1 00:00:02,940 --> 00:00:05,820 Narrator: You're listening to the Humans of DevOps Podcast, a 2 00:00:05,820 --> 00:00:09,450 podcast focused on advancing the humans of DevOps through skills, 3 00:00:09,480 --> 00:00:13,800 knowledge, ideas and learning, or the SKIL framework. 4 00:00:17,070 --> 00:00:19,200 Dr. Nikki Robinson: You know, it can be it was almost there was 5 00:00:19,230 --> 00:00:22,740 this friction between IT and security. And then when I got 6 00:00:22,740 --> 00:00:24,990 really interested in specifically vulnerability 7 00:00:24,990 --> 00:00:28,560 management and sort of made the hop over to security, I started 8 00:00:28,560 --> 00:00:31,650 seeing those same patterns but from the security side. 9 00:00:33,970 --> 00:00:37,600 Eveline Oehrlich: Welcome to Humans of DevOps Podcast. I'm 10 00:00:37,600 --> 00:00:42,040 Eveline Oehrilch, Chief Research Officer at DevOps Institute. Our 11 00:00:42,040 --> 00:00:46,270 topic today is focused on Cybersecurity: What You Should 12 00:00:46,270 --> 00:00:52,300 Know. Today we have with us Dr. Nikki Robinson. Let me give you 13 00:00:52,450 --> 00:00:56,830 a little bit about Nikki and her background. I of course, did 14 00:00:57,100 --> 00:01:01,870 some digging into what she has done and give me some time. So 15 00:01:01,870 --> 00:01:06,910 Dr. Robinson, earned a Doctor of Science in cybersecurity has 16 00:01:06,910 --> 00:01:11,470 several industry certifications and is a security architect at 17 00:01:11,500 --> 00:01:16,000 IBM right now and also an adjunct professor. She has more 18 00:01:16,000 --> 00:01:19,570 than 10 years of experience in IT Ops. So Nikki that we have in 19 00:01:19,570 --> 00:01:23,170 common before moving into the security field about three years 20 00:01:23,170 --> 00:01:28,390 ago. She studied vulnerability chaining concepts and completed 21 00:01:28,390 --> 00:01:33,340 her PhD in human factors to combine psychological and 22 00:01:33,340 --> 00:01:38,140 technical aspects to improve security programs. She has a 23 00:01:38,140 --> 00:01:41,710 passion for teaching, obviously, yes, she's an adjunct and 24 00:01:41,740 --> 00:01:45,490 mentoring others on risk management, network defense 25 00:01:45,490 --> 00:01:49,540 strategies, and digital forensics and incident response. 26 00:01:50,470 --> 00:01:53,320 As I said, she's a security architect and has technical 27 00:01:53,320 --> 00:01:56,800 experience and continuous monitoring, risk management, 28 00:01:56,800 --> 00:02:01,030 digital forensics and incident response. She is a speaker at 29 00:02:01,030 --> 00:02:04,360 many conferences on a variety of topics from human factor 30 00:02:04,360 --> 00:02:08,680 security, engineering, malicious website, Grant, graphing and Dev 31 00:02:08,680 --> 00:02:13,300 SecOps. She's also the co host of a podcast titled Resilient 32 00:02:13,300 --> 00:02:17,530 Cyber Podcast with the goal to discuss variety of cybersecurity 33 00:02:17,530 --> 00:02:21,610 and it with many, many subject experts, and many of you might 34 00:02:21,640 --> 00:02:25,990 have listened to her podcast. Finally, one more important 35 00:02:25,990 --> 00:02:30,580 thing. She is a volunteer speaking for InfraGard also 36 00:02:30,610 --> 00:02:35,860 Women in Cyber Chapters, which is why size I think Information 37 00:02:35,860 --> 00:02:41,230 Systems Security Association, which is ISSA, and Cyber Jitsu 38 00:02:41,260 --> 00:02:44,470 Organization, welcome to our podcast. Nikki, 39 00:02:45,470 --> 00:02:47,120 Dr. Nikki Robinson: Thank you so much for having me today. 40 00:02:47,960 --> 00:02:51,080 Eveline Oehrlich: Very excited that you're here. Now, the first 41 00:02:51,080 --> 00:02:56,630 thing you have to talk about is Cyber Jutsu. Can you help me on 42 00:02:56,630 --> 00:02:57,110 that one? 43 00:02:57,860 --> 00:02:59,960 Dr. Nikki Robinson: Sure. Yeah, this is actually a this is a 44 00:02:59,960 --> 00:03:05,660 great organization that they their focus is really a to focus 45 00:03:05,660 --> 00:03:09,890 on getting women into the cybersecurity field. So they're 46 00:03:09,890 --> 00:03:13,940 working to close the gender gap. They're trying to help mentor 47 00:03:13,940 --> 00:03:17,930 young women to get into cybersecurity. And they host all 48 00:03:17,930 --> 00:03:22,520 kinds of events, they do webinars, they do workshops on 49 00:03:22,520 --> 00:03:25,400 everything from Python Programming, and then they do 50 00:03:25,400 --> 00:03:29,990 cyber competitions and capture the flags or CTFs. So they do a 51 00:03:29,990 --> 00:03:33,590 lot of different events to sort of help help encourage young 52 00:03:33,590 --> 00:03:37,580 women to get into cybersecurity. And and they host a lot of 53 00:03:37,580 --> 00:03:38,720 conferences as well. 54 00:03:39,710 --> 00:03:41,810 Eveline Oehrlich: Are they global? Or are they are also 55 00:03:41,810 --> 00:03:42,770 regional events? 56 00:03:43,730 --> 00:03:46,130 Dr. Nikki Robinson: I think I believe both. I know that they 57 00:03:46,130 --> 00:03:48,560 do a lot of regional because I think they have different 58 00:03:48,560 --> 00:03:53,210 chapters, sort of like women in cyber or Rhesus. But But yeah, 59 00:03:53,210 --> 00:03:54,980 so they do have a lot of regional events. 60 00:03:55,160 --> 00:03:57,440 Eveline Oehrlich: Okay, worth checking into. Super. Thank 61 00:03:57,440 --> 00:04:03,500 you.. So as you can imagine, when I did research on your, on 62 00:04:03,500 --> 00:04:07,610 your background, and what you do, and all, all the wonderful 63 00:04:07,610 --> 00:04:11,840 things you have been through and have been studying, and there 64 00:04:11,840 --> 00:04:14,540 was a lot of things I was like, Oh, I would love to talk to you 65 00:04:14,540 --> 00:04:17,540 about that. I would love to talk to you about that. But, of 66 00:04:17,540 --> 00:04:21,350 course, we cannot cover these all. So there are two key things 67 00:04:21,380 --> 00:04:25,670 we want to cover today. First, I want to dive a little bit into 68 00:04:25,670 --> 00:04:28,940 your book minds, the tech, the tech gap, addressing the 69 00:04:28,940 --> 00:04:33,710 conflicts between IT and security. And then second, of 70 00:04:33,710 --> 00:04:37,940 course, because I am a woman and I know we have some women on the 71 00:04:38,030 --> 00:04:41,780 on the show. I want to I want you to share your experience as 72 00:04:41,780 --> 00:04:45,650 women in technology. So those are the two things we're honing 73 00:04:45,650 --> 00:04:48,650 in. I hope you are ready for that. I know you are ready for 74 00:04:48,650 --> 00:04:53,150 that. Thank you. So let's get to the book first. I think that's 75 00:04:53,150 --> 00:04:56,060 the most important one because I think it was published in 76 00:04:56,090 --> 00:05:00,740 October of 22. So not that far, and not that long ago. As I 77 00:05:00,740 --> 00:05:05,090 said, the book was called, or is called Mind the tech gap, 78 00:05:05,330 --> 00:05:09,620 addressing the conflicts between IT and security. So first of 79 00:05:09,620 --> 00:05:14,240 all, congratulations to the application. Fantastic. I think 80 00:05:14,240 --> 00:05:17,540 I'm going to order it because that topic is something which is 81 00:05:17,570 --> 00:05:21,830 also I have something I've researched in my career over the 82 00:05:21,830 --> 00:05:26,300 years. Now in the book, you address, and I quote from the 83 00:05:26,300 --> 00:05:29,990 book from a book review, you're saying, or it says, the long 84 00:05:29,990 --> 00:05:34,850 standing challenges between it and cybersecurity teams, and 85 00:05:34,850 --> 00:05:37,460 you're exploring the different job functions, goals, 86 00:05:37,460 --> 00:05:41,210 relationships, and other factors that might impact how it and 87 00:05:41,210 --> 00:05:45,260 cyber security teams interact. Give us a little bit of an 88 00:05:45,290 --> 00:05:48,680 overview of the book, because I think there are some powerful 89 00:05:48,680 --> 00:05:52,190 things in there, which I would like people to kind of listen 90 00:05:52,190 --> 00:05:57,080 to. So enticing them to actually buy a book, and I'm not trying 91 00:05:57,080 --> 00:06:00,770 to sell your book, I think this is an important piece. Most 92 00:06:00,770 --> 00:06:05,450 folks have not even thought about, and I want you to do a 93 00:06:05,450 --> 00:06:06,500 little bit of a review. 94 00:06:07,550 --> 00:06:11,090 Dr. Nikki Robinson: Yeah, thank you,, it's funny, because I'd 95 00:06:11,090 --> 00:06:14,960 had this idea for this book for at least five years now, even 96 00:06:14,960 --> 00:06:19,550 before I got into cybersecurity. So when I was on the IT side of 97 00:06:19,550 --> 00:06:22,580 the house, you know, and working with sort of my security 98 00:06:22,580 --> 00:06:27,050 counterparts on assessments or audits, and literally sitting 99 00:06:27,050 --> 00:06:30,950 through four or five hour long meetings on, you know, security 100 00:06:30,950 --> 00:06:34,880 controls and configurations. And so I was sort of getting this 101 00:06:34,880 --> 00:06:38,810 idea of you it can be it was almost there was this friction 102 00:06:38,810 --> 00:06:41,480 between IT and security, because it was like, Oh, we're having 103 00:06:41,480 --> 00:06:43,940 another audit, or oh, we have another assessment or this or 104 00:06:43,940 --> 00:06:47,360 that, or all security does this or security does that. And then 105 00:06:47,420 --> 00:06:50,360 when I got really interested in specifically vulnerability 106 00:06:50,360 --> 00:06:53,960 management, and sort of made the hop over to security, I started 107 00:06:53,960 --> 00:06:57,110 seeing those same patterns. But from the security side, you 108 00:06:57,110 --> 00:07:00,680 know, seeing sort of the frustration, and the, it won't 109 00:07:00,680 --> 00:07:03,200 do this, or I'm trying to work with development, and we're 110 00:07:03,200 --> 00:07:05,390 trying to get this done. And it's difficult, or it's 111 00:07:05,390 --> 00:07:10,550 challenging. And so that was really what sort of even having 112 00:07:10,550 --> 00:07:12,950 that idea but coming into security and saying, Oh, I'm 113 00:07:12,950 --> 00:07:16,130 seeing this, you know, sort of this frustration and this 114 00:07:16,130 --> 00:07:19,160 friction from both sides. You know, we're both having 115 00:07:19,160 --> 00:07:22,310 challenges working with each other. And it's not because, you 116 00:07:22,310 --> 00:07:26,600 know, we both have important missions, we both have important 117 00:07:26,600 --> 00:07:29,750 goals, but most of the time, those are somewhat conflicting. 118 00:07:30,140 --> 00:07:33,980 So having teams that have conflicting goals and missions, 119 00:07:34,130 --> 00:07:37,460 makes it really challenging to, you know, sort of get together 120 00:07:37,460 --> 00:07:40,820 and make these things happen. And so that was really what 121 00:07:40,820 --> 00:07:43,640 spurred the the idea of the book, and I wanted to dive into 122 00:07:43,640 --> 00:07:48,020 sort of, from a historical context to what traditional job 123 00:07:48,020 --> 00:07:51,500 roles look like, you know, 20 years ago, and how we built, you 124 00:07:51,500 --> 00:07:56,600 know, IT teams and how they look now, and how that sort of plays 125 00:07:56,600 --> 00:08:00,530 into why relationships can sometimes be fractured between 126 00:08:00,530 --> 00:08:04,400 the teams, and ultimately, that that leads to concerns with 127 00:08:04,400 --> 00:08:06,530 risk, you know, and risk management and how do you how do 128 00:08:06,530 --> 00:08:09,350 you manage risk with the people that you know, need to work 129 00:08:09,350 --> 00:08:13,370 together? So that's really sort of the spirit of the book, and, 130 00:08:13,520 --> 00:08:18,170 you know, hoping to shed some light on why these challenges 131 00:08:18,170 --> 00:08:20,930 exist. And then, you know, at the end of the book, I provide 132 00:08:20,930 --> 00:08:23,390 sort of a roadmap for Hey, these are the questions you need to 133 00:08:23,390 --> 00:08:26,840 start asking yourself and your teams, depending on the type of 134 00:08:26,840 --> 00:08:28,040 job role that you have. 135 00:08:29,350 --> 00:08:31,300 Eveline Oehrlich: I love that last part, you said, I think 136 00:08:31,300 --> 00:08:36,760 that is essential for folks listening in having a roadmap to 137 00:08:36,760 --> 00:08:40,060 understand what what can they actually do that actionable 138 00:08:40,060 --> 00:08:43,210 advice, because sometimes, you know, there are books out there, 139 00:08:43,510 --> 00:08:47,230 and I'm done with it. And I put it aside and I'm thinking, Okay, 140 00:08:47,260 --> 00:08:52,780 now what? Yeah, right. It's like, okay, I'm not really sure 141 00:08:52,810 --> 00:08:56,110 I understand, but I don't know what so that is beautiful. Now, 142 00:08:56,470 --> 00:09:00,520 one thing you were under, in the book review, which talks about 143 00:09:00,520 --> 00:09:03,550 that also, of course, you are honing into into something 144 00:09:03,550 --> 00:09:07,660 called empathy, and emotional intelligence. And that is 145 00:09:07,660 --> 00:09:11,560 something which I have keen interest in, as I've done 146 00:09:11,560 --> 00:09:14,500 research for the DevOps Institute on upskilling for the 147 00:09:14,500 --> 00:09:19,150 past five years. And you would not be surprised that I tell you 148 00:09:19,150 --> 00:09:24,010 that the human skills, are there significant gaps there within 149 00:09:24,010 --> 00:09:28,780 it, and they don't go away these and they're particularly around, 150 00:09:29,020 --> 00:09:32,230 you know, having that empathy, having these inter interpersonal 151 00:09:32,230 --> 00:09:36,250 skills and really working and developing collaboration and 152 00:09:36,250 --> 00:09:40,600 coordination with others. So that is quite interesting. 153 00:09:40,630 --> 00:09:45,190 Interesting. And of course, there is action, which means 154 00:09:45,190 --> 00:09:48,400 people should upskill and human skills and we've been kinda like 155 00:09:48,400 --> 00:09:52,900 a preacher pin saying that, but why is it so hard? Why is it so 156 00:09:52,900 --> 00:09:57,220 hard for a reverse it people I'm an IT person, I think I have 157 00:09:57,220 --> 00:10:01,210 human skills plenty. And my kids would tell AMI you do, ma'am. 158 00:10:01,240 --> 00:10:05,560 But why is it so hard sometimes for folks in either on the 159 00:10:05,560 --> 00:10:09,490 security side or on the IT side, no matter what role to think 160 00:10:09,490 --> 00:10:16,090 about that human skill and and adding or working on them? What 161 00:10:16,090 --> 00:10:17,170 are your thoughts on that? 162 00:10:17,410 --> 00:10:19,630 Dr. Nikki Robinson: Yeah, I think it's such an important 163 00:10:19,630 --> 00:10:22,570 question to ask because and it's a question I started asking 164 00:10:22,570 --> 00:10:27,640 myself too, because I, you know, working in it, and security for 165 00:10:27,640 --> 00:10:31,750 almost 15 years now, it's one of those things I haven't seen as 166 00:10:31,750 --> 00:10:36,580 part of it programs, traditional IT, whether it's academic or 167 00:10:36,580 --> 00:10:40,660 certification programs, and insecurity as well, I know that 168 00:10:40,660 --> 00:10:43,900 there are some universities out there that teach emotional 169 00:10:43,900 --> 00:10:46,510 intelligence in their IT programs, but I think that's a 170 00:10:46,510 --> 00:10:50,890 newer thing. And I just haven't seen as many programs that tout, 171 00:10:51,220 --> 00:10:54,100 you know, emotion, emotional intelligence, empathy, 172 00:10:54,100 --> 00:10:58,330 relationship, building, all of those pieces that we need to 173 00:10:58,330 --> 00:11:01,120 sort of operate in these big teams and in these big 174 00:11:01,120 --> 00:11:04,960 organizations. So I think the first piece of it is sort of the 175 00:11:04,960 --> 00:11:08,770 education component, in that it's not really taught to us, 176 00:11:08,770 --> 00:11:10,660 you know, we're taught Python, and we're taught Pope 177 00:11:10,660 --> 00:11:13,150 programming, and we're taught, you know, SQL and all these 178 00:11:13,150 --> 00:11:15,460 other things, but we're not really taught well, what does 179 00:11:15,460 --> 00:11:19,540 that mean to somebody else? You know, if I'm on the IT side, or 180 00:11:19,540 --> 00:11:22,600 if I'm a developer, what does that mean to security? And I 181 00:11:22,600 --> 00:11:25,840 think it's really important on the security side, to have that 182 00:11:25,840 --> 00:11:29,770 understanding, and that empathy for what other teams are working 183 00:11:29,770 --> 00:11:33,250 on. Because if I can't speak to a developer and understand, you 184 00:11:33,250 --> 00:11:35,800 know, what they're going through, or what they need to 185 00:11:35,800 --> 00:11:38,380 do, you know, what their deadlines or requirements are, 186 00:11:38,440 --> 00:11:40,570 it's going to be really difficult to work together. So I 187 00:11:40,570 --> 00:11:43,300 think that's part of the challenges is we don't really 188 00:11:43,300 --> 00:11:47,050 have this educational component, it's, it's not a part of any 189 00:11:47,050 --> 00:11:49,900 certifications that I've at least seen, you know, this sort 190 00:11:49,900 --> 00:11:54,520 of emotional intelligence piece. And I've really, especially when 191 00:11:54,520 --> 00:11:57,190 I was doing research for the book really came across a lot of 192 00:11:57,190 --> 00:11:59,680 leadership and management books that talk about emotional 193 00:11:59,680 --> 00:12:03,940 intelligence. I had a really hard time finding anything out 194 00:12:03,940 --> 00:12:08,530 there, whether it was a book, or anything like that, that could 195 00:12:08,530 --> 00:12:11,290 be used as a textbook or used, you know, sort of as a guide 196 00:12:11,950 --> 00:12:14,110 that talks about emotional intelligence, really, for 197 00:12:14,110 --> 00:12:16,480 practitioners. You know, there's there's some stuff out there, 198 00:12:16,480 --> 00:12:19,210 but there really isn't a lot. And I think that that's, that's, 199 00:12:19,240 --> 00:12:22,570 you know, one of the biggest challenges is we encourage our 200 00:12:22,570 --> 00:12:25,270 technical people to go for certifications to go for 201 00:12:25,270 --> 00:12:28,090 technical certifications, you know, that that's a great thing. 202 00:12:28,300 --> 00:12:32,110 But we don't encourage them to apply empathy to what they're 203 00:12:32,110 --> 00:12:34,810 doing. And so I think that's, that's probably where that that 204 00:12:34,810 --> 00:12:35,980 gap came from. 205 00:12:36,700 --> 00:12:39,130 Eveline Oehrlich: Here, here, here, I'm hoping that my co 206 00:12:39,130 --> 00:12:42,580 partner is listening into this podcast. If not, I will point 207 00:12:42,580 --> 00:12:45,880 her for that, because we have been saying that we need to 208 00:12:45,880 --> 00:12:49,540 start figuring out how can we actually help our community 209 00:12:49,540 --> 00:12:54,340 members to expand on their existing human skills or build 210 00:12:54,340 --> 00:12:58,240 upon the ones they have? Or start working on if they don't 211 00:12:58,240 --> 00:13:02,050 think they have any? I think the other thing I was just speaking 212 00:13:02,050 --> 00:13:07,120 to Gallup CEO, he was talking about the engagement of 213 00:13:07,150 --> 00:13:12,250 individuals in the in a job well, today has been really, 214 00:13:12,250 --> 00:13:16,120 really low. But one of his points was that as we are 215 00:13:16,150 --> 00:13:19,660 lacking, or as we are not developing these human skills, 216 00:13:20,200 --> 00:13:24,850 work becomes less fun, not just because of its in cybersecurity, 217 00:13:24,850 --> 00:13:28,570 or its insecurity or in the DevOps, or wherever. But because 218 00:13:28,570 --> 00:13:32,050 it's so difficult to bridge across in, we can only talk 219 00:13:32,050 --> 00:13:34,840 tech, and we could talk processes, but we really don't 220 00:13:34,840 --> 00:13:38,980 have that connectability anymore. Mostly, maybe it's 221 00:13:38,980 --> 00:13:42,970 gotten worse, because of the pandemic. He was saying that 222 00:13:43,060 --> 00:13:46,300 they're doing a lot of work at the Gallup as well to start 223 00:13:46,810 --> 00:13:50,110 assessing and developing that. So it is a great opportunity for 224 00:13:50,110 --> 00:13:53,680 us. Thank you for that. All right, let's shift gears a 225 00:13:53,680 --> 00:13:57,100 little bit. The clock is always ticking when we have great 226 00:13:57,100 --> 00:13:59,530 conversation. So I want to switch a little bit towards the 227 00:13:59,530 --> 00:14:04,780 topic of cybersecurity. And particularly, where do you think 228 00:14:04,780 --> 00:14:09,130 it stands today, in terms of its priority from what you've seen? 229 00:14:09,190 --> 00:14:13,450 And from who you've been visiting with? Where does it 230 00:14:13,450 --> 00:14:17,890 stand in terms of priority in executives, leaders, investors 231 00:14:17,890 --> 00:14:22,300 and individual contributors? Because I think there is, at 232 00:14:22,300 --> 00:14:25,390 least from the research I've done, there might be a shift and 233 00:14:25,420 --> 00:14:28,750 which is good. But I was curious what your thoughts are on that. 234 00:14:29,590 --> 00:14:31,570 Dr. Nikki Robinson: Yeah, I would absolutely agree that 235 00:14:31,570 --> 00:14:34,240 there's been a shift and I think, a shift really in the 236 00:14:34,240 --> 00:14:37,270 last year. You know, I think this it all really sort of 237 00:14:37,270 --> 00:14:41,830 started with solar winds. You know, that? I think because it 238 00:14:41,830 --> 00:14:45,280 had so much media attention, you know, it wasn't just Oh, random 239 00:14:45,310 --> 00:14:48,700 data breach here or random cyber attack here. Solar Winds 240 00:14:48,730 --> 00:14:53,350 affected lots of different types of organizations, lots of 241 00:14:53,350 --> 00:14:57,790 different domains, and it became a business risk. You know, it 242 00:14:57,790 --> 00:15:01,450 wasn't just a cyber risk anymore or an incident It was, Oh, my 243 00:15:01,450 --> 00:15:04,510 business is in trouble. And not just from a security 244 00:15:04,510 --> 00:15:08,020 perspective, but a lot of the people that consumed and use 245 00:15:08,050 --> 00:15:13,780 SolarWinds were IT operations groups. And so it that of not 246 00:15:13,780 --> 00:15:16,150 having that tool in place, you know, having to find an 247 00:15:16,150 --> 00:15:19,300 alternative or not having visibility to your systems or, 248 00:15:19,540 --> 00:15:22,360 you know, the potential of an incident, and then you can, you 249 00:15:22,360 --> 00:15:25,870 know, it becomes a snowball effect to the business. And I 250 00:15:25,870 --> 00:15:29,050 think that was really what sort of, at least opened people's 251 00:15:29,050 --> 00:15:32,080 eyes to, oh, there's, there's sort of this cascading effect 252 00:15:32,080 --> 00:15:35,770 when there is an incident that sort of, I think, started to 253 00:15:35,770 --> 00:15:38,680 change people's minds. And then I think blog for J was another 254 00:15:38,680 --> 00:15:42,010 big one, partially because it got so much media attention, but 255 00:15:42,010 --> 00:15:47,140 also because it opened people's eyes to open source software, 256 00:15:47,440 --> 00:15:52,060 how do how are we actually developing? And how can we 257 00:15:52,060 --> 00:15:55,720 support developers, while still making sure that we understand 258 00:15:55,720 --> 00:15:58,750 the risk. So I think it was sort of an eye opener for both 259 00:15:58,870 --> 00:16:02,710 developers and for security professionals to say, oh, we 260 00:16:02,710 --> 00:16:05,260 need to really understand how this is going to work, and how 261 00:16:05,260 --> 00:16:08,800 we can support open source software, but by you know, 262 00:16:08,830 --> 00:16:12,310 understanding what that means to our risk. So I think, as far as 263 00:16:12,310 --> 00:16:15,190 what those things sort of started to change people's 264 00:16:15,190 --> 00:16:20,260 minds, I do think a lot more leadership boards, they're much 265 00:16:20,260 --> 00:16:23,350 more interested in in having sort of cybersecurity expertise, 266 00:16:23,350 --> 00:16:27,940 at least available as consultants or advisors. So I 267 00:16:27,940 --> 00:16:31,030 would say there's definitely a shift in the industry as far as 268 00:16:31,030 --> 00:16:34,030 leadership goes. And I think they see the benefit of 269 00:16:34,720 --> 00:16:38,260 cybersecurity, not just being, you know, a security assessment, 270 00:16:38,260 --> 00:16:42,310 or an audit or an inhibitor, but more of a, hey, if we work 271 00:16:42,310 --> 00:16:46,000 together with the cyber team, with our developers, with our T 272 00:16:46,000 --> 00:16:50,440 with our leadership, we can help provide strategic, you know, we 273 00:16:50,440 --> 00:16:53,560 can help with those five year plans, we can help make sure 274 00:16:53,560 --> 00:16:56,950 that five years out 10 years out that the business is healthy, 275 00:16:56,980 --> 00:17:00,250 thriving and resilient, especially towards cyber 276 00:17:00,250 --> 00:17:03,700 attacks. Because if if an organization isn't resilient, 277 00:17:03,730 --> 00:17:06,070 let's say for example, ransomware, I think that's 278 00:17:06,070 --> 00:17:10,150 another really big one that's hit organizations and the amount 279 00:17:10,150 --> 00:17:14,170 of cost associated with ransomware. Plenty businesses 280 00:17:14,170 --> 00:17:16,780 have shut down because they've been hit by ransomware. And it 281 00:17:16,780 --> 00:17:20,350 was so costly that they couldn't recover. So I think I think 282 00:17:20,350 --> 00:17:23,290 those kinds of situations have really changed how people feel 283 00:17:23,290 --> 00:17:27,220 and now they're starting to seek out security advisors and not 284 00:17:27,220 --> 00:17:30,250 just from a, Hey, what is our secure configuration look like? 285 00:17:30,250 --> 00:17:33,880 Or how do we pass this audit? But hey, how do we, how do we 286 00:17:33,880 --> 00:17:37,000 plan our strategic it and development vision with a 287 00:17:37,000 --> 00:17:40,180 cybersecurity, you know, professional there to help us? 288 00:17:42,750 --> 00:17:46,112 Narrator: Do you want to advance your career and organization, we 289 00:17:46,174 --> 00:17:49,842 can help you do that DevOps Institute offers a wide range of 290 00:17:49,903 --> 00:17:53,328 educational experiences for you to begin your upskilling 291 00:17:53,389 --> 00:17:56,629 journey. Whether you're looking for a defined path to 292 00:17:56,691 --> 00:18:00,359 certification, exploring the latest in DevOps, or connecting 293 00:18:00,420 --> 00:18:04,395 with the large community, we can help you develop the specialized 294 00:18:04,456 --> 00:18:08,186 skills needed for the future of IT. And it won't just be good 295 00:18:08,247 --> 00:18:11,916 for your career. It will also make you indispensable at work 296 00:18:11,977 --> 00:18:14,728 with our lineup of industry recognized DevOps 297 00:18:14,789 --> 00:18:18,458 certifications, digital learning opportunities, and engaging 298 00:18:18,519 --> 00:18:22,310 events, you can connect with our network of experts and expand 299 00:18:22,371 --> 00:18:25,918 your potential today, visit DevOpsI nstitute.com and join 300 00:18:25,979 --> 00:18:27,080 our community now. 301 00:18:27,930 --> 00:18:30,616 Eveline Oehrlich: So as a summary, I would say it is fair 302 00:18:30,684 --> 00:18:34,886 to say that cybersecurity is a strategic line item for all of 303 00:18:34,955 --> 00:18:37,710 those particular executives and leaders. 304 00:18:38,490 --> 00:18:41,280 Dr. Nikki Robinson: I guess that is my hope I 305 00:18:43,470 --> 00:18:45,660 Eveline Oehrlich: Lets frame it as a hope I love that. Yes, 306 00:18:45,690 --> 00:18:50,160 Dr. Nikki Robinson: I hope so. Because I think there is there's 307 00:18:50,160 --> 00:18:53,430 so much positivity, it's one of the reasons why I wanted to get 308 00:18:53,430 --> 00:18:57,360 into cybersecurity, because it's it's not just cybersecurity, it 309 00:18:57,360 --> 00:19:01,410 really is it and a function of technology. And so I think if we 310 00:19:01,410 --> 00:19:05,040 can start to change that idea of, you know, I joke with 311 00:19:05,040 --> 00:19:07,320 people, you know, I'm a security architect, but I really joke, 312 00:19:07,320 --> 00:19:09,720 I'm really just an infrastructure architect. It's 313 00:19:09,870 --> 00:19:13,410 security is, you know, security by design. But really what I'm 314 00:19:13,410 --> 00:19:16,350 doing is helping to build environments that are secure. 315 00:19:16,650 --> 00:19:22,080 And, and that's still in it a component of it. So I think, I 316 00:19:22,080 --> 00:19:24,690 think it's starting to change. But yes, it's a lot of hope 317 00:19:24,690 --> 00:19:25,050 there. 318 00:19:25,440 --> 00:19:28,380 Eveline Oehrlich: Yep. You know, this is, this reminds me of 319 00:19:28,650 --> 00:19:31,680 philosophical discussion we have had when I was at Forrester, 320 00:19:32,010 --> 00:19:35,010 where we had a security and risk team and an infrastructure and 321 00:19:35,010 --> 00:19:38,310 operations team. And of course, you know, enterprise architects, 322 00:19:38,310 --> 00:19:42,390 application developers, CIOs. And I remember the folks from 323 00:19:42,390 --> 00:19:47,520 the security and risk team, not wanting to do at the time, this 324 00:19:47,520 --> 00:19:51,870 is 2018 When I left but at that time, they were doing their own 325 00:19:51,870 --> 00:19:54,810 research. Of course, we always wanted to collaborate because 326 00:19:54,810 --> 00:19:58,470 infrastructure and operations we have to have our heads out and 327 00:19:58,740 --> 00:20:04,680 get stuck sometimes was in, in the nasty fixing the mess. And 328 00:20:04,770 --> 00:20:09,480 we always had the conversation and and said, why do you why are 329 00:20:09,480 --> 00:20:12,870 you in a separate group? Why are we not bringing us together into 330 00:20:12,870 --> 00:20:17,040 a research? team so we can do things together? I don't think 331 00:20:17,040 --> 00:20:23,520 that has happened. But But I think having the risk, sometimes 332 00:20:23,550 --> 00:20:27,090 it takes, it just takes challenges which are so 333 00:20:27,090 --> 00:20:31,470 overwhelming that people are enough pain that people are 334 00:20:32,400 --> 00:20:35,820 changing. And I think one of the other factors and I'm curious 335 00:20:35,820 --> 00:20:40,110 what your thoughts or is there a metric which executives should 336 00:20:40,110 --> 00:20:43,350 have relative to that? I think it's some companies, a CEO 337 00:20:43,350 --> 00:20:48,150 already has the resilience and sustainability. We're seeing ESG 338 00:20:48,150 --> 00:20:52,050 as a topic come up quite a bit. But in your, in your mind, 339 00:20:52,050 --> 00:20:54,960 should there be metrics for all of those folks around this 340 00:20:54,960 --> 00:20:57,390 topic? Because it impacts like you said the business 341 00:20:57,390 --> 00:20:58,350 significantly? 342 00:20:59,340 --> 00:21:01,380 Dr. Nikki Robinson: Yes, absolutely. There's definitely 343 00:21:01,380 --> 00:21:05,220 been a big push in the last two, three, maybe four years for 344 00:21:05,220 --> 00:21:09,000 quantifying cyber risk, you know, really making it much 345 00:21:09,030 --> 00:21:12,450 easier, I think, to digest, because it's interesting, I 346 00:21:12,450 --> 00:21:14,880 think, when people talk about qualitative versus quantitative, 347 00:21:14,880 --> 00:21:19,260 but this idea that if we can help quantify some of that risk, 348 00:21:19,260 --> 00:21:23,610 make it easier to digest and help to, to help to show what 349 00:21:23,610 --> 00:21:26,910 we're talking about, tell that story a little bit better. And 350 00:21:27,330 --> 00:21:31,260 metrics, I think, when it comes to, you know, here's my, here's 351 00:21:31,260 --> 00:21:34,020 my bias here, because I love vulnerability management, but, 352 00:21:34,230 --> 00:21:37,110 you know, anything highly exploitable vulnerabilities, if 353 00:21:37,110 --> 00:21:39,570 I'm using threat intelligence, what do I need to be concerned? 354 00:21:39,570 --> 00:21:42,240 What are the top three concerns that I have? You know, so I 355 00:21:42,240 --> 00:21:46,500 think breaking it down into smaller chunks. And, you know, 356 00:21:46,500 --> 00:21:49,980 my, the bane of my existence are like 300 Page vulnerability 357 00:21:49,980 --> 00:21:53,070 reports. And I think that's, you know, one of those big 358 00:21:53,070 --> 00:21:55,740 challenges is don't send those 300 page, you know, 359 00:21:55,740 --> 00:21:58,530 vulnerability reports. Let's let's break this down into 360 00:21:58,680 --> 00:22:02,040 metrics that makes sense for leadership. That's, it's, it's 361 00:22:02,040 --> 00:22:06,810 absolutely imperative, I think, to not just the cybersecurity 362 00:22:06,810 --> 00:22:08,910 mission, but to the business mission, you know, to help break 363 00:22:08,910 --> 00:22:12,300 those things down and make it easier to digest. 364 00:22:12,870 --> 00:22:16,680 Eveline Oehrlich: Yep, absolutely. All right. Now, I 365 00:22:16,680 --> 00:22:20,400 came across a fantastic short piece by Stefan Napo, who is the 366 00:22:20,400 --> 00:22:24,720 VP cybersecurity director and global CFO, I group, SCB, that's 367 00:22:24,720 --> 00:22:29,040 a French company, that doing a lot of small appliances, and 368 00:22:29,040 --> 00:22:31,440 it's actually the world's largest manufacturer of 369 00:22:31,440 --> 00:22:36,060 cookware, and I'm a cook so I love their products, but not 370 00:22:36,180 --> 00:22:40,080 talking about the cookware but really talking about what Stefan 371 00:22:40,170 --> 00:22:44,250 said he talked about the swarm cybersecurity or swarm 372 00:22:44,250 --> 00:22:47,700 cybersecurity. And, of course, in DevOps and development, we 373 00:22:47,700 --> 00:22:52,080 talk about swarming. Have you heard this term? I'm sure you 374 00:22:52,080 --> 00:22:56,160 have any? If you haven't, and let's move on. But I am sure you 375 00:22:56,160 --> 00:22:59,850 have your thoughts on that. Tell me tell me what you think when 376 00:22:59,850 --> 00:23:02,970 that comes to your mind when I say swarm or cybersecurity. 377 00:23:03,390 --> 00:23:07,230 Dr. Nikki Robinson: Yeah, so for, for me, swarming. I also 378 00:23:07,230 --> 00:23:10,290 think about in a very it context, because, you know, 379 00:23:10,290 --> 00:23:14,100 typically you have this tiered model, and that's sort of an 380 00:23:14,100 --> 00:23:16,620 older model right of it. But if you let's say you have your 381 00:23:16,620 --> 00:23:18,720 helpdesk, and then your systems administrators, and then your 382 00:23:18,720 --> 00:23:22,530 senior sis admins or maybe engineering above that, but 383 00:23:22,530 --> 00:23:26,550 instead of having these sort of siloed, tears, you have this 384 00:23:26,580 --> 00:23:31,620 giving this power to, you know, in IT systems administrator that 385 00:23:31,620 --> 00:23:35,100 can sort of help to resolve these things without taking up 386 00:23:35,100 --> 00:23:37,590 the chain, because, you know, you don't learn anything that 387 00:23:37,590 --> 00:23:41,370 way. So it's this more collaborative effort of, hey, I 388 00:23:41,370 --> 00:23:44,220 think I know how to fix this, I'm going to do this. And then 389 00:23:44,280 --> 00:23:46,410 if they need help, they can always ask for help, and the 390 00:23:46,410 --> 00:23:49,890 team can work together, but it becomes more of this group 391 00:23:49,890 --> 00:23:52,560 effort, instead of you know, hey, I've got this thing, I'm 392 00:23:52,560 --> 00:23:54,750 gonna pass it to you, they'll pass the ticket to you, and then 393 00:23:54,750 --> 00:23:57,210 to you and then to you. So instead of this becoming this 394 00:23:57,240 --> 00:24:01,470 endless chain of, you know, what happened to my issue, you know, 395 00:24:01,470 --> 00:24:05,130 becomes this more of a collaborative and teamwork type 396 00:24:05,130 --> 00:24:09,840 effort. And so applying that to cybersecurity, I think about the 397 00:24:10,320 --> 00:24:15,180 cyber color wheel, if you're familiar with that, this idea of 398 00:24:15,210 --> 00:24:17,790 you know, you have red teams and blue teams, and then you start 399 00:24:17,790 --> 00:24:20,340 talking about threat intel, and you have yellow teams and orange 400 00:24:20,340 --> 00:24:24,720 teams and purple teams that are red and blue teams combined into 401 00:24:24,720 --> 00:24:28,560 purple teams. And so you're building this more of a 402 00:24:28,560 --> 00:24:31,320 collaborative effort, instead of saying, you know, I'm on the red 403 00:24:31,320 --> 00:24:33,930 team, and I have a pen test. And I'm going to lob it over to the 404 00:24:33,930 --> 00:24:35,910 blue team. And they're just going to have to figure it out 405 00:24:36,090 --> 00:24:38,640 and becomes a collaborative effort. And the blue team can go 406 00:24:38,640 --> 00:24:40,710 back to the red team and say, Hey, actually, we found these 407 00:24:40,710 --> 00:24:43,230 additional things. Can you verify that for us? Can you 408 00:24:43,230 --> 00:24:46,680 check to make sure that this is fixed? And so it becomes this 409 00:24:46,860 --> 00:24:50,910 more of an open type of team instead of you know, just the 410 00:24:50,910 --> 00:24:53,070 silos? Well, I'm on the red team, or I'm on the blue team. 411 00:24:53,100 --> 00:24:56,370 Yep. You know, it's much more collaborative. And so I think 412 00:24:56,370 --> 00:25:01,230 that's 100% the way forward there's a fantastic Stick. She's 413 00:25:01,230 --> 00:25:04,260 on LinkedIn. Her name is marrow Vernon, she talks a lot about 414 00:25:04,260 --> 00:25:08,010 purple teaming. And when I came across her and some of the 415 00:25:08,010 --> 00:25:10,800 things that she's written about purple teaming, that's really 416 00:25:10,800 --> 00:25:14,430 what started getting me thinking about swarming. Right. It's it's 417 00:25:14,430 --> 00:25:16,860 a similar notion, right of collaboration and bringing 418 00:25:16,860 --> 00:25:20,880 people together. But I think it's a big benefit to teams, 419 00:25:20,880 --> 00:25:24,480 because one, it empowers your employee or your cyber 420 00:25:24,480 --> 00:25:29,460 professional, or your developer. But it also improves their 421 00:25:29,460 --> 00:25:32,850 skills. It allows them to learn something new, it improves 422 00:25:32,850 --> 00:25:37,080 teamwork. And I think there's a big reduction in how long it 423 00:25:37,080 --> 00:25:40,560 takes to identify and resolve specifically, you know, in a Red 424 00:25:40,560 --> 00:25:45,990 Team Blue Team context, versus Hey, I have this 200 Page pen 425 00:25:46,020 --> 00:25:49,410 test report, here you go, go ahead and figure it out, you 426 00:25:49,410 --> 00:25:52,530 know, it becomes more of this, like, hey, we found this 427 00:25:52,530 --> 00:25:54,900 vulnerability across 100 systems, can you guys work on 428 00:25:54,900 --> 00:25:57,090 this, and we can see if we can get this fixed, and then we can 429 00:25:57,090 --> 00:26:00,900 come back and retest. So So for me, it's all about 430 00:26:00,900 --> 00:26:01,650 collaboration, 431 00:26:02,190 --> 00:26:06,210 Eveline Oehrlich: super, we, I that reminded me of something I 432 00:26:06,210 --> 00:26:08,550 did with again, a former colleague of mine, where we 433 00:26:08,550 --> 00:26:13,020 looked at MTTR. And we found that not necessarily to 434 00:26:13,020 --> 00:26:16,800 security, but we found that the largest amount of time, I think 435 00:26:16,800 --> 00:26:23,160 it was 70% of time was found in the meantime to detect. And and 436 00:26:23,160 --> 00:26:26,850 that was because everybody was looking down their own their own 437 00:26:26,850 --> 00:26:30,240 pipe, right and their own data. So I think that's an additional 438 00:26:30,450 --> 00:26:34,230 benefit, in terms of Meantime, detect at the pre at the 439 00:26:34,230 --> 00:26:38,850 predecessor of swarming, but as you said, MTTR overall, because 440 00:26:38,850 --> 00:26:42,240 we are bringing people together is an incredible impact has an 441 00:26:42,240 --> 00:26:45,510 incredible impact reducing that. And that, again, reduces 442 00:26:45,510 --> 00:26:50,280 business impact. So super. All right, let's shift a little bit, 443 00:26:50,700 --> 00:26:54,540 we have about five minutes or so I want to cover two topics, one 444 00:26:54,540 --> 00:26:57,690 the skill, and then I want to really get into your thinking on 445 00:26:57,690 --> 00:27:01,290 the women in it, or women in tech. So the first one, let's 446 00:27:01,290 --> 00:27:05,250 say I want to be successful in cybersecurity. And actually, I 447 00:27:05,250 --> 00:27:09,000 did lose an analyst in my former role to the security and risk 448 00:27:09,000 --> 00:27:12,210 team. And I was very sad loser, but she is a great analyst in 449 00:27:12,210 --> 00:27:15,510 this space. But if I wanted to go into cybersecurity, and maybe 450 00:27:15,510 --> 00:27:19,230 there's a focus on here who are wanting to switch, what do you 451 00:27:19,230 --> 00:27:23,250 think are the necessary skill, maybe one or two to be 452 00:27:23,250 --> 00:27:26,010 successful? Besides what we already talked about in terms 453 00:27:26,010 --> 00:27:30,210 of, Hey, you gotta be having empathy. And so EQ, but what 454 00:27:30,210 --> 00:27:32,400 else do you think are essential? 455 00:27:33,420 --> 00:27:35,940 Dr. Nikki Robinson: Yeah, I would say a lot of the skills 456 00:27:35,940 --> 00:27:38,940 that I brought with me from it to cybersecurity, and you don't 457 00:27:38,940 --> 00:27:42,780 have to have an IT background, to necessarily go into 458 00:27:42,780 --> 00:27:46,110 cybersecurity, but I can say for me, it helped a lot. Because I 459 00:27:46,110 --> 00:27:50,070 understand technology very well. Now, I would say troubleshooting 460 00:27:50,640 --> 00:27:53,100 is a really, really big skill. And that's, you know, 461 00:27:53,100 --> 00:27:55,980 troubleshooting, problem solving, being able to sort of 462 00:27:55,980 --> 00:28:00,000 understand enough that you can figure out what's going on, 463 00:28:00,000 --> 00:28:02,880 because that's, that's one of the big, big parts of 464 00:28:02,880 --> 00:28:05,970 cybersecurity is typically you're handed, you know, a piece 465 00:28:05,970 --> 00:28:08,520 of information, and you've got to go digging, and try to figure 466 00:28:08,520 --> 00:28:12,150 out what's going on. And so I think that problems, problem 467 00:28:12,150 --> 00:28:15,690 solving, troubleshooting, and natural curiosity, all three of 468 00:28:15,690 --> 00:28:19,050 those sort of go hand in hand together this sort of, okay, let 469 00:28:19,050 --> 00:28:22,260 me dig and try to figure out what this is. So I would say 470 00:28:22,260 --> 00:28:24,990 that's the first and I know I said, three skills really, and 471 00:28:24,990 --> 00:28:27,330 one that was sort of I was trying, it's kind of a cop out. 472 00:28:27,330 --> 00:28:30,990 But that's sort of that. That's sort of how I would describe 473 00:28:30,990 --> 00:28:35,280 that right problem solving as that big component there. I 474 00:28:35,280 --> 00:28:37,650 would say the other really important skill, you know, 475 00:28:37,650 --> 00:28:39,630 besides sort of that relationship building, and what 476 00:28:39,630 --> 00:28:47,970 we call soft skills, would really be how, how do what was I 477 00:28:47,970 --> 00:28:52,560 gonna say, how do how do we understand data. So data science 478 00:28:52,560 --> 00:28:55,980 is a really important component of cybersecurity. And I've met a 479 00:28:55,980 --> 00:28:59,250 lot of really great data scientists that have crossed 480 00:28:59,250 --> 00:29:03,240 into cybersecurity and they are a huge asset, because they're 481 00:29:03,240 --> 00:29:05,880 able to parse through all of this information that we've been 482 00:29:05,880 --> 00:29:09,270 collecting in security with our sims for years and years and 483 00:29:09,270 --> 00:29:12,120 years. And now we have data scientists to really help us. 484 00:29:12,570 --> 00:29:17,460 One make that pipeline of data, easier to digest, easier to 485 00:29:17,460 --> 00:29:22,200 bring in. But they also help us pull out the really important 486 00:29:22,200 --> 00:29:26,670 information. They're helping us to leverage AI, machine learning 487 00:29:26,670 --> 00:29:29,970 models and different techniques that we may not have had the 488 00:29:29,970 --> 00:29:33,720 skills I say we, I may not have had the skills in before in data 489 00:29:33,720 --> 00:29:35,790 science, but that's something in the last two years, I've learned 490 00:29:35,790 --> 00:29:38,880 how important it is to sort of have those data science 491 00:29:38,880 --> 00:29:42,030 principles in cybersecurity. So I would say you don't have to 492 00:29:42,030 --> 00:29:45,300 know Python or machine learning in any sort of depth. But having 493 00:29:45,300 --> 00:29:50,250 some of that understanding is really important. Can I give 494 00:29:50,250 --> 00:29:54,120 three skills? Can I give one more? Of course you can. Okay, 495 00:29:54,270 --> 00:29:56,700 one more I would say you know, since we're talking about 496 00:29:56,700 --> 00:30:00,360 DevOps, right is the ability to communicate and work really well 497 00:30:00,360 --> 00:30:03,000 with developers to be able to speak the language, if you have 498 00:30:03,000 --> 00:30:05,880 some programming background, it's super helpful. Again, you 499 00:30:05,880 --> 00:30:09,510 don't have to be a developer, but to be able to understand 500 00:30:09,510 --> 00:30:12,030 enough that you can talk to a developer, when they're saying, 501 00:30:12,030 --> 00:30:14,280 Hey, we have this requirement, we have to do this this way. 502 00:30:14,400 --> 00:30:18,060 Let's figure out a new solution. So I think that sort of being 503 00:30:18,060 --> 00:30:20,370 able to speak the language is really important. 504 00:30:21,119 --> 00:30:24,809 Eveline Oehrlich: Excellent. Fantastic. All right, our last 505 00:30:24,809 --> 00:30:28,319 question, and then I have a fun question for you. But this one 506 00:30:28,319 --> 00:30:31,829 is around women and technology, both of us have been in 507 00:30:31,829 --> 00:30:33,959 technology, I have my own challenges. But this is not 508 00:30:33,959 --> 00:30:37,919 about me. This is about you. What would you would love to 509 00:30:37,919 --> 00:30:41,249 hear? What was the biggest challenge for you you faced? And 510 00:30:41,309 --> 00:30:44,219 of course, how did you overcome it? If you're willing to share? 511 00:30:45,119 --> 00:30:47,699 Dr. Nikki Robinson: Absolutely, yeah, I would say the biggest 512 00:30:47,699 --> 00:30:51,719 challenge I had, it was funny getting into it. You know, 513 00:30:51,719 --> 00:30:53,969 starting on helpdesk, and sort of working my way up, I 514 00:30:53,969 --> 00:30:57,929 actually, I had some really great mentors along the way, and 515 00:30:57,929 --> 00:31:00,869 sort of, you know, working my way up in it. I think the 516 00:31:00,869 --> 00:31:04,319 biggest challenge I honestly had was when I wanted to break into 517 00:31:04,319 --> 00:31:09,929 cybersecurity, and I got so much pushback from my it friends on, 518 00:31:09,959 --> 00:31:12,479 you know, why would you want to go into Security, you're never 519 00:31:12,479 --> 00:31:14,999 going to be able to come back to it or, you know, you're just 520 00:31:14,999 --> 00:31:18,719 going to be in security. And it was such, it was such an 521 00:31:18,719 --> 00:31:22,679 interesting, I guess, sort of perspective that I had this sort 522 00:31:22,679 --> 00:31:25,469 of, you know, you're not going to succeed in security, and 523 00:31:25,469 --> 00:31:27,629 you're never going to be able to come back, you're you can never 524 00:31:27,629 --> 00:31:31,019 cross the lines again, you know, it was this, like making it sort 525 00:31:31,019 --> 00:31:34,949 of this like, well, you can't do both sort of a thing. That was a 526 00:31:34,949 --> 00:31:39,089 big challenge, because I had to essentially go back and say, 527 00:31:39,209 --> 00:31:42,329 Well, I can do this. And what I found was going on the 528 00:31:42,329 --> 00:31:46,679 cybersecurity side, I actually am far more technical than I was 529 00:31:46,679 --> 00:31:49,139 before I understand way more operating systems, I understand 530 00:31:49,139 --> 00:31:53,609 development way better than I used to. And so I guess sort of 531 00:31:53,609 --> 00:31:57,209 pushing through that barrier of a lot of people saying no, like, 532 00:31:57,209 --> 00:32:00,209 No, you can't do this, No, you aren't going to be good at this. 533 00:32:00,209 --> 00:32:04,109 No, you don't have the skill to do this. And really being given 534 00:32:04,109 --> 00:32:07,529 a chance to show that I do that that was sort of tough that it 535 00:32:07,529 --> 00:32:10,079 took me a couple of years to make that transition from it to 536 00:32:10,079 --> 00:32:14,729 cybersecurity. And, you know, I had one very great mentor of 537 00:32:14,729 --> 00:32:19,469 mine, Philip Culp, who gave me my first shot. And so, you know, 538 00:32:19,469 --> 00:32:23,009 and then I was able to sort of go from there. But so I would 539 00:32:23,009 --> 00:32:26,009 say that was the biggest challenge. But the biggest thing 540 00:32:26,009 --> 00:32:29,399 that helped me was finding a great mentor and someone who was 541 00:32:29,399 --> 00:32:32,009 willing to take a chance on me and for me to you know, show 542 00:32:32,009 --> 00:32:34,409 them my skill. But yeah, that was that was pretty tough. 543 00:32:35,040 --> 00:32:38,040 Eveline Oehrlich: Wow. Fantastic. Well, thanks to your 544 00:32:38,040 --> 00:32:41,670 mentor for supporting you, and thanks to you for sticking it 545 00:32:41,670 --> 00:32:45,360 through. That's quite impressive. So I have one more 546 00:32:45,360 --> 00:32:48,270 question. I know you are very busy, and you do a lot of 547 00:32:48,270 --> 00:32:51,240 things, but you must have some fun. What do you do for fun? 548 00:32:52,020 --> 00:32:53,670 Dr. Nikki Robinson: Oh, yeah, I'd love this question. Yeah, I 549 00:32:53,670 --> 00:32:58,470 actually, I I'm very big into fitness. Like I love all things, 550 00:32:58,500 --> 00:33:03,120 outdoor activities, hiking and biking and running. So I love 551 00:33:04,200 --> 00:33:07,380 I'm actually signed up for a couple triathlons. So I love 552 00:33:07,380 --> 00:33:10,350 running and biking and swimming. And, and that's what I do for 553 00:33:10,350 --> 00:33:10,770 fun. 554 00:33:11,220 --> 00:33:14,370 Eveline Oehrlich: Wow. Wow, this has been a great conversation. 555 00:33:14,400 --> 00:33:17,820 You and I could go on. I would love to stay connected. I think 556 00:33:17,820 --> 00:33:20,070 there are some things maybe we want to do together. 557 00:33:21,119 --> 00:33:22,079 Dr. Nikki Robinson: That would be great. 558 00:33:22,349 --> 00:33:25,318 Eveline Oehrlich: Thank you so much for being on our podcast. I 559 00:33:25,384 --> 00:33:29,607 really appreciate it. You are a wonderful, wonderful individual. 560 00:33:29,673 --> 00:33:33,633 So thanks again. We have been talking to Dr. Nikki Robinson, 561 00:33:33,699 --> 00:33:37,460 security architect, adjunct professor, volunteer and book 562 00:33:37,526 --> 00:33:41,288 author, and many many other things again, Dr. Robinson or 563 00:33:41,354 --> 00:33:45,181 Nikki, thank you so much for joining me today on Humans of 564 00:33:45,247 --> 00:33:49,008 DevOps Podcast. For those who are listening. Yes. And for 565 00:33:49,074 --> 00:33:53,298 those listening in make sure you check out the book Mind to Tech 566 00:33:53,364 --> 00:33:57,257 Gap Addressing the Conflicts Between IT and Security Teams. 567 00:33:57,323 --> 00:34:01,150 It is on my list order. I actually already pushed a button 568 00:34:01,216 --> 00:34:05,110 on my Amazon. So this is great. Humans of DevOps podcast is 569 00:34:05,176 --> 00:34:08,805 produced by DevOps Institute. Our audio production team 570 00:34:08,871 --> 00:34:13,029 includes my good friend Julia, Pap, and our hardworking Brendan 571 00:34:13,095 --> 00:34:17,120 Lay, thank you to both of those. I'm humans of DevOps podcast 572 00:34:17,186 --> 00:34:20,947 executive producer Eveline Oehrlich. If you would like to 573 00:34:21,013 --> 00:34:24,775 join us on a podcast, please contact us at this is a very 574 00:34:24,841 --> 00:34:28,734 long name, but I'll read it out Humans of DevOps Podcast at 575 00:34:28,800 --> 00:34:33,090 DevOpsInstitute.com. I'm Eveline Oehrlich, I'll talk to you soon. 576 00:34:35,399 --> 00:34:38,262 Narrator: Thanks for listening to this episode of the Humans of 577 00:34:38,316 --> 00:34:41,774 DevOps Podcast. Don't forget to join our global community to get 578 00:34:41,828 --> 00:34:44,907 access to even more great resources like this. Until next 579 00:34:44,961 --> 00:34:48,365 time, remember, you are part of something bigger than yourself. 580 00:34:48,419 --> 00:34:48,960 You belong