Innovation, The Enterprise, and YOU

all right uh this presentation is one that I normally give to interns um where I work but it has application for almost all of it so I kind of wanted to share it with you guys uh provide the high level advice for being successful in the Enterprise and adopting an Innovative Spirit uh for those that are wondering whether you're in the right place we probably are this isn't a terribly technical talk uh so please feel free to grab a coffee and sit with us um this is a virtual or recorded session so if you have questions drop them into the besides Charlotte Discord I think we're on uh stage three I forget the exact name of it but you'll find it uh

and I'll be around Andrew uh while all the presentation is on so just drop questions there with that let's start oh wait I'm not allowed to actually say hack in this presentation so we'll change that to to innovate uh from the inside yeah okay all set let's go disclaimers before we begin I'd like to lay a foundation around what you can expect from this presentation to do that we need to start with disclaimers some of you are just beginning your careers others have been around for a very long time the rest are quite obviously somewhere in the middle if you have spent any time at all in a decent Enterprise environment you've been groomed and fed a steady diet of you

know the right things uh to position you for a great career this is an excellent thing however um that's not this presentation this is more of the Fried Chicken of a career advice it tastes great but it's probably not good for you uh as with all advice it's just as likely to be bad as good also as with all advice don't blame me if you follow my advice and fail being too rigid and adhering to the details that I present will either get you fired or promoted these things are the extremes of any career they are the spinach and ice cream of career advice a good ballot's usually lies somewhere in the middle where possible I avoid the use of Court

speak to convey the ideas that I think are important things are rarely as simple as magenta cyan and yellow you kind of get used to it after a while also those disclaimers are fun and you know they make me happy but representing a corporation or even um having the corporation's logo on on your presentation and an external uh Symposium means that invariably somebody asks you to include an actual disclaimer that looks something like this that's uh probably Fair uh to the company the funny thing is that this says almost exactly what my disclaimer say I'm not giving you advice and even if I were giving you advice you shouldn't follow it without doing your own homework what you get is quote as is

end quote um and as the Bad actors and cute hoodies like to say for entertainment purposes only they tell me that this disclaimer is probably important but I'm not a lawyer so it may not be important after all who knows um onward further before we begin I need to or at least try to establish credibility so I'll explain who I am where I am and how I got where I am I'm jinxedo I run Global Information Security Consolidated lab for a major National Bank whose logo may or may not appear on this slide this is my Professional Profile it's available on LinkedIn or other places that my employer won't let me visit while I'm at work or you know I can

email it to you I was born in the U.S state of Louisiana if you think about all the places that you know about in Louisiana and subtract them what you get is my hometown if you've ever seen the U.S television show Duck Dynasty it's a lot like that except with all the civilization and culture and the Bland light of the dawn of time like many folks from Louisiana I started life and offshore oil drilling um offshore work in the Gulf of Mexico is two weeks on at all rigged two weeks of free time and my two weeks all about worked at a major national retailer whose name does not appear on this slide one day I found out that uh oil rigs

sometimes do this so I quit because quite honestly that's kind of dumb also working as a stalker in a retail Mega chain isn't as fun as it sounds so I quit that job too while driving home with an extreme lack of employment Lee Greenwood's God Bless the USA came on the radio show I pulled into a recruiting station and joined the US Army this was the early 90s so they probably felt pretty good about uh about it when they promised that you know I would only have to do domestic missions you know floods hurricanes humanitarian work that sort of thing so cool sounded fun uh nine months later this picture was taken I can't tell you where it was

taken but I can promise you that the sand you see in this picture was not in West Texas in the intervening nine months the Army spent a lot of time and a bucket load of money teaching me to repair some fairly exotic electronics and I served in the Gulf War during operations Desert Shield and Desert Storm during the War I did war stuff after the war ended I kind of worked through the military but at the same time didn't it's a thing the best way to explain it is um I spent time in a school learning things and got a job working for the people on stuff we can't talk about actually it's probably okay to talk

about the stuff that I worked on because those things still don't exist in the world so that's not to um after a while I quit working for the people because of stuff and decided to get a real education so enrolled in Northwestern University or more correctly Northwestern State University of Louisiana which looks exactly the same on a resume in cases you didn't you can't place where that is it's uh here that's still the middle of nowhere just nearer to the interstate um around 1995 I read a book about computers built the 386 and learned to program it um and promptly dropped out got married to my lovely wife Jody moved to Chicago and got a job at UBS because you know like

good good life choices and things over the next decade or so I worked my way up to be director of engineering for the Americas at UBS uh and my time there I helped create a product called interchange which was a Java based group chat client based on the IRC protocols that started as a way to prove the Enterprise capabilities of java in the early 90s or mid 90s um and morphed into a tool that was used by nearly every employee globally that it was eventually spun off into a startup from the from UBS uh that was later sold to Microsoft to become part of the Microsoft teams product that product got me my first listing as an inventor on a

padded uh patent So Good Times however in 2007 it snowed a lot which looked like this so I quit and moved to Charlotte North Carolina where I spent a lot of time fishing before landing a job as a first line help desk support Tech on the loan trading desk at the largest consumer Bank in the country I was answering three emails a day and rebooting desktops but I was making the same money as before because that's how directors of engineering for the Americas do uh in any case I've been here for 15 years and worked for most of our eight lines of business I currently run GIS Consolidated lab on the GI the global information security innovation

and strategy team however uh earlier um I briefly introduced you to my wife Jody we've never had children however a long time ago she and I adopted this person we are incredibly proud of them uh they in turn introduced us to these three beautiful people they are uh amaryllis on the right and that could be on the left and Camellia also we can't forget the engine ingeniously named blue puppy who is there Judy and I were the first people to other than their parents to hold every one of these after they were born they called me Papa and I like it you however should not call me pawpaw I still enjoy mucking around with electronics and making mundane things do

interesting things through judicious application of the angry pixies that we all keep in our wall sockets uh shout out to anyone that recognizes that poster in the in the slide there it's a miterate tech Enterprise framework version one uh which I have since framed and I have it on on the wall here when I need to unplug for a while I do hand tool woodworking in which I turn organic carbon foam obtained from dead tree carcasses into furniture without the use of the previously mentioned angry Pixies uh usually these things are assembled with uh without the use of metal as well just you know tight joinery and glue when I get bored with that uh I learn to

do hard things like sailboats or fly airplanes because why wouldn't you uh other than that I pretty much hang out with friends in the community and feed people because hey oh food uh although not much in the last 24 months because Kobe uh so this shift focus into something now into something that I'm very passionate about Innovation but first no presentation would be really useful without a central philosophy and a few years ago I adopted a philosophy created by uh Dr Harold Edgerton of MIT some of you may have heard it some of you have probably seen his work and didn't know that you were seeing it the philosophy is this uh work hard because

work is an activity involving mental or physical effort uh done in order to achieve a purposeful result simply put no work no purpose no result tell everyone everything you know uh we're sometimes called knowledge workers for us knowledge is a commodity if you share the knowledge that you have you will gain from it a closer deal with a handshake though this is from pre-covered times that simply means be trustworthy uh if you say you're going to do something do it if you say you're not going to do something don't do it uh where I work this is called trust the team it's one of the five core values and finally have fun because if you're

not having fun at your job you are literally wasting your time um sure you might be making all the dollars but without Joy it will be a sad consolation prize have fun loosen up work can be fun if you let it with that out of the way let's talk about some simple truth about innovating in any Enterprise take a screenshot of this page or because of the cyber security conference grab your phone and take a picture of these names go find out one thing about all of them take a deep dive on some of them in my career I've met many of these people personally uh within their particular Fields they are legendary some of them are quite literally Living

Legends and talking to them I found out something interesting they don't act like Legends they're just people they're that are very passionate about doing one thing well so when Ken Thompson created the B programming language and then helped Dennis Ritchie expand it into the C programming language they weren't trying to change the world they were trying to write applications for the then new Unix operating system they ended up creating a programming language that was the very foundation for uh nearly everything we do today because they were passionate about doing the small things well they did something foundational for the whole industry which leads us to you know do something big the internet was envisioned by a single

person Leonard kleinrock in 1961 but it wasn't developed um until almost a decade later in 1969 the first network switch was installed at UCLA uh email was developed in 1971 by Ray Tomlinson in order to communicate with other researchers on the network TCP was designed uh by Surf and Khan in 1973. Ethernet was also developed in 1973 by Bob Metcalf Dennis Hayes released the first modem to allow people to join the network remotely in 1977. DNS was introduced in 1984 the first commercial dial up was created in 1989 and finally in 1990 Tim berners-lee invented HTML in the world wide web as a way of graphically sharing mathematical formula with others and then these people created something magnificent

because they just did the work that they enjoyed and shared it they were all doing huge things but here's the key they didn't actually didn't necessarily know that they were doing huge things they learned things and worked hard to solve very specific problems that they needed to solve they shared the knowledge that they gained with others openly and freely it's something that we do very well in the cyber security cyber security Community the collaborative work from these people have has literally changed everything about the way that we work today but in their minds they're not Legends they're just people like you or me that had a specific problem and shared the solution with the world uh others picked up on

that work and did more things with it and now we have Tick Tock so uh who knows right they each had managers they had project plans and meetings and calendars to manage they simply shared and learned from one another uh the the Global Information Security Lab at Bank of America uh is an excellent example of the Innovation that can happen in very large Enterprises uh it's a Starship quality lab built with the best technology available it runs as a non-production environment that hosts all of the things that can't be hosted on the production network uh the actual the architecture is on so that high risk activities are segregated from the rest of the lab and from the production

Network uh two of my patents are around the ways that we segregate workloads and manage access to them the lab is used to test vendor appliances um and do malware investigations complete forensic analysis on suspect Hardware execute training and evaluate software from vendors it's also used by our Innovation and strategy teams to build and Test new ideas and quick iterations we have a virtualization tools uh that can spin up any OS and the company's catalog in minutes and we're staffed by seven full-time Engineers so yeah dream job right this allows us to quickly assist with incident response and malware analysis efforts uh the gis Co was designed from the ground up to be the most secure environment in the

company and to allow us to be the most agile environment available while ensuring that we meet or exceed delivery letter and spirit of every control uh too many too many uh cyber security teams have exceptions to controls and governance because of the nature of the work that we do but within uh our environment within the lab environment our ethos requires that if we put controls on the end users we have to meet or exceed that control uh that can be pretty complex but it's absolutely possible we have a no exceptions policy in the lab that is strictly maintained so you know yay for governance meetings uh the giscl is also used as a a red team hide

um so that you know we can do evaluations and other red team stuff without uh being directly on the production Network which helps them hide from The Blue Team uh we also let the blue team use parts of the lab to chase down and squish red teamers because life is no fun unless you're squishing your co-workers um I skipped ahead there it's also home to another project that I was responsible for building at the bank it was called the adversarial engagement environment before the rest of the world caught on and started calling it a cyber range a few years ago we use that environment to help vendors build cyber range environment management software and meet

with many of them regularly regularly to share experience and ideas that we generate while the ranges are active our experience experience and expertise with cyber ranges continues to drive the industry and allows us to do both training and required evaluations for the bank of not all Innovations have to be multi-million dollar projects uh like the lab was uh this one is this is one that my friend Michael overins and I wrote in about three hours in Java uh it extended the work done by bitly and now defunct Google URL shortener to provide shortened URLs internally uh to the company because it's hard to memorize full URLs especially if your organization uh uses things like SharePoint or other CMS tools

um we link to a lot of data into URL shorteners um so having one that is internal only uh made us feel a lot better about having that data floating around yeah interfere the fun we registered top level domain.gov internally and made the machine host name simply the letter U totally for the purpose of creating a uh your the URL https Cola slash slash you dot go girl uh which redirects to a user to our uh women in technology and Ops um so we're having a lot of fun with it uh wrote the code and um released it into the company um by the way Mike Logan is an author and a prolific Bank of America innovator

who has appeared on television and in other interesting places uh you should you should spend a minute Googling uh him as well we've worked together for about a decade now uh He's listed as a co-inventor on nearly 50 or age listed as an inventor on 50 patents um and uh from Bank of America and other places uh you don't go started as a way for us to share things among ourselves without having to use external resources and leaking intelligence to the cloud like I said it works so well that we shared the tool with a few others uh on various teams and two years later we took another look at it and there was trafficking about three million

redirections a month and was used by it was being used by our production teams to support other applications uh it was around then that we thought maybe we should productionize this and not have it running on a server under the desk uh that those often the way that Innovation Works in a major Enterprise do the thing that makes your life easier and share it when it gets too big to manage threaten to turn it off until somebody takes it away from you it's probably not the best approach but it certainly gets you passed at least a few governance roadblocks so like I said you know you could get fired with this presentation uh but I'm

working I'm lucky to work in an Enterprise that places emphasis on Innovation so we lead the industry in U.S patents with about 5 000 patents granted or applied for and almost 6 000 employee inventors uh listed globally and Innovation is at the heart of what we do uh so we innovate to provide industry-leading capabilities that improve our clients Financial lives and to help create the the best place for our teammates to work foreign our focus on Innovation ensures that we remain at the Forefront of as a financial institution as we continue to deliver responsible growth to our clients shareholders and teammates I may or may not have written that slide uh we enable everyone to be an innovator at

Bank of America Innovation is not uh siled to one organization or location even if teams like mine exist to lead the way um we believe that executing and building Upon Our core strategies gives rise and focus Focus to Innovation that's why we we have thousands of inventors and record patents across our Enterprise but as an individual how do I take advantage of that it's actually pretty easy at the bank Innovation security or I'm sorry information security at Bank of America just crossed uh we just got our 1000th patent uh just within uh the information security team at Bank of America you probably Google that and find uh lots of stuff um so how do you innovate in the Enterprise

there are several traits that highly Innovative people have uh first be curious try to understand how things work take them apart put them back together tweak them uh to make them do different things I always have a browser open to Bing or Google and I'm always searching for knowledge on conference calls if someone says something that I don't understand I search for answers if they say something interesting I try to find out more about it um there are people where I work known as smes or subject matter experts they tend to be legendary within our own circles some of them are speaking at this conference uh and I think I have a list of them later but if not you can

probably find them whatever your area of expertise is learn everything that you can about it and when people uh ask share what you know

there's only uh so much that you can learn from books most of learning is seeing how other people have solved similar problems for programmers a good measure is that you should probably read 50 lines of code for every line that you write in my career I've written hundreds of thousands of lines of code which means I've probably read Millions not every line of code is groundbreaking and unique but occasionally you see something done in an interesting way and adapted into your message the same applies in in cyber security right if you're if you're breaking things or making things um a lot of what you do is just looking at what other people have done and then

expanding on that and changing it I learned uh much the same thing when I was helping my grandfather build houses as a teenager right it works in every discipline and it's incredibly important to be in an Innovative learn from others merge Knowledge from different places and create new ways of doing things then share those things with others now let's explore uh some other trees we all know how frustrating it is when your help desk ticket gets closed with sorry wrong cue try again uh don't be that person uh anytime somebody asks me a question I try to find the answer for them or find the people that can answer the question be that person never leave

somebody hanging I often get notes from people that say Hey you help me figure this out a few years ago and I was able to share it with my team today thanks for that uh make a difference in somebody's life it may be something that takes you a few extra minutes to share and they'd probably figure it out in a few hours or days but your few minutes will save them that time and make it a better place to work for literally everybody you gain a reputation you gain friends uh in the process don't be a glory Hound but on your own work um that basically means present your work to others when required or asked

but don't be the person that only talks about their own work put your name on your work can then highlight the work of your peers or those that contributed everybody knows who created something in most places sharing the spotlight with your peers is recognized and rewarded don't worry about getting uh promoted worry about doing the best job you can stay where you are and learn everything that you possibly can about the work that you're doing once you've uh learned everything you can about an area move on to something else career Mobility I'm sorry uh career Mobility is really easy where I work talk to people about the things that you want to learn let them know that you're looking to expand

into something else uh and if you become stagnant in a rope or you're not getting promoted Leave It Go learn something else you don't have to leave uh your company to just find a new role and move on also while you're at it take your time I mentioned earlier I've worked for all eight lines of business in 15 years so you're just slowly moving around the company learning things and um using that knowledge to sort of expand my my uh expertise into more of a generalist uh field uh which is serving me really well and and working in the the gis Lab at Bank of America also you know while you're at it take your time uh the difference between an

entry-level role and ciso is the difference of a career not a few years so uh have a career plan work hard but don't expect the BC so overnight learn the things you need to know to be the best CSO you can be before you get there oh this is the fun one um when I joined a call and somebody asked me how I'm doing I always respond with hey I'm just Zippy or I'm doing amazing today I hope you are um we all know that person that could be standing for uh Eeyore uh the person that's always tired or sad or frustrated and Hey look it's cyber security so sometimes we are tired and sad and

frustrated um but that really brings the the tone of the entire day down for uh for everybody and it just makes things boring and hard I try not to be that person uh try to be engaged be happy you have work to do that's interesting or do something that makes it more interesting uh besided about excited about coming to to work every day even if you have to drink extra coffee uh there's Starbucks on every corner uh make it happen be engaging in fun being engaging in fun makes other people want to help you uh up and it helps them feel good about asking you for help which is something that that you really want to do

another diversity uh diversity where I work has always been a key area of focus uh I volunteer in a lot of places that help women succeed because they're incredibly important to us as a Tech Community my own involvement in those efforts has kind of evolved over time as I've become more well more aware of the challenges those that they face those challenges are not challenges that I want this woman to face when she works with me in a couple of decades uh my company just strives to support many versions of diversity and I support many of them through participation in various committees and working groups some of them are more special to me than others however

uh remember this person from earlier they have things about them that make them incredibly special they don't work where I do they're putting themselves through college to be an accountant currently yay Niners uh and raising three incredible children alone but one day I hope they will work with me and when they do I intend to make sure that they are welcome respected and loved from day Zero don't check that box diversity though isn't just about race or gender or preference uh seek out people that have different backgrounds and experiences I'm a drop out from the backwoods of Central Louisiana some of my coolest Works have been created in partnership with people from all different backgrounds and from all

around the world I wouldn't be listed as an inventor without them the co-inventor on several of my patents is from the Northeast he grew up in New Jersey his life was completely different from mine so our ideas don't always align but we always use our different viewpoints to generate a better idea than either either of us could have achieved a loan all right now some some final thoughts here some some of the things that I learned on the first day in a corporate environment are things that I still use every day understanding the basics of tcpip created in the 80s is useful in my everyday troubleshooting of challenges and the gis Consolidated lab uh most of

the things that we know today have evolved from things that came from uh before them so you know learn those things and then expand on them uh no one of us can run an Enterprise without the help of the rest of us so important literally everyone is just trying to to get through the day with enough emotional intelligence to uh remaining to love somebody at home just like you just like me uh sure sometimes people are jerks but you can turn that around by treating them with compassion and empathy almost always uh if you can't you can be comforted uh that those people won't last long in most Enterprises and certainly uh not in cyber security

uh look I've talked more about sharing knowledge with others and helping others than I have about focusing on your own role do that too focus on your role but always take care of those around you uh again none of us can do this alone I have several friends that I chat with throughout the day about interesting ideas or thoughts uh we're not currently working on any projects together but we spend a lot of time just helping one another get through the day some of them I have known for literally decades and those friendships have carried across multiple employers after getting my first job I've never been hired into a role that didn't come from a contact uh

in my network and I've been incredibly mobile over the course of my career so one last thing um why is it 41 and a half slides well because it's almost the ultimate answer to life the universe and everything but it's not quite um so congratulations to those of you that got this joke uh don't forget your towel um look obviously this wasn't your normal leadership or innovation or cyber security presentation and honestly my personal profile went on for way too long however I thought it was important it was everything that's going on in the world I need to take a moment to remind you of two things right We're All in This Soup Sandwich together

uh none of us can do it alone even people like me who buy most accounts but not all I have a very successful career and a really happy life we still need people that we can paint on any given Wednesday and just say hey I'm glad you're my friend or I love you I love you um I love every one of you um so I don't really care what your race is or your gender is or even if you prefer emacs over by or saying crazy things like Jif instead of gifts that's actually probably not true I do care what your race is um and what your preferences are and what your challenges are whether you're

Autistic or dyslexic or any of the other things that are part of who you are as part of you and you are important you make a difference you matter I'm glad that you're my friends now uh here's your participation trophy go do something useful with it I'll be hanging out on Discord for a bit uh so if you want to chat uh please feel free I otherwise I will just feel lonely and sad um and I think that's it