SPONSOR 0:02
We’re proud to announce CISO stories, a new podcast series in partnership with Cybersecurity Collaborative and Cyber Reason. CISO stories feature the candid perspectives and experiences of frontline senior security executives and dive deep into timely security topics. CISO stories is hosted by Todd Fitzgerald, VP of cybersecurity strategy at cybersecurity collaborative and Sam Curry Chief Product and security officer at Cyber Reason. Listen weekly as they speak with extraordinary CISOS by visiting securityweekly.com/CSP.
Jeff Man 0:35
Welcome back to security and compliance weekly. We’re talking to Danny Akacki. He is a security advocate at some little company called Splunk. We’re gonna get back to the conversation in just a moment. But first, we have a few more announcements. Security weekly is more than happy to announce that we will be at InfoSec World 2021 in person and that’ll be October 25-27th 2021. This year our annual partnership with InfoSec world is extra special. It’s we are both business units now under a company called the cyber risk Alliance. What does that mean for security work weekly listeners and InfoSec world attendees? Glad you asked. You will get to see and hear from many of the security weekly team at the event and you will save 20% off of the world pass you can take advantage of this discount by registering at securityweekly.com/isw2021.
And in general if you want to stay in the loop on anything security weekly, you should go to securityweekly.com/subscribe there you can subscribe on your favorite podcast catcher or on our YouTube channel. You can sign up for our mailing list join our discord, Discord server, and follow us on Twitch. Alright, let’s get back to talking to Mr. RandOh Danny Akacki, one of our listeners on the discord server who joined late because you know a lot of us have day jobs. No, no apologies necessary. Yeah, it was getting caught up asking what the topic was. And they asked if the idea of mentorship has come up in the conversation. So I want to put that as a question to you just to get the ball rolling in our second segment. You know, what do you see is the role of mentoring in terms of you know, spreading the word spreading the message, and teaching and communicating all things cybersecurity-related to the masses.
Danny Akacki 2:33
That is super, super important. I have seen mentorship been done well and I’ve seen it not been done well. It’s actually not as simple as I initially had envisioned it. So speaking of mentorship, I’m actually on a mentorship panel that got spun up at the virtual DEF CON last year with the village for the blue team village. I can’t even talk today. So the crew over there has started a cyber mentorship program. And I’ve seen a lot of different people spin up their own, I think it’s it’s incredibly, incredibly important. Because like I mentioned earlier, the reason that I do the stuff that I do and the streaming and the blogs or whatever is for posterity for later for people. But then there’s also that one on one connection because of how people give and receive information and how they learn it. Some people don’t learn it that well from watching the video or just reading a thing they need somebody there to explain those things to them, because we don’t all learn everything the same way. So I love doing that stuff. One of my favorite things that I’ve done is like I’ve talked to a couple grades of like high schoolers and middle schoolers, right? That’s a form of mentorship right there. Or just having that one on one experience. And helping guide somebody who’s newly coming into this industry. I just again, sounding very, very old. I want to give them but I’ve never had you know, I had a lot of people look up to, I had a lot of people learn from but I never really had like a set person that I know I could go to and check in at regular intervals and think, am I doing the right things? Am I like why didn’t this work? or What am I doing? Maybe not wrong, but what can I change right and giving getting life experience back from them. And I think we’re getting better at that. I think we have a long, long way to go. But there are some people doing it, doing it very well. But it’s at such a scale. Now it’s actually it’s in such need, that it’s not even being close to being filled. And it’s not easy because some people say they want it and then they don’t show up or they want a lot and that people one person can’t give it to them. So it is a very difficult but important thing and I’ve been involved in a few different groups and tries at it. I think it’s it’s one of the most important things that needs more love than I think we can even give it right now.
KJ Valentine 5:10
Yeah, totally. Because on top of your so I mentor a couple of women, things like that in InfoSec that are coming up. And you’re right, it is pretty difficult, but it’s needed. You know, and I think that one of my challenges too, with mentorship, especially if I’m going to really invest a lot of time into a person is are they? Are they still interested engaged in doing the work? Right. And so there’s, there’s a, there’s that kind of to contend with to it’s great for somebody to have interest. But you know, one of the things that I try to balance is, are they taking time away from me that somebody else would really benefit from, you know, and so how do you kind of, I’m assuming you’ve got a bunch of mentees as well. Kind of how do you I’m curious how you manage that because I’m kind of new to this mentorship game myself.
Danny Akacki 6:03
Sure. So, so. So it currently no, I had a couple people, I had a couple of people at once. And then one. There’s, I’ve had a lot of people that have started or said, Oh, this is cool. We got matched up, I’m really busy. Or i or i just want to know if I could get somebody, and then I never hear from them again. And right. And then I’m like, well, that’s fine. Like, I don’t take it personally, like, that’s fine. The thing was mentorship is it, it’s very much like trying to find, like a good therapist, right, like, so I love my like, I have a great therapist, and but I went through like seven before you find that match. And it’s because of the nature of it, it is a very personal thing. And sometimes personalities don’t clash or like it just like chemically just doesn’t work. Right. So that could be that can be very difficult. And then a lot of people are like dairy helpers, right? They want to find, they want to help as many as they can. And then they oversubscribe themselves. And then and so. So it’s it’s very, it’s important. I think that the people over at the blue team village are doing it incredibly well. Because it needs a structure. It it needs a quarterback, right? Just like a sports analogy. It needs somebody to shepherd it. It needs a structure, it needs somebody to say you have one person you have two people, you should not have 10 people. You shouldn’t have any because like not everybody’s mentor. But yeah, so yeah, that structure is super important. It’s cool to do it on your own to like to take somebody kind of under your wing or whatever. But it takes it takes care and attention. Right. So yeah, I’ve never had more than two because I know personally like I just don’t, I don’t have you know, that mental space and that that bandwidth so good for you guys. Like I have such respect cats, right? Like it’s not you know, it’s not easy. Like it’s a it can be a very draining thing, but it’s..
KJ Valentine 8:00
Definitely so I kind of see it for me, I kind of see it. I’m also in a recovery out very open about being in recovery program. I see it almost as sponsored sponsorship. Right, yeah, like to get through to get through certain hurdles and things like that you might need a sponsor. So the people that I’ve met that I mentor are people that like I’ve worked with, like that’s the first class of people is like people at for example. CloudFlare I worked at CloudFlare for a little bit there was a tech support guy that really wanted to get into security. And so that was one person that I was like, Alright, cool, like, mentor you, you know, and got him in got him into the department and stuff like that after about a year of kind of training him off hours. And then and mostly it’s funny because I kind of did that for selfish reasons as well. I really needed help. And sometimes the best people to pull from are those customer service tech support he kind of people that want that are just getting started in their career. But then like other people I pull that that that I’ve met and stuff like that it’s usually in person at a conference or something like that. I’ll get somebody’s number they seem really interesting. And then I’ll offer it kind of a thing. But yeah, yeah, no. So what is the blue team? You were saying the blue team village does like a village type of thing.
Danny Akacki 9:20
Yes. So they started last year during the virtual DEF CON. I was on one of their panels and then that’s when they announced their mentoring thing. I’m not sure where it is still going. They do have a Discord. So I’ll the links and stuff off top my head. I don’t know them. But I do know is an ongoing thing. It’s it takes a lot a lot of care and feeding. But I would suggest looking it up go find them on Twitter. And then yeah, find their discord a lot of amazing people there. So I haven’t had any active mentees over the past like, eight, nine months, because I’m losing my mind like the rest of us were like, everything went on pause, and I’m like, I’m just trying to keep my dogs alive.
Scott Lyons 10:14
It’s funny, that you say that because I’m sitting here listening to what you’re talking about and helping people in reaching out and Kat, we completely applaud your effort, keep it up, don’t stop, you’re doing great. But there’s another side of security and especially with the pandemic that we’ve been dealing with, where we’ve been cut off with friends, we’ve been cut off from family that we don’t often talk about, and that’s dealing with depression dealing with the anxiety of what’s going on dealing with the missing of the human element. And Danny, I know you do a ton of outreach. And I’m pretty sure that people can reach out to you and can reach out to me and reach out to Josh and Jeff and cat and flea and whoever else for help. But there are organizations out there that will help you through a lot of this and some of them. You know, the mental health hackers with Amanda Berlin are doing amazing, amazing things, you know, it’s not, it’s not just you in this fight. You know, if you’re listening or you’re watching this, please if you need help reach out because we give our time to people just to just to make them feel good. Because that is chicken noodle soup for our soul. Right, Dan?
Danny Akacki 11:27
It’s – listen here, here is the thing. This one of the things I love about the industry and like, hackers and everything is we are very flamboyant people we have we can put such a shiny veneer on things and have very boisterous personalities and, and branding and shows in Atlanta and doing like I read my contest at DEF CON. Like, we’re very good at being showman like myself and lento and hacker Jeopardy and all these types of things. But here’s the thing. I am still the kid, kid, you know, mid 20s or whatever, on the train going to Philly. Like standing hardcore, Paul.com, right. I am still that person. And we are all like, still, we’re still human. We’re still those people. We still all have these things. Yeah. And yeah. Casper, like you said, I, about three or four years ago, I did a whole mental health kick. And then Amanda did something way better and like and mental health hackers is now a fully like 4013 C or whatever it is five. Yeah, yeah. Yeah, if I right, yeah, whatever it is. And, and so it, but yeah, we’re all we’re all like this, we’re all human. And some people, you know, they don’t want to talk about it. And that’s fine. I don’t have like the mental, you know, space for it. And that’s fine, too. But I’ve always been like, when I went through my own stuff, I said, if I’m going to do this, I’m going to do it for people who can’t or who can’t talk about it for any number of reasons, right? There’s one of my favorite talks, and I never push anybody to go see any talk or watch any talk that I’ve ever done. I’m not that person. But there is one on this particular topic that I did circle city comp con called the never-ending hack mental health in infosec. And that’s the one that if I push anything, that’s the one I would love people to go watch. Because I it’s not only my story, it’s it’s a lot of our stories. So yes, we all have it, we all deal with it. There’s no shame in it. And and and I think the overarching thing is always be aware that you’re not seeing everything. You might see my highlights, you might see like my cool stuff that I do on Twitter or whatever things I’m proud of. But you don’t see the blooper reels a lot of times with me too. But you don’t tell you like the, like the ultra fails. I’ve never shown a picture of me crying in the shower. It’s happened. Mostly just Twitter won’t let me. Um, but it’s there. And it’s happened. It’s gotten very ugly. But I got on the other side. So yes,
Scott Lyons 14:02
This all goes hand in hand. When when you find yourself in your darkest moment, you feel like the world is caving in on you reach out to somebody and say something, you know, we’re in this together. Everybody has their own tornado of friends that they can talk to about this stuff. And don’t be shy. address it. It’s the only way we can heal.
Jeff Man 14:23
I echo that, but I think there’s more to it. Yeah, say that well, I’ll say and then see if you say the same thing, cat or you can go on what I’m saying. But, you know, I too have had many people approached me over the last couple of years asking to be mentored. And I’m kind of like, sure. I don’t know what that means. I don’t know. I don’t know what’s involved in it. I don’t know if there’s a you know, a manual somewhere on how to be a mentor. But in terms of sort of living life, since I’ve been living life a little bit longer than most of you I would say that there’s, you know, there’s a, at any given moment, at any point in time, I’ll speak for myself, I’m always a student, I’m always learning. And you know, so there’s people ahead of me that I look up to that I’m aspiring to be more like them or learn from them. But there’s also people behind me that are looking at me and paying attention to what I do. So in that sense, I’m whether I’m formally mentoring people or not, people are watching and people are paying attention. So I think in that respect, it’s important for us to be deliberate, doesn’t mean you have to be a certain way and act a certain way. I would say the biggest thing is to be consistent with who you are, whatever it is, you’re doing. But what you were just saying, Scott, in terms of the reaching out, yes, that’s important. But I think we too. It’s easy to say, well, they didn’t seek help. But there’s a certain amount if we’re honest with ourselves, dammit, why didn’t I see it? So
Scott Lyons 16:08
Well, unfortunately, hindsight, I’m sorry, Jeff, I have to say, unfortunately, hindsight is always going to be 2020. So when you’re in the moment, you have to be able to recognize that taking back a step and saying, I’m under a lot of pressure right now, and I could really use someone to vent to, or to, you know, I these, these thoughts that I’m having have of self worth and self skill are not healthy? How can I find somebody that can help me heal? What’s going on internally? And then once I know I’ve healed, how can I pay it back to somebody else that may be in the same position? You know, that’s, that’s where I’m headed with all of this, and Danny’s, Danny’s Twitch, Danny himself, and everybody over at Splunk, the evangelists, all of the upper echelon of the hacker community, we’re more than willing to sit down and listen to somebody and try and help heal. And that’s the most important piece about all of this is healing. You know, we’re going to get back into the swing of conferences. I mean, we’re hearing rumblings of what Q3 the the conference industry is just going to explode. You know, we’re starting to see security conferences come back online, but it’s managing the damage that that really needs to be paid attention to. And I really, in my own humble opinion, not representing any of you, I don’t think we do enough of it in the industry as either being able to point the way in the dark for somebody new, or being able to say to somebody, hey, I noticed that you’re not having an easy time right now. How in the hell can I get through to you? And how can I help? You know, we have a lot of people in this industry that say, Well, how can you help me? but not enough? Well, we’ll just say, How can I help you?
Jeff Man 17:52
I think we’re saying the we’re trying to get to the same point, Scott in that. And this is going back to what Danny was talking about, or what we were talking about in the first segment of doing crazy stuff, and being crazy and putting yourself out there. I think that’s part of, you know, putting people at ease so that they can come forward. But I told my children when they were a younger age, you know, one night over the, you know, over dinner, I was being reflective and I said something to the effect of, you know, you can go really far in life, if you just pay attention, if you want to get a you know, not that I’m not that my children are trying to get ahead of everybody else. But that’s sort of a capitalist idea. But if you want to excel and be the best you can be in life, pay attention. I don’t always do it well, myself. But over the years, when I go into a new circumstance into it, you know, if I’m going to a conference, if I’m hanging out in lobby con, I very often like to stay on the fringe, that’s my personal comfort zone is to just be on the outside looking in and just observing. Being more of a publicly known person these days lately, or lately have old, it’s been harder to do that, because people recognize me and you know, they want to engage me, which is fine. But, you know, I spent a lot of years just sort of, you know, standing on the outside looking in and just observing and it’s not hard to pick up on the, again, the nonverbal cues of people that are hurting people or that are just like me, they’re not feeling part of the group and they’re kind of on the fringe. I think I’ll go hang out with them because we can, you can feel like outsiders together. But it starts with just being intentional and paying attention and being aware. And I think to echo what you’re trying to say Scott is don’t put it on yourselves that you have to find everybody and see everybody but you know What a world it would be if the next hacker conference that we all get to show up at, we’re all paying attention to one another and, and forgetting our status and stature and where we are in line, or the pecking order or the perceived, fandom or whatever you want to call it. And we’re just, hey, how you been? You know, what’s what’s life been like for you the last the last month, years, you know, and don’t say I can help you. I mean, the biggest help, I think we can give to people. And maybe this is what mentoring is, is just being an ear to listen to a shoulder to cry on. Or someone to say, you know, to celebrate with and celebrate the good things that are happening,
Scott Lyons 20:40
Right, and also making it known because like, Kat is doing an amazing, amazing job with what she’s dealing with. And she’s helped so many people Kat, I’ve heard, I’ve heard you talk about horror stories and war stories of data. And I’m using that as a euphemism here, of people that you’ve talked with, and you’ve helped, and you’ve helped them heal, and they’ve been better for it. and that in turn has helped to heal you. Right?
KJ Valentine 21:05
Yeah, yeah, definitely. You know, so with me, some of the things from the more mental health discussion here. It is very, so I put myself out there, privately, but out there, as somebody that does openly have bipolar two is openly in a recovery program, that sort of stuff. And I’ll get 20 maybe public, maybe private kind of comments about if I’m talking about something real like that, right? Maybe one of those comments might be Haha, you’re crazy bitch. But the other 19 are usually people that are like, I feel exactly that way. And have not seen anybody admit to something like that. And then we’ll get to talking, you know what I mean? And so, I guess with my style of I guess, mentorship is some of these folks want to get to a recovery program. So I help them with that. And some of these folks don’t know that they maybe they have now a mental illness, and they don’t know the ins and outs of it. Like, these days, you can get a DNA test to see what kind of, you know, med you’re supposed to be on mentally. That’s great, that’s gonna you know, that’s, that’s a lot better than 10-15 years ago, where you’re playing pill roulette to solve a mental illness problem. And, you know, that’s an issue. And some people don’t know that. So I like getting that opportunity to tell them that kind of stuff. But then there’s also some people that there that are like, yeah, I’m affected by these things, I get to know them a little bit better. And they could use some help in their career, which would definitely help with maybe depression and anxiety and that sort of thing, too. You know?
Scott Lyons 22:52
You know, I hear what you’re saying. And I’m sitting here thinking to myself, you know, how can we make a serious impact, and I will pledge right now, hear it for the rest of time. 100% approachable, if you need help, just ask. You know, and that’s, that’s for me to everybody who’s listening and all the future listeners if you need help you see me to conference. You know, look for the guy with the dreadlocks. I’ll definitely give you a hand.
Jeff Man 23:19
Even though he looks like he could bunch you up into a ball and stuffy in a locker. He’s really pretty approachable.
Scott Lyons 23:30
Yeah, you know, it’s interesting, um, everybody, when you’re dealing with mental health, you’re, in your own head. Am I worth it? Is this something that I want to do? Do I want to keep going with this thing? Or do I just want to say, you know, fuck it and cut bait, you know, but how? How we help people is really what drives the passion, right, Danny?
Danny Akacki 23:57
Yeah, I mean, not for everybody. But I know for me, again, it’s always that one ephemeral person no matter what I do is as long as it helps, you know, that one person and I hope to one day be the elder statesman that I see in Jeff Man just doing his circles around the conference and being like that sage, like he’s like every like NPC wizard in every game, you’ve played that, you know, he’s just gonna go up and talk to you and you got to go find something out or just kind of
Scott Lyons 24:24
Did you just call him a non-playable character?
Danny Akacki 24:27
I would never try to play Jeff Man, would you?
Scott Lyons 24:30
I mean, you know,
Josh Marpet 24:31
If anybody can play Jeff Man, its Jeff Man.
Jeff Man 24:34
It’s time for edition of Stump the Grump!
Josh Marpet 24:39
Seriously, challenge coin or 3d figure for you, Jeff, because this is ridiculous.
Scott Lyons 24:44
But I would like to challenge all of you here on this show right now to also make that pledge and say yes, openly. You are approachable and that people can say hello, and that if they need help, just ask. I would like to I’d like to challenge all of you to openly pledge that.
Josh Marpet 25:00
My nickname is the InfoSec therapist. Everybody knows they can call me. I’ve been called by dozens of people over the years and I’ve helped many, many, many, many people. Kat has mentored scads of people. Danny, I know you have as well, Jeff, I apologize. I don’t know your mentorship history as well as I do the others.
Jeff Man 25:17
I thought you were gonna say my mental history.
Josh Marpet 25:19
That’s a different question. Jeff. Yeah. Anybody needs help let us know, please.
Scott Lyons 25:28
It’s the NPC part of Jeff.
KJ Valentine 25:33
Of course, I pledge this. Of course, like, if you’re at a conference, you see me, I’m the girl with the purple hair, just come up and talk to me about whatever. Of course.
Danny Akacki 25:42
Katt not for nothing…. the girl with purple hair in our community?
KJ Valentine 25:46
Yeah, right?
Josh Marpet 25:49
There’s not just one of them. Let’s be clear.
Danny Akacki 25:51
There’s gonna be 35 people finding you later, they’d be like, why is everybody think I’m you?
Jeff Man 25:56
Aim for the heavyset guy wearing black and has a beard.
Scott Lyons 26:01
And he’s usually out front smoking a cigar.
Jeff Man 26:05
That might help a little bit that. So we need to wrap these things up. I’ll give you the final thought Danny, but just as sort of serve it up for you. I find it fascinating that our discussion about security evangelism somehow morphed over to, you know, helping people out as human beings, which I think it’s something that within the hacker community is something that we think kind of sets us apart. But I because I was on the outside looking in for so long. I, I see it. But I also think we’re just a microcosm of the human race that we we have people from all walks and phases and stages of life. And sometimes we do really well at helping each other out. And sometimes we really suck at it. And somehow I see this in my security, evangelism, somehow I see security in the things that we do, and the idea of protecting privacy and rights and secrets and data, and, and securing things and putting things out there somehow it’s this magical metaphor for life. Which is, I find it fascinating. I enjoy meeting people and talking to people and, and hearing their experiences. And if I chuckled sometimes it’s because you think you’re unique. But you know, I know 500 people that are just like you and y’all, y’all don’t know how much you have in common. Let’s all get together and find out just how much of the same we are, which is mostly neurotic and insecure and depressed and, and things like that. But every once in a while the sun shines and, and there’s positives too. And but the positives, I think we find in finding out that we’re a lot more alike than we are different. And those are things to celebrate. But that’s my take on it. And I’m not trying to preempt you, Danny, but you know, give us a few final thoughts because we need to wrap up.
Danny Akacki 28:11
Yeah, no, absolutely. And I think that this conversation took an amazing turn. Because too often, yes, we can kind of go on poke fun at like the whole evangelism title. I happen to like it, I take it very seriously, because of these things. If you are not doing your evangelism job with the aim overall, whether it’s personal or business to help somebody, and you’re just shilling or you’re slinging Fudd, or you’re just like a voice box for a talking point, that you’re not doing your job. Like I think if you could take pride in that evangelism work, if you have the core belief that you want to go help somebody. And I think that is the overall tying thing. I think evangelism conversations can lead very naturally, like we just did into generally mentorship and helping people I think as long as you have that core goal, and you’re not just shilling things. I love the title evangelist. And I think that that’s what it should be about.
Jeff Man 29:09
All right, that’s gonna wrap us for today for Security and Compliance Weekly. Danny, thank you so much for joining us. long overdue and hopefully, we’ll have you back some time. And hopefully we’ll see each other in person sometime soon. So stay tuned. Next week, we’re going to have a special episode. Just to give a little bit of a tease. We’re gonna have one of the people from one of the main certification bodies. Come on talking about all the great things that you can do with certification. I have a few questions. Stay tuned.