Career Village: Hacked My Way Here: Real Stories into Security

Yes, thank you. And thank you everyone for being here. My name's Grady Lancaster. I spend most of my time working with AI and security companies helping attract and hire talent. Before that, I spent 5 years at Twilio leading security recruitment. Got an amazing panel here of operators. So, ready to dive into hacked my way here. So, thank you. First off, I want to start with introductions. I guess that's me. Hi everyone. I'm Ryan Mack about a bad. I am a principal security technical program manager cuz I need as many names as possible. Here at Microsoft. I actually started in tech accidentally in the in the military because I failed the first two things that I was supposed to do.

So, you know, fail fast, fail forward. Fell in love with tech, realized that I was actually really good at it. And then when I transitioned out of the military, I went I came right to Microsoft and I was in the identity team. Identity engineering and then through that and working with customers all over the world. I literally traveled more with Microsoft than I ever did with the military. Um I I got into cybersecurity because there was not pet ya. There was all of the ADFS lockouts and customers were like, "Oh my god, I need help." And I was happy to help. So, that's who I am. Hello, I'm Jason Lee. So, I'll go really quick on my background. So,

generally 15 years at Microsoft. Was in Xbox security, Windows security, ran all the crypto for Microsoft for about 5 years. Had the it's called PRSS at the time. But basically all the offline roots, all that kind of stuff so I can spell cryptography once in a while. Went to Salesforce. Was senior vice president of security there. Had about half the security org there. And then my boss sold me off to Zoom. In the beginning of the pandemic. So, second day I was talking to MSNBC and CNN and saying how we were going to fix security and I barely even knew how to get my computer worked. So, I was a CISO there for several years. And then CISO at Splunk for

several years. And right now I am retired, which is awesome. Hello, my name is Mayas Kuraga. I've been in T Mobile for 8 years now. I'm a principal security engineer. I'm Air Force veteran. I was active duty. Now I'm a weekend warrior in the reserves. So, I'm still doing it down in JBLM. So, at least I've gone through a couple different iterations of different roles in T Mobile as far as like I've done ball management. I've done assessments with business operations and now I'm kind of going through like nifty coin words breach and attack simulation. So, that's that's what I've been doing right now. Yeah. Hey everybody, my name is Dipu Satpathy. I'm the CISO at Motive. We are a

industrial operation management SAS company. I joined them as their CISO about 3 months ago. Prior to that I was a CISO at Medallia customer experience platform. And I started my career as a software engineer after my masters in computer science. And obviously and 20 years ago so time flew. And that time we were not talking about cybersecurity. We were talking about computer security. So, I started as a network security, computer security. All I wanted to do in my career is just write code. You know, system level device drivers kind of thing. Then things happened. And I grew and I joined Intel in Portland. Seven 8 years I stayed there. That's where I my cybersecurity career kind of started. So, I built

products using hardware security. So, I come from the builder side of the world. And my transition to the traditional app sec, info sec security happened because I just didn't like how it is being run. It was always like a slow moving kind of thing and there was some blessed folks. They they have to bless you to ship stuff which I didn't like. I said, "You know what? I'm going to go into it and just try to change." I hope I have changed. But then journey happened Intel, AWS and Snowflake where I kind of built my cybersecurity career and now I'm CISO and we're dealing with hardware and fleet management and all that stuff. So, pretty excited about uh

the vibe here that I'm getting. So, thank you for joining us. Looking forward to the conversation. There you go. Thank you. Thank you so much. I guess we'll dive straight into the questions. First one and somewhat you touched on this, but we'll we'll start here. What's the moment where you realized security was a thing for you and how did you break into it? Security was a choice for me? Yes. I think it's somewhat planned I would say like you know when I was doing my masters that's when I got hooked into security. I would not say that I did really deep down research or a thesis. And but somehow, you know, it kind of generated interest in me to see that

hey, you know, that time cloud was not there. I'm talking 2004, 2005. So, I I could see the mobile was kind of catching up a little bit. But so, I I got to it because I saw some opportunities there and it had some interesting problems to solve. So, that got me into initial hook into security building products in security space. And then as I said, the second transition which is completely moving to security was just I was not happy with the way it was being run. I'm not going to take the name of the company or the people here. But I thought there is there is a lot of opportunity for running security more like a developer's

mindset versus the traditional policy driven kind of info sec mindset. It has its place, but so that's that kind of triggered me to hey, instead of talking let's go do something about it. So, I jumped into it. Yeah. Awesome. How about you go next? Yes, I'll go. So, I think out of college I was kind of scrambling for what I want to do. I think that's the main questions. What do you want to be when you grow up, right? So, at least I went through a couple iterations of reviewing the types of jobs that were available at the time. And so, I went through like some magenta matching. I went through a company or a program called four block

that had us do interview rounds, kind of review what like what's in the industry right now. And so, I was really interested in the way where I'm kind of a business background in management information systems. So, it's not really like straight up computer science or anything like that. But as far as kind of going through and picking out the choices of ball management first. So, at least I fell into it and then I was like, "This is actually pretty interesting. It still sparks my interest." And that's how I fell into security more more often than just trying to do traditional like I'm just going to go into business see what I have I want to do.

All right. So, I still don't know what I want to do when I grow up. So, still working on that. However, So, how I started security pretty straightforward. So, when I was graduating from college, Washington State University go cougs if there's anybody. But uh So, I wanted to do something that was like consulting essentially. And at the time before Accenture it used to be called Arthur Anderson. I was like I want to do a be a consultant so I could travel the world, kind of experience all kinds of things. Um And for those that don't know, basically when you come out of college into consulting you they just tell you what to do and drop you on any project. You

have zero choice and they're like you got to learn whatever it is that they drop you in immediately. Uh And funny enough, the first thing they asked me was like, "Hey, can you pass a polygraph?" I'm like, "What the hell?" What is that? I'm like, "You know, I just came from college, was in a fraternity. Like I'm not sure about this." And so, they I they ran me through a full scope poly and my first contract was with the DOD working for the fort doing security assurance work. So, basically from that was taught how to do code reviews. And this is back in the day where it's just like line by line manually looking at each line of code.

Started with AS/400s which are antiques even. But uh I actually love loved working with those. And then ended up going to Microsoft. They were one of my clients and then ended up going there to do app sec. That's kind of how I got into it. Thanks. Actually worked with some customers that still had AS/400s running in their environment. Okay, this was maybe like 5 years ago. So, maybe they've they've changed since then. Who knows? So, how I got into cybersecurity. So, I touched on it a little bit that I kind of failed. And and I and I say that with with humor because a lot of people think about failure as as detrimental. But I think that it's

really important to find the things that you fail at so that you can find the things that you succeed at. Um and uh so I grew up in foster care and I had no idea, no direction, no opportunities, um no support to figure out what I wanted to be when I grew up. Um so I I tried a few things and not surprising I failed at a few things. Um the last one was phlebotomist and it turns out I cannot do uh running blood so that was not going to be a good career for me. Um after that I decided to join the military because um I I didn't know at the time, but I'm

autistic. I have recently found that out in the last 3 years. But I really like regiment. I like things uniform, I like things color coded and I like the little tiny squares that we fold our clothes into. Um I still do that today. Um and so I failed at a few things and then when I joined the military, I failed again. And I happened to be in the right place at the right time because the school that I should have gone into when I failed was full and so I got to choose. Um and I was like, "Ooh, computers." Uh when I was younger, I did not think I was smart enough to do anything in

computers. All my friends were playing in the DOS playground and I was just looking at them jealous and just didn't have the confidence in myself to ever try. Um but the military teaches everything step-by-step and really breaks it down. Um so you can really build your your LEGO house from the the foundation up, right? Um so I got into tech that way and I found out I was really good at it. Um and the military basically prepares you for security in every sense. Um because you have to have operational security, you have to have physical security, you have to keep you know, security on all of your different devices. So um that was already kind of

part of my um my standard of living is just you know, with a operational security mindset. Um and uh just being in the military, I was very like defender, protector oriented. Um and so when I started working with customers uh and helping them with architecting their uh their environments and uh implementing the cloud. Um this is this is back when Azure Active Directory had less than 500,000 users. Um I remember when we hit a million. Uh but um I just saw how no one really knows Uh-oh. Oh oh They said they told us They told us that if the screen goes off, then our mics are going to go off. So I'm going to use my sergeant voice

with you uh until until we get it back. Oh, I need I need to still pretend. It's okay. I play D&D so I can pretend. All right, so I um I started helping customers with implementing multi-factor authentication and uh and helping them with self-service password reset. Um and that's kind of when I started thinking about things from a cybersecurity standpoint. And uh and so I found that really interesting and I decided I was going to move my career in that direction. But there weren't any jobs for that, especially if you didn't have any experience. That's probably familiar to a lot of you because uh that's it's still that's how it exists today, right? You need to uh

have 3 years of experience for entry-level position. Um so what I did um is I told my next manager that I was I was getting recruited by another team. I told my next manager, "Look, I will join your team. But I really focus on moving my career in the direction of security and I'm only going to accept your offer if you tell me in writing that you will support me in my security journey." And he agreed to that. Uh and so I joined his team and I was on the Intune team and uh then 3 months later an opportunity came up to start working on Microsoft Defender. And he kept his word and I started working

on Microsoft Defender. So that's how I got started. Sweet. There we go. Thank you. And Ryan, you touched on this so this question's for both you and May, but what would you say are the skills that give you the biggest unfair advantage transitioning and which ones didn't translate so well? Well, I mean I wouldn't say it's an unfair advantage, right? Because um I gave a lot. I gave a lot in the army to to get the skills that I I learned. Um but I think that one of the things that um will really uh be brought out of you when you're in the military is grit. Um and and just the um the determination to

uh excuse my French, get done. Um and I think that that is what has helped me the most in my career outside of the army because in the army the bottom line isn't dollars and cents, it's not you know, software on the shelf or or you know, in the cloud, it's lives. And so for me when I have to get um something done I'm used to it being lives that are at risk, not not just dollars. And so that has given me a leg up in a lot of areas because I just don't quit. Um definitely that resiliency piece, right? Um as far as like, "Hey, um I want to do this thing and having that creativity or

critical thinking as far as like, "Hey, I'm able to recreate those procedures and steps. I can I can reiterate those steps. I'm able to kind of go through and explain that also. So a lot of them military is repetition and also a lot of it is um trying to at least explain a way to have every single step of what you do re- regurgitated to everybody around you. So and it doesn't really matter also like the people you talk to, it's just like you just got to get that objective done. So a lot of like my persistence has helped a lot. Um and I think the unfair advantage of that is that I can I can

I'm able to at least talk through a lot of that journey. And um and a lot of the other folks who are employed are somewhat in that military mindset, acronyms and all these other things. So So at least that was kind of like the easy like flip of the table that I can go through like I'm able to shut up, pay attention, give my feedback and be able to kind of reiterate everything. Yeah. Oh, thank you. Jason, I'll have you start on this next question. But if you um had zero brand, zero security experience, what's your playbook of getting into security? Um I really if these days when you apply for jobs as a hiring manager, you get like the first

day you post a job, there's like 600 applications to any job right now. So I don't think that way works. I don't think using LinkedIn apply or anything. I I really it's the old school way of networking. Uh it's the talking to hiring managers. Uh I stalk it literally stalking people on LinkedIn I think is super helpful. Uh it's finding the somebody that's in the area that you are interested in like if you're like, "Okay, so like the way I'd approach it would be um I want to go work at OpenAI in security." Start looking for people. Is there anybody local to me? And then say literally reach out to them and say, "Can I buy you a cup of coffee?" Like

it's surprising how many people will actually say yes to learning teaching them about what you do. So like if somebody reaches out to me when I was a CISO and somebody's like, "Hey, can I just pick your brain for like 15 minutes uh to help me learn about security?" No problem. Literally I can do that. Uh and you'd be amazed how many people will give you that time. And so that's probably one of the kind of first recommendations is kind of that build that network, learn from people, get time with them and then just keep rinse and repeat.

Yeah, I agree with what Jason said. I will I will add couple of other points. I mean I'm saying that from my my own experience. It while we get 600 applications per job, it is still very difficult to find the right candidate for many reasons. The skills, the expertise, uh the the the their their aptitude, their experience. I normally doesn't I don't pay much attention to how many years of experience you have or you know, what specifically you have done that is directly related to you know, the work that you're going to do. It's more like the aptitude. So if you do not have any experience, start somewhere in in building something at least the

way I have seen right you know, today is is pretty easy to build something or solve a problem in cybersecurity space and try to somehow advertise it by either through networking, by sharing that in LinkedIn or other forums because the security leaders who are looking to hire are also struggling to find the right candidate across the board. Multiple reasons. So from their perspective, it's not very easy that it's not a child's play. It's hiring in security is extremely difficult. I'm just telling you from the from the other side of the perspective. So there is there is an opportunity. And and another thing I would say is more like targeted search or interest like you know, there

are many fields in security right in the cybersecurity where you want to go into offensive defensive architecture building something, the coder, all red teaming, many many areas are the compliance, the whole wing is there. So figuring out those areas which interest you and then showcasing that you can deliver things in that space would go a long way. And even if you you don't have a job, but there is nobody stopping anybody to really build something or a solve a problem and simply just publish it in LinkedIn for example. And that goes a long way because constantly leaders are looking to see who are interesting candidates that comes in their feed I've seen. Just to give you an example, my

previous CISO at Snowflake didn't come from engineering or security background. He was economics background person. But was an amazing security leader and I'm deeply grateful to him that I worked for him. Which helped me become a CISO. But so it's not limited to just you know, if you haven't worked in that space, you cannot go and succeed and find an opportunity. So that's how I see it. Okay, thank you. You want to Yeah, let's go for it. Um so every single job that I have been in, every single role that I've been in since I left the military has been because somebody else wanted me on their team. And there's a book called Give and Take by

Adam Grant that I highly recommend everyone read. Um and I've been a giver like a a giver and a people pleaser like all of my life. But what I realized was that even in the military, I was giving to everybody else except for myself. And so I could never get anywhere. Um and and so what I did was I leveraged that personality trait of being a giver to also building a network. So I haven't qualified for any of the jobs that I've been in. Like I didn't have the experience, I didn't have the degree, I didn't have whatever they thought they needed when they wrote the job description. But I've been successful in every role

that I've had. Um And and the reason is that the reason why I was able to get these positions, first of all, the requirements are not the requirements. Even if you don't meet the requirements, like don't worry about that because if you can do the job, that's that's what you want to worry about. That's what you want to be able to prove is that you can do the job. Um and and it's really just I would I would help people all the time in every single role that I was in and it was always like working with various teams and even if it wasn't something in my wheelhouse, I either helped them because I knew how to help them or I helped them

because I have been investing and building my network. And so I know people who can help them and so I connect them. And when you do that, uh then the roles will will come to you. And I know that's that's me speaking from a place of privilege saying that. But I also am and speaking from a place where I came out of the military. It was highly frowned upon to have any kind of social media presence or whatnot. But I learned those skills, I met people like Anne Johnson on Twitter and I just engaged with them and I showed them that I was interested in the things that they were interested in. I commented on their their their posts. I

commented on I you know, engaged with everything that they um that they like published. So whether it was a blog or something on LinkedIn or something on Twitter and I showed up. And eventually people just started recognizing me. And so like the roles that I've I've had have been because people recognize me because I was there. I was present and I also gave them something. Um and that helped them to remember me and have a positive impression of me because I was helping them. So. Oh, I guess you. Um So when I first got hired it was mostly the golden time. They still had money back pre-COVID. So at least I had an opportunity to

actually bounce around, see what the companies really like at least what their foresight and vision were at the time, right? So they had a lot of roles they at least to and you actually seen the hiring managers and you actually maybe talked to other folks in there. So as a diversity like veteran piece, I was able to at least talk to other veterans in in other areas. So a lot of it is social engineering. A lot of it is talking to people, finding out what like the role really is and everything. So at least for the first part I did like internship magenta match. I got to actually talk to like the managers and was

chosen. And so kind of moving around and everything. I I at least kind of um moved to different like layers of security domains. And so a part of that is actually just talking to like hey, what type of special projects are you doing? Can I be involved in that? I'm really interested. Like so and more so trying to be like what do you want and kind of choosing that destiny in a way of that you're hey, that project is really interesting to me. Can I just like do the side? Like come into some of the meetings and like oh, I'll come into every single meeting and I'm actually contributing now. So kind of going through the aspects of

that people to like the projects to everything. Trying to go for a job is more like hey, what sparks your interest and that everything else kind of comes like forefront, background and everything to what you want, right? So just be persistent like I said and everything else kind of like it's a lottery in a sense where it's like hey, you saw that interest in me and then you saw my interest in that thing and later on I got the job. So yeah. And just just a quick note. The only difference between social engineering and networking like primo networking skills and primo social engineering skills is intent. Social engineering it has malicious intent. But those same skills can be used to

build your network. Cool. And as someone that works in recruitment, the last six months people don't get rejected because of technical ability. It is the curiosity, the aptitude, the grit that we uh speak about. That is the number one reason that candidates are rejected over technical ability. So I love that. Um so from where you started to where you're at today, what would you say is the number one thing or accumulation of things that accelerated your career to where you are today? You want to go first? Sure. I think for me the most important thing that helped me is an ability or a skill to build relationships. In security in general, I mean I'm saying in general there are teams who

ship product. Like I'm talking about in the tech tech world. What brings money? Products, right? But in general security teams unless you are shipping security products, which large companies do. But as a CISO organization, you have to make sure the purpose is to keep customer information secured so they can continue to earn customer trust. So you may know how to do that, but you have to make sure that you do that along with others because others own the system, own the product, own engage with the customer. So how do you build that relationship that others can trust you and you can influence them, they can listen to you uh and get things done, right? So for me

that's been the the the biggest uh factor for whatever success I've had so far is having the ability to build that relationship, which helps me trust. And then, I think what Ryan said, get done, right? You know, the get things done. Nobody's here to see your drama or complaints. Yeah, there is no shortage of issues. Keep that aside. Just get into action and uh solve one problem at a time. So, that's the approach that has worked for me. Oh. Um at least communication's a big part um and being seen. So, if you're doing something, does it reach the right folks? Does it Does it actually um have that impact in a way that you can reiterate the story to them that

they're seeing you? So, if I was working on something, it's like, "Hey, does um How does this relate to like the business or how does this relate to like the bigger picture?" I would say. So, trying to communicate to the right folks, making sure like you're kind of go going in in good faith on the results you're bringing out there to people cuz it's a give-and-take and and so um I think the the growth piece is literally mainly the being seen, presenting, and and everything that you do because ultimately it's like your career and if it's not being seen by the right folks, you're just working in the shadows. Yeah. All right. So, don't make fun of me when

I say this one, but uh so I have a very unconventional approach on this one. So, uh this is something that I learned kind of like midway through my career and I always recommend that. So, most everybody comes from technical background or work, you know, working career security or IT, that kind of space. Um the thing that I believe that's missing that we don't do and don't take advantage of is sales training. And so, hear me out. Hear me out. So, it is uh when you What does a salesperson do? They're talking to customers that don't want to buy what you have to sell, building a relationship, uh negotiating on price. And then, okay, think about that. In my job as a CISO or

as a manager as an IC, I want to sell my promotion. I want to sell this team to fix their vulnerabilities. I want to sell my team so that they do well. I want to sell for more budget to my CISO or my boss or to the board of directors. So, I fundamentally believe that that's something that's missing in our kind of career field. And guess what? Most companies that you're at have awesome sales teams. And so, you can get free training like I know Microsoft, superb sales training. It's free. You can go take it. It's like a boot camp. They teach you negotiation, all these kinds of stuff. But when you're in the tech

and engineering and the product group, you never think about that. So, a little bit of an interesting one. It it worked super well for me. Oh, got a mic. Yeah, maybe Grady should keep a mic and then we we should pass it. I feel like that would be more efficient. Um ask for what you want and drive towards it. That requires you to know what you want and not to expect your manager or your school advisor or anyone else to tell you what it is that you want. Define what you want. Uh identify what you like. There's a There's a tool that I use um with my mentees and it's uh it's called heart tree star rock. I

guess rock rock is like a a latest edition. But you look that up, Google it um and uh and you know, do that exercise and it helps you to kind of identify where your strengths are and what what you're passionate about and and move that that way. But the thing that I found in my career is that I kind of came in with this expectation that my manager was going to get me promoted. And that my manager should know exactly what I'm doing. And they should go out there and be my champion and uh and tell everybody the amazing work that I'm doing. Uh I also became a manager and I will tell you that

uh that was not true for the majority of the people that were I was engaging with. Um your manager is your champion or should should be your champion, but they also have like multiple other directs that they are, you know, also working with and tracking. So, they're not going to know your detailed work. You have to keep track of it. It's your career. Um and waiting for them to say, "Oh, you're ready for a promotion." instead of going up to them and asking, "Hey, I'm thinking that I want to make it to the next level. What do I need to do in order to get there? Where are my gaps in skills that I need

to focus on in order to get there?" And when I write my own performance review, um I'm make sure I I talk about the impact of the work that I did. Um and every time someone sends me a IM or an email that says, "Hey, you're amazing. Thank you so much for your help." or whatnot, I take a screenshot and I put it in a folder and I use that for my performance review because that's impact. You know, if someone is taking the time to say like, "Hey, you did a good job." take that. And if they tell you in person or they tell you over a call or whatever, ask them to send you an email.

"Hey, would you mind sending me an email? Hey, would you mind sending me a an IM saying that? Just, you know, it'll help me with my manager." And people will because you just helped them. They want to help you. So, ask for what you want and and drive towards it. No one no one's going to know what's in your head and what's in your heart unless you tell them. Love it. And I've To piggyback off that, something super cheesy that I had, I had a Google Doc and I called it the smile file. And so, every time I got a compliment in an email, I would save it, date mark it, stamp it, business impact, how it

benefits the business, and then a performance review, copy and paste that whole smile file go straight into the document. Cheesy, but it's the smile file. Effective. Effective. I would not say it's cheesy. I would say it's effective. Um and you actually answered the next question, so I'll open it up to the other panel members, but what would you do to get promoted and how do you break into leadership? Pretty good. You want me to start? All right. Uh how to get promoted? Well, uh everything that Ryan said and then I would say uh um additionally, get it in writing on when you have your conversation with your manager. So, so being your own champion, your manager, you got to you

got to push it, but asking what it takes to get promoted, listen to them, put it in writing and say, "This is what I heard you say is what it takes to get promoted." And once you get it in writing, the managers are like, "Ooh, okay, I got to make sure I'm actually correct on this cuz if they go and check all the boxes, I better be damn well ready to promote them." So, getting it in writing, back and forth, and have that as part of your performance review process. So, just be like, "Okay, I want to check in on what it takes to get promoted." and those types of things. What was the second

part of the question? How to break into leadership. How to break into leadership? Oh, I call it getting demoted to people management is what I call it. But uh cuz it's it's actually totally different totally different job uh in my opinion. Um if you're really good technically and you go into people manager, you know, you're dealing with everybody's problems, you're championing them, helping them to be successful. So, you got to take change change the mentality to serving your team in my opinion uh to serving your team as opposed to kind of championing yourself in the work that you do. So, it's kind of that mental shift. Um in order to do it uh to get a manager job, this is again I'll

kind of reiterate is uh talk to talk to the people managers and say ask them like uh and the hiring managers. Uh I used to do this at Microsoft all the time. I'd be like, "Oh, I want to I was in engineering and I wanted to be in the PM group and see what it was like managing like product management. Um and so, I'd talk to the hiring manager. I was an IC. What's it take? What do you look for when you're hiring a people manager?" And kind of sow the not Okay, not social engineer, but but network uh strategically influence uh who your potential hiring managers are going to be. Go and find them and and start building that uh

repertoire with them to become that first-time people manager. So. Oh. Um at least from my standpoint, it's but kind of what they said. Um have that repertoire, have that like, "Hey, they've been doing well." Um kind of ask not just your manager. I kind of drop like interim like meetings with my senior manager and my director and cuz ultimately my director is also like the main one that boosts up people and having having different opinions they do have those different opinions so of what it means to be in that role for leadership, right? So is it like okay there's like the HR like that's the description of the role versus like you should be really looking

at the next 5 years or something for like hey this is what your other colleague like he point to that person that's the person that you should be and didn't really give that description on what they did to get up there, right? So either kind of go through that um steps of seeing what other mindsets are there to like what is the next step and then again putting it in your manager's field of like hey I've heard that if I did this and this and then I joined this project can that be like the main like drive towards a promotion if that's what you want, right? And so at least for that standpoint you can kind of see where you want to go

towards and kind of like a direction for yourself. Um and again like everybody has different opinions different ways to go about for that role. Just hitting the marker is like one but like kind of like what is like the exceeding factor that kind of puts you in in their their mindset of like hey this person is really wanting to do that thing and I think they fit the role but they need like one more like hey one more should like technical piece or like they're really needing to be out there to speak to other people to have that face of like um for that particular area, right? So and to be a leader again like having that

face-to-face with everybody having like hey that good feeling like yeah they did this good they helped me with this one task for myself we were able to work together collaborate I think that piece of like the influence, right? Like I'm able to talk to X amount of people and we were able to come to agreement and solution to be as a group to win this one project or task hey something burned down there's an incident I was able to pick up quickly with these other folks and was able to lead um a certain amount of folks also to kind of go through like here are the steps that we took here are the goals that we achieved and kind of

having that like like hey out of the folks I'm able to like have that storyline to everybody and how we all achieved together. Yeah I think the first part getting promoted, right? So I think we need to ask ask some hard questions. Doesn't matter how well you are performing if there is not an opportunity for promotion it's not going to happen. So the first question we should you should ask your manager is there room for promotion in the track that I am in for example or what what what are those areas where you know there is growth opportunity or promotion. If that that is there then there you go then you'll start working then that doesn't exist you may be excelling

in your work but it may not happen, right? So that that needs to be sorted first. And then having that regular conversation with with the manager and really paying attention to the feedback as Ryan was saying, right? Managers have multiple folks to take care and they are busy and we tend to spend more time on people those who are struggling versus those who are doing really well as managers I'm just being very transparent here. So have that conversation regularly have a you know document where you are capturing what are some of the key areas that I can achieve. And then go build again relationship and trusted partnership with others. It's always great for a manager to hear from others

saying you know what this person really did great for me or my team versus manager reaching out and then addressing thing. And it doesn't have to be like hundreds of people having four five you know senior leaders from your world or your teams speaking highly of you goes a long way. So I think let's go figure out how do I do that and that's where you can ask your manager to help or other senior leaders to help those who have gone through that but building that getting things done and being visible in that way gets a goes a long way. When it comes to leadership, right? See leadership you don't need a title to be

a leader. So nobody needs a title to be a leader even an individual contributor is well recognized well respected at least in the tech world than many managers and the title holders, right? So one can demonstrate that leadership from the very beginning. So and as I always say at least to my folks like it's your career run it like you are the CEO of that career. Yes it's not going to be 100% just by me there we have to depend on the company the business the my manager all these things need to happen but if we operate from that mindset it is my career I'm going to run it the way I want and also

I I don't want to be arrogant about it I want promotion every year otherwise I'm not going to stick around so we have to be patient about it but take the full ownership be deeply self-critical and be open to recognizing the gaps that we have what it takes. In general I I I believe that you know managers want to sponsor their folks want to see their folks grow but there are many things that needs to be taken into consideration. So I would I would put those two perspectives in in place when we are thinking about either leadership or career growth. May I answer the breaking into leadership part? Yeah go for it. All right. Um so I was a I was a junior PM

at Microsoft and and I I really wanted to get back into leadership cuz I was a sergeant in the army and um so I already had leadership experience but what the reason why I wanted to get into people management was actually because I wanted to change the way that my peers were people are the other managers were people managing. Um because I I think that it's really important to uh to be the champion for your direct reports and and you know fight for their their success. Um and it doesn't matter if they are on your team or not when they reach their goals. Like if somebody wanted to I I helped people go into the product group from from the

the sales um uh team when I was in sales. Um it it's really about your as a manager as a people manager your like their success is your success, right? And it doesn't matter if it means that they're you know positive attrition and they're they're leaving your team to go you know follow their dreams somewhere else. Like that's still a win in my book. But it's going back to like asking for what you want. You know nobody knows what your heart's desire is unless you tell them. But it does not have to be just your manager. It does not have to be just your team. I was a junior PM and I wanted to be a

people manager and as a junior PM in engineering I could not be a people manager. So I started interviewing outside of Microsoft in order to do this. But during the time that I had been a junior PM at Microsoft I mentored people constantly. I was constantly in ERGs I was constantly showing up as a person who helps others grow. So I wanted to help others grow. The earlier I said that you know the requirements are not the requirements cuz when I got a people manager job they wanted someone with 10 years of hybrid identity experience and it had only been out for 7 years. Yeah. So I was not qualified but so it was like

neither was anyone else. But the reason why I got that role is because I told someone that I was interviewing outside of Microsoft because I wanted to be a people manager. And that someone was Ann Johnson and they and she knew of all of the mentorship that I had been doing because she was in all of those places that I was in also. Because she's someone that I admire and someone I wanted like I aspired to you know reach that level. When I told her she said to me just give me a few months. Give me a few months I'm putting something together. And so I waited a few months and then I got into people management and I went

from being a junior PM to a director in 19 months. So you have to ask for what you want. You have to tell people in your network find mentors but also find sponsors. Like sponsorship is super underrated and under talked about. People talk about oh yeah find a mentor all day long. Mentor others because teaching you know is the best way to learn but but also like build a relationship with people who are willing to help you grow. That's sponsorship. And then pay it forward because, you know, somebody helped you get there. Thank you so much. Um, I'll hand it to the audience for questions for the panel. Yeah, so the the question is, uh, what

if you're struggling identifying what you want? Um, so the the tool that I I talked about is called heart as in heart, tree, um, as in stuff that allows us to breathe, uh, star, heart tree star, um, and then there uh there is also rock. So, it's um it's heart tree star rock now. Um But uh that is what I used to uh identify where I should go. So, when I did that assessment um, for heart, you're you're basically writing down all of the things that you love. You the things that you're passionate about. Um, for tree, it's like, well, what are the areas that I enjoy that I would like to grow in? Um, for star, what are the things that I

excel in? I don't even have to try. I'm just good at it. Um, and then uh rock, I forgot what that is because it's new. Um but uh but that's what I used in order to kind of identify like where uh where I should look at taking my career because what I did was I looked at all of those different traits and I identified what types of roles um, needed the things that um that I was good at, that I was passionate about. And what I found was either I could be a trainer because I'm helping people grow, right? Um, and I I want I like I I have a lot of knowledge in in IAM and and and security, right?

So, I wanted to I could help people grow that way technically um, or I could help them grow personally, which is something that I spent a lot of time on just mentoring. Um, so what needed those those uh traits? And I came up with a trainer and or a people manager. And that's that's how I identified it. Any other questions? Hey, thank you all for doing the panel. Um, I'm curious on if any of you guys have run into kind of like an imposter syndrome or that feeling, especially uh, where you mentioned going to a job where you might not check every box of requirements. Um, and then especially for Brian and May, uh, have you run into

that being out of the military? Uh, cuz I'm trying to navigate that as well and it feels like it's a totally different language. Um, so coming out of the military, I'm I'm I'm an avionics technician. So, I kind of went in the back shop, so I kind of went through I know how to go through like at least what jobs there are there for aircraft, right? Um, troubleshooting aircraft, mechanical avionics parts and everything. And so, kind of going through um and saying like, "Hey, um, maybe I can translate some of that like analytical critical thinking piece of like I can troubleshoot from A to B and kind of those steps. So, kind of like at least the first part when I did

risk and vulnerability management, I'm like, I'm able to identify um at least risks or vulnerabilities in a sense of like and then do some research right thereafter, right? Um, so at first I was like, "Maybe maybe this not for me, maybe this is." But, at least from talking to other folks, um, remediation and everything, um, kind of going through that like from a career standpoint starting off, I'm just like, "Okay, maybe maybe like the data piece is something I can really attach to, right?" And so, like there's always something like when you do the from the job board when you read read it like, "Oh, Python, whatever, right?" And like needing to do these technologies,

but as your daily task, you'll actually do this. Um, and so there's some um pieces where you can like, "Hey, um, I did this in my old job. Um, maybe like, "Okay, I did some coding in piece or maybe I went through like went to go see a a group to do a hackathon or something along that line." Um, that's when I was like, "Okay, I'm pretty interested in this. Um, it's something I can grow on." So, at first I I did have that imposter syndrome, especially kind of going off and like, "Okay, I've just done like maybe fundamentals of like scripting and all these other stuff." It's like, "What do they really mean when you need like

five years of Python scripting and machine learning and all these other things, right?" Um, and so like kind of breaking it down to like what I can do and and at first like, "Yes, imposter imposter syndrome, right?" Um especially when I kind of go through like, "Okay, maybe I want to do off-sec pieces now, offensive security pieces now." Like, "What are the methodologies and right?" Um, and so kind of going through is like that imposter syndrome becomes like, "Hey, I I'm doing this right now. I I can do this." So, um, just kind of try out, learn, research, and um do what feels right. Um, so I think that anyone who is successful and also has a high level of

empathy is going to face imposter syndrome at one time or another um, and may be facing it throughout their the entirety of their their career. Um, I I know people who are VPs and and CVPs and EVPs and freaking even um, CEOs and they have imposter syndrome. They're concerned about failing. They're concerned about not being good enough. But you're you can always grow if you choose to grow. You get comfortable with being uncomfortable. That's how you know that you're going to grow. That's how you know that you have the ability to grow because if you're comfortable, you're not growing, right? Um, that's that's just that's just the bottom line. Um, so yeah, I think that it's it's something

that you have to kind of accept is is part of um just having a high level of empathy and and um and uh high high work ethic. Like you're going to think that you aren't doing good enough. Um, but you you can only show up as your best and your best is going to be different each and every day and you do that and you'll you'll be good. Thank you. We'll have to wrap it up there cuz we've gone over time, but thank you to the amazing panel. Thank you everyone for being here.