Breaking into Cybersecurity - Leadership - David Adeoye Abodunrin

Chris: 00:00:00

Welcome to another episode of Breaking into Cybersecurity Leadership,

2

: 00:00:04

where we talk to cybersecurity leaders

about developing our next generation.

3

: 00:00:09

Today we have David will be

sharing his experience of getting

4

: 00:00:13

into cybersecurity leadership and

sharing his tips and tricks for you.

5

: 00:00:19

Before we get started call for everyone.

6

: 00:00:22

If you're seeing this,

share this with others.

7

: 00:00:24

'cause we do need a diverse set of leaders

as well as a diverse set of individual

8

: 00:00:32

contributors within the cybersecurity

environment so that we could tackle the

9

: 00:00:36

complex problems of today and tomorrow.

10

: 00:00:40

David tell us a little bit

about your background and what

11

: 00:00:44

got you into cybersecurity.

12

: 00:00:46

I.

13

: 00:00:46

David Adeoye Abodunrin: All right.

14

: 00:00:46

My joining to cybersecurity

is a very interesting one.

15

: 00:00:49

Having started my career in core

technology telecommunications, Pure

16

: 00:00:55

signaling, uh, long distance communication

stuff, antennas and all of those things.

17

: 00:01:02

That was the beginning after

my first degree in electronics,

18

: 00:01:06

computer engineering, telecoms was

my passion and my love at the time.

19

: 00:01:10

So went round, did external line

plans switching some routing.

20

: 00:01:15

So basic stuff for was

C-N-E-C-C-M-P certified.

21

: 00:01:19

Worked with a few organizations

in network administration

22

: 00:01:23

and all of those early stuff.

23

: 00:01:25

And somewhere at the fourth to the

fifth year in my career I began

24

: 00:01:29

to notice a couple of things.

25

: 00:01:31

There was a lot of prestige

and respect around security.

26

: 00:01:36

That was the days of the Cisco

CCDP certification, design,

27

: 00:01:41

security, professional Security

Pro CCSP, security professional.

28

: 00:01:45

There was a lot of respect and

prestige along those lines and just.

29

: 00:01:51

And excited anytime the CCSP guys came

in, they came in only once in a while

30

: 00:01:56

and they collected fat monies that the

c the CCMP guys weren't collecting.

31

: 00:02:03

anD I was like, what is going on here?

32

: 00:02:05

These guys and their

routers are very expensive.

33

: 00:02:08

tHe switches are very expensive and they

don't they don't particularly do too much.

34

: 00:02:12

They're just there.

35

: 00:02:13

Not much was but they

got paid very highly.

36

: 00:02:16

And so that was also about the time when

the telecoms revolution in my country

37

: 00:02:21

started where we moved from the pt PSTN

network to the core select technology.

38

: 00:02:28

I had the benefit and the advantage

of being part of that transition and

39

: 00:02:33

having understanding about external.

40

: 00:02:35

And also at the transmission centers the

long distance trans transmission centers.

41

: 00:02:41

I got interested in security

after an incident as a young

42

: 00:02:45

engineer where heads began to roll.

43

: 00:02:48

There was a breach in the switch, uh,

the billing platform of the night tale.

44

: 00:02:55

Tel is communications limited.

45

: 00:02:58

There was a breach in billing, and

that breach was very significant.

46

: 00:03:04

So my the entire, everyone caught cold.

47

: 00:03:07

Everyone was very troubled

and that started, they had to

48

: 00:03:10

implement some security features.

49

: 00:03:13

In the switch.

50

: 00:03:14

And that began my foray and my

interests beyond traditional signaling,

51

: 00:03:19

beyond common channel signaling

seven systems and the common things

52

: 00:03:24

we do both in switching and routing.

53

: 00:03:26

That's apart from the traditional

network on the telco network side.

54

: 00:03:33

So I read up a few of the chapters in

the security professional book and.

55

: 00:03:38

Sensitized.

56

: 00:03:39

Then we had as a network administrator,

one of the clients I worked for,

57

: 00:03:44

we had a security breach where

someone's password was breached.

58

: 00:03:49

As a network, as a young network

administrator, the amount of pressure

59

: 00:03:53

that came with it, the user issues,

the stress and how much management

60

: 00:04:00

hit energy on further securing.

61

: 00:04:02

Those networks and those issues and

then it was amazing for the first time.

62

: 00:04:08

It was an rare moment for me for

the first time when I saw how

63

: 00:04:11

much potentially we could lose.

64

: 00:04:13

In that case, we didn't lose much,

but how much we could potentially

65

: 00:04:17

lose was a very big issue for me.

66

: 00:04:20

It was, I kept turning and tossing

on my bed, what if the wrong, because

67

: 00:04:25

that's a very small person who had.

68

: 00:04:27

Access to very sensitive systems.

69

: 00:04:31

He was the person who authorized

everything when payment is in

70

: 00:04:34

and it's gonna go in hundreds of

millions, he was one to go to.

71

: 00:04:37

So I was like, wait a minute guys,

what if something happens to this man?

72

: 00:04:43

And his password is compromised, is beaten

up, and his password is compromised,

73

: 00:04:48

and we have to, pay heavily for it.

74

: 00:04:50

That began my strong journey

and my strong desire to ensure

75

: 00:04:56

that I master cybersecurity.

76

: 00:04:58

So I began to, get interested, do

conferences, read more around it.

77

: 00:05:03

And that started the journey for me.

78

: 00:05:04

And of course, I also, I made a good

transition into program management,

79

: 00:05:09

where now implement projects and

for whatever reason, . Cybersecurity

80

: 00:05:13

projects started getting thrust at

me strengthening infrastructure,

81

: 00:05:17

toughening up infrastructure, improving

identity, uh, systems and all of that.

82

: 00:05:24

And then along the line, I stumbled also

into card transactions and the import

83

: 00:05:30

of those and the amount of fraud that

happens, or the amount of fraud that

84

: 00:05:34

industry up because, geometric rise in

the transaction rates on the planet.

85

: 00:05:41

thE internet has become the place.

86

: 00:05:43

You have it online.

87

: 00:05:44

You seldom buy.

88

: 00:05:45

I use my phone, the NF NFC here right

now to, to all the way from taxis.

89

: 00:05:50

To eating at the restaurant, to

ordering something on Amazon.

90

: 00:05:55

Everything is up ally but then at

this time it was still starting.

91

: 00:05:59

aNd so all of that energy and as I

observed the future trends and the

92

: 00:06:04

challenges around cards, I got more

interested in cybersecurity and I've

93

: 00:06:08

been on this journey in total for about.

94

: 00:06:11

To decades kids been there, done that.

95

: 00:06:13

I've worked within the ERP domain, rolled

out ERPs, rolled out infrastructure

96

: 00:06:20

on the technology technical side,

been here, done that and it's been

97

: 00:06:24

a very, pretty amazing experience.

98

: 00:06:27

Loads of lessons lose of very

difficult moments, uh, where you had

99

: 00:06:32

to answer questions of conscience.

100

: 00:06:33

And think about the future, when

the future has not happened.

101

: 00:06:37

How do you prepare for a future?

102

: 00:06:38

You can't see, you can't crystallize, you

don't understand the risks, uh, because

103

: 00:06:43

of the limitation of where you are.

104

: 00:06:45

So this is a major challenge.

105

: 00:06:47

I've also seen in my

journey over the years.

106

: 00:06:50

How do you prepare for volume of

transactions that suddenly balloon up

107

: 00:06:55

Christophe Foulon: Yeah.

108

: 00:06:55

Thinking about the future

is definitely important.

109

: 00:06:58

What, as you think about your journey

why did you decide to pivot to

110

: 00:07:01

become a cybersecurity leader versus

staying an individual contributor?

111

: 00:07:06

David Adeoye Abodunrin: I decided

on the leadership route be because

112

: 00:07:09

anyway, leadership was thrust at me.

113

: 00:07:11

In my role as a project manager, I

have been forced to, whether I like

114

: 00:07:16

it or not, I have to take leadership,

, from a communication standpoint,, I

115

: 00:07:22

had to be comfortable, for example,

with addressing the elephant in the

116

: 00:07:26

room having difficult conversations

that nobody was willing to have.

117

: 00:07:29

Collaborating with difficult stakeholders

because the success of and the

118

: 00:07:34

failure of the project rests on me.

119

: 00:07:36

Generally typically I'm in charge

of scheduling and ensuring that

120

: 00:07:40

things happen as at when due.

121

: 00:07:42

When you are in those kind of roles, you

are like the proverb proverbial dancer who

122

: 00:07:49

cannot look at the noise of the markets.

123

: 00:07:52

You got a job and everyone

depends on you as a driver to

124

: 00:07:56

take them from point A to point B.

125

: 00:07:59

Now that requires a lot of leadership,

a lot of excellence, a lot of dedication

126

: 00:08:06

and passion beyond being an individual.

127

: 00:08:08

And anyway, I enjoy their attention.

128

: 00:08:11

It's not very easy being a leader must

confess to you because then you are

129

: 00:08:16

much more aware of your own weaknesses.

130

: 00:08:19

And your fullness are heightened.

131

: 00:08:21

And indeed, your personal, uh,

private failing moments can be

132

: 00:08:27

easily amplified and you can

cause damage at a bigger level.

133

: 00:08:31

Now, awareness of those kind of

things make it very sobering and make

134

: 00:08:35

it difficult for one to gloss over.

135

: 00:08:37

But all in all, I'm grateful for

the opportunity first to serve.

136

: 00:08:43

And to keep serving in leadership position

because, anyway, I always, when I talk

137

: 00:08:47

online, I find myself in conversations all

of a sudden taking the lead, not because

138

: 00:08:52

I want to demonstrate superior thoughts

or I want to show myself off, but it's

139

: 00:08:57

coming more from a heart of service.

140

: 00:08:59

A hat of help, a hat of a responsibility

that things could be better,

141

: 00:09:03

and that is the driving force.

142

: 00:09:05

Although over the years, that

has been misunderstood and people

143

: 00:09:09

think you want to show off.

144

: 00:09:10

People think you have a desire

to make others look stupid.

145

: 00:09:13

But no, it's just that you

just want things to be better.

146

: 00:09:18

Than they were and you think we

can all benefit from a better

147

: 00:09:22

system and with no hidden agenda.

148

: 00:09:24

This is what thrust me into

the leadership positions.

149

: 00:09:28

I found myself either in the project room

or in the technology field or even in

150

: 00:09:32

third leadership, that I championed a lot.

151

: 00:09:34

I.

152

: 00:09:34

Christophe Foulon: So A, as you look

to grow your leadership skills, what

153

: 00:09:40

in your view are the critical skills

needed for a cybersecurity leader?

154

: 00:09:46

I.

155

: 00:09:46

David Adeoye Abodunrin: That's

a very deep question right

156

: 00:09:48

there, . iT's multidimensional.

157

: 00:09:50

Chris that's very deep.

158

: 00:09:52

Let me say this.

159

: 00:09:53

fIrst of all, you must want it.

160

: 00:09:56

You must want it, and that is not

a skill you gather in any textbook

161

: 00:10:01

or a skill in any material.

162

: 00:10:03

It's pure personal desire when your PDI

Personal Desire index or indicator, which

163

: 00:10:09

is a measure of your cautions, which

is a measure of PDQ, personal desire.

164

: 00:10:16

. ENT when it's below a certain number

that is beyond the equilibrium of the

165

: 00:10:23

industry and where you are in your life.

166

: 00:10:25

Don't take the leadership position.

167

: 00:10:27

When your internal willingness versus the

industry equilibrium and the strength of

168

: 00:10:33

events in the environment is at a higher

level of turbulence than you can allow,

169

: 00:10:37

for example, as one of the factors we are

measuring within your life at that time.

170

: 00:10:42

Don't take that position when you,

where your desire is higher than that

171

: 00:10:47

equilibrium point and the higher.

172

: 00:10:51

To lead.

173

: 00:10:51

This is genuine desire, not ambition,

because there's a difference

174

: 00:10:56

between ambition and assistance.

175

: 00:11:00

I call it assistance.

176

: 00:11:01

The willingness to be good and to

help the willingness that everybody

177

: 00:11:05

trusts me to stand at this door and

the willingness to serve rather than

178

: 00:11:10

I want to be the most for the purposes

of advertisement and size, ego and all

179

: 00:11:16

of those kind of things, and somewhere

in the future of your leadership.

180

: 00:11:20

That metal will be tested.

181

: 00:11:22

You will either be converted.

182

: 00:11:24

A more humble leader or more

authentic leader, or you will grow

183

: 00:11:28

much more narcissistic or something,

and eventually your time will pass

184

: 00:11:34

without you having left any legacy

or you will learn the lesson.

185

: 00:11:38

Or nature happens to

you, whatever happens, X.

186

: 00:11:41

But I think that personal desire

is the place to start from.

187

: 00:11:44

It's even a calibrator of how

far, how well you would do.

188

: 00:11:47

So I don't sidetrack the conversation.

189

: 00:11:48

So the rule is the hire your personal

desire to lead, especially from the

190

: 00:11:54

positive psychologist standpoint.

191

: 00:11:56

The higher it is than that equilibrium

point for the industry and the

192

: 00:12:00

environment you are in at large, the

more your chances of success as a leader.

193

: 00:12:04

That's the first one.

194

: 00:12:05

Christophe Foulon: Can I stop you there?

195

: 00:12:06

Because it's, that's something

that I have not heard about.

196

: 00:12:09

For those that are looking to

learn more about this, where did.

197

: 00:12:15

Where's this where did you find this from?

198

: 00:12:17

Or where did you learn this so that

they could dig into this themselves.

199

: 00:12:21

David Adeoye Abodunrin: I do a

lot of personal introspection

200

: 00:12:24

and I try to find my answers.

201

: 00:12:25

I don't find my, not pull, of course,

I've read a lot of things, but it's

202

: 00:12:31

rooted in the materials of self-awareness

to be aware of your desires.

203

: 00:12:35

Self-belief, first of all,

self-awareness, self-belief,

204

: 00:12:39

self-esteem, self-acceptance and

self-promoting, and yet being selfless.

205

: 00:12:45

Christophe Foulon: Makes sense.

206

: 00:12:46

Makes sense.

207

: 00:12:46

Yeah.

208

: 00:12:47

I'm a big supporter of the north of

having your North Pole as well, to help

209

: 00:12:51

David Adeoye Abodunrin: yeah, exactly.

210

: 00:12:52

So having my north pull and then not

following the tide on the outside, but

211

: 00:12:57

having my north pull on the inside was the

way I arrived at this particular solution.

212

: 00:13:03

That my personal desire indicator based

on all of this foundations of my self

213

: 00:13:08

understanding and awareness of where I am.

214

: 00:13:11

Must be beyond a certain threshold of

the entropy or chaos of the environment.

215

: 00:13:17

How difficult is the leadership role?

216

: 00:13:19

How difficult is it to

be a leader in that time?

217

: 00:13:22

What are the challenges the

organization or the context is facing?

218

: 00:13:26

Who are the players there?

219

: 00:13:28

Would they be willing to give

me a chance to succeed or fail?

220

: 00:13:32

Is it context favorable?

221

: 00:13:34

If you're gonna be a leader in a place

where you don't understand the language,

222

: 00:13:37

maybe you should not take up the role.

223

: 00:13:38

Maybe you should not just to be a

leader there, you don't even understand

224

: 00:13:41

the language that you can't even

converse and you cannot even engineer.

225

: 00:13:44

Meaning beyond communication.

226

: 00:13:47

Communication is one thing, but

meaning is when David is able to put

227

: 00:13:52

the exact signal in his mind, increase

his mind, and Chris's response.

228

: 00:13:58

In such a manner that David knows

that what he was originally intended

229

: 00:14:03

to pass across has been understood.

230

: 00:14:05

This is basic communication engineering.

231

: 00:14:08

So if you don't, if you're battling

language for example, then maybe

232

: 00:14:11

you should humbly not take the

organization or that leadership role up.

233

: 00:14:16

So those are the entropy factors.

234

: 00:14:18

The questions the threshold points.

235

: 00:14:20

For example, another one for example,

is if you don't understand the culture.

236

: 00:14:24

Or you cannot fit it to the culture.

237

: 00:14:27

Culture will always eat strategy

for lunch and dinner and breakfast.

238

: 00:14:32

Culture will always destroy the

strongest of our good lofty idea.

239

: 00:14:39

So as a leader, as a cyber leader,

if you don't have the cultural

240

: 00:14:43

intelligence to lead in that environment,

maybe you should pursue that.

241

: 00:14:48

But there are complement skillset,

like cultural adaptability.

242

: 00:14:51

If you are culturally adaptable, you

know you are strong on the agility leg,

243

: 00:14:56

which is another, that being agile or

understanding agile frameworks helps

244

: 00:14:59

you to do when you're a cyber leader.

245

: 00:15:01

So it's not a doom and gloom thing.

246

: 00:15:03

If you notice that there's a gap between

where your personal desire index is.

247

: 00:15:08

And where the level of the threshold

level is, then you can bridge

248

: 00:15:13

the gap and yet you can lead.

249

: 00:15:14

So it's not, but it's to be aware

that's a gap between your personal

250

: 00:15:18

desire is and some of the person's

desires, mislead them your desire.

251

: 00:15:22

You may not be ready,

you may not be competent.

252

: 00:15:24

So desire is empty if it

does not pass through.

253

: 00:15:28

Personal desire is empty if

it does not pass through the

254

: 00:15:30

very lens of self discovery.

255

: 00:15:33

Self-awareness, self-acceptance,

then self-esteem.

256

: 00:15:38

And then before you now go

to self-promoting in all of

257

: 00:15:41

these, yet being selfless.

258

: 00:15:44

So that you're not full of

yourself, but you want to serve

259

: 00:15:47

and really solve a problem.

260

: 00:15:49

And if we were to choose between

Chris and I will vote for Chris if

261

: 00:15:54

Chris is a better candidate than I

am to help us through the bridge.

262

: 00:15:57

Chris knows how to swim.

263

: 00:15:59

I don't know how to swim.

264

: 00:16:01

So this organization is at the

point within their corporate

265

: 00:16:05

lifecycle where they are rolling

out a lot of new products.

266

: 00:16:08

And Chris has had experience in products

rollout and Chris understand the

267

: 00:16:13

cybersecurity challenges and the risks

that happen in that particular sector.

268

: 00:16:18

Why do I want to rob the organization?

269

: 00:16:21

I.

270

: 00:16:22

Of his expertise because I want

to earn a few dollars, or I want

271

: 00:16:26

to be the known guy or want to be

the one who is leading the team.

272

: 00:16:29

That's one thing ago.

273

: 00:16:31

On the day, something critical

will happen then to a paid that.

274

: 00:16:34

I don't know how to navigate that.

275

: 00:16:35

Ben, Chris is the better driver there.

276

: 00:16:37

Why don't I give him the leadership?

277

: 00:16:39

You've been in podcasting for a while

and, there's audience intelligence,

278

: 00:16:43

for example, that you have around

the cyber regime and cyber world.

279

: 00:16:47

Why don't, I want Chris to

lead the conversation because

280

: 00:16:51

everyone has what they're useful

for, even in cyber leadership.

281

: 00:16:55

Everyone has a use.

282

: 00:16:56

Every leader has the moment and

defined occasion of your use.

283

: 00:17:01

There's your ah, in leadership and

do not stay longer than those hours.

284

: 00:17:06

That's also a sub to council there.

285

: 00:17:08

Your tenure may be two years.

286

: 00:17:10

You may be a very strong risk

manager, or you are a strong

287

: 00:17:14

infrastructure deployment leader.

288

: 00:17:16

Because you have project management and

agile understanding, like me, and you

289

: 00:17:20

could actually be a strong people leader

because the team needs more confidence as

290

: 00:17:25

they need someone who is a CISO or a cyber

lead that understands that level of energy

291

: 00:17:30

and intelligence, if you get what I mean.

292

: 00:17:32

So at the end of the day, wisdom

is to select your location.

293

: 00:17:38

A moment of brilliance and know your own

leadership, DNA, and leave that ethos and

294

: 00:17:43

not be driven by external opportunity.

295

: 00:17:45

Again, that cushions personal desire

that is intelligent, so we can call

296

: 00:17:50

it intelligent personal desire that's

willing to be personally developed

297

: 00:17:54

to meet the threshold and need of the

occasion, and the willingness to leave

298

: 00:17:58

when the time is due, not necessarily

when the vision is loudest, when

299

: 00:18:02

the time is due for that occasion.

300

: 00:18:05

Christophe Foulon: So it, it

sounds like if I'm, if I could

301

: 00:18:08

paraphrase, understanding.

302

: 00:18:10

Your leadership abilities and your

readiness to be a leader is one of those

303

: 00:18:15

core critical skills in your perspective.

304

: 00:18:17

Are there any other critical skills.

305

: 00:18:20

David Adeoye Abodunrin: yes,

there is what is called kudo or

306

: 00:18:22

situational intelligence or awareness.

307

: 00:18:23

The ability to understand situations

quickly and the ability to take decisions

308

: 00:18:28

quickly, that will help you need it.

309

: 00:18:31

In cyber security leadership, you cannot

afford not to have it, but how do you get

310

: 00:18:39

The problem with experience is that you

gain good experience from bad experiences,

311

: 00:18:45

Christophe Foulon: There's

cheap experience and there's

312

: 00:18:47

expensive experiences.

313

: 00:18:48

David Adeoye Abodunrin: Thank you.

314

: 00:18:49

I like that.

315

: 00:18:49

That's true thank you.

316

: 00:18:51

Thank you . So every time

someone listens to Chris Fullon a

317

: 00:18:55

podcast, that's good experience.

318

: 00:18:58

You listen to David or you subscribe

to any of the seminars that do in

319

: 00:19:01

cyber leadership or any, or anything

that you do, or we organize something

320

: 00:19:05

together and someone listens.

321

: 00:19:07

Good experience.

322

: 00:19:09

You don't want to wait

until crisis happens.

323

: 00:19:12

For example, I've seen cyber

leaders who don't know their,

324

: 00:19:14

they're excellent panicker.

325

: 00:19:16

I've met CISOs who are panicker.

326

: 00:19:18

That is their profile.

327

: 00:19:20

Their panic profile is on the roof.

328

: 00:19:22

They panic and then they panic,

and they pile budgets at panic.

329

: 00:19:27

So the full panela and then they get

before the executive team and their

330

: 00:19:31

leadership communication skills.

331

: 00:19:33

And futuristic skills begin to be

torn to pieces, only because the

332

: 00:19:38

excellent people, when there is no

tension, they can take their decisions.

333

: 00:19:43

But because they are good panicker

or warriors, they hip budgets

334

: 00:19:48

and they hip reinforce steel.

335

: 00:19:50

They toughen up, architectural

toughen up infrastructure, toughen

336

: 00:19:55

up, and management is asking.

337

: 00:19:56

But there's been no incidents

in the past five years.

338

: 00:19:59

Why do I need another server

or another thing this year?

339

: 00:20:02

And the guy goes that's because I'm good.

340

: 00:20:04

I'm doing my job.

341

: 00:20:05

They're like, so that means we don't

need it . And it won't be in that frame

342

: 00:20:08

of mind, if not for his personal panic.

343

: 00:20:10

But again, some amount of panic is

good for a CSO because in the school

344

: 00:20:14

of cyber warfare, as in real time

warfare, only the paranoid survive

345

: 00:20:20

so some amount of paranoia is needed.

346

: 00:20:23

Paranoia is needed in cybersecurity,

but at the same time, it's also very

347

: 00:20:28

difficult for you to be extra paranoid

when you are leading people and not

348

: 00:20:33

use panic to drive the bus of the road.

349

: 00:20:35

So panic profiling, for example.

350

: 00:20:38

You must understand your panic profile

from situation awareness perspective

351

: 00:20:43

in a situation what's going on.

352

: 00:20:46

What are the main things?

353

: 00:20:47

What's most profitable action?

354

: 00:20:49

Which level of panic am

I supposed to switch on?

355

: 00:20:52

Medium, low, or high?

356

: 00:20:54

How do you apportion or identify

the necessary efforts or response to

357

: 00:20:59

an incident in a personal profile?

358

: 00:21:01

So all of those internal

readiness work must be there.

359

: 00:21:06

Then I say that leaders must have

the full grill things, the fall.

360

: 00:21:11

Of leadership, mentor, coach,

facilitator, trainer, mentor, coach.

361

: 00:21:17

Not necessarily in that order,

if you want me to order it.

362

: 00:21:20

Coach, mentor, fac.

363

: 00:21:22

Sorry, coach, facilitator,

mentor, trainer, coach,

364

: 00:21:27

facilitator, mentor trainer.

365

: 00:21:30

Training is the last one, but many

leaders try to do training first.

366

: 00:21:33

Christophe Foulon: Yeah, that makes sense.

367

: 00:21:34

Some of the other skills that I've found

over the years to be really critical, and

368

: 00:21:40

maybe I'll ask you to rate yourself from

a, a scale of one to five is delegation.

369

: 00:21:46

How.

370

: 00:21:47

Would you describe delegation

and rate yourself one to five?

371

: 00:21:51

David Adeoye Abodunrin: On delegation,

I'll probably rate myself four.

372

: 00:21:54

That's because I've done

some wrong delegations.

373

: 00:21:56

I'm like, how did I make that mistake?

374

: 00:21:57

? But I read myself four on delegation,

um, because I'm blessed with

375

: 00:22:02

a real ability to see people.

376

: 00:22:05

And watch and observe without any bias

until I understand what's going on.

377

: 00:22:10

I've learned that over the years.

378

: 00:22:12

I watch people carefully and I'm very

non-judging in the beginning to ensure

379

: 00:22:17

that I understand what's really going

on, and I'm also sufficiently friendly.

380

: 00:22:21

I try to be friendly to walk across the

beach, to understand, even if I see an

381

: 00:22:26

external behavioral pattern calibrated by.

382

: 00:22:29

What is behind it?

383

: 00:22:30

And is this something that can be brought

up in a direct conversation or something?

384

: 00:22:35

We're gonna use indirect

conversations to deal with.

385

: 00:22:37

So on delegation, I have about

four of five in total because I

386

: 00:22:41

still have some hit and misses.

387

: 00:22:43

That's part my method.

388

: 00:22:44

Number one with delegation is that

there are tasks to delegate and

389

: 00:22:47

there are things you cannot delegate.

390

: 00:22:49

The wisdom to know what to

delegate, I wanna delegate is

391

: 00:22:52

very important for a cyber leader.

392

: 00:22:54

Number two.

393

: 00:22:55

Christophe Foulon: And yeah.

394

: 00:22:56

Next.

395

: 00:22:57

Collaboration.

396

: 00:22:58

How would you rate yourself

in collaboration on a scale

397

: 00:23:01

of one to five and why?

398

: 00:23:03

David Adeoye Abodunrin: Collaboration.

399

: 00:23:03

I read myself again, four because I've

done some bad collaborations in the past,

400

: 00:23:09

and I am a collaboratively shy person now.

401

: 00:23:14

Because I've had some bad

experiences, so I do more rigorous

402

: 00:23:18

interviewing the and Trustingly.

403

: 00:23:21

I do collaboration, intelligence coaching.

404

: 00:23:24

So there are people who come to me and

say, I wanna collaborate with this guy.

405

: 00:23:26

What do you think?

406

: 00:23:27

Because I have some intuitive coaching

practice I do by the side and I'll just

407

: 00:23:31

do an analysis, say, what do you want?

408

: 00:23:33

Do you want a person to person

profiling or you want a business

409

: 00:23:36

to business, whether your business

and that business can collaborate.

410

: 00:23:39

And in most of the cases, nine

out of 10 times, I get it correct.

411

: 00:23:43

That's for others, but for me, I'm

slower because I would watch, ask

412

: 00:23:49

questions, understand intent, but the

key is to contract in the beginning.

413

: 00:23:54

That's my summary of it.

414

: 00:23:56

Contract what the

transmission will be like.

415

: 00:24:00

I.

416

: 00:24:00

Contract.

417

: 00:24:01

What the trans, what?

418

: 00:24:02

What is?

419

: 00:24:02

What is going to be the

recipient's expectation?

420

: 00:24:05

What is the sender's expectation?

421

: 00:24:07

What will be the handshake in the middle?

422

: 00:24:09

Design the contracting of

the collaborative efforts.

423

: 00:24:13

Put parameters at it.

424

: 00:24:14

Let it be well defined when issues

happen, they're not covered within

425

: 00:24:18

the framework you've set up.

426

: 00:24:20

Go back again and look at the framework.

427

: 00:24:21

This works all the time.

428

: 00:24:23

I've seen it work all the time.

429

: 00:24:24

All the time.

430

: 00:24:25

It works.

431

: 00:24:26

Christophe Foulon: Okay.

432

: 00:24:27

And for communication, how would

you rate yourself on a scale of one

433

: 00:24:32

to five for communication and why?

434

: 00:24:34

David Adeoye Abodunrin: I give myself

four, 4.5 over five, and that's

435

: 00:24:38

because I don't wanna be proud.

436

: 00:24:39

I have seen a lot of, I, I

understand communication at the

437

: 00:24:43

human engineering human fiber level.

438

: 00:24:46

I know I have developed, I've, because I

want to help people communicate better,

439

: 00:24:51

and I've seen cybersecurity leaders

stumble on communication a lot, technical

440

: 00:24:55

leaders generally over the years being,

having the blessing of being in many

441

: 00:24:59

boardrooms, even as a young engineer, just

sitting down to observe and the power of

442

: 00:25:03

erasing one word and putting another word.

443

: 00:25:05

The power of raising a sentence, the

power of changing the body language.

444

: 00:25:08

For example, I dunno whether you know

that technical people communicate

445

: 00:25:12

lower value without them knowing

just by body language and presence.

446

: 00:25:16

The average chief marketing officer

will always end higher than the

447

: 00:25:19

CTU and the CISO and every, and

they're all on the same level.

448

: 00:25:23

What typically happens is that.

449

: 00:25:24

Technical leaders are communicating

without knowing they're even

450

: 00:25:27

communicating body language conversations.

451

: 00:25:30

Watch when the CMO wants to

talk or a chief product officer,

452

: 00:25:33

someone that's in the csuite on the

commercial side of the business.

453

: 00:25:37

There's some, there is some

order, there is some practice.

454

: 00:25:41

aNd because I have worked

in the marketing regime.

455

: 00:25:45

I've worked in the core marketing

comms group, the largest one

456

: 00:25:48

in West Africa by the way.

457

: 00:25:50

I saw what goes into those things.

458

: 00:25:52

Technical people are sought

wire and technicality, concerned

459

: 00:25:56

that they don't know that we

should practice communication.

460

: 00:25:59

That we should literally

practice go before the mirror.

461

: 00:26:03

If you go, if it's a real big presentation

to a board, it's a budget presentation.

462

: 00:26:07

Go nitty gritty.

463

: 00:26:09

Ask for feedback present within your

team first, before you go for the bigger

464

: 00:26:12

one where you're gonna defend them.

465

: 00:26:13

But many Cs or CTOs or CEOs, we just

put together a slide the morning

466

: 00:26:18

of the presentation, they just

serve, move some things around,

467

: 00:26:21

and then they go there and present.

468

: 00:26:23

Typically there's a response.

469

: 00:26:25

So for communication, I read myself 4.5

over five and I also communicate better.

470

: 00:26:30

And lastly I have some answer.

471

: 00:26:32

Like I told you what is in my mind and

vice versa must come into your mind.

472

: 00:26:37

And we must get feedback that we

got what the other party was saying.

473

: 00:26:41

That is when communication has happened.

474

: 00:26:43

And I understand the nuances

and communication is the

475

: 00:26:47

biggest to adjust behavior.

476

: 00:26:49

Christophe Foulon: And how would you

describe the skill of influence and why

477

: 00:26:52

is it so important in cybersecurity?

478

: 00:26:55

David Adeoye Abodunrin: Influence

is very important influence.

479

: 00:26:57

In fact, one of the things I'm researching

now because crime as a service.

480

: 00:27:01

Has become big and crime as

a service will become big.

481

: 00:27:05

Second reason why I'm studying this,

the signs of influence and psychology

482

: 00:27:09

of influence in cybersecurity is

that criminal gangs are, have moved

483

: 00:27:13

into advanced persistent nature.

484

: 00:27:15

They morphed and now there's the

nature of advanced persistent rates,

485

: 00:27:19

and we say that organizations that

there are two kind of organizations,

486

: 00:27:22

those that have not been hacked, and

those that will be hacked eventually.

487

: 00:27:25

The other factor why influence

is important is that we

488

: 00:27:29

are having more energy.

489

: 00:27:31

And more order on the side of the

criminals and law enforcement is

490

: 00:27:34

trailing behind and litigation is also

trailing behind as a global trend.

491

: 00:27:38

So we need to begin to learn adversarial

influence strategies so that we can

492

: 00:27:44

go beyond just influencing our teams

to influencing the criminal behavior.

493

: 00:27:49

We should go to the point where we will

be able to do prescriptive analytics.

494

: 00:27:54

That will almost help us to know where

the crime will come from because the

495

: 00:27:59

tools that are gonna be available

to criminals from, I mean that's

496

: 00:28:03

been available since year 2020,

COVID-19 date, and that will begin.

497

: 00:28:08

There are people that commit

a thousand dollars a month.

498

: 00:28:11

They work and then you commit

a thousand dollars a month.

499

: 00:28:14

And they can, and 10 of them can come

together into hacking and exploring

500

: 00:28:18

breaches, and they're willing to commit

that kind of money for five years.

501

: 00:28:22

Trust me, if they keep at it and

hire professionals and they're

502

: 00:28:26

not go into crime as a service,

they'll begin to succeed.

503

: 00:28:28

So how do we begin from a security

standpoint to influence criminal behavior?

504

: 00:28:34

What are the technologies that we.

505

: 00:28:36

Help us to lead them

in a certain direction.

506

: 00:28:39

And that's so that's an

area that's a niche area.

507

: 00:28:42

Adversarial influence management, where

we are able to use influence tactics so

508

: 00:28:46

that we will be able to cage crime, for

example, the concept of the corporate

509

: 00:28:50

cul-de-sac, where you actually create

vulnerabilities within your system.

510

: 00:28:54

wIndows is not to be doing that right now.

511

: 00:28:56

I think Azure has started and Amazon,

but you create, you, you create spaces

512

: 00:29:01

in the cloud where they, where some

data will be thrown at the guys so

513

: 00:29:04

that they can come at it, and then we

use that to isolate that place and use

514

: 00:29:08

it like a lab to study the intrusion.

515

: 00:29:10

And what they're trying to do

and cage all the influence.

516

: 00:29:13

Influence will be in the future, very

important for cybersecurity leadership

517

: 00:29:17

because it's a useful adversarial tool.

518

: 00:29:20

It'll be a useful counter

intelligence tool.

519

: 00:29:24

And another one is when you are

beginning to have anti forensics.

520

: 00:29:28

wHen criminals starts from

understanding for forensics.

521

: 00:29:31

They understand cyber forensics,

so they start designing the crime

522

: 00:29:36

with the view to be OB, oblivious

or transparent so that they're

523

: 00:29:41

like water or you can't even plant.

524

: 00:29:43

So that our forensics process and tools

can't even capture their existence.

525

: 00:29:48

So we need to go influence.

526

: 00:29:51

Because now and then they

go anti because, okay.

527

: 00:29:53

So we discovered that

they're anti forensic.

528

: 00:29:55

Okay.

529

: 00:29:57

Okay.

530

: 00:29:57

Okay.

531

: 00:29:58

Yep.

532

: 00:29:58

Can I go on.

533

: 00:29:59

So we discovered that they're

anti forensic, so we do new tools.

534

: 00:30:04

So it is anti when you catch,

when you find a new way, the

535

: 00:30:07

criminal fights another way.

536

: 00:30:08

So when you're going anti

forensic, we may begin to think

537

: 00:30:11

about influence engineering.

538

: 00:30:13

Where we begin to engineer tools and

techniques specifically deliberately

539

: 00:30:17

to begin to influence the behavior

of the nature of the crime and

540

: 00:30:21

how the criminal gangs are ring

themselves because of anti forensic.

541

: 00:30:25

The other thing is we would need

influence to inspire teams to do higher.

542

: 00:30:29

We need to challenge.

543

: 00:30:31

The blue teams or the internal

security teams and the red teams.

544

: 00:30:34

In this case, were everybody working

with us to do more because for every

545

: 00:30:38

single cyber security professional

there about three or four criminals

546

: 00:30:43

who are ready to, do an undo.

547

: 00:30:47

So we have to develop influence strategies

to break the human limit of our teams.

548

: 00:30:53

And make them superheroes and,

create bigger solutions that

549

: 00:30:58

will keep all of us safer.

550

: 00:30:59

Because our infrastructures are going

to be exposed in the coming days.

551

: 00:31:03

We're getting connected

in connected cities.

552

: 00:31:05

We're seeing water systems, and

sewage systems with just a single

553

: 00:31:08

line of code being breached together,

where a whole community found their

554

: 00:31:13

sewage going into their water.

555

: 00:31:14

Plan that was processed because

somebody got into a computer

556

: 00:31:17

system and opened a gateway.

557

: 00:31:19

So we need to find a way of

influencing our teams to become

558

: 00:31:24

far more cyber resilient and go

anti-fragile, which is the upper

559

: 00:31:30

limit of human response to incidents.

560

: 00:31:33

Christophe Foulon: Okay.

561

: 00:31:34

Another topic that I like to bring up.

562

: 00:31:36

Is the concept of networking,

but not networking like we, we

563

: 00:31:41

started our conversation with in

telecom, but networking with people.

564

: 00:31:45

Why is that such a critical

skill for cybersecurity leaders?

565

: 00:31:49

David Adeoye Abodunrin: Yeah,

because at which criminals are

566

: 00:31:51

going, again, they're networking.

567

: 00:31:55

There are websites now, not

even in the dark web, openly

568

: 00:31:58

where Windows vulnerabilities

are described and discussed.

569

: 00:32:01

If we don't have find ways of

positive networking, the cyber

570

: 00:32:06

criminals will always network

because if they make a single hit

571

: 00:32:10

hits, it's a big deal for everybody.

572

: 00:32:12

They understand the

idea of bounty sharing.

573

: 00:32:15

And it's a primitive way where criminals

want to rob one village, and by the

574

: 00:32:20

way, we are now a global village.

575

: 00:32:22

tHe village is strong if they're

attacking at individual times of the day.

576

: 00:32:27

But if they come at once, then

the village army is overwhelmed.

577

: 00:32:31

Now criminals are trying to

engineer that kind of, there are

578

: 00:32:34

hotbeds, some of them, to the point

that countries are now involved.

579

: 00:32:38

Are sponsoring state sponsored

cyber criminal activity,

580

: 00:32:42

state sponsored terrorism.

581

: 00:32:44

Now, we cannot just afford not to network.

582

: 00:32:47

In fact, regulatory organizations

both in the United States and the

583

: 00:32:51

United Kingdom and most of Europe.

584

: 00:32:54

Are now going cyber networking

as a regulatory demand.

585

: 00:32:57

For example, share information,

the obligation to share.

586

: 00:33:01

If something happens to your network,

please share because you're connected

587

: 00:33:04

to everybody one way or the other.

588

: 00:33:06

Just a memory stick in your

laptop can bring down a whole

589

: 00:33:11

nation's financial system.

590

: 00:33:12

It can bring down a old

nation's electrical system.

591

: 00:33:15

Please don't keep quiet.

592

: 00:33:17

And those are found.

593

: 00:33:18

So it's it's water.

594

: 00:33:19

It's the way water is to human life

or the way food is to existence.

595

: 00:33:25

As cybersecurity professionals,

we must network criminals are

596

: 00:33:28

networking and the power of

aggregation is beginning to play out.

597

: 00:33:31

We have no choice.

598

: 00:33:33

Chris, we have to network.

599

: 00:33:34

It'll be an anima to be a hacker.

600

: 00:33:37

You don't have a hacking group

or a hacking community where you

601

: 00:33:40

organize private hackathons and

you have hacking weekend hangouts.

602

: 00:33:45

You cannot be a GRC consultant

and not belong to a.

603

: 00:33:48

GLC group that does Friday

evening bear out, or Friday

604

: 00:33:52

evening, uh, sushi or dinner.

605

: 00:33:56

We must network and grow in

communities beyond the ordinary.

606

: 00:34:02

Of course the only challenge is that

communities a domic side on trust.

607

: 00:34:06

But the bigger problem is that trust

is not a very easy commodity to combat.

608

: 00:34:10

Cyber professionals are naturally

skeptical and paranoid as.

609

: 00:34:15

Christophe Foulon: Yes.

610

: 00:34:16

Yes.

611

: 00:34:16

That is true.

612

: 00:34:17

That is true.

613

: 00:34:18

A as we wrap up our podcast any

final advice that you would give

614

: 00:34:22

to future cybersecurity leaders?

615

: 00:34:24

David, I.

616

: 00:34:25

David Adeoye Abodunrin:

Yeah, the future is green.

617

: 00:34:27

Groom your leadership without demand.

618

: 00:34:30

Go for supply before.

619

: 00:34:32

The demand for it will come.

620

: 00:34:33

Meaning.

621

: 00:34:34

Supply yourself with knowledge.

622

: 00:34:36

Expose your mind.

623

: 00:34:38

Join networks, learn and prepare.

624

: 00:34:40

Your day will come.

625

: 00:34:41

We are in combat zone.

626

: 00:34:44

In cybersecurity today,

there is the traditional.

627

: 00:34:47

Council I would give was

the response of King David.

628

: 00:34:51

My possession is Christianity king

David as a young boy of about 18.

629

: 00:34:56

His father sent him that as the story

goes to go to the battlefront to check

630

: 00:35:00

his brothers up and give them some

provisions and some food and write

631

: 00:35:05

their his eldest brother Iab, who was

632

: 00:35:10

A much more stronger soldier.

633

: 00:35:11

And he was already known as

a war veteran, looked at him.

634

: 00:35:15

He said, I know your heart.

635

: 00:35:16

Who did you leave the ship with?

636

: 00:35:18

How come you are outside here and trying

to, look at the war you want to show off?

637

: 00:35:23

And David said to him,

is there not a course?

638

: 00:35:25

Many is are not a reason.

639

: 00:35:27

Seeing that these uncircumcised listings

are defiling the armies of Israel.

640

: 00:35:32

Forgive my reference to the Bible,

but that is a state we are in.

641

: 00:35:37

In cybersecurity, there

is a course, C-A-U-S-E.

642

: 00:35:41

There is a course and your day will come.

643

: 00:35:44

Every bit of knowledge and capacity

you grow as a professional will

644

: 00:35:49

eventually pay off the day of, pay off.

645

: 00:35:51

You won't be ready.

646

: 00:35:53

If you did not go to the gym every

day on the day of payoff, when your

647

: 00:35:57

specific type of cyber leadership, your

specific capacity will be required.

648

: 00:36:03

If you are not in the gym two hours a

day, three hours a day, you won't be

649

: 00:36:06

fit for battle, but your day will come.

650

: 00:36:10

Don't despair.

651

: 00:36:10

If you're looking for a job,

you're looking for a cybersecurity

652

: 00:36:13

role and engage Chris as a coach.

653

: 00:36:16

Subscribe to Chris's coaching program.

654

: 00:36:19

Engage him.

655

: 00:36:20

Give it 12 months, 24 months.

656

: 00:36:23

Let him guide you, for example, as

a cyber coach, or anyone around you,

657

: 00:36:27

or whoever you think, but engage

your muscles in advance because

658

: 00:36:32

the day of glory will still come.

659

: 00:36:35

Forgive me if I look

motivational or I sounded like a.

660

: 00:36:39

Christophe Foulon: Well, David,

thank you very much for joining us.

661

: 00:36:41

Really appreciate it.

662

: 00:36:43

And again, a reminder for those that

are listening, share with others.

663

: 00:36:47

'cause David said we

need a variety of people.

664

: 00:36:50

We need a variety of different

skills and everyone has their

665

: 00:36:54

skills that they can rely on.

666

: 00:36:56

And we, we need all sorts

of different leadership.

667

: 00:36:59

David, thank you very much.

668

: 00:37:00

David Adeoye Abodunrin:

Thanks a lot, Chris.

669

: 00:37:02

I appreciate thanks for having me and

thanks for the great work you're doing

670

: 00:37:05

in preparing leaders in the cyber realms.

671

: 00:37:08

We need more of you and

thank you so much for that.