Breaking into Cybersecurity Leadership - Ryan Cloutier

Christophe Foulon: 00:00:23

Welcome to another episode of Breaking into Cybersecurity

2

: 00:00:26

Leadership, where we develop the

leadership for the next generation.

3

: 00:00:31

Today we have Ryan on who will be

sharing his experiences in cybersecurity

4

: 00:00:36

leadership, as well as the things we can

do to help develop the next generation.

5

: 00:00:41

Ryan, do you wanna give us a little

bit of background about yourself?

6

: 00:00:44

Ryan Cloutier: Thanks

for having me on, Chris.

7

: 00:00:45

Glad to be here.

8

: 00:00:46

A little background about me.

9

: 00:00:47

I've been doing this a long time

half of the gray hair from working in

10

: 00:00:51

cybersecurity and trying to lead it.

11

: 00:00:52

And the other half are

from raising a teenager.

12

: 00:00:55

. Held a lot of roles throughout my career.

13

: 00:00:57

Everything from, starting out

in help desk and just, working

14

: 00:01:00

my way up through the ranks.

15

: 00:01:01

Business intelligence, software

development systems, design,

16

: 00:01:04

infrastructure, architecture, you name it.

17

: 00:01:07

And at the end of the day,

cybersecurity, as we used to refer

18

: 00:01:11

to it, information security was

19

: 00:01:14

Kind of the thing that always emerged.

20

: 00:01:15

And so as a hacker, if you will

the good kind, not the bad kind.

21

: 00:01:19

Remember, hackers are curious people.

22

: 00:01:22

The rest we call criminals

And per the shirt, I don't

23

: 00:01:25

hack, I surprise administrate.

24

: 00:01:27

Yeah I guess the most important part

about my journey isn't what I've done,

25

: 00:01:32

but what I'm doing and why I am doing it.

26

: 00:01:35

And that is to try to help, just like

you do, Chris, try to help folks get

27

: 00:01:39

. Started in this industry, if they've

been in this industry for a while,

28

: 00:01:44

try to find reasons to help 'em stay.

29

: 00:01:46

You know what fascinates me about InfoSec

more than anything is the people side.

30

: 00:01:51

So that's where I've spent my career.

31

: 00:01:52

I've been the president of a company,

currently the Chief Visionary and

32

: 00:01:57

Chief Information Security Officer

for an organization called Synap Tech.

33

: 00:02:01

Yeah, . It's not really as

important about what I've done as

34

: 00:02:03

much as what we're gonna do next.

35

: 00:02:05

'cause as you and I both know 30

years of experience is becoming

36

: 00:02:09

less and less relevant as we embark

on this kind of AI and quantum

37

: 00:02:14

and organoid intelligence future.

38

: 00:02:16

Christophe Foulon: So as you think

about that, as you think about all the

39

: 00:02:19

growth in your career, why did you.

40

: 00:02:21

Side to switch from being an individual

contributor and to helping to lead people.

41

: 00:02:26

Ryan Cloutier: So I observed a vacuum.

42

: 00:02:28

Leading people is very different . From

being an ic what I found was, as

43

: 00:02:34

an individual contributor, I could

influence the work I was doing,

44

: 00:02:38

but that was it, just that project.

45

: 00:02:41

But if I wanted to have a greater

impact on the direction of a program

46

: 00:02:45

or on the direction of an industry that

I had to get into leadership and so

47

: 00:02:50

part of it was that movement

towards having a greater degree of

48

: 00:02:55

involvement, insight, to a small degree

influence over direction of things.

49

: 00:03:00

And the other was that the best investment

that I can make for the industry is

50

: 00:03:06

not in a specific widget or specific

project, but is in, in helping share

51

: 00:03:12

my experiences with other humans.

52

: 00:03:14

Because that tends to scale further.

53

: 00:03:17

So I know it's a bit of a fluffy answer,

but that's really what motivated me.

54

: 00:03:21

Christophe Foulon: I think everyone

has their own reasonings for switching.

55

: 00:03:25

And I think figuring out what

your reason is important for you.

56

: 00:03:29

And the same for everyone listening.

57

: 00:03:32

What motivates you will not

necessarily motivate someone else.

58

: 00:03:35

So as a leader, have to figure out

what an individual or a group's

59

: 00:03:40

motivation is to help drive them.

60

: 00:03:42

What do you think are some of

the critical skills for being

61

: 00:03:46

a cybersecurity leader today?

62

: 00:03:47

Ryan Cloutier: I think the

number one skill is empathy.

63

: 00:03:49

I think empathy is an important skill

from a leadership perspective for your

64

: 00:03:54

team as well as those that are looking

to you to be the leader of that area.

65

: 00:03:59

So if you think about your peers within

the boardroom, your peers within, the

66

: 00:04:03

community they're looking to you to

provide that security leadership, right?

67

: 00:04:07

And that goes beyond just what

to configure, how to configure,

68

: 00:04:11

what products to buy, what's

in the incident response plan.

69

: 00:04:14

I think . Honestly that for me,

security leaders have an obligation

70

: 00:04:19

to also be part community leader.

71

: 00:04:22

We have an understanding of this world,

this cybersecurity world that goes beyond

72

: 00:04:28

what the average person understands.

73

: 00:04:30

And all of us in this industry are

very aware of how at risk those

74

: 00:04:35

individuals are and how fragile it is.

75

: 00:04:37

So I think empathy is a huge skill.

76

: 00:04:39

Communication is your number two.

77

: 00:04:41

Effective communication, being able

to be relatable making the content

78

: 00:04:47

and the topics accessible helps both

your team, but also who your team

79

: 00:04:53

serves and the community that you

serve, by extension of your team.

80

: 00:04:56

Christophe Foulon: So you talked about

some of the skills that we're gonna dive

81

: 00:04:59

into, but let's start with delegation.

82

: 00:05:03

How would you rate yourself

as a leader in delegation on a

83

: 00:05:08

scale of one to five, and why?

84

: 00:05:10

Ryan Cloutier: I would say I, I

could definitely do a better job.

85

: 00:05:13

Depends on the trust.

86

: 00:05:15

So it's a fluctuating schedule

or scale relative to the trust

87

: 00:05:20

of what I'm handing off, right?

88

: 00:05:21

So if I'm delegating something to get

done, I need to have a degree of comfort

89

: 00:05:25

and confidence that the individual is

either capable of actually executing

90

: 00:05:32

without assistance, or more importantly

that I have enough trust with them

91

: 00:05:37

that if something does come up.

92

: 00:05:39

That they come to me early.

93

: 00:05:40

Because the hard part about delegation.

94

: 00:05:43

So I would say I'm like

a three and a half.

95

: 00:05:45

'cause the hard part is when I

hand it off, it's either gonna get

96

: 00:05:49

done well or it's gonna blow up.

97

: 00:05:51

And so I have to be comfortable that if

it does blow up, that'll be handled well.

98

: 00:05:56

I think that's a challenge

for a lot of leaders, when you

99

: 00:05:58

delegate something it's done.

100

: 00:06:00

Hopefully with the assumption that you've

handed it off and it'll be done to a level

101

: 00:06:04

of quality, professionalism, timeliness,

those attributes that you as a leader,

102

: 00:06:10

have said, Hey, our brand is this.

103

: 00:06:12

We're gonna deliver.

104

: 00:06:13

I've been burned a few

times, so it's tough.

105

: 00:06:16

It's definitely an area

that I struggle with.

106

: 00:06:17

Christophe Foulon: I would say that

you have to be able to delegate

107

: 00:06:21

and trust that they'll deliver at a

value that you look towards, but they

108

: 00:06:27

can't be you and you have to provide

some room for them to fail and grow.

109

: 00:06:31

Let's talk about another important

skill, the skill of collaboration.

110

: 00:06:35

How would you rate yourself on a

scale of one to five on collaboration,

111

: 00:06:39

and why is it such a critical skill?

112

: 00:06:41

Ryan Cloutier: I like to think

of it more as cooperation.

113

: 00:06:44

Little bit of a different angle to it.

114

: 00:06:46

I would say five.

115

: 00:06:47

The goal for me in a cooperative

environment because collaborating

116

: 00:06:52

and cooperating are similar,

but different it's critical.

117

: 00:06:56

You can't get any of

this done by yourself.

118

: 00:06:58

So you absolutely have

to have that skillset.

119

: 00:07:01

You have to be able to be able to

bring folks together, to get them to

120

: 00:07:06

bring the value they have to the table

the alternate opinions approaches.

121

: 00:07:12

All of that is, is absolutely required.

122

: 00:07:15

But when you have those conflicting

moments, the better that you've

123

: 00:07:19

created the environment for

cooperation and collaboration.

124

: 00:07:23

I think the easier, when you do

have those conflicting opinions,

125

: 00:07:26

those conflicting viewpoints on

how we want to go about getting

126

: 00:07:29

something done, it's super important.

127

: 00:07:32

But I would say it's a top skill.

128

: 00:07:34

It's definitely something every

leader should be focused on.

129

: 00:07:38

Should be encouraging the team to do more.

130

: 00:07:41

And interdepartmental as well.

131

: 00:07:43

Not just within our own houses,

within our own teams and departments,

132

: 00:07:46

but truly co cooperating and

collaborating across the enterprise.

133

: 00:07:50

and that really . Leads into

the next skill of communication.

134

: 00:07:55

How do you rate yourself in communication

on a scale of one to five, and

135

: 00:08:01

why is it such a critical skill?

136

: 00:08:03

Thank God you're not asking my wife.

137

: 00:08:05

'cause you'd get a different answer.

138

: 00:08:06

I, I tend to think I'm a,

I'm an okay communicator.

139

: 00:08:09

I think that, that's probably

one of my stronger skill sets.

140

: 00:08:12

I.

141

: 00:08:13

Is effective communication

because I take an approach of

142

: 00:08:16

trying to make it relatable.

143

: 00:08:18

It doesn't really matter what I know or

what I understand if I'm ineffective in

144

: 00:08:23

getting the other individual to, to pick

up what I'm laying down or to, as my buddy

145

: 00:08:29

likes to say, smell what I'm stepping in.

146

: 00:08:31

It's . It's super important.

147

: 00:08:33

Most conflict comes from communication

errors, most delays increased expenses.

148

: 00:08:40

There is a, there is AP and LI know no

one's put it on the p and l, but there's

149

: 00:08:44

AP and l number to the effectiveness

of communication in your organization

150

: 00:08:47

and what it does to your bottom line.

151

: 00:08:49

So I would say I rank

myself very high on it.

152

: 00:08:53

But there's still always room

to improve because it is one

153

: 00:08:56

of those interpersonal things.

154

: 00:08:57

And so communication comes down to

the individual, and so the more time

155

: 00:09:02

you take to get to understand their

communication styles, patterns, and

156

: 00:09:06

needs, I think the more effective

you can be as a communicator.

157

: 00:09:10

Christophe Foulon: One of the

skill skills you mentioned earlier

158

: 00:09:12

was the skill of influence.

159

: 00:09:15

Why is that such a critical

skill within cybersecurity?

160

: 00:09:18

Ryan Cloutier: Because cybersecurity

is a team sport, and if nobody wants

161

: 00:09:21

to play on your team, you're hosed.

162

: 00:09:23

Because it's an influence game.

163

: 00:09:25

It's a political game.

164

: 00:09:27

Unfortunately, cybersecurity

has more to do with people and

165

: 00:09:30

politics than it ever has to do

with ones and zeros and keyboards.

166

: 00:09:34

So I think it's the, there's

a likability factor too.

167

: 00:09:38

I'll say this this thought's forming here.

168

: 00:09:40

I like to talk to people when it, when I'm

trying to train them on that likability

169

: 00:09:45

factor, on that influence factor.

170

: 00:09:46

And let's be honest, influence

starts with likability.

171

: 00:09:50

Likability paired with trust.

172

: 00:09:52

Trust and likability,

paired with competency.

173

: 00:09:55

Generally is the secret formula, right?

174

: 00:09:58

Know your stuff, be good at what you do,

and don't be an ass when you do it right?

175

: 00:10:03

But when I talk to them, I talk about

the fact that if you're an IT person

176

: 00:10:07

a lot of times the end consumer, and I

prefer that term to user, they're not

177

: 00:10:11

drug addicts, they're computer users.

178

: 00:10:14

So end consumer yeah, I know.

179

: 00:10:15

We'll get into the cell

phone debate another day.

180

: 00:10:17

But the.

181

: 00:10:19

First interaction most of them have

had with, it was a curmudgeon one was

182

: 00:10:24

a fast flying smash on the keyboard.

183

: 00:10:26

Look at you like you're stupid.

184

: 00:10:28

You ask what happened?

185

: 00:10:29

They say you broke it.

186

: 00:10:30

They get angry, they walk away.

187

: 00:10:31

That's what people think

of when they think of it.

188

: 00:10:33

And by extension, security.

189

: 00:10:35

' cause that's.

190

: 00:10:36

That trope doesn't come

from nowhere, right?

191

: 00:10:38

We know that guy exists.

192

: 00:10:39

That gal exists.

193

: 00:10:40

We've all encountered them.

194

: 00:10:41

Hell, some of us have been them.

195

: 00:10:43

You have to overcome that barrier.

196

: 00:10:44

The other thing you have to recognize

is you don't speak their language.

197

: 00:10:47

You are literally

speaking a foreign tongue.

198

: 00:10:50

It's like Klingon, you're fluent in

Klingon, but they don't speak it.

199

: 00:10:54

I think that the getting through that and

finding common ground where you can be

200

: 00:11:01

relatable and they see you as a person

beyond this nerd, this tech, this geek

201

: 00:11:07

this whatever they've applied to you.

202

: 00:11:09

And bottom line, it gets shit done.

203

: 00:11:11

And I don't know if we need to go back and

beep that, but, bottom line, that's what

204

: 00:11:15

likability and influence does for you.

205

: 00:11:17

It actually gets things accomplished

and that's why it's so important.

206

: 00:11:21

Christophe Foulon: In line

with likability, is networking.

207

: 00:11:24

Why is networking such a critical

skill within cybersecurity?

208

: 00:11:28

Ryan Cloutier: So Malcolm Gladwell and

for those of you that aren't familiar,

209

: 00:11:31

Malcolm Gladwell is an amazing author.

210

: 00:11:34

I'm a huge fan.

211

: 00:11:35

I encourage you to read his books.

212

: 00:11:36

He has some amazing insights.

213

: 00:11:39

One of the things that, that

he points out is that the.

214

: 00:11:43

World turns based on, I wanna say

it's around seven different kind of

215

: 00:11:48

generalized categories of personality.

216

: 00:11:51

And one of those key things is networking,

and it's the loose connections.

217

: 00:11:55

That lead to the next big thing,

that lead to the next big job.

218

: 00:11:59

It isn't the guy that you've spent

30 years talking to every single

219

: 00:12:02

day that's gonna open that door.

220

: 00:12:04

It's the person that you see

twice a year at a conference.

221

: 00:12:08

You have a dinner now and again, you

have a phone call here and there.

222

: 00:12:11

That individual is 90% more likely to

be the vehicle that you get that next

223

: 00:12:17

lead, that next opportunity, that next

job, that next cool project to work on.

224

: 00:12:22

So the bigger your network of those

individuals, the more you maintain

225

: 00:12:27

that, the more likely, I can say

for myself many times in my career,

226

: 00:12:31

I've called somebody that I haven't

spoken to in a year, maybe two.

227

: 00:12:35

Just to say, Hey, how you doing?

228

: 00:12:37

I said, what are you up to these days?

229

: 00:12:38

I'm doing this what are you doing?

230

: 00:12:39

I'm doing that.

231

: 00:12:40

And before the call's done it's, oh

listen, we got a need for what you've got.

232

: 00:12:45

Or we've or my buddy, I was just talking

to him and he's got a thing and let me

233

: 00:12:48

go out and connect those dots for you.

234

: 00:12:50

Especially, and that gets magnified.

235

: 00:12:52

So I say that's true for all industries.

236

: 00:12:54

Now in cybersecurity, it's magnified

because this is a closed knit group.

237

: 00:13:00

It is not something you just walk

into, hence the podcast title, right?

238

: 00:13:05

Breaking in.

239

: 00:13:06

Why do you have to break in?

240

: 00:13:07

Because there isn't an open, wide

open door that says, here, come on in.

241

: 00:13:12

And really, the good

jobs never get posted.

242

: 00:13:16

If the good jobs, they

don't ever get posted.

243

: 00:13:18

It's all pre-negotiated back channel

who knows who, couple LinkedIn messages

244

: 00:13:24

and if the job does get posted, it's

for legal reasons and it's usually

245

: 00:13:27

only for a day and you can apply

to it, but you're not gonna get it.

246

: 00:13:32

So that's why the

networking is so critical.

247

: 00:13:35

And again, it's not who you know

the best or talk to the most.

248

: 00:13:39

It's having enough of those folks with

that likability factor in your network.

249

: 00:13:44

It's how you and I met, we met

via networking and we have gone

250

: 00:13:49

on to do amazing things together.

251

: 00:13:51

The C-I-S-S-P mentor program, right?

252

: 00:13:53

That, that's an amazing thing that

we got a chance to do together,

253

: 00:13:57

that we would've never had that

opportunity had it not been for some

254

: 00:14:01

of that loose connection networking.

255

: 00:14:03

Christophe Foulon: Yeah, and I've been

on your podcast, I don't know, five

256

: 00:14:07

years ago, just after mine, and it's.

257

: 00:14:10

It ever since.

258

: 00:14:11

So as we approached the end,

what final advice would you give

259

: 00:14:15

to future cybersecurity leaders

looking to become that leader in

260

: 00:14:21

the industry or in their company?

261

: 00:14:23

Ryan Cloutier: Spend more

time getting to know people.

262

: 00:14:26

. , getting to know what your

people relate to, connect to.

263

: 00:14:30

And then if you yourself can't keep

up, find an advisor who can make sure

264

: 00:14:36

you have a conduit to the bleeding edge

because things are changing quickly

265

: 00:14:41

and your relevance as a security

leader will be directly tied to your

266

: 00:14:46

ability to navigate the next new thing.

267

: 00:14:48

And in my experience, it's

very difficult to get into the

268

: 00:14:52

day-to-Day running of a team.

269

: 00:14:54

And all that comes with that.

270

: 00:14:55

And being a CISO or being a

security leader in the org

271

: 00:14:59

and also be able to keep up.

272

: 00:15:00

I encourage you to have mentors

above you and below you.

273

: 00:15:04

If you're over the age of 40 and

you don't have a 20 year old, you're

274

: 00:15:07

talking to about things, get one.

275

: 00:15:10

And if you're, if you're . If you're in

the age range, I am mid, mid, mid forties,

276

: 00:15:15

talk to the old men before they go away.

277

: 00:15:17

Talk to the old, the old women and the

folks that started the game, talk to them.

278

: 00:15:22

They still have very valuable

information that isn't Googleable.

279

: 00:15:27

Talk to those folks before they leave

so that you have some more to pass down.

280

: 00:15:32

But also, again, keep

that youth underneath you.

281

: 00:15:35

Because it's moving quick and you need to

understand how they see things as well.

282

: 00:15:38

Christophe Foulon: That, that leads

to some, something I say all the time.

283

: 00:15:41

Get the cheap experience, which is the

experiences from your network, what

284

: 00:15:46

they learned, how they learned it.

285

: 00:15:48

And that way you don't have to get

that scrape, but if you do, you

286

: 00:15:53

already know how to react to it.

287

: 00:15:55

It's not something new.

288

: 00:15:56

Ryan Cloutier: Exactly.

289

: 00:15:57

Christophe Foulon: So with

that being said, Ryan, I

290

: 00:15:59

wanna thank you for coming on.

291

: 00:16:01

Thank you for sharing your insights

and breaking into cybersecurity.

292

: 00:16:05

Everyone else, thank you for listening

and please do share this podcast with

293

: 00:16:09

others 'cause that's how we can spread

this message to a diverse group o of

294

: 00:16:15

audiences, and have that diverse group be

interested in breaking into cybersecurity.