It’s funny how you can sit right there and be part of a conversation and think you learned a lot from it. Then you go back and listen to that conversation and you realize how much more you missed the first time around. Such was the result of my conversation with Michael Santarcangelo during the first episode of The InfoSec Career Podcast. Michael shared a ton of great stuff here and I wanted to write up some of what I received from listening to him.
First off, throughout the episode, Michael emphasized the need to stay humble and not pound the drum of how awesome we are in security. There is so much to learn from each other and so much we can individually learn if we stay teachable, ask good questions, and listen to the answers. I loved his comment about how he assumes everyone in the room is smarter than him and he stays open to more information. I’ve had some embarrassing moments because I got too impressed with what I knew (or thought I knew) and didn’t listen to what was going on. I’ve also learned a lot when I kept quiet and asked questions. I know which experience I prefer. We’ve all got egos and we all need to keep them in check.
Take On Responsibility
Next, Michael mentioned that he said accepted just about every assignment that came his way. He didn’t duck out of it because he didn’t have all the answers at that point. He didn’t claim to have them either. What he did do was accept the responsibility, figured out what he needed to learn in this situation, and solved the problem. Saying that it is not your problem or job rarely helps you in your career. I can’t think of any examples where it would have helped me in mine. Instead, be willing to do the work, learn what needs to be done, and gain a reputation as a problem solver. This was how Michael got into the security field.
No, Executives Are Not Dumb
Another thing that stood out to me is that Michael took a stand against saying executives aren’t smart enough to get what we do in security. That they don’t care. The vast majority are smart enough and they do care about the risks to the organization. However, when we speak in technical terms and use security jargon they check out because we aren’t communicating well anymore. They need to make sure the business stays (or becomes) profitable because every employee expects their paycheck to keep coming and not bounce. That means taking advantage of opportunities, minding the finances, and not learning about buffer overflows or why we are doomed to experience a breach. We need to prepare to communicate with them in terms of what they need to know to manage risk in the operation of the business.
Michael mentioned a book that impacted him during the interview. That book is The Talent Code by Daniel Coyle. You can check it out on Amazon or the bookseller of your choice.
There’s a lot more in this interview than I can or want to recap here. I have learned a lot from Michael over the years and I hope you also did during this episode. Take a listen to it if you haven’t already. Thank you to Michael for coming on the show. If you want to follow Michael online, you find him using @catalyst on Twitter or on his site at https://securitycatalyst.com/.
Episode Summary Emails
If you’d like to receive these write-ups without coming needing to come to the site, you can sign up for my mailing list. A summary of each episode is sent out a few days after each episode goes live. It is a great way to stay on top of things and be notified of any significant news.