308
:quickly, that will help you need it.
309
:In cyber security leadership, you cannot
afford not to have it, but how do you get
310
:The problem with experience is that you
gain good experience from bad experiences,
311
:Christophe Foulon: There's
cheap experience and there's
312
:expensive experiences.
313
:David Adeoye Abodunrin: Thank you.
314
:I like that.
315
:That's true thank you.
316
:Thank you . So every time
someone listens to Chris Fullon a
317
:podcast, that's good experience.
318
:You listen to David or you subscribe
to any of the seminars that do in
319
:cyber leadership or any, or anything
that you do, or we organize something
320
:together and someone listens.
321
:Good experience.
322
:You don't want to wait
until crisis happens.
323
:For example, I've seen cyber
leaders who don't know their,
324
:they're excellent panicker.
325
:I've met CISOs who are panicker.
326
:That is their profile.
327
:Their panic profile is on the roof.
328
:They panic and then they panic,
and they pile budgets at panic.
329
:So the full panela and then they get
before the executive team and their
330
:leadership communication skills.
331
:And futuristic skills begin to be
torn to pieces, only because the
332
:excellent people, when there is no
tension, they can take their decisions.
333
:But because they are good panicker
or warriors, they hip budgets
334
:and they hip reinforce steel.
335
:They toughen up, architectural
toughen up infrastructure, toughen
336
:up, and management is asking.
337
:But there's been no incidents
in the past five years.
338
:Why do I need another server
or another thing this year?
339
:And the guy goes that's because I'm good.
340
:I'm doing my job.
341
:They're like, so that means we don't
need it . And it won't be in that frame
342
:of mind, if not for his personal panic.
343
:But again, some amount of panic is
good for a CSO because in the school
344
:of cyber warfare, as in real time
warfare, only the paranoid survive
345
:so some amount of paranoia is needed.
346
:Paranoia is needed in cybersecurity,
but at the same time, it's also very
347
:difficult for you to be extra paranoid
when you are leading people and not
348
:use panic to drive the bus of the road.
349
:So panic profiling, for example.
350
:You must understand your panic profile
from situation awareness perspective
351
:in a situation what's going on.
352
:What are the main things?
353
:What's most profitable action?
354
:Which level of panic am
I supposed to switch on?
355
:Medium, low, or high?
356
:How do you apportion or identify
the necessary efforts or response to
357
:an incident in a personal profile?
358
:So all of those internal
readiness work must be there.
359
:Then I say that leaders must have
the full grill things, the fall.
360
:Of leadership, mentor, coach,
facilitator, trainer, mentor, coach.
361
:Not necessarily in that order,
if you want me to order it.
362
:Coach, mentor, fac.
363
:Sorry, coach, facilitator,
mentor, trainer, coach,
364
:facilitator, mentor trainer.
365
:Training is the last one, but many
leaders try to do training first.
366
:Christophe Foulon: Yeah, that makes sense.
367
:Some of the other skills that I've found
over the years to be really critical, and
368
:maybe I'll ask you to rate yourself from
a, a scale of one to five is delegation.
369
:How.
370
:Would you describe delegation
and rate yourself one to five?
371
:David Adeoye Abodunrin: On delegation,
I'll probably rate myself four.
372
:That's because I've done
some wrong delegations.
373
:I'm like, how did I make that mistake?
374
:? But I read myself four on delegation,
um, because I'm blessed with
375
:a real ability to see people.
376
:And watch and observe without any bias
until I understand what's going on.
377
:I've learned that over the years.
378
:I watch people carefully and I'm very
non-judging in the beginning to ensure
379
:that I understand what's really going
on, and I'm also sufficiently friendly.
380
:I try to be friendly to walk across the
beach, to understand, even if I see an
381
:external behavioral pattern calibrated by.
382
:What is behind it?
383
:And is this something that can be brought
up in a direct conversation or something?
384
:We're gonna use indirect
conversations to deal with.
385
:So on delegation, I have about
four of five in total because I
386
:still have some hit and misses.
387
:That's part my method.
388
:Number one with delegation is that
there are tasks to delegate and
389
:there are things you cannot delegate.
390
:The wisdom to know what to
delegate, I wanna delegate is
391
:very important for a cyber leader.
392
:Number two.
393
:Christophe Foulon: And yeah.
394
:Next.
395
:Collaboration.
396
:How would you rate yourself
in collaboration on a scale
397
:of one to five and why?
398
:David Adeoye Abodunrin: Collaboration.
399
:I read myself again, four because I've
done some bad collaborations in the past,
400
:and I am a collaboratively shy person now.
401
:Because I've had some bad
experiences, so I do more rigorous
402
:interviewing the and Trustingly.
403
:I do collaboration, intelligence coaching.
404
:So there are people who come to me and
say, I wanna collaborate with this guy.
405
:What do you think?
406
:Because I have some intuitive coaching
practice I do by the side and I'll just
407
:do an analysis, say, what do you want?
408
:Do you want a person to person
profiling or you want a business
409
:to business, whether your business
and that business can collaborate.
410
:And in most of the cases, nine
out of 10 times, I get it correct.
411
:That's for others, but for me, I'm
slower because I would watch, ask
412
:questions, understand intent, but the
key is to contract in the beginning.
413
:That's my summary of it.
414
:Contract what the
transmission will be like.
415
:I.
416
:Contract.
417
:What the trans, what?
418
:What is?
419
:What is going to be the
recipient's expectation?
420
:What is the sender's expectation?
421
:What will be the handshake in the middle?
422
:Design the contracting of
the collaborative efforts.
423
:Put parameters at it.
424
:Let it be well defined when issues
happen, they're not covered within
425
:the framework you've set up.
426
:Go back again and look at the framework.
427
:This works all the time.
428
:I've seen it work all the time.
429
:All the time.
430
:It works.
431
:Christophe Foulon: Okay.
432
:And for communication, how would
you rate yourself on a scale of one
433
:to five for communication and why?
434
:David Adeoye Abodunrin: I give myself
four, 4.5 over five, and that's
435
:because I don't wanna be proud.
436
:I have seen a lot of, I, I
understand communication at the
437
:human engineering human fiber level.
438
:I know I have developed, I've, because I
want to help people communicate better,
439
:and I've seen cybersecurity leaders
stumble on communication a lot, technical
440
:leaders generally over the years being,
having the blessing of being in many
441
:boardrooms, even as a young engineer, just
sitting down to observe and the power of
442
:erasing one word and putting another word.
443
:The power of raising a sentence, the
power of changing the body language.
444
:For example, I dunno whether you know
that technical people communicate
445
:lower value without them knowing
just by body language and presence.
446
:The average chief marketing officer
will always end higher than the
447
:CTU and the CISO and every, and
they're all on the same level.
448
:What typically happens is that.
449
:Technical leaders are communicating
without knowing they're even
450
:communicating body language conversations.
451
:Watch when the CMO wants to
talk or a chief product officer,
452
:someone that's in the csuite on the
commercial side of the business.
453
:There's some, there is some
order, there is some practice.
454
:aNd because I have worked
in the marketing regime.
455
:I've worked in the core marketing
comms group, the largest one
456
:in West Africa by the way.
457
:I saw what goes into those things.
458
:Technical people are sought
wire and technicality, concerned
459
:that they don't know that we
should practice communication.
460
:That we should literally
practice go before the mirror.
461
:If you go, if it's a real big presentation
to a board, it's a budget presentation.
462
:Go nitty gritty.
463
:Ask for feedback present within your
team first, before you go for the bigger
464
:one where you're gonna defend them.
465
:But many Cs or CTOs or CEOs, we just
put together a slide the morning
466
:of the presentation, they just
serve, move some things around,
467
:and then they go there and present.
468
:Typically there's a response.
469
:So for communication, I read myself 4.5
over five and I also communicate better.
470
:And lastly I have some answer.
471
:Like I told you what is in my mind and
vice versa must come into your mind.
472
:And we must get feedback that we
got what the other party was saying.
473
:That is when communication has happened.
474
:And I understand the nuances
and communication is the
475
:biggest to adjust behavior.
476
:Christophe Foulon: And how would you
describe the skill of influence and why
477
:is it so important in cybersecurity?
478
:David Adeoye Abodunrin: Influence
is very important influence.
479
:In fact, one of the things I'm researching
now because crime as a service.
480
:Has become big and crime as
a service will become big.
481
:Second reason why I'm studying this,
the signs of influence and psychology
482
:of influence in cybersecurity is
that criminal gangs are, have moved
483
:into advanced persistent nature.
484
:They morphed and now there's the
nature of advanced persistent rates,
485
:and we say that organizations that
there are two kind of organizations,
486
:those that have not been hacked, and
those that will be hacked eventually.
487
:The other factor why influence
is important is that we
488
:are having more energy.
489
:And more order on the side of the
criminals and law enforcement is
490
:trailing behind and litigation is also
trailing behind as a global trend.
491
:So we need to begin to learn adversarial
influence strategies so that we can
492
:go beyond just influencing our teams
to influencing the criminal behavior.
493
:We should go to the point where we will
be able to do prescriptive analytics.
494
:That will almost help us to know where
the crime will come from because the
495
:tools that are gonna be available
to criminals from, I mean that's
496
:been available since year 2020,
COVID-19 date, and that will begin.
497
:There are people that commit
a thousand dollars a month.
498
:They work and then you commit
a thousand dollars a month.
499
:And they can, and 10 of them can come
together into hacking and exploring
500
:breaches, and they're willing to commit
that kind of money for five years.
501
:Trust me, if they keep at it and
hire professionals and they're
502
:not go into crime as a service,
they'll begin to succeed.
503
:So how do we begin from a security
standpoint to influence criminal behavior?
504
:What are the technologies that we.
505
:Help us to lead them
in a certain direction.
506
:And that's so that's an
area that's a niche area.
507
:Adversarial influence management, where
we are able to use influence tactics so
508
:that we will be able to cage crime, for
example, the concept of the corporate
509
:cul-de-sac, where you actually create
vulnerabilities within your system.
510
:wIndows is not to be doing that right now.
511
:I think Azure has started and Amazon,
but you create, you, you create spaces
512
:in the cloud where they, where some
data will be thrown at the guys so
513
:that they can come at it, and then we
use that to isolate that place and use
514
:it like a lab to study the intrusion.
515
:And what they're trying to do
and cage all the influence.
516
:Influence will be in the future, very
important for cybersecurity leadership
517
:because it's a useful adversarial tool.
518
:It'll be a useful counter
intelligence tool.
519
:And another one is when you are
beginning to have anti forensics.
520
:wHen criminals starts from
understanding for forensics.
521
:They understand cyber forensics,
so they start designing the crime
522
:with the view to be OB, oblivious
or transparent so that they're
523
:like water or you can't even plant.
524
:So that our forensics process and tools
can't even capture their existence.
525
:So we need to go influence.
526
:Because now and then they
go anti because, okay.
527
:So we discovered that
they're anti forensic.
528
:Okay.
529
:Okay.
530
:Okay.
531
:Yep.
532
:Can I go on.
533
:So we discovered that they're
anti forensic, so we do new tools.
534
:So it is anti when you catch,
when you find a new way, the
535
:criminal fights another way.
536
:So when you're going anti
forensic, we may begin to think
537
:about influence engineering.
538
:Where we begin to engineer tools and
techniques specifically deliberately
539
:to begin to influence the behavior
of the nature of the crime and
540
:how the criminal gangs are ring
themselves because of anti forensic.
541
:The other thing is we would need
influence to inspire teams to do higher.
542
:We need to challenge.
543
:The blue teams or the internal
security teams and the red teams.
544
:In this case, were everybody working
with us to do more because for every
545
:single cyber security professional
there about three or four criminals
546
:who are ready to, do an undo.
547
:So we have to develop influence strategies
to break the human limit of our teams.
548
:And make them superheroes and,
create bigger solutions that
549
:will keep all of us safer.
550
:Because our infrastructures are going
to be exposed in the coming days.
551
:We're getting connected
in connected cities.
552
:We're seeing water systems, and
sewage systems with just a single
553
:line of code being breached together,
where a whole community found their
554
:sewage going into their water.
555
:Plan that was processed because
somebody got into a computer
556
:system and opened a gateway.
557
:So we need to find a way of
influencing our teams to become
558
:far more cyber resilient and go
anti-fragile, which is the upper
559
:limit of human response to incidents.
560
:Christophe Foulon: Okay.
561
:Another topic that I like to bring up.
562
:Is the concept of networking,
but not networking like we, we
563
:started our conversation with in
telecom, but networking with people.
564
:Why is that such a critical
skill for cybersecurity leaders?
565
:David Adeoye Abodunrin: Yeah,
because at which criminals are
566
:going, again, they're networking.
567
:There are websites now, not
even in the dark web, openly
568
:where Windows vulnerabilities
are described and discussed.
569
:If we don't have find ways of
positive networking, the cyber
570
:criminals will always network
because if they make a single hit
571
:hits, it's a big deal for everybody.
572
:They understand the
idea of bounty sharing.
573
:And it's a primitive way where criminals
want to rob one village, and by the
574
:way, we are now a global village.
575
:tHe village is strong if they're
attacking at individual times of the day.
576
:But if they come at once, then
the village army is overwhelmed.
577
:Now criminals are trying to
engineer that kind of, there are
578
:hotbeds, some of them, to the point
that countries are now involved.
579
:Are sponsoring state sponsored
cyber criminal activity,
580
:state sponsored terrorism.
581
:Now, we cannot just afford not to network.
582
:In fact, regulatory organizations
both in the United States and the
583
:United Kingdom and most of Europe.
584
:Are now going cyber networking
as a regulatory demand.
585
:For example, share information,
the obligation to share.
586
:If something happens to your network,
please share because you're connected
587
:to everybody one way or the other.
588
:Just a memory stick in your
laptop can bring down a whole
589
:nation's financial system.
590
:It can bring down a old
nation's electrical system.
591
:Please don't keep quiet.
592
:And those are found.
593
:So it's it's water.
594
:It's the way water is to human life
or the way food is to existence.
595
:As cybersecurity professionals,
we must network criminals are
596
:networking and the power of
aggregation is beginning to play out.
597
:We have no choice.
598
:Chris, we have to network.
599
:It'll be an anima to be a hacker.
600
:You don't have a hacking group
or a hacking community where you
601
:organize private hackathons and
you have hacking weekend hangouts.
602
:You cannot be a GRC consultant
and not belong to a.
603
:GLC group that does Friday
evening bear out, or Friday
604
:evening, uh, sushi or dinner.
605
:We must network and grow in
communities beyond the ordinary.
606
:Of course the only challenge is that
communities a domic side on trust.
607
:But the bigger problem is that trust
is not a very easy commodity to combat.
608
:Cyber professionals are naturally
skeptical and paranoid as.
609
:Christophe Foulon: Yes.
610
:Yes.
611
:That is true.
612
:That is true.
613
:A as we wrap up our podcast any
final advice that you would give
614
:to future cybersecurity leaders?
615
:David, I.
616
:David Adeoye Abodunrin:
Yeah, the future is green.
617
:Groom your leadership without demand.
618
:Go for supply before.
619
:The demand for it will come.
620
:Meaning.
621
:Supply yourself with knowledge.
622
:Expose your mind.
623
:Join networks, learn and prepare.
624
:Your day will come.
625
:We are in combat zone.
626
:In cybersecurity today,
there is the traditional.
627
:Council I would give was
the response of King David.
628
:My possession is Christianity king
David as a young boy of about 18.
629
:His father sent him that as the story
goes to go to the battlefront to check
630
:his brothers up and give them some
provisions and some food and write
631
:their his eldest brother Iab, who was
632
:A much more stronger soldier.
633
:And he was already known as
a war veteran, looked at him.
634
:He said, I know your heart.
635
:Who did you leave the ship with?
636
:How come you are outside here and trying
to, look at the war you want to show off?
637
:And David said to him,
is there not a course?
638
:Many is are not a reason.
639
:Seeing that these uncircumcised listings
are defiling the armies of Israel.
640
:Forgive my reference to the Bible,
but that is a state we are in.
641
:In cybersecurity, there
is a course, C-A-U-S-E.
642
:There is a course and your day will come.
643
:Every bit of knowledge and capacity
you grow as a professional will
644
:eventually pay off the day of, pay off.
645
:You won't be ready.
646
:If you did not go to the gym every
day on the day of payoff, when your
647
:specific type of cyber leadership, your
specific capacity will be required.
648
:If you are not in the gym two hours a
day, three hours a day, you won't be
649
:fit for battle, but your day will come.
650
:Don't despair.
651
:If you're looking for a job,
you're looking for a cybersecurity
652
:role and engage Chris as a coach.
653
:Subscribe to Chris's coaching program.
654
:Engage him.
655
:Give it 12 months, 24 months.
656
:Let him guide you, for example, as
a cyber coach, or anyone around you,
657
:or whoever you think, but engage
your muscles in advance because
658
:the day of glory will still come.
659
:Forgive me if I look
motivational or I sounded like a.
660
:Christophe Foulon: Well, David,
thank you very much for joining us.
661
:Really appreciate it.
662
:And again, a reminder for those that
are listening, share with others.
663
:'cause David said we
need a variety of people.
664
:We need a variety of different
skills and everyone has their
665
:skills that they can rely on.
666
:And we, we need all sorts
of different leadership.
667
:David, thank you very much.
668
:David Adeoye Abodunrin:
Thanks a lot, Chris.
669
:I appreciate thanks for having me and
thanks for the great work you're doing
670
:in preparing leaders in the cyber realms.
671
:We need more of you and
thank you so much for that.