Interview with Ariel Robinson

hi Ariel really nice to meet you today thank you so much for taking the time out to chat with us here yes I'm excited to be here how was your talk it was really good uh wonderful yeah we had a good time talking about economic uncertainty and uh how security teams can uh can use Market uncertainty to help uh help our colleagues and help ourselves get get what we need to get done done okay very interesting can catch that up on YouTube later should be good thank you and one other thing that I wanted to talk to you about today is your unique background you have a very interesting background from a lot of the other people that typically tend

to attend security conferences so can you talk to our audience about your background your journey into cyber security and what do you do currently sure yes um I so far I have uh it it it is a unique a unique life path that includes uh my my academic background is in cognitive science and Linguistics um I have actually published an invented language that is one of my journal Publications yeah um I uh began my career in National Security um policy uh and then uh was basically a freelance writer and independent you know researcher and analyst but most of my FOC Focus was on um like National Security and policy and things like that um I've published on laser weapons um

yeah um and uh like the difference in this is like very very Niche but the difference in procurement between Special Operations forces and conventional Force Army so you know if you ever want to get into that um there's there's that um and I uh I've also worked at a liquor store after I lost my job I've been on Unemployment uh I worked on I worked at a Climbing Gym teaching little little small children um and now I work at a an observability company I'm a SAS company and I am a PM uh doing product security wonderful yeah it's been quite a oh and I I also worked as a government contractor so before that so that was um it's been really

interesting you know going from um being independent to being in a large company and working with the government to being with now in like a publicly traded company and just sort of learning the different ins and outs the different languages um how business happens and the different pace um things like that so wonderful thanks for sharing that and based on the journey that you just described you have experience in the public sector you've been self-employed you have worked at a big organization that's a lot of different experiences and in order to be successful at each of of these I believe one must have some unique skills that are cultivated and that would definitely be working with people from different

backgrounds and communicating with them differently exactly yeah I used to I used to say like back when I was I mean when I was independent and applying for jobs there was a lot of overlap in that time so the way that I used to sort of sell my skills was to say that my area of expertise is a skill set and not a subject so I'm I'm not a subject matter expert but what I can do is sit down with subject matter experts from across you know any number of disciplines and listen and learn from them and then translate that to um to stakeholders in a different part of a company or uh you know a different part of the

ecosystem um or to customers or to Regulators or back again you know hackers and and policy makers and covering that that Gap so lots of lots of translating between between subject matter experts and also like what I jokingly refer to as normal people right like your users right like the people that you know your end users versus your buyers you know like understanding all the different players in these ecosystems and what their um what their pain points are or what their needs are um how they think to the the talk that I gave um that I gave to today was as much about for Security Professionals to better understand how our bosses bosses boss thinks like what is driving the CEO

of your company what are they worried about right now because ultimately if you want to get things done you need to make sure that they that it works with what they need right absolutely yeah so it's really a lot of communicating one idea in different ways where it is easily comprehensible and digestible by the different audience that you have yeah different say yeah like definitely a lot of like one concept different ways and also um applying a lot of empathy but you know the like I remember at one point I had a I had a client that had a very difficult time um or rather my team had a difficult time with the client uh

changing their mind on things um you know halfway through a process and so I made this client uh a check list a calendar a visual like road map like a pretty picture timeline to illustrate what happens if you change your mind about some content you know at this point in the process it moves us all the way back here like you can't you if you want to change your mind about what is in this video during post- production that means we have to start over you know and so but being able to like explain that in literally three or four different ways because one of them was going to work and my team was having a

hard time like getting so I was like one of the here here's four options you know pick one right um and then Le and then leading with empathy and thinking about you know why does this person have have trouble you know why do why do they want to change it at the end like are they nervous about you know are they nervous about what their boss thinks do they have a good understanding of what their boss wants um or their users or you know all all of that and again going back to sort of what I was talking about this afternoon um economic uncertainty and budget cuts and layoffs right how do we as Security Professionals sort of

recognize that a lot of our colleagues particularly in the tech sector are feeling a little anxious right now and and worried about their jobs is now really the time to like you know give them one more thing to worry about or can we work with them to help you know to help them cut costs and also achieve security goals limiting you know reducing tool spraw for example example that finance will love us if we can say hey hey Finance you know we have 15 different diagramming tools what if we only had one right and consolidation I think that's definitely a direction in which the industry is moving so at both an internal level and a macro level

we're seeing a lot of like and this could just be the Catalyst for all of that yeah yeah thank you for sharing that perspective and someone who comes from a former background of linguistic which is very interesting and you've also worked in security sufficiently long you've observed the people here who work in day in day out yeah what would you say like how should security practitioners think about somebody who's still not in the field and how they can come and add value and what would you say for people who are looking to break into this field I know this question gets asked a lot in terms of oh what should I do to break into

security because the barrier to entry seems high this has been a a common question that gets thrown around but I'd like to hear your unique perspective on how people within the community should think about the value ad that others provide and what the others should think about uh in terms of what they bring to the table and how they can best advocate for themselves definitely yes so I am a big proponent of um looking outside security for security related answers if we could solve all our problems ourself we'd be done but obviously that's not the case um so I really encourage Security Professionals to um to ask more questions and listen to to other folks

answers okay um and also to you know I think there's a there's definitely a Vibe and the security security Community has a bit of a reputation I I too am guilty of this after I've been here this long which is weird to think about um of you know we we can definitely come off as uh doomsayers and also um know it alls a little bit um again I am I am very guilty of this so this is this I'm taking my own note here um but uh taking a step back and and you know being a little bit um more judicious with you know okay what is the actual risk here what is what is both you know can we

quantify that like what is the actual likelihood of the bad thing and how bad is it really and is it as bad as some of the other bad things or maybe not like if it's not as bad as some of the other bad things then maybe we can just we'll take we'll tackle that later like you're not going to get everything all at once um and then also listening to our stakeholders about what their again like what their needs are what their priorities are and figuring out how we can get to yes that's something that like I personally am really working on right now is like how can we get to yes here and then for folks outside the

security Community I I would I've had a lot of conversations recently about you know as I was getting ready for this talk about um about submitting and you know people saying like oh well I don't you know like I'd love to but I don't think I have anything to like anything to say or like I don't feel like enough of a of a subject matter expert to like contribute and it's like no no no no no like you you've definitely just just be you've got to believe you it yourself first but but having an outside perspective is like this is going to sound really like like nerdy but it's fresh right like we need fresh the like

adversaries change things um things are always evolving we need new blood new opinions new energy um come come join us I think that's wonderful we have cookies sometimes and ice creams and ice cream so thanks for that ice cre yeah sometimes oh yeah sometimes yeah so that's a wonderful call to action and with that I'd like to ask you about your experience here at bide NYC what's this been like for you as somebody who's presenting a topic that perhaps uh is not very common in the security conference area so what has your been uh what has your experience been like and what's been your favorite moment at bid NYC so far yeah um honestly I was surprised at how many

people showed up to my talk because it's not a a traditionally security e kind of talk and there was another cool one about like pen testing at the same time I was like nobody's going to come to this but but that shows right that your intuition and what everybody around you told was actually accurate yeah yeah no it does it's it you never know and I think both the coolest parts were like first seeing the room most like full and then also um you know part of my talk was a it was more of a workshop so we had time to like I I split the room up um by tables and gave different table different case studies

um sort of in like different scenarios and so getting to go around and like hear like different hear people talk about these different scenarios and and people who had you know been Senior Management in companies or people who had dealt with mergers and Acquisitions before um versus people who are definitely like more security engineer types or students and and um people who are on the policy side kind of like where my background is and all everyone talking about out and like sharing their perspectives from these different all these different places coming together and like talking about the same challenges and and the cool part for me also is like oh they like they learned something from me and like getting to

share that knowledge and that like new language set to tackle some of our shared shared challenges because a lot of the time we all we all deal with a lot of the same stuff not enough people not enough money too many vulnerabilities how how how do we make this work oh no we don't want to sound like Dooms again no no no yeah yes but thank you so much for sharing that uh that thought perspective of yours and to end this what would you tell people from different backgrounds about besides NYC like why should they come to this and what value ad is it for them yeah I um I loved the the value ad really was seeing

how many different types of people were here like how many the student presence has been been great um seeing people of different seniorities um and you know I'm making some assumptions based on age but there's there's been a wide range of of aged people you know which is great A lot of those who want to share their share their exper like I've there are some Security Professionals who've been around for a long time like 40 plus years and they have some they have some knowledge right and it's great to see them you know them to have them in the room right so I've been I'm really impressed with like the the breath and the diversity of of people and

experiences and um and and experts and speakers that I've seen um wonderful yeah it's been great wonderful and and I hope you know more people continue to apply and um come to the conference and support the community yeah absolutely thank you so much for your time Ariel this was a great conversation yes thank you I really enjoyed talking to you absolutely thank you so much thank you all right