full
Breaking into Cybersecurity Leadership - Ryan Cloutier
Breaking into Cybersecurity Leadership - Ryan Cloutier
Ryan Cloutier on Linkedin https://www.linkedin.com/in/ryan-cloutier/
Sponsored by CPF Coaching LLC - http://cpf-coaching.com
The Breaking into Cybersecurity: It’s a conversation about what they did before, why did they pivot into cyber, what the process was they went through Breaking Into Cybersecurity, how they keep up, and advice/tips/tricks along the way.
The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership and tips/tricks/advice from cybersecurity leaders.
This podcast runs on listener support and funding. Consider supporting this podcast:
https://breaking-into-cybersecurity.captivate.fm/support
Check out our books:
Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI
Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/
_________________________________________
About the hosts:
Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over ten years of experience as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach.
https://www.linkedin.com/in/christophefoulon/
Find out more about CPF-Coaching at https://www.cpf-coaching.com
- Website: https://www.cyberhubpodcast.com/breakingintocybersecurity
- Podcast: https://feeds.captivate.fm/breaking-into-cybersecurity/
- YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity
- Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/
- Twitter: https://twitter.com/BreakintoCyber
- Twitch: https://www.twitch.tv/breakingintocybersecurity
Transcript
Welcome to another episode of Breaking into Cybersecurity
2
:Leadership, where we develop the
leadership for the next generation.
3
:Today we have Ryan on who will be
sharing his experiences in cybersecurity
4
:leadership, as well as the things we can
do to help develop the next generation.
5
:Ryan, do you wanna give us a little
bit of background about yourself?
6
:Ryan Cloutier: Thanks
for having me on, Chris.
7
:Glad to be here.
8
:A little background about me.
9
:I've been doing this a long time
half of the gray hair from working in
10
:cybersecurity and trying to lead it.
11
:And the other half are
from raising a teenager.
12
:. Held a lot of roles throughout my career.
13
:Everything from, starting out
in help desk and just, working
14
:my way up through the ranks.
15
:Business intelligence, software
development systems, design,
16
:infrastructure, architecture, you name it.
17
:And at the end of the day,
cybersecurity, as we used to refer
18
:to it, information security was
19
:Kind of the thing that always emerged.
20
:And so as a hacker, if you will
the good kind, not the bad kind.
21
:Remember, hackers are curious people.
22
:The rest we call criminals
And per the shirt, I don't
23
:hack, I surprise administrate.
24
:Yeah I guess the most important part
about my journey isn't what I've done,
25
:but what I'm doing and why I am doing it.
26
:And that is to try to help, just like
you do, Chris, try to help folks get
27
:. Started in this industry, if they've
been in this industry for a while,
28
:try to find reasons to help 'em stay.
29
:You know what fascinates me about InfoSec
more than anything is the people side.
30
:So that's where I've spent my career.
31
:I've been the president of a company,
currently the Chief Visionary and
32
:Chief Information Security Officer
for an organization called Synap Tech.
33
:Yeah, . It's not really as
important about what I've done as
34
:much as what we're gonna do next.
35
:'cause as you and I both know 30
years of experience is becoming
36
:less and less relevant as we embark
on this kind of AI and quantum
37
:and organoid intelligence future.
38
:Christophe Foulon: So as you think
about that, as you think about all the
39
:growth in your career, why did you.
40
:Side to switch from being an individual
contributor and to helping to lead people.
41
:Ryan Cloutier: So I observed a vacuum.
42
:Leading people is very different . From
being an ic what I found was, as
43
:an individual contributor, I could
influence the work I was doing,
44
:but that was it, just that project.
45
:But if I wanted to have a greater
impact on the direction of a program
46
:or on the direction of an industry that
I had to get into leadership and so
47
:part of it was that movement
towards having a greater degree of
48
:involvement, insight, to a small degree
influence over direction of things.
49
:And the other was that the best investment
that I can make for the industry is
50
:not in a specific widget or specific
project, but is in, in helping share
51
:my experiences with other humans.
52
:Because that tends to scale further.
53
:So I know it's a bit of a fluffy answer,
but that's really what motivated me.
54
:Christophe Foulon: I think everyone
has their own reasonings for switching.
55
:And I think figuring out what
your reason is important for you.
56
:And the same for everyone listening.
57
:What motivates you will not
necessarily motivate someone else.
58
:So as a leader, have to figure out
what an individual or a group's
59
:motivation is to help drive them.
60
:What do you think are some of
the critical skills for being
61
:a cybersecurity leader today?
62
:Ryan Cloutier: I think the
number one skill is empathy.
63
:I think empathy is an important skill
from a leadership perspective for your
64
:team as well as those that are looking
to you to be the leader of that area.
65
:So if you think about your peers within
the boardroom, your peers within, the
66
:community they're looking to you to
provide that security leadership, right?
67
:And that goes beyond just what
to configure, how to configure,
68
:what products to buy, what's
in the incident response plan.
69
:I think . Honestly that for me,
security leaders have an obligation
70
:to also be part community leader.
71
:We have an understanding of this world,
this cybersecurity world that goes beyond
72
:what the average person understands.
73
:And all of us in this industry are
very aware of how at risk those
74
:individuals are and how fragile it is.
75
:So I think empathy is a huge skill.
76
:Communication is your number two.
77
:Effective communication, being able
to be relatable making the content
78
:and the topics accessible helps both
your team, but also who your team
79
:serves and the community that you
serve, by extension of your team.
80
:Christophe Foulon: So you talked about
some of the skills that we're gonna dive
81
:into, but let's start with delegation.
82
:How would you rate yourself
as a leader in delegation on a
83
:scale of one to five, and why?
84
:Ryan Cloutier: I would say I, I
could definitely do a better job.
85
:Depends on the trust.
86
:So it's a fluctuating schedule
or scale relative to the trust
87
:of what I'm handing off, right?
88
:So if I'm delegating something to get
done, I need to have a degree of comfort
89
:and confidence that the individual is
either capable of actually executing
90
:without assistance, or more importantly
that I have enough trust with them
91
:that if something does come up.
92
:That they come to me early.
93
:Because the hard part about delegation.
94
:So I would say I'm like
a three and a half.
95
:'cause the hard part is when I
hand it off, it's either gonna get
96
:done well or it's gonna blow up.
97
:And so I have to be comfortable that if
it does blow up, that'll be handled well.
98
:I think that's a challenge
for a lot of leaders, when you
99
:delegate something it's done.
100
:Hopefully with the assumption that you've
handed it off and it'll be done to a level
101
:of quality, professionalism, timeliness,
those attributes that you as a leader,
102
:have said, Hey, our brand is this.
103
:We're gonna deliver.
104
:I've been burned a few
times, so it's tough.
105
:It's definitely an area
that I struggle with.
106
:Christophe Foulon: I would say that
you have to be able to delegate
107
:and trust that they'll deliver at a
value that you look towards, but they
108
:can't be you and you have to provide
some room for them to fail and grow.
109
:Let's talk about another important
skill, the skill of collaboration.
110
:How would you rate yourself on a
scale of one to five on collaboration,
111
:and why is it such a critical skill?
112
:Ryan Cloutier: I like to think
of it more as cooperation.
113
:Little bit of a different angle to it.
114
:I would say five.
115
:The goal for me in a cooperative
environment because collaborating
116
:and cooperating are similar,
but different it's critical.
117
:You can't get any of
this done by yourself.
118
:So you absolutely have
to have that skillset.
119
:You have to be able to be able to
bring folks together, to get them to
120
:bring the value they have to the table
the alternate opinions approaches.
121
:All of that is, is absolutely required.
122
:But when you have those conflicting
moments, the better that you've
123
:created the environment for
cooperation and collaboration.
124
:I think the easier, when you do
have those conflicting opinions,
125
:those conflicting viewpoints on
how we want to go about getting
126
:something done, it's super important.
127
:But I would say it's a top skill.
128
:It's definitely something every
leader should be focused on.
129
:Should be encouraging the team to do more.
130
:And interdepartmental as well.
131
:Not just within our own houses,
within our own teams and departments,
132
:but truly co cooperating and
collaborating across the enterprise.
133
:and that really . Leads into
the next skill of communication.
134
:How do you rate yourself in communication
on a scale of one to five, and
135
:why is it such a critical skill?
136
:Thank God you're not asking my wife.
137
:'cause you'd get a different answer.
138
:I, I tend to think I'm a,
I'm an okay communicator.
139
:I think that, that's probably
one of my stronger skill sets.
140
:I.
141
:Is effective communication
because I take an approach of
142
:trying to make it relatable.
143
:It doesn't really matter what I know or
what I understand if I'm ineffective in
144
:getting the other individual to, to pick
up what I'm laying down or to, as my buddy
145
:likes to say, smell what I'm stepping in.
146
:It's . It's super important.
147
:Most conflict comes from communication
errors, most delays increased expenses.
148
:There is a, there is AP and LI know no
one's put it on the p and l, but there's
149
:AP and l number to the effectiveness
of communication in your organization
150
:and what it does to your bottom line.
151
:So I would say I rank
myself very high on it.
152
:But there's still always room
to improve because it is one
153
:of those interpersonal things.
154
:And so communication comes down to
the individual, and so the more time
155
:you take to get to understand their
communication styles, patterns, and
156
:needs, I think the more effective
you can be as a communicator.
157
:Christophe Foulon: One of the
skill skills you mentioned earlier
158
:was the skill of influence.
159
:Why is that such a critical
skill within cybersecurity?
160
:Ryan Cloutier: Because cybersecurity
is a team sport, and if nobody wants
161
:to play on your team, you're hosed.
162
:Because it's an influence game.
163
:It's a political game.
164
:Unfortunately, cybersecurity
has more to do with people and
165
:politics than it ever has to do
with ones and zeros and keyboards.
166
:So I think it's the, there's
a likability factor too.
167
:I'll say this this thought's forming here.
168
:I like to talk to people when it, when I'm
trying to train them on that likability
169
:factor, on that influence factor.
170
:And let's be honest, influence
starts with likability.
171
:Likability paired with trust.
172
:Trust and likability,
paired with competency.
173
:Generally is the secret formula, right?
174
:Know your stuff, be good at what you do,
and don't be an ass when you do it right?
175
:But when I talk to them, I talk about
the fact that if you're an IT person
176
:a lot of times the end consumer, and I
prefer that term to user, they're not
177
:drug addicts, they're computer users.
178
:So end consumer yeah, I know.
179
:We'll get into the cell
phone debate another day.
180
:But the.
181
:First interaction most of them have
had with, it was a curmudgeon one was
182
:a fast flying smash on the keyboard.
183
:Look at you like you're stupid.
184
:You ask what happened?
185
:They say you broke it.
186
:They get angry, they walk away.
187
:That's what people think
of when they think of it.
188
:And by extension, security.
189
:' cause that's.
190
:That trope doesn't come
from nowhere, right?
191
:We know that guy exists.
192
:That gal exists.
193
:We've all encountered them.
194
:Hell, some of us have been them.
195
:You have to overcome that barrier.
196
:The other thing you have to recognize
is you don't speak their language.
197
:You are literally
speaking a foreign tongue.
198
:It's like Klingon, you're fluent in
Klingon, but they don't speak it.
199
:I think that the getting through that and
finding common ground where you can be
200
:relatable and they see you as a person
beyond this nerd, this tech, this geek
201
:this whatever they've applied to you.
202
:And bottom line, it gets shit done.
203
:And I don't know if we need to go back and
beep that, but, bottom line, that's what
204
:likability and influence does for you.
205
:It actually gets things accomplished
and that's why it's so important.
206
:Christophe Foulon: In line
with likability, is networking.
207
:Why is networking such a critical
skill within cybersecurity?
208
:Ryan Cloutier: So Malcolm Gladwell and
for those of you that aren't familiar,
209
:Malcolm Gladwell is an amazing author.
210
:I'm a huge fan.
211
:I encourage you to read his books.
212
:He has some amazing insights.
213
:One of the things that, that
he points out is that the.
214
:World turns based on, I wanna say
it's around seven different kind of
215
:generalized categories of personality.
216
:And one of those key things is networking,
and it's the loose connections.
217
:That lead to the next big thing,
that lead to the next big job.
218
:It isn't the guy that you've spent
30 years talking to every single
219
:day that's gonna open that door.
220
:It's the person that you see
twice a year at a conference.
221
:You have a dinner now and again, you
have a phone call here and there.
222
:That individual is 90% more likely to
be the vehicle that you get that next
223
:lead, that next opportunity, that next
job, that next cool project to work on.
224
:So the bigger your network of those
individuals, the more you maintain
225
:that, the more likely, I can say
for myself many times in my career,
226
:I've called somebody that I haven't
spoken to in a year, maybe two.
227
:Just to say, Hey, how you doing?
228
:I said, what are you up to these days?
229
:I'm doing this what are you doing?
230
:I'm doing that.
231
:And before the call's done it's, oh
listen, we got a need for what you've got.
232
:Or we've or my buddy, I was just talking
to him and he's got a thing and let me
233
:go out and connect those dots for you.
234
:Especially, and that gets magnified.
235
:So I say that's true for all industries.
236
:Now in cybersecurity, it's magnified
because this is a closed knit group.
237
:It is not something you just walk
into, hence the podcast title, right?
238
:Breaking in.
239
:Why do you have to break in?
240
:Because there isn't an open, wide
open door that says, here, come on in.
241
:And really, the good
jobs never get posted.
242
:If the good jobs, they
don't ever get posted.
243
:It's all pre-negotiated back channel
who knows who, couple LinkedIn messages
244
:and if the job does get posted, it's
for legal reasons and it's usually
245
:only for a day and you can apply
to it, but you're not gonna get it.
246
:So that's why the
networking is so critical.
247
:And again, it's not who you know
the best or talk to the most.
248
:It's having enough of those folks with
that likability factor in your network.
249
:It's how you and I met, we met
via networking and we have gone
250
:on to do amazing things together.
251
:The C-I-S-S-P mentor program, right?
252
:That, that's an amazing thing that
we got a chance to do together,
253
:that we would've never had that
opportunity had it not been for some
254
:of that loose connection networking.
255
:Christophe Foulon: Yeah, and I've been
on your podcast, I don't know, five
256
:years ago, just after mine, and it's.
257
:It ever since.
258
:So as we approached the end,
what final advice would you give
259
:to future cybersecurity leaders
looking to become that leader in
260
:the industry or in their company?
261
:Ryan Cloutier: Spend more
time getting to know people.
262
:. , getting to know what your
people relate to, connect to.
263
:And then if you yourself can't keep
up, find an advisor who can make sure
264
:you have a conduit to the bleeding edge
because things are changing quickly
265
:and your relevance as a security
leader will be directly tied to your
266
:ability to navigate the next new thing.
267
:And in my experience, it's
very difficult to get into the
268
:day-to-Day running of a team.
269
:And all that comes with that.
270
:And being a CISO or being a
security leader in the org
271
:and also be able to keep up.
272
:I encourage you to have mentors
above you and below you.
273
:If you're over the age of 40 and
you don't have a 20 year old, you're
274
:talking to about things, get one.
275
:And if you're, if you're . If you're in
the age range, I am mid, mid, mid forties,
276
:talk to the old men before they go away.
277
:Talk to the old, the old women and the
folks that started the game, talk to them.
278
:They still have very valuable
information that isn't Googleable.
279
:Talk to those folks before they leave
so that you have some more to pass down.
280
:But also, again, keep
that youth underneath you.
281
:Because it's moving quick and you need to
understand how they see things as well.
282
:Christophe Foulon: That, that leads
to some, something I say all the time.
283
:Get the cheap experience, which is the
experiences from your network, what
284
:they learned, how they learned it.
285
:And that way you don't have to get
that scrape, but if you do, you
286
:already know how to react to it.
287
:It's not something new.
288
:Ryan Cloutier: Exactly.
289
:Christophe Foulon: So with
that being said, Ryan, I
290
:wanna thank you for coming on.
291
:Thank you for sharing your insights
and breaking into cybersecurity.
292
:Everyone else, thank you for listening
and please do share this podcast with
293
:others 'cause that's how we can spread
this message to a diverse group o of
294
:audiences, and have that diverse group be
interested in breaking into cybersecurity.