SSP 001: Archie Jackson - Bridging the Gap Between Security Teams and the Organization

001: How do we bridge the gap between security teams and the rest of the organization?

===

[00:00:00] Eddie: Mic drop moment in 3, 2, 1,

[00:00:03] Archie: everybody on this planet needs to be aware of our cybersecurity and its impact. Irrespective of the domain. It's not only a technological scope where only the technical people should be aware. It's it's it's for the teachers. It's for, I mean, everyone. Everyone who is using any digital device,

[00:00:22] Eddie: how you guys doing it's Eddie Thompson representing the simply secure podcast. I'm excited to have you guys join us today. We got an incredible guest for you guys to hear, but real quick, let's cut to the intro and we're gonna dive right back in and get rocking and rolling with a great conversation.

[00:00:36] Colleen: Welcome to simply secure podcast, where we talk with security leaders about how to bridge a gap between security teams and the rest of the organization. If you wanna learn about security tips, best practices and insightful perspectives from other security leaders, you're in the right place. Check the show notes, to learn more about our guest and view key takeaways from the show.

[00:00:57] Eddie: Awesome. Awesome. Awesome. All right guys, we got Archie in the room today. He's gonna be chatting through some of the different information, things that he's learned inside of this, this incredible industry that we all operate inside of this cybersecurity industry.

[00:01:10] But real quick, before we jump into too much stuff, Archie letting the people know who you are. Man, give him a little bit of your background, your by yo, what you're excited about.

[00:01:18] Archie: Thanks. Thanks Eddie. Um, really excited to be on this podcast. Thanks for inviting me. Um, I. I'm a geek in terms of cybersecurity.

[00:01:28] Um, as people may know, and I help organizations in the digital transformation journey from cybersecurity, from technology, uh, aspects, and that's all about it. More, more coming forward in the conversation.

[00:01:44] Eddie: Absolutely. And where you located, Archie?

[00:01:47] Archie: I'm looking it very way, way away. Um, right now it's um, in India.

[00:01:53] Eddie: Solid solid. Always like to bring it up because I love the fact that obviously technology has come such a long way, that two people in two completely different time zones can have a great conversation. And, uh, I know it's, it's late on your end, technically, it's still early on my end, but late on your end.

[00:02:09] So I do appreciate you taking the time to jump in here and actually have a conversation. Right. Um, but real quick, man, just wanna dive into it. I just, I always like to ask this to kind of start things off. What inspired you to get into this industry? What, in what, what inspired the cybersecurity space? Was it, was it something that you had a mindset from the very beginning, it was like, this is where I wanna do, or this is where I wanna go.

[00:02:31] Or was it something that you just kind of stumbled into and made the most out of it when you were there?

[00:02:38] Archie: well, um, We all know it's a HUCA world. So whatever you plan for today or tomorrow as a long term, it's all volatile, uncertain, complex, and ambiguous. So things may fall up. Things may change. So, uh, it has never been long term.

[00:02:54] I never plan to be in, uh, into cybersecurity, however, the entire course of journey of 22 years into technology industry infrastructure, and then toning into cybersecurity. So finally found and landed into a place where I, I found, um, places where, um, people can, or businesses could be disrupted. And, and, uh, there may be lot of impact, lot of challenges because of malwares and threats that are there outside in the environment.

[00:03:25] So why not solve of those problems and help businesses to flourish businesses to expand. Sail up. Well, um, yeah, that's, that's what interests me and also being into, as the technology is ramping up, technology is changing there's I mean, an exponential scope of learning, adding more value, being innovative, more creative and solving problems.

[00:03:51] Eddie: Absolutely. I love so first of all, I love that entire thought process because you, you really. You communicated what I feel as though a lot of people find themselves in right. Is the fact that unless you're, you know, maybe 15, 16 years old right now, right. When, when you're, when you're our age, you don't really stumble in and be like, oh yeah, I wanna be in cybersecurity.

[00:04:12] You just, it's just something that you kind of stumble into. But then at the same time, um, It's a passion, right? It's kinda like a passion project because you wanna make sure that people have what they need to make sure that information is, is really secure across organizations, right? yeah, absolutely.

[00:04:29] Archie: Absolutely. Overall to my way, I I've been into business. I've been into, uh, support. I've been into course service management. I've been into infrastructure applications and then landed into the core cybersecurity that takes care of everything.

[00:04:47] Eddie: Absolutely. I love it. So I'm just curious, and this is obviously, you know, not a scripted thing.

[00:04:52] Just curious, cuz you mentioned a couple of different roles that you've been inside of, uh, until you landed into this place of cybersecurity. Can you give, you know, if, if you were, had to go back, start all over again, everything else, or even given advice to somebody that is maybe 15, 60, and years old, they're about to go into, um, a college type of environment.

[00:05:11] Where would you recommend that they start. Is there, is there a, uh, not necessarily a formula, but is there like some recommendations on, Hey, you wanna basically dabble in a bunch of different things or would you recommend that they focus on say network security or, um, uh, some other type of specific security before they start really diving into cyber security as a whole

[00:05:33] Archie: great question.

[00:05:34] And, um, to, to achieve a specialization. It cannot be on a single track. You have to be, uh, multidisciplinary and, uh, expanded, expanded scope of learning. So the advice to the youngsters who are, who wanna start there, um, Korea, or want to land into cybersecurity, my advice would be, um, have the security mindset.

[00:06:01] Try focusing from the risk aspect, understand how cybersecurity impacts day to day life. And for example, if we, if we are, I mean, if we are into let's say cloud technology, infrastructure, applications, even somebody who has been into support, somebody who has focused onto customers centricity, or let's say customers, problem solving that is the fundamental core where.

[00:06:25] Everything triggers from. If we are able to understand and emphasize what customer needs, say it be basic solution to a problem. Eventually that mindset helps us develop. Are we forward into the career because eventually those learning paths would be constructing our career. And the best advice around this is, um, first of all, focus onto the security mindset and by security mindset is question everything as why that is happening.

[00:06:56] If we are able to question why, and instead of simply plunging into it, why I'm doing so why am I asked to do so? So if you have that mindset, That's what, uh, would cultivate into cybersecurity as scale.

[00:07:12] Eddie: That's awesome. I'm glad that you went into what security mindset is. Cuz that was definitely gonna be my next question because when you, as soon as you said it, when you first started that last, that last, uh, um, answer in itself, I was like, man security mindset.

[00:07:25] That's good. That's gold right there. So I appreciate you sharing that because it, it is true, right. Trying to questioning why. Right. I heard on a, um, another show that I was listening to was basically. Not allowing somebody to tell you that something in security cannot be done, but you figure out if it needs to be done.

[00:07:45] And if it's not done yet, you go figure out how to do it. But you say that's pretty much you summarize what security is.

[00:07:53] That's awesome. So real quick. I know we, I know we had a little bit of a conversation offline before we even got on and, and started chatting through right now live, but something that we talked about the very first time that we had a conversation was the, the idea between security and people.

[00:08:08] Right. Like this, this idea that, um, 50 per it's like kind of a 50, 50 split between people who think, uh, you should share everything that you know about security to like an open community so that everybody can learn. And then there's a 50, 50, you know, the other 50% is like, No, we don't wanna share anything.

[00:08:25] Cuz that means that our information is out there and we can't, you know, they kind of create this silo, this wall just communicate real quick. Where, where do you feel like you stand Archie and, um, a actually answer that first and then we'll, we'll kind of dovetail off of that.

[00:08:39] Archie: I I'm, I'm extremely on the latter side because I, I share everything.

[00:08:43] And the, the irrespective I want to carry, I, I, I try to carry and I try to maintain the security mindset still. Um, sharing would never be a security risk because it will help first. Uh, you, you, there should be an risk appetite. Of every individual when they're sharing. And from that particular aspect, I won't end up sharing my, my personal banking passwords and all those details.

[00:09:10] That's the, the basic things. However, I mean, in the simplest terms of getting into anybody that anybody's, uh, uh, personal information, or let's say banking or compromising any data, all you need is a phone number. I mean, if you have a phone number of anybody. You can get into anything. So that's, that's how we are open about it's the mindset.

[00:09:32] I mean, if the other side is thinking, if there's a thought process that if I refrain from sharing, if I keep it to myself, I'm secure. That's, that's a fair deal. That's a myth. However, If you're sharing it, if you're sharing it still, you are opening it up. Your data, your information is still somewhere, somewhere out there.

[00:09:50] If you're sharing it, it is helping somebody to develop their scope, their mindset into those particular directions.

[00:09:56] Eddie: I love it. I love it. It's I, I call it a differentiation between lack, mentality and abundance mentality. Right? Um, absolutely having that, that. Mindset that, oh, I have to be scarce with information because there's, there's not enough.

[00:10:10] If I share what I have, then I'm gonna lose what I have right. Compared the, the abundance mentality is if I share what I have, I'm gonna gain more benefit from that than not. Right. Um, so I, I love that. I love that you communicated that and that actually, you know, kind of dovetails you into this, this thought, this realm of security teams and their people.

[00:10:32] Right. Cause we talked about that too, a little bit offline. Um, and it's honestly, one of the biggest goals of this show is, is I hope that, that we start to bridge the gap between. Security teams and the rest of the organization, right. Instead of just looking at security team is like, oh, you're just like the parent that tells me I can't do something but to more so cultivate a relationship to say, Hey, I'm not your parent.

[00:10:54] I'm really just making sure that you're safe. I'm putting up boundaries to make sure that information and things are safe. Um, but it, from your perspective, Archie, what would you think. How, how do we accomplish that? Right? Like how do we, how do we break down the walls between security teams and all the, you know, the, the restrictions and things that are in place inside of organizations, and then just the overall convenience that an end user typically wants.

[00:11:20] Archie: Great question. And, um, I was, I would, I would, uh, specific, um, uh, refer it as, um, Performance productivity and efficiency versus convenience. There may be convenience as, as, as one of the major aspect. I, I may need convenience. I, I wanna just wanna get my password saved in Chrome and a one click login and that's all convenience.

[00:11:45] However, from productivity efficiency aspect, I as well when, uh, there may be tool sets that. That would scan up stuff and then impact the performance of the devices that people operate onto, uh, in that particular context. Yes, it's always, uh, and mostly not always, it's mostly the challenge between a kind of a cats and dot situation.

[00:12:09] And the best part that I enjoy is I'm playing both roles. So, uh, one side, I, I tell myself that yes, these things should be implemented. And on the other hot side, I make sure that these implementation would not, or should not impact the performance, the productivity, and at convenience in, in an logical term, uh, I would say security today means that you should be at an intersection of, uh, A highway where there are cross path, but you still need to be, uh, left untested by any of the vehicles.

[00:12:45] So that's how you need to be at the injection, but should be secure. So the convenience, the, the openness, everything is public. Everything should be public. Cloud people have reservation. Lot of, lot of decision makers have reservations moving onto cloud and cloud is something which is bound to happen. Uh, look at Starlink look at, uh, the, the, the, the, the, the combination between the partnership between Microsoft and Google.

[00:13:11] So in, in 2023, lot of stuff would happen where the entire way of connectivity would be transformed or disruptive from the cable to, to satellite. Apparently there would be internet streets, for example, the current situation of the, uh, Tuss between Russia and Ukraine, the, the, the connectivity is coming through set startling.

[00:13:34] So that's the future of connectivity. Nobody can stop. However, mm-hmm, how we need to make sure how those could be secure enough, irrespective of the connectivity spreading across. All of that, that's ease, that's comfort, but that's also needs a lot of more precaution and assurance around the security aspect.

[00:13:58] Eddie: Absolutely. I love it. I love it. Cuz the one that's I love that you brought that connection up because there's a lot of conversations that I've had and as you know, I'm still learning, right? I'm still, I'm still not the, uh, I wouldn't say an expert right in this, in this industry, but something that I've learned along the way.

[00:14:13] Thank you. it's purpose of these conversations, man. It's hopefully good it on your level. Uh but I would say something that I've learned along the way is that there's a lot of, um, Um, Hesitancy between some companies, you know, going from an on-prem type of environment to a cloud type of environment. Right.

[00:14:33] And I love that you already mentioned, you know, it's, it's it's happening, whether you like it or not. Right. It's kind of like the old thing of like, you know, people, when people first started to fish, they fish with fishing poles and then to be more productive and efficient, they started doing nets and every thing else.

[00:14:48] And you can be the guy that's complaining and hoping that they go back to fishing with fishing poles, or you can move forward and be becoming the fisherman that goes out with nets. Right. It's a completely different, uh, well, very similar in the, in the aspect of that, but I'm glad you brought that up because, um, even some of the solutions that we offer in a company that I work for, um, we offer both, but I would say even in, in our, um, Statistics our numbers, 95% of our customers go with cloud compared to an on-prem type of environment.

[00:15:18] Right. And it's easier. Sometimes you also don't want like, uh, the responsibility per se, right? Of like, if you are on prem environment crashed or failed or something from that perspective, um, you can kind of not necessarily really point the flank point, the finger because you, there's a level of accountability to everything that you do, right.

[00:15:37] Taking that extreme ownership. Um, but. Typically, if somebody else is doing security better than you, or they have better security standards and you can host it in their cloud type of server, that cloud environment, then obviously you have a better, um, you have more security at the end of the day, if you can secure it there compared to on-prim.

[00:15:56] Archie: Absolutely. Absolutely. And, and let me, let's just, uh, take a moment to add onto what, uh, you just mentioned around cloud. So yes, it's, it's it's spot on. You're just, you're spot on about. Cloud versus on-prem and it's again, the mindset that if it is within my possession, that's secure. Yes. That's secure, but nobody knows there are interceptions.

[00:16:19] There could be inter interceptions in between, right. And, uh, friends, Scalise who have concerns, who, who are more concerned around security moving on to cloud. I ask them a very simple question. Mm-hmm a very simple question. That is, what do you think is more secure? A complex password or a lending password.

[00:16:39] Mm. So that's the question that I ask and that's good. 90%, 90%, they say it's a complex password because it's complex. It's hard to remember. And then I ask them, or in fact, I ask them questions with lead them to the answer. Mm-hmm those questions are my first question after that is, um, Okay. What is the language?

[00:17:05] Computer understands? They say binary. Okay, fine. But if it is a complex password, that's again, converted into binary. So if you're, if you're using Aleny password, the binary gets Len mm-hmm . So I guess it would take more time to crack Aleny password versus a complex password is the mental thought process.

[00:17:27] Mm-hmm , which makes me think since it is hard for me to remember, it would be hard for the computers and other, uh, devices, which are more into computation mm-hmm to, to crack them out. Right. Although there are subsequent topics around rainbow tables and different brute fours, which can't lead to other extent conversation, but that's the way I want to drive people so that they could understand, again, the core where it's not about what they have seen or heard.

[00:17:57] The logic needs to be applied.

[00:17:59] Eddie: Yes. I love it. I love it. It's that? It's the old, uh, thought process of, instead of teaching people, what to think you teach 'em how to think. Right. Changing at the thought at the thought level. And then now you get a more safer environment. Right? Which I'm glad you brought that at, because you also made a very interesting, um, comment when we were, again, offline having a conversation, you talked about, um, Educating and, and educating end users.

[00:18:27] Right. And educating people who are using the security software and things inside of organizations so that they are more aware of their part. And keeping information and security secure, right. Or information and data. Sorry, secure. Can you expand on that a little bit, um, and, and share why that's important, why it's important to educate end users compared to just saying, Hey, here's, here's some stuff or here's some limitations just adhere to it.

[00:18:54] Archie: Social engineering is the foundation of the talk process. We should build a part. If we are able to explain individuals, humans, we, the humans understand the, uh, not to be carried away with urgency, greed, fear, all of these aspects, which are, uh, more psychological. Which can be, these are all social engineering attempts where through which you you'll you'll, you'll get some notification through email or through a text message that no you're losing upon.

[00:19:29] You're, you'll lose upon the subscription, click on this, make sure that you click before the end of day. That's the sense of losing out the fear of losing out. And then, uh, we accidentally click upon those and these are the Phish attempts. So the most common attempt is phishing. We either get it through the, the text messages or through emails.

[00:19:51] Now, who are the people who are using those emails? Is we the users? We can't with the help of tools, applications, we can prevent some level of Phish attempts, but with the zero threats, with the, with the, with the threats being more, uh, advanced, which would be having, which may have no signatures or way to detect those fishings with there could be spear phishing as well.

[00:20:15] I may be. Trying to focus you and making sure all the next 10 emails I'll be sending across would be coming from all your relevant information that I've captured over the periods through social engineering attempts. And then I'll send Phish emails to you so that I capture the remaining information eventually with the help of fishing.

[00:20:39] It's the user, the humans who get impacted. And that is the reason why. The main core foundational fundamental importance is to. Make people aware what slightest of ignorance could lead to. It's not what can happen, but slightest of ignorance can lead to, it could be a reputational impact. It could be, uh, getting fired from the job or, or, or it could, it could lead to being bankrupt.

[00:21:09] So. All of such things. It could even lead to cyber bullying. A lot of stuff can happen. So there are various creative ways through which we can, we can, uh, educate. We can let people know, be aware about. The impact things, uh, they can themselves unknowingly ignorantly lead to, and some of the initiatives like, uh, especially during the holiday season, let's say Christmas new year.

[00:21:35] That's the, that's the, uh, uh, the best time for all the ware, uh, all the bad guys to send across malware's fishing email and that's the best time. And that's the time when we make sure. People are well informed, well aware they have the thought process. If they have kept it under the hood, that should come up, pop up with those mindset and be aware.

[00:21:57] So we create such kind of a simulations where they get, okay, I got an email getting, um, an Amazon voucher of, let's say a thousand bucks, let me click. And the moment they click, they'll get a message that. This could lead to a slightly thing, and this is how you can learn. So that way people learn more. I mean, with gamification people learn more and that's how that is so important and helpful, right?

[00:22:25] Eddie: It's like, it's, it's the idea of applied knowledge, right? And it goes back to what we already mentioned in this conversation as well. Right? The fact that if you. Show people how to think compared to what to think it helps, how you do that best is by giving them something to do, right? Like the activity, the action of doing something.

[00:22:44] So then that way it resonates or burns inside of their mind. a lot better than just an email that comes out and say, Hey, look out for Phish attacks. Right. exactly, exactly. Like one of the things I'm be honest that, you know, with our, um, basically our, our cyber, our cyber guru that we have internally here at Datalocker.

[00:23:05] I love that he takes the time and he's available. I think that's another aspect. And I, I wanna definitely hear your thoughts on this too, is he's available to all of us. He's not like the guy that sits in a room and nobody ever talks to him. Right. Unless they have a concern or whatever else I would say William is so available.

[00:23:24] If we do have questions or, um, if we, if we get an email that does look a little fishy or weird or whatever else, he's not, um, Uh, degrading right to people who like people in the organization who are not necessarily aware, right. They're ignorant to the fact of like, well, I don't know, this could be good.

[00:23:42] This could not be good, but like he he's open and honest and willing to take the time to communicate and say, Hey, here's the issue. Or here's why this is a bad thing. Not just saying like, No, don't click on that. Does that make sense? Like

[00:23:57] Archie: absolutely. And, and, um, the world needs such people because it's, it's easy for passing on instructions and, uh, eventually giving out no information, only the instructions, which.

[00:24:12] Which which actually, I mean, if, if let's say if you're leading a team or if you are developing a team, that's again, highly, highly important, because if you're only giving the instructions, not giving the intent of why and how is definitely helpful, how the intent of why is not explain well, you are, you are developing robots and then AI is going to come up and take up your job.

[00:24:39] Eddie: So better focus on developing. Intelligent human beings. I love it. I love it. And it goes, it keeps on coming back to developing people, right? Yeah. In today's world. Um, I think we've, we've learned now more than ever, that people is what's most important, right? People is the most important asset of any organization.

[00:25:00] It's the people. So at the end of the day, you have to invest in those people and to make sure that they are aware, they understand the threats that comes along with, um, Working , you know, working and, and having access to data that a lot of other people want.

[00:25:16] Archie: Yeah. I, I spent, uh, almost like, uh, four years in, in a series.

[00:25:22] Uh, when I, I mean, as a hobby, whenever I was able to spare some time yep. Giving out lectures in universities, colleges, and helping. And developing, I mean, creating the interest into cybersecurity so that people, uh, because eventually my focus, the, the reason why I did that is because if you focus. The, the, the students who are into college and then getting into a professional journey.

[00:25:49] Mm-hmm , if you focus onto that, they may be bankers. They may be doctors. Yep. And everywhere cybersecurity is important. Mm-hmm even from, let's say hospitality. It's it's important because the moment you're checking in, you're giving your. Details, um, to at the reception at the booking center. Yep. And how they, they maintain the data, how they scrutinize it.

[00:26:10] Mm-hmm , uh, lot of threats, lot of, uh, impacts have been, uh, great examples. So mm-hmm, everybody on this planet needs to be aware of our cybersecurity and its impact, irrespective of the domain. It's not only technological scope where only the technical people should be aware. It's it's it's for the teachers.

[00:26:29] It's for, I mean, everyone. Everyone who is using any digital device.

[00:26:34] Eddie: Absolutely. I love that. You mentioned that because this is one of the things that I love to do, right. I love to kinda share what other things that we are aware of that can educate people on that. Right? Because let's be honest, we don't live in a perfect world where everyone has access.

[00:26:50] To their CISO or to their security team to ask questions like this. So if you are a teacher or, you know, you're, you're a blue collar worker, right? Anybody in this world where are simple, um, places where. These people can go to learn about these things. Do you have any like podcast recommendations, maybe book recommendations, um, blog, account, whatever.

[00:27:11] Like, do you have any of those resources that people people can use to educate themselves?

[00:27:17] Archie: Absolutely. Absolutely. I, I usually share, uh, I. Um, when I'm conducting any session or at the colleges and, and, uh, around, I, I create a deck of presentation and also some reference points and some giveaways. And even I'm in, on my own expense, I, I take aways, take out some, some goodies so that I could increase a Q and a and all of those stuff that, so that was something that I've been enjoying doing and yes, uh, a central depository, lot of, uh, lot of sources.

[00:27:51] Eddie: That's good to know now what I, I do wanna, cuz I know we're, we're getting close to a, to a time here and I wanna be respectful of your time as well, but just curious, Archie. Now that you've been in cybersecurity for some time, right. This you're not a spring check and you've been here for a while, right.

[00:28:09] Archie: 15 years.

[00:28:10] Eddie: Um, 15, 15, very short years. Right? Just curious, man. Like you're how, how has like the, the industry changed over 10 years? Do you feel like there's been. An extensive amount of change. Do you feel like things are just constantly changing on a daily basis? Like it, it grows too fast for us to even, um, internalize or understand just overall thoughts on like the, the industry in itself and how it has expanded or what, what that market looks like over the last 15 years?

[00:28:43] Archie: Uh, great question. And, uh, I would say it's not the indu industry. It's it's the humans again who have. Become intelligent because if I go back, uh, when I, when we started in, in dos disc operating system or windows 3.1, there weren't even any antivirus. There wasn't any, any application or software that was there to prevent from any of the threats.

[00:29:14] We have been running, operating systems. We have been using, uh, even up till I, I remember even up till windows 95, um, Maybe some point in time in those 98 as well. Um, there weren't any, uh, any anti viruses people had an option to put in an antivirus just for the sake of it. So that, yeah, I I'm happy that things, uh, viruses are not coming and I would be able to prevent them, uh, prevent my system for that.

[00:29:45] And that's again, because of intelligence of the humans, because if humans have been more intelligent back then. The business of wires and antivirus would have started much more sooner. Right. and, and, and now the intelligence, the creativity is so, so great. I would say, and I love that. In fact, if you go on to do web, if you go onto any such.

[00:30:09] Uh, informative area for, just for threat hunting for, for information hunting, you'd find, I mean, on real time basis, it's just like, just like population Mallory is also being populated as the population is good. So, and, and you get all those details, like, okay. That doesn't have even a signature. There's no way it's it.

[00:30:32] It can be detected. So the graph has been exponential. It had been linear for a while, then curve and then now super, relatively exponential. And as the technology, again, people being very, very highly intellectual. Uh, from both sides now as satellite and AI and all of those are, are there. So it's just like the soldier and, uh, the other side.

[00:30:59] So, and, and it's always, uh, that, that kind of a combination. So as the technology is evolving, they would be, uh, a red team and a brew team and a good and bad stick. A so as technology is evolving, there are people who are there to bring that down. So. Which one or who remains the smarter side. That's the decision maker around let's say any, any breach may happen.

[00:31:25] So that's how breach happen. Whichever is the smarter side. So that's how I I've seen in, in the summary, I would say it's, it has been an exponential journey and it's technology. Humans have evolved over the. It's it's not stopping anytime sooner. It's it's going on to Mars.

[00:31:42] Eddie: Absolutely. I love it because that's, I mean, like you said, it's a lot of expansion, a lot of growth that's happened in the industry.

[00:31:48] And as like you said, as things continue to get better, the technology get better, then there's gonna be somebody trying to poke holes at it. Right. Always somebody trying to poke holes at it. And we would hope that the person that's poking holes is. The good people compared to the bad people. Right. So that when the good people figure it out, those holes can be patched, fixed, and improved on whatever else it may be.

[00:32:12] Right. Instead of exploited.

[00:32:14] Archie: Absolutely. Absolutely.

[00:32:15] Eddie: So real quick, I guess, with that being said, you know, the, the transition that's happened over the years, is there any, uh, I would say challenges that you would say for the next generation of security leaders that's coming on right now. Right. Is there any challenges that you feel as though, like, man, this is something that you need to be on the lookout for or something that you just need to have on your radar?

[00:32:39] Uh, because. It's either come a little bit to the forefront for your position that you're in right now, or it's something that, uh, maybe that you've been exposed to, but not necessarily, you know, a lot of others have just curious to know if, if you have. You know, suggestions for, for what the, this next generation should be aware of in the next 15 years.

[00:32:59] Archie: Definitely Eddie and, and it's, uh, it's coming from my experience and mm-hmm whatever limited experience I have over the period. Not only, uh, the 15 years into security, but beyond the technology and infrastructure experience that I had focused on the custom more side mm-hmm now, um, I'll go usually. And that's my approach.

[00:33:20] And that's what I usually spread share with people to, to, to actually resonate with that kind of mindset and thought process. Mm-hmm uh, is not to run after the technology or gaining skills in a specific domain as a specializing. Mm, build your capabilities. Grounds up, starts from the basics, even from, I mean, if you're not able to understand social engineering, if then cultivate over risk and then get into technology mm-hmm that would create, and, and it's actually by design right thought thought process by design.

[00:33:59] Technology by design security by design, and then moving it onwards that would create great, great security professionals. Mm-hmm versus those who take specialization, let's say I want to choose network security. And that's my career goal. I may be focusing onto network security as a whole, however, cloud may evolve and disrupt the network security into a complete different kind of network environment.

[00:34:26] My entire learning would. Go down. I mean, it would, I mean, it, it, it would not be at par with the current trends and I would have to link and resonate with other technology trends at, at, at that point in time. So instead of moving ahead, mm-hmm, swiftly fast, take short steps, learn by design and then evolve into a, a great professional.

[00:34:53] And best part to learn is to share as, as I, and you and me both. Agree onto these

[00:35:00] Eddie: definitely a hundred percent. I love it. Absolutely love it. well, perfect man. That's um, I think actually I'm be honest. I think you just got a wealth of knowledge, man. A wealth of information, and I love, I love your people first mentality when it comes to, um, Security right.

[00:35:19] When it comes to any position of leadership, it seems like from your perspective, it's, it's, it's a people first mentality. And, um, I think that's, that's very, very important, uh, for the people that you, you know, manage and oversee, but also the clients that you serve. Right. I think anybody can have a conversation with you and see that that's the case, um, and know that their, their best interest is at heart.

[00:35:41] Right. It's just not you trying to get something from 'em. So I appreciate the time that you took to really share. Uh, your insights, your experiences, but I do wanna give you an opportunity to add, you know, if there's any extra nugget, anything, extra that you wanted to just leave as like, Hey, here's my mic drop moment.

[00:35:58] Archie: I wanna make sure that somebody is aware of this. Um, I'm gonna open the floor to you to share any, any final closing thoughts. Thanks, Eddie. And, and, uh, really, uh, this has been a great post podcast and, uh, really enjoyed every bit of it. Every moment of it, because. The conversation, the thought process that we are sharing for the viewers, I hope something resonates even a bit of it resonates that I believe that would help because over my journey, over my entire new course of journey, uh, whatever I've learned is through, I mean, For having a mentor.

[00:36:34] I mean, that's something which is very important having a role model, if you don't have, there's a, I'm not sure if, uh, many people have read about it, but it's, it's about, even if you don't have a mentor, at least have a role model. Mm-hmm , it's not necessary. You can, you can definitely. You're blessed if you have a mentor, but if you, if you couldn't find somebody who can guide you, correct you at time mm-hmm and, and guide you and structure you in, in the right manner, uh, at least have a role model in whom you admire.

[00:37:02] Maybe not reachable mm-hmm . That is something which has. Made me, I mean, over the due course, my entire, uh, professional journey, my personal journey, I've been a better human being better person. Mm-hmm because fortunately I have been, uh, I have got great mentors, great mentors, and, uh, really admire. How they have structured me.

[00:37:26] I mean, the, the, the very, um, the, the time to time people tell you where you are lacking or the, the way you're getting the right advice onto your face, helping you out. That's what mentorship truly helps being, being a better human being better professional. So seek out for that.

[00:37:44] Eddie: I love it. I love it. There, you have it guys, our guy, Archie Jackson sharing all kinds of truth bombs right now, talking about security, talking about people, talking about bridging a gap between security teams and the people that they serve, uh, and also just overall hobby, a great human being right.

[00:38:02] Great leadership concept. Great thought process here. And I hope you guys all learned a little bit about it and if so, feel free to reach out to, to myself or Archie. Um, Archie, what's the best way for everybody to reach it, man. Is it through, through LinkedIn? Let 'em know, let 'em know the best way to get a contact with you.

[00:38:19] Archie: LinkedIn. LinkedIn is the fastest and easiest way to reach out to me.

[00:38:22] Perfect. Awesome. Thank you so much, guys. We appreciate the time, um, and look forward to seeing you on the next one.

[00:38:29] Colleen: Thank you for listening to the simply secure podcast. If you got value from the show, share your thoughts with us. Our social platforms are in the show notes.

[00:38:38] If you wanna see the video versions of the show, find us on YouTube. Lastly, thanks again for tuning in SSP tribe. Until next time stay secure.