Insight Global is a massive company that connects talent with the companies that need that talent. As such, it plays a critical role in the cybersecurity industry. In this episode, Jonathan Waldrop, the Senior Director at Insight Global, talks about how the company uses the human element when it comes to security. Jonathan discusses that changing the mindset of security practitioners educates customers and end users on the use of technology. That’s where you find success instead of focusing on security. Find out more and tune in to this episode now.
—
Listen to the podcast here
Insight Global: The Human-Centric Side Of Security With Jonathan Waldrop
We are going on a little different direction in this episode, but it’s maybe the most chaotic thing that we’re going to be talking about. We are excited to welcome Jonathan Waldrop to Friendly Fire. Jonathan is the Senior Director of Cybersecurity at Insight Global. He also has over fifteen years in cybersecurity in the United States Air Force, as well as the private sector. Maybe in previous lives, you’ve heard of some of the companies where he has led teams, places like Lendlease and Security Link. Did I mention the Air Force? Part of the team’s Cyberspace Operations Officer, Cyber–Warfare Operations Officer, Jonathan, welcome to Friendly Fire.
Thanks, Matt. Thanks for having me.
Insight Global is a massive company that connects talent with the companies that need that talent. You are dealing with the most chaotic element of anything that is going on inside of a SOC, a network or anything like that. As a security leader in a team that is dealing with people, how does that affect your approach compared to if it’s solely focused on fingers on the keyboard or all of the cyber spacing things? You got to deal with the fleshy bits.
We are in the business of helping people find jobs and helping our clients in various companies across the United States, in Canada and the UK find the talented people that they need to help run their business. The human-centric side of security is at the forefront for us and our team. We’ve got to make security accessible. We’ve got to make it meaningful and easy for our customers, users, and employees to do things and operate securely in this world.
When you talk about this security world, I feel like that is, it’s everything and it’s nothing. It’s one of those things if everything is art, nothing is art. At this point, everything is security. As a talent placement company, you have to be involved in many different things. When you start to look at what’s going on with the human element of this stuff, what is it that you need to be considering that may be different from other security leaders where they’re solely focused on what’s happening among the machines connected to the machines?
That comes back to as security practitioners, we all have to worry about how security gets implemented. The worst thing a security team can do is plan a new technology or a new security function or feature and then not incorporate how our clients, our customers and our end users will use that.
If security is making the process more difficult, people are smart, they’re going to find a way around it. They’re going to drive around the speed bump, so to speak, and we’ve got to find a way to meet in the middle. We need to educate ourselves about why security is important, but we also need to understand how it’s being used live and in the wild, if you will and understand the business process around security.
I love life and in the wild bit. Pick the metaphor, whether it’s freestyle in hip hop, whether it’s noodling in jazz, whether it’s the guitar solos at the end of the Rock and Roll Hall of Fame induction. That’s something that is always happening in real time. For someone in your position, you’ve got to secure your company, but then your company is also involved in bringing people into other people’s companies. It’s your name on Insight. It’s Insights name on the people that they have put into those places. That’s some heavy responsibility. What’s that like when you wake up in the morning? How good are you feeling every day? It’s like, “Do you know what I get to do today?” Everything goes from there.
For us, it’s not just our internal employees, which we hold near and dear to our hearts. It’s our clients. It’s our clients’ data. It’s the advanced services that we offer for our clients in securing those workstations we’re supplying an office with, but also to ensure that there are people who are trained as well as they should be and that they’ve got the right skills to go be successful.
The skills that the people that you were placed, the teams that you lead, that you were running, everybody’s got their hands on technology. Is there a way to recognize where technology reaches its limits? For lack of a better term, we’ve got to put our faith in humanity. At some point, do we go from tools to faith?
We talk about people, processes and technology being the top three things. We often talk about it. I don’t think we do as good a job thinking about it and implementing it in such a way. We hear about the talent shortage in cybersecurity often. Find a security leader or a security team who says, “I’ve got more people than I know what to do with.” That doesn’t happen. Some of that comes back to are we asking the right questions. Are we solving the right problems with the people that we have? Do we have the right people in the right role? I’m a firm believer that everybody is smart and an expert in something, but there is a real possibility that an individual’s in the wrong role for their knowledge, skills, abilities, background, experience, expertise and so forth.
It could be a bad fit. It’s incumbent upon the leaders to understand where the team’s needs are and the team members you have, how do they fit into that overall strategy and ensuring you’ve got the right balance? If you’ve got somebody who’s not passionate about the work that they’re doing, as smart as they are, they’re not going to be successful. You’re going to have a better team if you can fit those people into the right roles. That’s what we try to do. We are filling gaps where we have a need for that type of technical expertise, but also ensuring that our team members are happy and they find meaning in the work that they’re doing.
Given your experience, what you’ve done in the Air Force over the years and what we as the security industry are facing, yes, I’m going to say the dreaded words, the skills gap, what is innate talent things that you’re looking for? It doesn’t have to be somebody, whether it’s a college degree or I’ve been in security for twenty years, but it’s one of those things.
When you are speaking with a candidate and that person has that thing, what is the thing you realize, “I can teach you the tech, we can get you the certs, we can do those things?” Is there that innate talent that you look at and be like, “That dude can dance and we’re going to get him out in front of people because he knows what he is doing?”
For me, critical thinking is one of the key parts of a successful security practitioner and it’s hard to identify in a 1 or 2-hour interview. We try to do that, but from a critical thinking standpoint, I mean that it is the ability to collect data points from different places with different meanings, correlate them, and make something out of the madness. You’re pulling data from different places and seeing how this could impact that, the 2nd and 3rd-order impacts down the line.
The ability to piece all of that information together takes a mindset of thinking, and I’m going to use the trite phrases now, but thinking outside the box and thinking about things from a different perspective. One of the ways that we can solve this gap is by hiring diverse teams, diversity of thought and certainly diversity and demographics.
Everybody that has a different background approaches problems in a different way. Let’s be honest, I don’t think we’ve solved all the problems in security because we’re still having major catastrophic breaches across industries and technologies. We haven’t figured out the magic solution until then, the more eyes on the problem that we have, the better.
Our audience will forgive you for thinking outside the box because you open with make something out of the madness. Producer Sharon, we’ve got the title for the episode pulled from that right there. How about this? From the internal perspective, given that you’ve got a lot of veterans of the industry that you are working with, you’re hiring internally, you’re placing in other places, but then you’re also recognizing the innate talent that the critical thinking that you talk about. They’re still people.
When you are bringing them into whether it’s into your organization or you’ve been fully vetted and you think this person is awesome, we want to get them into this place because it feels like a good fit. In your experience, what are the threats that people naturally bring? Not on purpose. You’re not like offering somebody Michael Myers or Jason Voorhees here, but they’re people and people are strange.
One of the things that we talk about in our awareness modules is new employees they’ve probably recently updated their LinkedIn profile to make it public and say, “I’m now a recruiter,” or this person filling this role at Insight Global or whatever company you’re at. The attackers are paying attention to that and they’re taking advantage of that. They know that you’re in the first week on the job and you’re going to have tons of paperwork that’s important. How to get a paycheck, how to sign up for benefits, all of this personal data that’s flying around and you’re going to get a bunch of emails and you’re brand new to the organization.
It’s important for companies to have clear communication programs around that and how to communicate that type of information to new employees. It’s something we battle. Every company struggles with it because, again, you’re new to a company, you’re trying to make a good impression, put your best foot forward. You certainly don’t want to be the last person to do something or sign up for whatever the thing is that you’re signing up for. That’s where we get ambitious and people naturally, again, want to succeed. As security practitioners, it’s our job to help them succeed securely. We can’t put barriers in place, but we’ve got to make it work with the understanding of the threat landscape that there is.
As security practitioners, it’s our job to help new employees succeed securely. We can’t put barriers in place, but we need to make it work by understanding the threat landscape.
This is a little bit of a hard segue, but stay with me, friends. We’ll get there. You have been doing a lot of things interesting in the security world for a long time. As a veteran of the United States Air Force for over fifteen years, you have been exposed to literally the highest end of technology and security, but the evolution that you have been a part of, it goes from virtualization to wireless, which seems quaint now, once upon a time, that was a big deal.
Mobile, moving from 3G to 4G to 5G, I don’t think there’s ever going to be such a thing as 6g, but who knows? Cloud, AI and machine learning, it’s constantly shifting. The sand is always on the move. The concrete never dries. What does that do for you? You are in the people business. You are also securing a company that is putting people in business.
I can even take you back further than their virtualization, though. During my first duty assignment in the Air Force, part of the team I was on helped maintain the airfield navigation systems at the base and all of the radios and sensors and equipment that help planes land or where they can’t see very well and help navigate as well. A system that we maintained had wave guides and vacuum tubes, if that makes any sense to any of the readers out there?
Let me call my dad. Hold on. I bet I could get him on the call.
That was a long time ago. I’m quite certain that the system has been updated to a more modern platform. It was old tech even then, but to show you where things have come from in the past 15 to 20 years, since I began serving in 2006 and being a part of some of the cyber operations teams that have stood up to provide protection across the Department of Defense. It’s been a wild transition for me personally, but also obviously across the industry as well.
This is coming at you out of nowhere and if it’s too much of a bushwhack, you could tell me and you don’t have to answer it. How cool is it doing cybersecurity for the Air Force?
It’s a lot of fun. Firstly, the military is not for everybody, but it is something that I have gotten a lot of experience in. I owe my career to where I am because of the Air Force, especially the Air Force Reserve. Shout out to AFRC. It is meaningful to be a part of something much bigger and has such an impact and you can see that impact. That’s what I get out of it. I would encourage anybody who may possibly be interested in a career in the military to please check it out. Even if you’re in technology, there are some cool things that the military and the Department of Defense do from cybersecurity and even an IT standpoint in general. Please do. Here’s a recruiting plug there. Go check it out.
Notice that he said, “Cool.” That’s part of that answer that we’re going to clip for the quote because I started digging in after you and I had the first conversation, “Are you kidding me? This is what they’re doing. That’s amazing.” That seems so cool. Alright, sorry. I’m done. Enough for the fanboy. Let’s take a little bit of a shift away from the human element because there’s been so much happening over the years. I know this is where you’ve reached the cliché point when we ask the question about artificial intelligence and machine learning, but these are things built off of human behavior.
It is something that Insight Global does. They work with humans and now there’s a lot of back and forth about all the things going on with ChatGPT and who’s going to replace what for your position internally. Also, when you look at what Insight Global is doing to put people in place, what does the balance look like for you guys as you look at these things?
We are very much in the business, trying to make it easy for companies to hire and also to make it easy for people to find jobs. We are approaching that obviously from a very technology-centric standpoint. Personally, and I’m certainly biased, that is the way. That said, the technology is still relatively new. When you think about artificial intelligence and machine learning as a real technology and not a marketing buzzword, because there’s a lot of that out there, some of that fluff, and so you’ve got to be able to dig through some of that to understand what’s going on.
That is the way, we do have to be careful. I can’t name any studies off the top of my head, but I have read where there is bias in some of the early platforms that are trying to make a hiring decision or trying to perform an AI-type interview. I don’t think we’re quite there yet, but there is room for the ability to make that process easier.
Anybody who has gone through an applicant tracking system trying to get hired somewhere knows the pain of submitting your resumé and then copying and pasting all of your experience from your resumé over to the form. There are those pinpoints that we can solve easily, maybe not easily, but we have the ability and the capability to solve them. We’re certainly trying to do our part to make that easier.
In the work that you have done, again, going back to the people side, the fleshy bits and I’ve probably said that 5 times, which is 4 times too many to use in the same show. When you were dealing with an attack, not necessarily a breach, but you felt it and it’s coming, you’ve repelled it. How do they exploit the human element? What are the tools they’re using? A follow-up question on that. I’ll include it right away and then I’ll, I promise I’ll be quiet. You know they’re coming. You got the shields up, you’re doing your work. You recognize what they’ve got and then how do you fight back?
One of the things we often see is MFA fatigue and that is a real threat to a lot of companies. For a long time, if you had a username and password, you were more susceptible than the companies that had MFA. Now you’re looking at how we improve the MFA experience. MFA, to be clear, Multifactor Authentication, punching in a code, something you have, something you are or something you know, a couple of those combinations of things. It’s got to be more complicated than approve or decline, like a push on your phone or something else like that. There’s got to be another layer in it. It can’t be more complicated though, again, because our employees are going to get tired of it.
If they get tired of security, they’re going to find a way around it. I promise you they will or they’ll be mad and then you’ll stop the business and then you’ll still be out of a job. Those are some of the things we’ve got to think about as we protect against threats to people. A lot of the zero-day threats and vulnerabilities we hear about get a lot of press.
I wish I had a good study to refer to or some scholarly research that talked about the percentage of breaches that happen because of credential compromise or password compromise type stuff. Most of them are going to be those basic uninteresting vectors and very few of them, if at all, are going to be some zero days on the firewall as the classic movie reference. I found this thing and I punched my way in. Yes, that happened, some certainly can happen, but I don’t think it’s the norm.
Is bland the new interesting? If you could be the most boring attack ever, they’re not even going to pay attention. Not that they’re not paying attention, but it’s like it’s not something that makes you go, “Oh.” It’s more like, “Eh.”
As humans, it’s easy to get complacent and it’s easy to want it to work and that’s why MFA fatigue works if you guess somebody’s password, if you have a weak password with your MFA, your phone or your device keeps buzzing saying, “Do you approve this login?” You don’t want to get locked out. You don’t want to lose access to your email. Naturally, what’s the worst that can happen? I click okay, fine. It goes away. It stops irritating me and now the attacker has access and nobody knows about it. Hopefully, your security team knows about it. They’ve got some sensors maybe set up somewhere.
I’m picturing some bad guy out there and some attacking nation-state organized crime and they’re expecting the twelve-hour shift and like, “Username, password,” and they put in username and password and it works, they’re like, “What?” Now you’re in. They didn’t even think to do that. They did everything else first and twelve hours later, it’s like, “What about this? Let’s go.”
There you go.
On that front, is there any tech out there that you’ve got your eye on that maybe not necessarily looking directly at it, but out of the corner of your eye, think it’s like, “Maybe we should pay attention to that.” What is it that might be a little weird that we’re not thinking about?
In the news, ChatGPT has come up and made lots of waves and on the surface, how could you misuse ChatGPT? I don’t know, but I’m sure there are some bad people out there that are trying to think about how to do that.
They’ve already forgotten how to use that. They’ve moved on to the next thing. It’s old. Come on.
I’m curious to see where that goes and what else pops up around that. We could talk about blockchain and all those different, still new types of technology. It’s going to be interesting to see. Historically, when new technology comes out, it always has a good intention and then bad people get ahold of it and they figure out how to use it for evil and mal-intent.
As we start to build new technology, we talk about in business systems how you need to think and build the platform with security in mind from the beginning. We need to do that all across the board. When you’re developing something new, how do you try to do it? I’m trying to think about all the ways that it could go wrong, but that’s important for developing these new types of technology. It can come back to bite us in the end at some point.
How are the ways all of it could go wrong? We may have renamed the show previously from that. How could all go wrong? It’s because of people and I mean that in the most glowing possible way about all of our fellow people because we are the thing that is out there. In your experience, again, and I know that’s a term that I use a lot, I want to make sure that we’re talking about what you have done.
When we talk about all the ways that things can go wrong, internally, what is the scariest thing that you have to deal with? Scary might not be the right word. Is it someone who is maliciously attacking from the inside? Is it people that are under informed or undertrained? Is it external attackers’ full-frontal assaults or is it everything else? I feel in that Venn diagram, everything else is like 87%.
The biggest threat we have is people trying to do their job and security is getting in the way. Security practitioners have the tendency to only focus on security. They’re not thinking about how the business has to run. They should be, but they don’t always. When we implement tools like that, it gets in the way, becomes annoying, and we get a bad rap for doing that.
Security practitioners tend to focus on security and are not thinking about how the business has to run.
If we can change that mindset of security practitioners to talk to and work with our customers and end users on how the technology gets used, then we’ll be successful. When you hire people, you go through background checks and all these different vetting processes. I don’t think anybody has malintent from the inside.
Certainly, that does happen, but that’s a rare case. There are times when they’re unaware. They don’t know they’re trying to get their job done and not that they’re not smart. They’re trying to do their job and security guys are trying to do theirs and nobody’s talking to each other. We can solve those problems by building those relationships, building that community and helping educate. It takes both parties meeting in the middle.
We’ve spent a lot of time talking about how cyber techs come through, end users and employees and how dangerous it is, how bad it is. I do want to say that “People are smart and employees are smart.” A lot of people say, “All your employees are your last line of defense and they’re the weakest link in the chain.” I’m here to tell you if your security strategy is based on somebody not clicking an email, then you’re doing it wrong. You’ve got to build in checks and balances. You’ve got to have defense in depth. You cannot rely on people because we are all susceptible to phishing, myself included.
Anybody reading this is susceptible to phishing and social engineering in some form and we’ve got to have better ways of attacking the problem. People are the best line of defense. People are the smartest and they’re smarter than any system that’s out there because we can think critically. We can tie all of these data points together and make a good decision. We have to equip people with the information to make that decision.
Producer Sharon, clip it right there. We have heard yet another expert say, “People are awesome.” We get a bad rap. It gets written about in the tech rags. It’s like, “People suck.” Maybe not. We do a pretty good job on this. I want to come back to what you were saying about the security team and how they work with other teams and ask you a question and then you got to let me workshop this literally on the fly.
You don’t have to name names, but have you had a great experience where it almost as weaving a rope where you’ve got security who’s working with sales, with ops, with marketing, with delivery, with human resources and you weave a good experience together where they all get it? They get out of each other’s way, also get into each other’s way to say, “Here are my challenges,” and then everybody figures out a way to meet those challenges. Now, suddenly you have this titanium cable that keeps that bridge suspended because it’s the strongest thing that they have.
I’m trying to think of a good story to tell and I can’t come up with one. I’ve been a part of those teams.
We can go hypothetical if you want.
We all understand the intent and that’s part of the important part of team building is when you’ve got a new project, you’re kicking off something and you’ve got people from multiple teams, especially technical and non-technical people all in the same room, you’ve all got to understand the end goal. The end goal is and write it on the board, whatever it is.
Each team comes together to figure out their piece of the rope, to use your analogy. This strand comes from over here and maybe that’s IT, the infrastructure piece and then security has something embedded in there. We’ve got some marketing folks that need the content to be able to do that. How do we message this correctly? We’re going to communicate via email. How do we make it not look like a phish, “This is cool and new? You should click on this.” That is something we see a lot.
No hate on marketing people.
That was a Super Bowl years ago. Everybody had the QR code, which was popular for a while, but it’s about people understanding the end goal from the beginning and then understanding how their piece fits into that and what they contribute. A lot of it ties into risk decisions. The most secure company turns its servers off and goes out of business. That’s no business model.
On the other hand, then you’ve got everything’s quite open and you can do whatever you want to. That’s not very sustainable either. We’ve got to find a way to meet in the middle and to solve that problem and make a risky decision. Is it worth this or could this happen? Security teams need to understand that from a business context. Business leaders need to understand that from a security context as well.
This is one of my favorite questions. We’ve had some spectacular guests who are, whether they’re sitting in the C-Suite, whether they’re sitting in the boardrooms. When you talk about business leaders understanding these decisions, how hard is it to express what’s happening on your side of the fence to people who do not and have never operated in those rooms? In a way that they understand in order to get a headcount, budget, just philosophy even to accept we have to do these things?
That is perpetually a tough problem to solve. How do we solve that? We have to talk in real language. We have to talk with real words. We can’t walk in and talk about this patch or this vulnerability X, Y or Z and the CVSS score is 9.7, so we got to patch it now. Don’t take that approach. We’ve got to talk in business terms. We are security leaders at the core and have to be business people because we are leaders in the organization and part of our role is ensuring the company is successful. How do we do that? We understand some of those terms, but now I’m going to blank and this is going to be a part of the bad segment of the show.
We are security leaders at the core and have to be business people because we are leaders in the organization. Part of our role is to ensure the company is successful.
No, I’m spitballing from a 50,000-foot overview here. As we’re moving forward, we want to proactively take a stance on cybersecurity that’s going to ensure the value of our assets as we continue to the future.
We can talk in a business context in terms of how systems help generate revenue. How does the security team help protect revenue? Not often do you find security teams generating revenue, but we protect the systems that are generating revenue. The systems we protect have real data. They have people’s data on it, they’ve got maybe it’s important intellectual property data, that’s the word I was looking for and that is, that’s important to our companies, our clients, our customers, our people, whoever it is and that data is valuable to somebody.
You can easily tie a dollar value to per record or field and a database-type thing and understand what the value of that is and how much it is going to be worth to secure it. There’s an easy equation where if it takes $1 million to secure $10,000 of money, then that’s not worth it. Don’t spend $1 million to save $10, but if you could spend $10,000 to save $1 million, that’s probably a pretty good investment.
There’s an easy math equation there. It gets complicated because in security, it’s also hard to prove a negative, “Look at all these things we did.” Maybe you haven’t had a breach in six months or a year or haven’t had a major incident. Is that you were lucky? Is that you were good? That’s hard to tell. There is still some squishiness there.
For this question, we are going to get entirely away from squishy and I’m going to need some hardcore algebra and calculus. As you survey the landscape, heroes versus villains, how are we doing?
We’re okay. We don’t need to get complacent. We’ve got to be thinking about how to solve the problems of tomorrow and effective security leaders are thinking about that at different levels of the organization. You’re solving the problem that’s on the screen in front of you. You’re solving the problem for later that afternoon or maybe you’re trying to solve the problem six months or a year from now. Focus on what your problem is and what resources you need. Talk to your boss about that. Talk to your leadership about that and try to again explain, “If we don’t do this, here’s what happens.”
Be okay if that leader says, “I’m okay accepting that risk,” because again, as security leaders, our job is to help protect the business that has to run. We’ve got to understand our role in that. It’s not to say that security is not important.” It is. I’ve built my career on security being important and I think it is. We can’t be selfish and think security is the number one end goal because it’s not. As soon as we can realize that, it’s going to be all the better. To answer your question in short, are the good guys winning? Are the bad guys winning? Sometimes it ebbs and flows, but again, I’m always rooting for the good guy in the movies and in real life.
We’re over 500. If nothing else, we’ve won more than we’ve lost. There have been some bad beats and there have been some great wins and that’s the key. As long as you are waking up on the right side of the grass every day, that’s the key.
There’s the Law of Averages, too and I wish I had some hard numbers on that, but again, you want to win more than you lose.
We’ll bring it back to the addendum to that. We’ll put it in at the end once you’ve provided all of the citations and deep dive studies from Oxford and MIT and everything.
It’s in the mail.
Let’s take a hard right here. Move into Leadership Corner, you, Jonathan Waldrop, without giving away any of your OPSEC, maybe a little bit of it, what do you do? What’s on your Spotify list? You got books on the coffee table. You got magazines in the bathroom. What’s going on?
I’ve been working on my vinyl collection, actually, so putting together some records. Lots of good jazz that’s out there. We’ve got an eclectic mix of all different sorts of stuff on vinyl. I also don’t read as much as I would like, but I try to step outside of the security realm and the technical realm and read some non-fiction. I’ve been into some spy stories lately from the Cold War, World War II and such and those are some good books to read. To your point a moment ago, OPSEC is a huge thing that you can take from some of those. Not necessarily directly related to security, but certainly the good guy versus bad guy type of books. I try to get outside and run a few miles here and there.
I’m going to push this question harder because you had me at vinyl. Let’s say for any reader who, whether they’re reading the day it drops or 6 or 8 months from now, but they happen to be walking to their favorite local record store. What are the top three records they should walk out of that store with? I got a better version of that. What vinyl are you wearing out now? How about that? Let’s go with that.
We have the soundtrack from a movie called Big Night. I’m not sure when it was made, but it’s Stanley Tucci.
I know what you’re talking about. There’s an incredible Rolling Stone article about that after it dropped in 1997. I know the movie you’re talking about. Dear readers, there’s googling going on. You can’t see him. He’s looking this up.
Stanley Tucci and Tony Shalhoub. I’m sorry. It was that important to get that right. It’s a great movie to watch. It’s a feel-good movie. It’s about two brothers that have Italian restaurants, but the soundtrack is fantastic. Our little family, we listen to that cooking dinner at night and things like that it’s a good one.
Dear readers, this is where you come for cybersecurity information, dealing with the elements of human risk. Let’s talk about Tony Shalhoub because why not? Shameless plugs. Anything you got going on? Anything that Insight Global heads going on or you’re like, “Here’s a band I like. You should listen to them.” I will try to be quiet.
Insight Global has the Be the Light Tour going on, so go to InsightGlobal.com and check that out. It’s a bus that’s coming around looking to serve all different communities and underserved populations, especially resume help. All different manner of hiring interviews going on in those. Check out the Be The Light Bus and the Be the Light Tour for Insight Global from InsightGlobal.com. For me, I’m speaking at a conference here in Atlanta in March. That’s going on. Hit me up on LinkedIn if you like and I’ll send you the details for that. I’m going to be talking about a very similar subject around human security and hiring for good security teams. Please check that out.
I missed one question I meant to ask, but because you did mention that you are speaking at a show, we are rolling into the silly season. We are coming up on Hymns and South by Southwest. We came out of CES, Black Hat and Def Con’s whole hacker summer camp and we’re all back, theoretically. I am assuming that you were one of those gadflies that might go to one or all of these as well as some of the other regional shows around the country, all respected and paid. What are your thoughts as we are coming back into these things?
I was at Black Hat in 2022, which was a great show. It was good to be back there. There’s certainly a place for these types of big venues and events like this. For me, one of the biggest pieces is networking. LinkedIn is a powerful tool. With Black Hat, I was able to meet up with folks that I’d never met in person before, which was super cool.
To have that human interaction, the face-to-face and 3D, as I say, meeting people. It’s very cool, but there’s also good to have that camaraderie and people sitting next to you in some of those presentations that may be experiencing the same challenge you are. Find those networks. Find those groups you can talk with and trust and have those conversations and share the wealth on how you’re solving problems because nobody has been helped by another company having a breach. We should be all in this together.
I’m going to wrap it back into shameless plugs because you are one of those people who feels shame, whereas other people get shameless about it. If they are looking for you out in the world, whether it’s going to be at different events, if they want to connect on LinkedIn or if you want to keep your OPSEC, you can tell me. I’m not giving any of that information away. Where can people go find out more about what you’re doing, what Insight Global’s doing?
You can find out everything about Insight Global at InsightGlobal.com and you can find me on LinkedIn, LinkedIn.com/in/JonathanWaldrop. You find me, send me an invite, tell me you read the show and we’ll connect.
Jonathan, thank you so much for putting up with my messy nonsense. We got more to do because something tells me that you’ve got a lot going on. I want to talk about how cool it is doing cybersecurity for the Air Force. Of course, that’s super cool. Until then, thank you for joining us on Friendly Fire. A friendly reminder that all comments today reflect the personal opinions of the participants, not necessarily those of their employers or organizations.
That also includes me, the host. I don’t want to offend anybody who might be involved with anything else on all of these things. For more information on all that’s good in the world of cybersecurity, make sure that you check us out. You can find Elevate on LinkedIn and Facebook as well as the mothership, ElevateSecurity.com.
You can find me @PackMatt73 across the socials. As far as the show goes, anywhere you go for pods, that’s where we are. All we ask is you subscribe, rate and review. Just give us five stars. If you only give us four, I’m inclined to think you are a hater because when we got people like Jonathan who come on here, how could you not give us five stars? Just keep coming because this is where we bring all the great folks who are putting in the good work to get the job done and keep us safe. Until then, we will see you next time.
Important Links
- LinkedIn – Elevate Security
- Facebook – @HelloElevate
- LinkedIn – linkedin.com/in/jonathanwaldrop/
- Insight Global
- Be the Light Tour
- Black Hat
- @PackMatt73 – LinkedIn
About Jonathan Waldrop
Jonathan is an experienced security leader with more than 15 years of experience in a broad range of technologies, industries, and government organizations. He’s led global technical teams, managed support teams, and built and developed multiple security programs where he was the first hire with “security” in the job description.
Most recently, he’s spent the past 5+ years building and developing the cybersecurity team at Insight Global, scaling the people, processes, and technology to support a company that has experienced rapid growth both from an employee, and revenue standpoint. He has initiated projects to streamline business processes that are secure by design, and from the start with a focus on usability.
He also works closely with the Veteran community, mentoring and guiding Soldiers, Sailors, Airmen, Coasties, and Guardians during their transition from active duty service, whether it was after 2 years, or 20 years.
