The Imposter Syndrome Network Podcast

Ian Thornton-Trump CD

January 17, 2023 Chris & Zoë Season 1 Episode 25
The Imposter Syndrome Network Podcast
Ian Thornton-Trump CD
Show Notes Transcript

Our guest today is Ian Thornton-Trump, Chief Information Security Officer at Cyjax Limited.

In this episode, Ian tells us about his journey to his current role, his experiences working as a threat intelligence analyst for the Canadian military, and the lessons he learned along the way.

He discusses with us what he believes to be the most important yet underappreciated cybersecurity skill, as well as the mistakes that can land a CISO in jail and how to prevent them.

We'll talk about his thought on certifications in today’s modern hiring market, why he thinks that backups are “the Alamo” in cybersecurity and why he started a community that, in his words, is more of an anti-community.

It takes a cyber village to raise a cyber idiot.

Ian's Links:


Thanks for being an imposter - a part of the Imposter Syndrome Network (ISN)!

We'd love it if you connected with us at the links below:

You can also find us on YouTube, Instagram, Facebook, and Patreon.

Make it a great day.

Transcript is machine generated and may contain errors.

[00:00:00] Chris: Hello and welcome to the Imposter Syndrome Network Podcast where everyone belong. We're all imposters here. My name is Chris Grundemann and I'm here with my fellow co-host and imposter, Zoe Rose. 

[00:00:22] Zoe: Hey. 

[00:00:23] Chris: Hey, this is the Ian Thornton Trump episode. And I know you're gonna enjoy it. Ian is an ITIL certified IT professional with 25 years of experience in IT security and information technology.

[00:00:35] Chris: He's worked in military intelligence with the RCMP and several enterprises in banking, insurance, and healthcare.

[00:00:44] Chris: Hey, Ian, would you mind introducing yourself a bit further to the imposter syndrome network? 

[00:00:48] Ian: Uh, not a problem. I'm Ian. I've had all sorts of different experiences in information security, some back in the colonies of Canada, a lot of them here in in the uk. I'm a CISO for sajax. I'm also a contract gun for hire to solve problems within larger organizations at an enterprise level.

[00:01:07] Ian: Something, a new project that I'm working on right now that it, that I might be able to talk about a little bit. And yeah, just I think one of the biggest things you need to know about me is an. Truly passionate about the community. I'm truly passionate about helping people get into information security jobs.

[00:01:23] Ian: I've had some success stories around that and I'm just coming off a stint of getting to do an annual lecturer at Manchester University on... for those master students that are doing information security. So you're catching me in a great moment. 

[00:01:37] Chris: Awesome. That that's great to hear. And you know, obviously I think you've had an amazing career.

[00:01:43] Chris: As you said, you're, you're both a CISO and a CTO right now. Your resume and qualifications are impressive by any measure. So right off the bat, I wanna know, do you ever feel like you're not smart enough?

[00:01:54] Ian: Once in a while. It's a rare thing when it comes to the information security, I'll be honest with you. 

[00:01:59] Ian: Everything else, life, total disaster. Okay. So it's like, it was because when I came on board, my job was literally to go globally and dance around a cyber pole and tell people about cybersecurity and how they need to improve, make it, and, and the company that I was working for at the time called Logic Now, Was truly passionate about layered security, and this was almost before the mid-market was moving to cloud.

[00:02:26] Ian: This was back in 20 14, 20 15 timeframe. And you know, as things worked out, my job was to get really, really passionate about cybersecurity to the exclusion of any sort of normal lifestyle whatsoever. Right. 

[00:02:40] Zoe: Oh am my goodness. I relate to that so much. I will specify that Ian and I met when I started college, so I am one of his success stories.

[00:02:48] Zoe: I met Ian when I was in college at a hacker space, and he helped me actually start my own business originally. Gave me lots of seasoned advice and helped me run it from a pub. So two very positives. 

[00:03:02] Ian: Zoe and I like, it's actually kind of hilarious because we worked on one of the premier projects together for Manitoba and in fact Canada, which was the Canadian Museum of Human Rights.

[00:03:13] Ian: And when the project manager came to me and, and, and they said, Ian, we need someone to come on board and hack it and get it ready to go. We had three months before it like ribbon cutting ceremony. And he comes to me and he says, we need someone that knows Mac's. Now, at the time I was a PC guy through and through, okay.

[00:03:30] Ian: And actually Zoe converted me to the Mac platform, but I went, well, the only, there's only one lady I know that knows how to use Macs. And I said, it's Zoe Rose. So I called up Zoe and she came down to the Manitoba Human Rights Museum and was confronted with the grim reality that she had, what was it, 90 Mac Minis that she had to deply.

[00:03:53] Ian: Uh, .

[00:03:53] Zoe: Not all credit is mine. We had a really, really wonderful person there as well that I was assisting. 

[00:03:59] Ian: We did, but this hilarious story is, is that we've intersected, uh, you know, sort of constantly in the information security world and, and we've been great friends. 

[00:04:08] Zoe: I also think it leads really closely to one of the questions I had, because you are the only person that I work with throughout my career that always ends up having guns involved and I feel like because Human Rights Museum, uh, ribbon cutting ceremony, they had snipers.

[00:04:29] Zoe: So I'm just gonna say this is uniquely Ian, but that leads me into my comments about you work in threat intelligence. What about when you were in military? Was there parallels there? 

[00:04:43] Ian: Well, you know, the military's really interesting place to come from because especially at the end of my military career, I spent a long time as a military policeman, and that wasn't too spectacular or fun.

[00:04:54] Ian: We can kind of gloss over that stuff. But my last gig was as a public affairs officer for, uh, Ws called a brigade group. And that was where I got sent on a course. And they essentially beat me into being able to present and talk and do stories and sort of, let's talk about the trucks that aren't on fire, right?

[00:05:14] Ian: And it's sort of like really that public face of the military. In fact, it is really funny story because one time I was getting ready to deploy on an exercise and the brigade commander turns to me and says, slick, why are you in your combat? So you need to be in your dress uniform in case there's a problem, and you have to talk to the public.

[00:05:31] Ian: So I'm getting all ready to go out to the field with the boys and, you know, camp in the woods with guns, camping with guns. And he's like, no, you, you get to stay at the hotel . And I'm like, well this is not any sort of military experience I was ever familiar with. Right. You know, and I was sitting there, you know, while everybody's trying to cook their meal on a little Coleman stove out in the Canadian wilderness.

[00:05:52] Ian: I'm like, you know, in the restaurant and worried about how shiny my shoes are. So it was just the, it was surreal and bizarre, but it was like it was the missing thing that I needed intellectually. I had what it took to like do the threat intelligence, do the military policing, even develop as a leader, as a platoon commander.

[00:06:10] Ian: And then I, I reached the apex of my career as a company operations officer. But what was interesting is that although you had the leadership skills, it's those communication skills that end up being vital. To your own career progression. Being able to write is probably the most important yet underrated skill in cybersecurity today.

[00:06:29] Ian: And I think some of my swagger, if you will, in, in that industry, and I think you can say swagger when you're 50 years old or, or older. Significantly older like me, you get into this point where the one thing you know is how to take and apply your brain and do analysis. And I wrote an article, actually, I started writing an article a while back called The Death of Analysis and it just got too dark and too scary.

[00:06:54] Ian: It was the point where I, you know, gonna go to Joe Petri at Tripwire. And so you can publish this and you just know because people are gonna, you know, gouged their eyes out and grieve. But it was. . Essentially what's happened in, in politics, in InfoSec with some of the dramas that are unfolding with, you know, the Elon Musk's experience is we've become intellectually lazy when it comes to a lot of things.

[00:07:15] Ian: We just want the answer, and the problem is, is that our neuro receptors are so tuned to the easy street. That we end up getting addicted to conspiracies like Trump was appointed by God to find and reveal a democratic deep state child pedophilia ring running from a pizza parlor, and all of a sudden, you know, a whole bunch of people believe that as as a truth.

[00:07:42] Ian: And it's amazing to me that it's easier to read something on Facebook that starts with, you know, all the scientists have missed this , and all of a sudden you're getting that sent to you by multiple people. So my thing was always like, and well, I think maybe what I was successful is analyze the problem, right?

[00:08:02] Ian: Or as I like to say, in simple terms, find the stupid. And then fix the stupid, right. Figure out what the easiest, most inexpensive, what can we do about the problem. So it's, I mean, it's been a hell of a journey and I'm not gonna sit here and say I haven't made mistakes. I made some phenomenally large mistakes, , um, you know, in life and in career and whatnot.

[00:08:24] Ian: I spent a great deal of my time making other people really rich when the company I was working for was, uh, was bought for half a billion dollars by Solarwinds. and that kicked off a whole interesting part of my life, which I think took a lot more, you know, kind of scary moments, right? When you're gonna, when you wanna sit down and try and speak truths to power.

[00:08:45] Ian: And, and so I think, you know, be true to yourself, love yourself, and I think support and, and build your support network so that when you're struggling with things, you have someone to call. Right? Zoe's one of my go-to people when I'm feeling not great. You know, I'll, I'll give her a call and we'll talk it through. When she's feeling not great or underappreciated or something like that, she'll gimme a call.

[00:09:10] Ian: We'll talk it through. And between the two of us in that network, which extends into the beer farmers, which extends into my Twitter family and even, you know, people that I'm really close with. You know, I, I summarize it by saying it takes a cyber village to raise a cyber idiot. That's one of my favorite sayings, and it's really true.

[00:09:28] Ian: I'm a bit of an idiot when it comes to understanding life and, and things like that. But the, the ones and zeros of the cyber world seem to just jive, seem to work for me. 

[00:09:40] Chris: So you've covered a lot of interesting ground already here. One thing I kind of want to zero back in on a little bit, kind of with the idea of these conspiracy theories that have gotten outta hand, sometimes there really are conspiracies and then also maybe like support networks and how to behave.

[00:09:55] Chris: What I mean is this whole Joe Sullivan stuff, the, he was a CISO at Uber. Can you run us down? Maybe, you know, not everybody's familiar with the story. Maybe what happened there and from your perspective, right? What's the mistake that's made that ends up landing a CISO in jail? Like, how bad, you know, what do you, what do you have to do to be that bad at your job?

[00:10:15] Ian: Yeah. And, and this is such the paradigm and, and such a weird situation. Like, first of all, I'll say what happened to Joe is an outlier. Okay? It is a total outlier from where the standard kind of criminal standard of justice would be applied to your actions within a work environment. So to, to give everyone sort of the quick and dirty of this, Joe Sullivan was the CISO of Uber.

[00:10:39] Ian: He got fired. For allegedly. Okay. Treating a major breach of 56 million, uh, victims as a bug bounty opportunity. Okay. And Uber was found guilty of doing this, and they had to pay something like $156 million as, as sort of like a fine to the regulator. But then the very same office that Joe Sullivan was a prosecutor for, decided that it was time to charge him criminal.

[00:11:10] Ian: Okay, so, so think about this. Think about a previous employer now coming after you, after you've had this amazing career of being the CISO of Facebook and then Uber. And then after he was fired from Uber, he ended up at CloudFlare. I mean, this guy was, Was big top guy, right? Also fully trained lawyer and state prosecutor.

[00:11:31] Ian: So, or federal prosecutor. So contextualize that for a moment and you can either go two directions and I will buy his book or whatever biography they come out with, cuz I need to know his state of mind because it could have gone both ways. It could have gone, he's a completely arrogant asshole and thought he could beat the system.

[00:11:49] Ian: Okay. And therefore when confronted with a plea bargain, when confronted with advice from his own lawyers, he poo-pooed it, saying, oh, I'm, you know, the greatest thing ever in the universe, and they'll never catch me. Right? Or he had a meltdown because I think he fundamentally thought he was doing the right thing.

[00:12:11] Ian: I feel like he was in a position potentially to be recognized for adjusting, uh, characterization of a data breach into this bug bounty thing. Now, a lot of people said, well, you know, he, he did it and sure, but. If you were going to commit a crime and you knew it was a crime, would you not use like a telegram channel disappearing messages?

[00:12:36] Ian: Would you not set up some covert apparatus? No. What he did was he used the corporate infrastructure, the corporate email system. All of the documents were prepared on Uber letterhead, so no attempt to really disguise what he was doing by any covert means whatsoever. Your former office is coming after you.

[00:12:57] Ian: You are using corporate resources allegedly to do this, you know, mis prisoned by felony and obstruction of justice criminal standards, and yet you can't raise reasonable doubt about your activities, which would get basically the charges kicked. Now on the other side of it, the Crown Pro, the prosecutor really wanted to make sure that this guy paid the price for allegedly, again, lying to or not allegedly anymore convicted of lying to a regulator about this data breach.

[00:13:28] Ian: This is a of immense importance because it shows that one wrong decision within the context of your job. Can lead to consequences that you never even thought about. Right? I don't think he's gonna spend a lot of time in jail. But where it's really gonna hurt is the potential for criminal forfeiture of all his toys and all of the financial wealth that he's accumulated over that period of time.

[00:13:55] Ian: Plus, you know, he is now literally a convicted person, which may or may not impact his future job prospects, but it's a. It's a monumental tale and it's something that we gotta dig into and try to understand because either he had the worst legal advice ever possible, or he showed zero sense of humility and hubris in front of, uh, the jury and, you know, has now paid the price.

[00:14:21] Ian: And I think, you know, one thing that a mutual friend of Zoe and I always said, uh, and he was a lawyer, was, if it ever goes to court, anything can happen. Right? 

[00:14:31] Zoe: Well, I think that kind of goes on the topic of like, when it comes to working, you need to be authentic. You need to try for the best. And sometimes when we make mistakes, we kind of go through tunnel vision, right?

[00:14:46] Zoe: And so I make a mistake, I panic, and I want to respond this way. Immediate thought usually is what Ian mentioned earlier, is call a friend. Call somebody that can give you an outside point of view, call somebody to direct you in the right position where, you know, I'll call Ian usually, and I will rant to Ian.

[00:15:07] Zoe: My current boss is absolutely brilliant as well, and I've ranted to him also. But the benefit there is that community and I think when we mess up at work or we have some really, really hard topics, I think community helps us do our job better, which is why I wanna change the topic slightly because there is a point, there is logic to it is beer farmers.

[00:15:30] Zoe: So I think the first photo I have of giving my daughter her very first bath, I'm wearing a shirt that says beer on it. And I think it's hilarious cuz I don't drink beer, but it's because of the beer farmers and the conference. I spoke, well no I didn't speak, I was a mentor at, at your. Why did you start the beer farmers?

[00:15:47] Zoe: What is it about, and why is it called the beer farmers? Because it's actually about security people. 

[00:15:53] Ian: Yeah, it's, it's such a kind of weird paradigm. It was one of those things where after many drinks, Mike Thompson AppSec bloke on Twitter and myself just decided, let's pretend we're a rock band, but let's take all of our immense cyber skills and apply it to building a community that is.

[00:16:14] Ian: and anti community. In a lot of ways, we're anti the obnoxious stuff on Twitter. We're anti cleek is, although people can consider us a clique, but because we disguise ourselves as a fake band, we're immediately a parody of everything that's out there. Right. And then I think we started acting in what we consider the common good and the common good in cybersecurity.

[00:16:37] Ian: Be anti gatekeeping, encourage people. Zoe was a huge part of a mentorship program to bring people to the stage to present their work, and is a passionate supporter as well. And we've got lots of people that we consider very close to us in that they have a like-minded idea here of supporting the next generation of cybersecurity professionals.

[00:16:59] Ian: The next generation of. Diversity of both opinion and you know, the types of human beings that we have out there. And so we've taken a, a different approach to I think building the community, um, and dealing with some of the internal problems. But it's interesting because we're learning our own lessons as we go along.

[00:17:21] Ian: We're learning how hard it is to run an information security course. We're also learning how difficult it is to interact in, in that way that Zoe really described, which is phoning your friend, touching base with people that you trust. Instead of just, you know, pressing the, the Twitter button and blasting your thoughts out onto the Twitter world.

[00:17:44] Ian: And in fact, myself personally, I've taken the LinkedIn app mostly cuz I was getting pissed off by the venture capital hot takes on the Ukraine Russian War, which, you know, having some time in experience uniform versus someone that has no time and no experience in uniform, I feel like they should just shut the hell.

[00:18:03] Ian: And just so it became, you know, a, a, a sense of anger every time I read about these hot takes, which got it completely wrong. And then the other part of Twitter was really like when the information security community decided to eat its own young, and you would get pulled into these dramas. That when you, when you looked at them from that 50,000 foot view is you're not actually solving a problem here.

[00:18:27] Ian: You are just yelling with a whole bunch of other people that are yelling, and it really is detrimental to a good state of mind and an emotional awareness. 

[00:18:38] Chris: So speaking of gatekeeping and, and not to, you know, change subjects drastically. Again, I think this is gonna be a, a bit of an A D H D version of the podcast here. We're jumping around a little bit, but, uh, you know, hey, we all work in tech. That's, uh, how it works. 

[00:18:49] Chris: But speaking of gatekeeping, I noticed that at one point, and, and maybe it was only for like a year, but you were actually an IT human resources consultant and I think the team you on was responsible for finding qualifying, interviewing, assess.

[00:19:02] Chris: IT professionals for, for various client companies. And I assume that through your career you've probably done a little bit of hiring, been in that hiring manager position other times as well. What I'm curious about is, you know, when you're in that position, we either in that role or, or you know, since then, what is it that you look for?

[00:19:17] Chris: I mean, obviously there's all these technical skills that may be required, but how do you qualify or, or assess, or what, what do you, what do you look for when you're, you know, hiring an IT profess. 

[00:19:26] Ian: You know what? It really comes down to one thing, cuz especially in the early stages of your career, you've come out, you've maybe got some education, maybe even a couple years of experience.

[00:19:35] Ian: It all comes down to passion. Are you willing to go the extra mile? Are you willing to do overtime on a weekend? It, at the lower end of the spectrum, it is kind of a terrible job. There's no question about it. It's long hours. It's um, in sometimes very difficult and dirty and noisy circumstances. There's a lot of lifting and bending and crawling under desks, so it is a tough job physically.

[00:19:59] Ian: It can be really emotionally draining too when something has gone wrong and you're trying to Google the answer while the vice president of sales is asking when the call center will come back up. So there's all of these different experiences and it's that passion and that ability for the person to kind of like role play with you through a couple of scenarios to see how they're gonna do, what is their analytical problem solving capability.

[00:20:23] Ian: Because tech skills can be taught. Right. And as you go on in your career, you learn more and more just by doing and challenging yourself. But what I think it comes down to is, are you g, the way to get good at your job is to find your passion within that job. Otherwise, you know, I've had the conversation, you're a great person man, and you know, love going for beers with you, but you're just really not an IT person.

[00:20:47] Ian: You're too angry all the time, or you're too emotional and you can't take, you know, criticism particularly. And at that point, you know, the person's gotta make some choices. They either potentially get help for whatever problems or ailments they're, they're suffering from, or you, uh, support them. You give them, you know, a longer rope to sort of like help them along and get them up that ski slope and then let 'em fly.

[00:21:12] Ian: And if that means they leave their organization under the best terms possible, that's. And that you should look at as a manager or an employer is the ultimate goal is that people will grow over time and eventually they may grow out of the job and want to do something else, and that's okay. 

[00:21:28] Zoe: I think one question that you would be a really good person to talk about, cause you're quite confident when it comes to security, as you've said, you know, your stuff, you've been in this for a while, maybe not as confident with the people stuff, but, uh, we work through that together, community.

[00:21:41] Zoe: Right. But from your perspective, if somebody is struggling with imposter syndrome, When it comes to work, because you're successful, you've hired people, you've fired people, you've built successful teams, you've worked with and built a, a company that was then acquired for quite a bit of money. What would you say if somebody screws up massively at work, what would your be advice be to them?

[00:22:05] Zoe: I know already don't be like Joe and try to cover it up, but maybe what are some practical things that they can take. , it could be they've made a massive mistake. It could be they're really, really struggling in a role. Maybe they've made a really, really embarrassing mistake. What are your thoughts on that?

[00:22:21] Ian: Uh, don't lie, don't publicly humiliate and allow the person to walk through their experience so without interrupting them. Right? One of the most powerful sort of interrogation techniques that's out there is where I give you a piece, a piece of paper and a pen, and say, write down what happened. Right from your perspective in a narrative.

[00:22:42] Ian: Right. What happened? You know, I was distracted. You know, when we went to move the server during an a, an incident response where the basement of where the office was, was half filled with water. When we moved the server, the hard drives fell out of the cage because they weren't properly secured. and I went into the water.

[00:23:02] Ian: It's like, okay. All right. So we learned some valuable lessons. At the end of sort of all of this is we're not, it's very rare that we ever find ourselves in it, in moments of life and death. Right, and having seen sort of the potential of life and death in the military, you can contrast that with everything else really doesn't matter, you know?

[00:23:26] Ian: Now I'm not saying people that don't work in the OT environment, that are trying to do security against advanced persistent threat and not have their factories blow up on them, they cannot take a cavalier, uh, look. But in terms of the business systems that we work on, somebody's laptop, you know, backup is super important.

[00:23:45] Ian: I always like to say that backup is the Alamo, right? Like if you've got backup, you can afford to take risks. If you don't have any backup, you can't afford risks. The risk is funny, especially when it comes to looking at backup and dr. It's, it protects the customer's data. It protects the customer's ability to.

[00:24:06] Ian: And it protects them against a mistake that you might make. That, you know, loses a bunch of stuff back in the day. You always could take a spreadsheet, right? Open that spreadsheet up, make a whole bunch of changes to it, and then save it over the spreadsheet without renaming it, only to destroy all of the previous month's data on the spreadsheet with all of your new updates on it.

[00:24:29] Ian: Right now, the default after many, many years is to do is to copy of copy of copy of spreadsheet, right, And, and that was a direct result of everybody's experience at having to call the IT guy and try and restore the previous spreadsheet from backup because it had been overwritten. It was like one of the biggest disasters ever in businesses and it was a constant thing.

[00:24:54] Ian: Right, and I know, I know you're laughing, Chris, cuz you, you know, you came from the, probably that era too, with the fact that, you know, the first thing anyone should ever do is back up the array configuration because that firmware on a Friday night is going to make a mess of everything. 

[00:25:12] Chris: That's exactly right.

[00:25:14] Chris: Regrettably, we have run out of time. Ian, thanks for joining us and thanks for sharing your stories with the Imposter Syndrome Network. And thank you to all you imposters out there listening. We appreciate you. Thanks for spending your valuable time and attention with us. If you found this episode informative, fun, or helpful in any way and want to pay it forward, I suggest simply sharing the podcast with someone you care about.

[00:25:38] Chris: Now, Ian, one last thing before we go. Could you tell us what you think about certifications? I know you have a few, uh, you've got your certified security analyst, plus you've got a network defense architect. and a certified hacker. But in general, what's your view on certifications? Are they helpful? Are they not?

[00:25:56] Chris: Do you look for 'em? 

[00:25:57] Ian: I, I've got sort of a very, I would say juxtaposed view of certificates and certifications. So the first is, I think they're really valuable, so you can speak the language of security so that you can communicate and thereby have conversations with other professionals in the. I'll be fair.

[00:26:16] Ian: I, I've had conversations with developers and network architects and guys that we know, um, that are way out there when it comes to like global routing and B G P, et cetera, et cetera. Right. And I won't understand the majority of that conversation. However, I know enough to be able to follow. Nod and provide some folksy wisdom occasionally.

[00:26:41] Ian: Right. But what I think is so important about the certificates is it does establish a bit of an entry level credibility and also, again, your ability to have those conversations. What I don't like about them is they're really gatekeeping instruments where I've seen businesses ask somebody for like A CISSP for a three year experience, entry level position.

[00:27:04] Ian: And it's like the CISSP is supposed to be sort of more, I don't think it's a basic certification at all. It starts introducing the concepts of security, leadership, risk and compliance, GRC as they like to call it, and all sorts of other pieces of the security puzzle. And it's not really what I call an operational certification.

[00:27:25] Ian: So I see it as both things. And again, if you're looking at the modern hiring market, I think it's important that you can know the basic fundamentals, but I mean, all of our experiences have been walking into complete corporate shit shows at where other rules don't apply and the first thing you don't want to hear from your freshly hired three years of experience CISSP is, that's not how they do it on the CISSP exam. Right. 

[00:27:56] Ian: That's just gonna get you choked out of the room. You know, so I think there's sort of like a, a love hate relationship with CERT certifications and certainly from the hiring perspective. I mean, if all that they're asking for is a half dozen certifications, they're gonna get somebody that's really good at writing exams and not somebody that is practically versed in the actual nuts and bolts and operations of security in an enterprise.

[00:28:24] Chris: Yeah, that's fair. Do you have any current projects that you want to make sure the Imposter Syndrome network knows about? 

[00:28:30] Ian: Yeah, so I'm really excited to have kind of a contracting opportunity with a very large women's beauty and hair care company, and I've actually been hired to set up a security operations function within that organization.

[00:28:47] Ian: I'm super excited about it because I'm working with just a really great team from a, a large global MSSP, and it's so nice to have people that are so passionate about delivery at a customer level. Right. , everyone recognizes how hard enterprises can be, especially in my case where there's an OT component, so I'm learning all the time from some other people.

[00:29:10] Ian: So it's like a really, really fun but super challenging project and I would say is don't be afraid to, to bite off these things and go after them, because you'll learn so much along that journey. That'll become so valuable. Later on, whether you're at a junior level or whether you end up, you know, calling the shots like I am to try and, you know, basically be better at security every day as an organization.

[00:29:38] Ian: Like progress is more important than achieving, you know, a major result. 

[00:29:44] Chris: Awesome. And how can folks get ahold of. If they wanna reach out, 

[00:29:48] Ian: well, I am on Twitter and LinkedIn, so, um, at Sign Fat, p h a t underscore Hobbit, I've been pushing out content now and again, and some thoughts mostly during working hours.

[00:30:01] Ian: uh, taking a break. But I will say, um, Ian Thornton hyphen Trump on Linked. Is one of my go-to ways and you can always email So there you go, 

[00:30:15] Chris: perfecto. We will be back next week.