How to begin your own cybersecurity consulting business | Cyber Work Podcast
infosec skills is releasing a new free challenge every month with three hands-on labs to put your cyber skills to the test it's november and with the colder weather and shorter days coming we're burrowing deep into insecure networks to practice with the tools and techniques used by expert penetration testers worldwide challenge one you'll get authentic hands-on experience using a variety of vulnerability scanning tools the same type of tools that pen testers use to expedite processes so they can focus on target specific tasks challenge two you'll leverage a client-side code injection attack to take over a victim's browser and for your top level challenge you'll enter our purple team cyber range to exploit local files and perform remote code execution complete all three challenges download your certificate of completion upload it to in linkedin and tag infosec for your chance to win a 100 amazon gift card an infosight hoodie and a one-year subscription to infosec skills so you can keep on learning just go to infosecinstitute.com challenge and kickstart your cyber security skills today today on cyberwork it is a podcast swap kyle mcnulty of the podcast secure ventures joins me to talk about interviewing the people behind the most up-and-coming cyber security startups we discussed the best advice he's received on the show how to get your own podcast off the ground and his own security startup consult place all that and more today on cyberwork welcome to this week's episode of the cyberwork with infosec podcast each week we talk with different industry thought leaders about cyber security trends the way those trends affect the work of infosec professionals and offer tips for breaking in or moving up the ladder in the cyber security industry kyle mcnulty is a cyber security jack of all trades he's worked in the in consulting for several years most recently leading the cloud security and devsecops practices for cdw and focalpoint uh he also has his own podcast secureventures where he interviews ceos and founders in the space additionally he's a founder himself building a cyber security consulting marketplace uh which is called consult place to solve problems he has faced first hand so it's always fun to have a fellow podcaster on the show and we've had a few uh and and kyle's interviewed a bunch of great guests on secure ventures so i'm looking forward to learning about uh what he's learned in doing the show and what he has planned for the future kyle welcome to cyberwork yeah thanks for having me i mean same goes for for me as well right i always enjoy talking to other podcasters hearing about some of their experiences and it's great to be on on the other side of the mic here absolutely yeah it is it makes makes a nice change so um uh the thing i always like to uh to ask at the start is is to just get a sense of your cyber security journey where did you when did you first get interested in computers and tech and and what got you first excited about cyber security what was the initial draw yeah computers was definitely very young i grew up in an age where everyone was playing video games from from a pretty early age and then one of my first experiences with cyber security which didn't even really occur to me as a cyber security kind of scenario until later but was hacking a video game that i played with my brother growing up and so i was able to find like some basic exploits online wasn't anything groundbreaking that i was doing per se but certainly just an interesting experience playing around and then later in college i discovered batman's kitchen which was a hacking student group at the university of washington and was basically just blown away by the complete lack of knowledge that i had about the space and was really interested to learn more and so that just kind of carried on from there can you talk about that group i mean it's were they did they act as sort of mentors to you was it sort of a friendly rivalry did they welcome you in yeah yeah it was definitely an an interesting i think culture within that group the first meeting that i went to there was a presentation from extrahop and i remember knowing not even 40 of what was discussed in that meeting and i kind of picked up after i went to more and more meetings that there were a lot of other people that kind of stumbled upon this group but then would just kind of move on um and so because it was so daunting i think there was kind of this understanding that okay only a select few are actually going to kind of continue on and be a part of this uh very kind of close-knit group and admittedly i never made it into that extremely close-knit group they were doing all sorts of capture the flag competitions okay but i did keep going and uh over time i think they realized like okay this guy this guy's actually here to stay like maybe he's not going to fully dive in and become like one of our key contributors in the competitions themselves but he's clearly interested in the space and wants to contribute um and so they were great about just kind of welcoming me in showing me the ropes on some of the the easier capture the flag problems and bearing with my very novice level questions but uh it was a good experience all in all and certainly my introduction to the more technical aspects of cyber security and kind of penetration testing in particular and i imagine also the sort of the community of it that you had all these people who are very excited about this one thing uh and even if the you know the the the newcomer is is is sort of they sort of sniff the perimeter a little bit like you're uh uh you know they they can you know they're they're all excited about this one thing and they want to make sure that you're you're bona fide before you uh you jump in as well and that's kind of cool yeah i mean it was definitely interesting seeing something that was still kind of an academic focus that a lot of people were excited enough about to spend like their friday and saturday nights doing these competitions um so i mean certainly was a was a very kind of eye-opening experience about just the industry as a whole and and how excited a lot of people really are about it okay so i like to start my research on my guests by looking through their linkedin profile and you get a good sense of their yeah it's a really good way to sort of get a sense of the the career arc and the journey so uh you graduated from university of washington with a bachelor of science in informatics and cyber security uh you had a few internships as you said that were uh you know just to have an internship or you know get through the holidays or whatever but uh one was a summer internship for a healthcare cybersecurity startup uh and you were the vp of communication for isaka's university of washington branch is that right uh before landing a job with kpmg so um you know this you know i i think we get a lot of comments in in youtube uh you know comments after episodes and and saying you know i've got this served i've got this certificate you know i've got this uh degree and i'm just not getting bites you know and i think there's this this sort of notion that like once i graduate like a limo is going to come up to my front door and risk me off to my dream job but can you talk about this period of learning and gaining experience and networking and how it influenced your current career path yeah sure i mean i think for me and being able to reflect on it being on the other side of it as well it's kind of easier to point to some of the things that maybe at the time i didn't even realize i was kind of doing right but then ended up paying dividends later on right and i think the the position at isaka definitely helped that was just a student group within the university of washington but being able to demonstrate the the leadership capabilities that then translated well towards consulting but even more so i think and this is kind of the broader theme being able to demonstrate that you have an interest in cyber security outside of classwork itself right there's a lot of people that have taken a cyber security class maybe that class leads to a certification and at the end of the day if that's just a part of a degree it doesn't say as much to someone who's looking to hire you that you're genuinely interested in the field and passionate about it like we already talked about right there's a lot of people that are really excited about this field and ultimately the people who are excited about it are the people who are going to put in the time to learn and grow within the field what i've learned so far in my experience is practically none of the knowledge from my undergraduate studies in cyber security actually translate very well to the real world a good example would be security operation centers for example had never heard of that in college and then sure enough all of a sudden i learned that companies are spending tens of millions of dollars on a security operations center every single year maybe a few million dollars just for the technology stack within their security operation center and so you do have to have that kind of desire to learn about new capabilities within security and i think different side projects for example or again getting involved with student groups maybe it's even a cyber security specific internship in my case again it was software development but for a cyber security company and you're able to kind of tell that story about your your interest in the space that really sets you out from the crowd yeah did you get a sense in in your early interviews like that that they were looking at these sort of extracurriculars and and and seeing that you had this this extra interest yeah definitely i mean i think uh another piece in particular was being able to talk about different security events that were going on around the time that i was interviewing i think there's a lot of folks that were just kind of interested again in the space and we're always hoping to to learn more even that we're interviewing and it's hard to stay on top of all the different cyber security news that's going on every day and so when you're able to talk about some event that your interviewer hasn't even heard of make it relevant to the position that you're actually applying for and ask an insightful question the interviewer is just going to immediately think oh wow that's really interesting something i hadn't considered before this person is clearly bringing some new perspective to the table and they're clearly spending time in the industry because they're able to go find all these different events that are occurring yeah no okay so let's let's talk about uh people bringing things to the uh industry so as i say at the start of the show we invited collins the show because uh i like talking to fellow cyber security podcasters uh so kyle hosts secure ventures in which he interviews to use his own words uh quote cutting edge founders in the cyber security space as that suggests the emphasis is greatly on startup creators and entrepreneurs and how they got to where they are and i see that you're also the co-founder of consult consultplace a startup aimed at building marketplace solutions to address long-standing issues and security consulting purchasing uh so how did first off how did you get involved in the co-creation of consult place and what is your interest in cyber startups in general yeah yeah there's a lot to unpack there to be sure i mean for consult place in particular just the kind of ongoing experience that i've had in cyber security consulting over the last several years has exposed a couple of kind of common challenges that have recurred within the purchasing process like you you mentioned in the in the little description there right in particular most people when they go to look to purchase cyber security consulting services they're going to look to their immediate network who do they know that used to work at x consultancy who on their team maybe used to work at why consultancy and they're going to send out an rfp to request for proposal to maybe three firms now when they get those back they'll go ahead and make a kind of triage decision based on what's been provided but at the end of the day reaching out to three firms probably isn't going to give you a full look into the market and what's really available to you it's certainly not going to give you a competitive advantage in terms of price and a lot of times firms have varying capabilities across different domains so for example a firm that really excels in application security might not have the best security operations team that's just the nature of the cyber security industry today is a lot of times people are very specialized and so you have different folks delivering these different projects and different focuses within a firm and so the whole idea behind console place was providing additional visibility into the entire cyber security consulting market and allowing these buyers to find the consultancies that are actually going to provide the most value for them on the seller's side it's also helping consultancies generate brand awareness when they're able to deliver valuable services to their clients they're able to get rewarded for that in the market that's getting increasingly congested okay so do you have uh so you have active sort of clients that sort of work with the space to sort of advertise their consultancy and then you have like kind of like a search capability or whatever that is that is that so more or less how it works yep you're on the right track you can think of it sort of as like a yelp for cyber security consulting at this point okay where it's very review driven and so when someone goes and works with the cyber security consultancy they can leave a review about the type of project that they had uh the value that they derived from their use their experience basically yep exactly you're not you're not doing like the direct the direct purchase through it then you're just getting a sense of the scenery exactly so making it a completely free service for all these different folks that are looking for that additional visibility and looking to inform some of those purchasing decisions okay um do you get feedback from people who have used the service do they it seems like it's really helping people out because you know i think you you really hit on a nice point there where i think there's so many things that people have to do in their in their day-to-day job in cyber security or otherwise where you're given the task of like get a consultant and you're like i don't know where to begin with that i don't even have a sense of what the landscape is like let me just reach out to linkedin people who have the right you know title in their name or whatever so uh have you heard from people who have said that this this sort of like opened up their uh their strategies yeah we've gotten a lot of really positive feedback from all the different folks that we've shown it to i mean admittedly the product's still pretty early on in its life cycle we launched fairly recently and so we're still really building out that catalog of reviews there that can be a little shout out to the audience here if you work with cyber security consultancies and want to help contribute to this kind of community based platform please do go leave a review i'm sure we can drop the the link in the in the show notes here absolutely but again a lot of the the folks that we've talked to are saying exactly what you just said we completely identify with this problem and we're supporting it as much as we can okay uh so tell us about secure ventures and and what listeners will hear when they tune in so what is an episode that would make an excellent intro to the podcast in general either because it's so entertaining or just encompasses the ethos of the show yeah i think the the bruce schneier one in particular he's probably the biggest guest that we've had on the show so far which was again i was a little surprised actually just when i when he responded saying that he was willing to hop on but i mean if you've listened to how i built this for example which probably a lot of the folks here have just because it's such a popular podcast how i built this focuses more on entrepreneurs who have kind of already made it so if you think about like drew houston of dropbox for example drew's not getting a lot out of going on a podcast and sharing his story right that's just more him doing a favor to guy whereas our goal is to interview founders that are still in the trenches so these founders are working on cyber security companies they're building from the ground up they're trying to grow their sales pipelines and i'm interviewing them to understand okay what are some of the the challenges that you've experienced so far what was that transition like taking the leap into entrepreneurship full-time what are some of the unique wins that you've had in the cyber security space and really what's next for you moving forward so just try to be able to tell that founders story as much as possible hear about their kind of career start in cyber security like you kind of started this podcast off with and then how that transitioned into their their endeavor today yeah do you have has your sort of approach to um you know getting getting their story changed at all just in the process of doing the podcast yeah good question uh that's definitely something that i've been continuing to work on over time and try to be kind of liberal with tweaks as i just see different opportunities and get feedback from guests one of the things in particular when i first started was i had a very kind of tight script i mean so you can even see just listening back to some of the earlier episodes compared to some of the later ones is it's very kind of like robotic just reading through question by question same same whereas yep exactly and that's kind of easier and more comfortable to get started with right so you have that kind of crutch to fall back on but then over time you kind of get the hang of it a little bit more and even just as you're going through sometimes i'll just say oh well that's interesting to me like that point that you just touched on and so that's probably interesting to the guests as well so let me just drill into that in a bit more detail and leave the conversations a lot more free flowing that way and generally what i've heard is that's more enjoyable to listen to so i'll keep going it that way keep going at it that way until i hear otherwise yeah and i think also you probably have noticed as well so you started in january is that right yep that's right okay so i mean for me anyway like i feel like i've i've learned so much more about the industry just by the sort of you know getting a little insight from every guest also allows you to sort of ask the right questions a little better like you said when you had that type script it's like you know i know i need to get these seven pieces of information out of them but as you start hearing the same answers come up again and again that that sort of brings up sort of new questions or new new angles to sort of uh to sort of nuance things out of people and stuff like that so um yeah that's that's that's a very satisfying part of the job is is hearing how sort of mechanical i found it on the first couple episodes and and was just like sort of gripping the script with both hands and like you know please don't ask me any follow-up questions i don't know what you're talking about you know um yeah anytime dns security comes on the show like my eyes just go to test patterns you know so yeah um but you know it gets better as you do more of it so so what is the most surprising insight that a guest has imparted on your show and also what's the best piece of advice a guest has given maybe something even that you've taken for yourself in your own career yeah in terms of maybe surprising insight i've heard a lot of kind of mixed reviews on how challenging the venture capital process has been for these companies which maybe isn't surprising if you're very kind of versed in the space but typically from an outsider's lens it always sounds like this kind of impossible task of raising money and especially at some of these valuations that these companies are bringing in but there's a lot of founders that were able to get through it fairly easily right and uh able to kind of make that that leap into entrepreneurship or immediately raise several million dollars and be off with just an idea and start building a product and so it's been kind of incredible for me to hear well you don't need to actually have a full product already built out you don't have to work without a salary for a year and a half to build a full product before this can actually be something feasible there's a lot of people that are kind of midway through their life they might have wife kids and they're able to still make this transition because of some of the different financing resources that are that are available out there in terms of the second half your question maybe the the most valuable insight i think there's so many different resources that i've learned from entrepreneurs on at this point and i mean secure ventures i think is is no exception to that right i mean even just for me as an interviewer again i hear these different stories the biggest theme that really rings true for me is just the resilience that's required in order to build a successful startup right so i mean again a lot of these founders are kind of still in the trenches still building but even just hearing the stories from the ones that are a bit further along it's like everyone's gone through some sort of difficult challenge there's always something that's unexpected and there's going to be a different way to solve each of those challenges for kind of every company every founder team but as long as you're able to just kind of say okay i understand that these challenges are going to come how am i going to push through this maybe it's a full product pivot even which sounds incredibly daunting but as long as you're willing to just find some sort of strategy to keep moving forward then you're gonna keep on moving and you're gonna succeed eventually yeah i was gonna ask about that i mean that sounds like uh sort of a transition my next question but were there any particular stories that you've heard where it seemed like especially like the cards were stacked against you know the startup but it somehow whether by an extreme pivot or just sort of you know last minute uh you know intervention or something that they they managed to still make it work yeah i mean i think uh i think if you think about the timeline of when i've been interviewing some of these founders there's probably no more concentrated time in history for unexpected surprises and just poor timing right like oh yeah i've been talking to founders again kind of early 2021 here and so they're telling me their stories of going through covid in 2020 what that really did to their businesses and and some of the different ways that they had to pivot now thankfully cyber security is certainly a less impacted industry than many others if you think about uh like hospitality or retail oh yeah or businesses like that but certainly a lot of challenges especially again going back to the the trying to raise money piece uh trying to go through pitches without actually getting to meet these different venture capitalists in person no longer being able to rely on those kind of local connections as much i mean in terms of examples in particular securestack for example completely pivoted their platform in the middle of covid in part just trying to find a new way to to get traction with customers get traction with investors another good example was invisit dean shapiro then went ahead and pivoted from a b2b offering to b2c at some point in there as well or i think it was vice versa it was originally b2c and then later transitioned to b2b had a full name change within that as well and just trying to capitalize on where they found their product was going to have the most fit have you had a sense of whether um just funding opportunities kind of got a little tighter in during covet where because you know i i know some people you know a lot of reports say that the you know the companies that invested hard when everyone else was you know storing against uh you know future calamities or whatever the ones that really uh cashed out do you have a sense of whether uh people were were making you know were taking wild chances on on startups or or were they keeping their cards a lot closer to their chest just because of the uncertainty of the future yeah i think i mean ultimately if you think about march april may last year it certainly slowed down for a couple of months there was just so much uncertainty in terms of what was really going on in the market how some of these different uh startups were going to be able to succeed and kind of push through but if you think about past those couple of months it picked back up very quickly and if you look at just kind of year over year investment if i remember correctly 2020 actually had more startup investment than like vc backed investment than 2019 did even so it's certainly picked back up there but again it's really challenging for a company if you're trying to raise money in a kind of short time frame and then three months are just kind of wiped off of the board and then there's kind of this backlog of companies that are trying to raise money you increase competition so even though more money is being shelled out part of that could also lend itself towards higher valuations as opposed to supporting more companies so there's a lot of different factors that are at play there as well okay um so since since the focus of this specific program or your this your podcast is the ups and downs of startups and their creators uh can you give our listener some advice for someone who wants to get involved in a startup i know we all know the process of a startup is fraught and exhausting and more so with but uh what what are some hidden challenges that you you didn't even plan for until they until they happened yeah i mean we already talked about the the resilience piece a little bit yeah another one to to kind of harp on that i think holds pretty true with a lot of these different uh organizations is around experiencing the problem yourself and the idea of having this kind of hidden competitive advantage it's something that peter thiel talks about a lot but having this kind of earned advantage where you've experienced some sort of problem which gives you a unique insight that allows you to better solve that challenge and come up with more creative and kind of spot-on solutions that actually address it so in the cyber security space as a result of that you often see folks that are a bit older than you might expect again kind of starting some of these different companies because they have that time in industry to experience a lot of those different challenges and then they decide to go out and solve them themselves and so that's again just kind of one area in particular if you're thinking about founding a startup what are some of the challenges that you've actually experienced so far and how do you how could you brainstorm different solutions to go ahead and address that and then how can you go forth and make sure that other people are experiencing this problem as well you're not the only one just due to unique instances in your environment and then just kind of build out from there yeah uh so um on a more meta level for listeners who might want to share their own insights in cyber security by creating a podcast you have any advice for podcast newcomers either technical aspects or the process of finding guests how's it been for you in this first year yeah honestly i would say do it it was way easier than i ever expected that it was going to be and i don't know yeah it sounds like you've had the same experience but anywhere yeah start anywhere start at any level of technical competency just just just start just start getting a a steady schedule yeah exactly and people know to look forward to you every every week or whatever they're going to start tuning in yep and i mean i know my biggest concern when i was first kind of brainstorming on secure ventures and what that might look like so i was like who is going to want to talk to me what founders are going to be willing to share their time with me to to go through these stories these are ceos executives how are they gonna have time to come talk to kyle mcnulty uh well sure enough i went ahead and built a list from crunchbase of just different cyber security startups in the space and started dming some founders on linkedin just kind of hoping for the best uh had a response after my first cold message on linkedin within six minutes from rh kobe saying that he was interested and he ended up becoming the first guest and that was just an immediate change in perspective for me i just discovered that okay i thought this was gonna take i mean weeks maybe even longer maybe this was going to totally fail before i even got started instead after six minutes i'd validated that i was onto something here and that people were willing to to come talk to me so like i mentioned earlier there were certainly improvements from a technology standpoint i think that those first couple episodes are recorded on airpods um and now i've got a a mic and a headset here you're still no mic like you're set up so there's still a there's still a ways to go but this is um better it's just what's happening next here so we'll just keep trying yeah yeah exactly um but yeah so just like being willing to to get started give it a shot and it kind of goes back to what we were talking about earlier right the same kind of resilience that comes with building a startup i mean if you just apply that and think okay how am i going to just go for it and give it a shot and then work through any challenges that came up i mean in terms of i know you mentioned the technology pieces as well there's so many platforms that make it easy to manage every other aspect of the podcast i personally use anchor for actually publishing the episodes and distributing it out to all the different platforms completely free to use i use aphonic to actually help with some of the post-production editing so the work that i have to do from an editing standpoint is fairly minimal which is good because i'm not a great audio editor by any means right right and so having some of these different tools that are available again completely free i don't monetize my podcast it's just sharing these stories uh makes it much more feasible to actually move forward with all this yeah that's that's something i want to add too is is i think if you're especially if you're a company that wants to start a podcast or whatever to have reasonable expectations of what's going to happen at the outset like do it to do it like there's you know if you're like looking to make money off of it within three months or six months or whatever like that's a that's a losing prospect like we started this just because we wanted to have a podcast of the space and also uh you know just something value-added to our classes and so forth and it took off faster than we expected but i think if we had like you know made ourselves these deadlines if it's if it's not great we're pulling you know after three months we're pulling the plug like it's it's not gonna work it just it just sort of happens over a long period of time and and a lot of grind i think yep exactly again as long as you kind of put the time in and have that that long time horizon i mean i know for me i was definitely hoping the listener count was going to explode a little bit faster yeah but as long as you see kind of that steady growth that's exciting and you get little lurches down again yeah yeah right yeah and again like you mentioned right you're not in it for the listener account you're not in it for the money if that happens at some point after that continuous growth great but that's just kind of a value ad i mean as long as again for me it's kind of sharing the stories of these different founders learning directly from them and learning more about what it looks like to be a founder in the cyber security space that's all interesting enough for me so how far out in advance do you have guests booked and do you have any dream guests that you're you're dying to get on the show that we can yeah shout out here um i mean in terms of booking out guests it definitely fluctuates over time i've had points earlier this year where the backlog has been like three and a half four months and i've had points where it drops down to one month so typically it'll be a significant period of time because i only do episodes every other week just to try to make sure that i'm able to balance all the other responsibilities going on with the the full-time consulting gig and then also all the consult place stuff but i mean in terms of dream guests honestly i was thinking about this one a little bit more and it would probably fall outside of security but i'm going to go with it anyway i think interviewing elon musk would probably be a super interesting conversation for me right that's probably pretty basic but um just picking his brain on maybe some topics that he doesn't normally talk about um like healthcare for example getting his thoughts on on what that might look like and maybe some of the technology driven solutions that he might have in mind for one of those spaces or finance again outside of his kind of major well i guess he's starting to talk about finance a little bit more with all the the dogecoin stuff at least manipulating markets but yeah do you have you sort of um changed your your your questioning policy in terms of of guests do you find that certain questions don't work and you sort of rotate them out or or you know like you know a surprising conversation in one interview will will sort of rotate into uh you know standard questions for future interviews yeah i think it's happened more kind of informally than formally but certainly over time i recognize that there's certain questions or kind of areas of discussion that might not be as interesting as i'd hoped when they're written up on paper i mean something to keep in mind right is a lot of times when folks are coming on to this podcast they're doing so from kind of a brandon and pr purpose right and so they can't be 100 honest with everything that they talk about and so it's kind of tempering okay how do we get at some of those interesting details without getting to the the components you're able to share a good example of that is i've had a lot of folks on the show who are ex-military especially like ex-israeli military and for me i always wanted to hear okay what are some of those like crazy cyber security stories that probably got you especially interested in the field in that kind of role but ultimately that's just a topic that these guests can't really talk about and so i dropped that one entirely yeah i was i was going to ask how how how hard are you willing to push have you had any like pushback from guests in terms of you're asking two personal questions or anything yeah i mean i haven't had anything from a too personal standpoint i mean too classified or whatever yeah yeah from a too classified standpoint i'll certainly just immediately back down right i'm not trying to have someone divulge information that they're not allowed to share that's not my goal on the show here i definitely want to make sure that my guests are comfortable and i haven't run into any scenarios where they're hiding something that seems like it should just be kind of where it seems like they should be very forthright um haven't run into any issues like that so yeah not every podcast has to be an expose yeah exactly uh so apart from potential startups and podcasts for that matter a lot of our listeners are just starting to think about careers in cyber security in general or they might be entry level positions like uh you know help desk and they're trying to take the next step up what tips do you have for newcomers who might feel intimidated about where uh where they're at or how to you know start their their job choices yeah yeah i mean i think it this touches back on a couple of those different pieces that we talked about earlier right but another couple components that tie into that is just understand that there's very much a need for cyber security professionals in the industry right now there's been negative unemployment in the space for several years and so companies are willing to bring in a lot of those junior level positions now look not every company is willing to take in someone who has no hands-on cyber security experience but there's more and more of these kind of rotational programs that are spinning up just other opportunities that say hey if you're interested in cyber security we'll give you the opportunity but this goes back to what i talked about earlier right is really demonstrating that you have that interest in cyber security and that uh that you're willing to put the time in and the effort right if you work in a help desk for example you have to be able to tell that story of kind of why you're interested in cyber security what you've done that relates to cyber security in some capacity maybe how you're spending some of your free time outside of work in order to accomplish that rather than just saying i work in the help desk i've dealt with some cyber security focused tickets and i want to do more cyber security that's not as compelling of a case there's a lot of people who are trying to do that same transition so you have to go that little bit extra in order to kind of stand out from the crowd yeah so as we wrap up today um can you sort of tease anything that's uh happening on the podcast that you're excited about that's coming up or is it or is it all a secret no it's definitely not all secret i mean i'm always excited about some of the different guests that i'm talking to one of the things that i've been a bit more kind of lenient with over the the past handful of months and this goes back to just kind of general changes over time is not interviewing strictly founders so bruce schneier is a good example of that while he's founded like his blog for example he hasn't founded a cyber security company i interviewed eric cole he actually again founded like a cyber security consultancy but the main topic that we discussed was him being an author and so one of the episodes they'll be releasing shortly is me interviewing a chief information security officer at a major energy company and so again kind of share a different perspective on the podcast rather than just the founders themselves who've kind of built these companies well what are some of the parallels that we can draw from a cyber security leader within a company in terms of how it might compare and building a team working towards different objectives and having some of those different goals and the challenges that they've faced along the way okay um we've talked about consult place a little bit if you want to talk any more about some of your you know your upcoming work with that uh feel free also i don't know if you want how about your work with focal point data risk at all yeah yeah i mean like i kind of alluded to earlier in the episode from a consult place standpoint if that's something that is interesting to you again if you work with cyber security consultants and want to go ahead and leave a review on the platform that's certainly helpful for us to continue growing if you're a consultancy and it's trying to grow and yeah completely free it only takes a minute i've designed the user experience to make sure it's as easy as possible to go ahead and leave a review and again if you're a consultancy and you're trying to gain some brand awareness either reach out to us or go ahead and talk with some of your different customers and get them to leave a review on the platform it's free marketing for you that way as well so there's no issues with that from a cdw focal point side i mean i'm really excited with everything we've got going on from an attraction standpoint again came from focal point data risks we just got acquired by cdw just a couple of months ago and then just in the last couple of weeks they now acquired sirius as well so cdw's really making a name for themselves as kind of the biggest player in cyber security reselling and now they're making that transition into services as well so there's all kinds of growth opportunities again i specialize in cloud security and devsecops so if you're interested in just having a conversation about some of the challenges that you're dealing with there please feel free to just shoot me a message on linkedin and we can kind of get connected from there there's no cost no pressure happy to just kind of share some insights and thoughts nice all right well that's last question for all the beans here if our our listeners want to know more about you kyle mcnulty secureventures podcast or any of these other things you want to uh throw some urls at us yeah sure i mean probably the number one place to go is just my linkedin profile and then you can kind of crawl out from there but secureventures.io or secureventures on any podcast app wherever you're listening to cyberwork here consultplace is just consult.place pretty easy and again cdw that's a that's a very straightforward one you'll probably get lost if you try to look at their website for more than like six seconds but again just shoot me an email and i'll get you uh whatever resources or conversation you need all right well kyle thank you again for joining me today this has been a lot of fun yeah thanks for having me chris uh and as always i'd like to thank everyone at home listening or watching at home at work work from home the new episodes of the cyberwork podcast are available every monday at 1 pm central both on video at our youtube page and on audio wherever find podcasts are downloaded i'm excited to announce that our infosec skills platform will be releasing a new challenge every month with three hands-on labs to put your cyber skills to the test each month you'll build a new skill ranging from secure coding to penetration testing to advance persistent threats and everything in between plus we're giving away more than one thousand dollars worth of prizes each month go to infosec institute dot com slash challenge and get started right now thank you once again to kyle mcnulty and thank you all again for listening and watching we will speak to you next week [Music] you
2021-12-04 10:41
