Stay Informed with the Gone Phishing Podcast | Phin

Bringing Empathy Into the Cybersecurity World | EP 025

Written by phin | Jan 17, 2024 7:21:27 PM

 

Transcript:

Connor Swalm:

Welcome to Gone Phishing, a show diving into the cybersecurity threats that surround our highly connected lives. Every human is different. Every person has unique vulnerabilities that expose them to potentially successful social engineering. On this show, we'll discuss human vulnerability and how it relates to unique individuals. I'm Connor Swam, CEO of Phin Security, and welcome to gone phishing.

Hey, everyone. Welcome back. It is Connor, CEO at Phin, and we are joined once again by my buddy, Wesley Spencer. Wes, how you doing today?

Wesley Spencer:

I'm doing great, Connor. Thanks for having me.

Connor Swalm:

Anytime, anytime. I always love our conversations. 

Wesley Spencer:

So do I. 

Connor Swalm:

On a previous episode, I had made a prediction about the future of cybersecurity. A little bit ominous tone overtone there. And my prediction was that we're going to see a lot more empathetic, charismatic, great storytelling, people who are great communicators. That something that you and I have discussed, whether it was at conferences when we're just hanging out, or whether it's on podcasts like this is what is missing from cybersecurity is incredibly good communicators, people who literally just know how to communicate to nontechnical folks not only the importance of cybersecurity, but why they should care about it in any way, shape, or form. So that was my prediction, and that's what we're going to chat about today. What are your first thoughts on my prediction? You could tell me. I'm flat out wrong. I'm okay with that.

Wesley Spencer:

You're wrong. Clearly, you could not be more right, my brother. We are hitting an era where there are so many awesome, wonderful people across different ages and different genders and different styles of communication that have come in. They're doing such a good job of this, of really changing that mantra of what is a security person. Right. We'll always have people, and I speak to myself on this, the nerds of the world. Right? They come from a very technical background. Right. And we need those folks. But what we also need is people that can comfortably engage in the boardroom and at the executive table that can really kind of bring this through, that are, what do you call them? Language like interpreters between one language and another. Someone that can represent both sides. Right. An ambassador, if you will. Right. What does an ambassador do?

They go embed themselves in a foreign land, but they represent their home country, and they speak for the needs of their home country, but they're living there in a foreign land. And I think in cybersecurity, we're doing the same thing when we talk about that type of individual. Right. And they're desperately needed because those are the ones that can get budgets through. Those are the ones that can communicate the needs. Those are the ones that can advocate for their team on the back end on the things that they need. And I don't think it comes naturally, but I think it's something that through practice, you can really build and learn to use effectively.

Connor Swalm:

I mean, I think that's why Toastmasters is such a popular organization and there's so many local chapters is because it's not natural in a lot of ways. It's very unnatural to be good at speaking in front of large groups of people, to take very complex ideas and make them simply understood, and then also to not get an incredible amount of anxiety when you have hundreds or thousands of people looking at you. And I was just at a conference giving a presentation. I was like, holy cow. These people bought tickets, spent thousands of dollars, flew here, and they're sitting in this room because they wanted to hear what was, what is about to come out of my mouth. I hope it's good. That was the only thing I could think about the entire time.

Wesley Spencer:

That imposter syndrome is a real deal thing. It's something that doesn't go away. We all look at the skill sets of others and say, well, I don't have that skill set. That makes me a fraud. And the reality is, we all have other things. The truth is, the flip side is also true, that people look at you and say, wow, look at the skill sets that Connor has as a leader, as a motivator, as someone who's built deep knowledge in running companies. I wish I could be like that. I don't have that skill set right or that tenacity. So I think there's a lot of truth to all that for, you know, I think one of the things that's important about this, that I could just encourage people listening, is it doesn't come naturally. I have a friend that's a really good musician.

You can literally put any instrument in his hands and he can just start playing it. It's mind boggling to me. He says, people say to me all the time, like, john, you're really talented. And it rankles him because he's like, I'm not talented. I've put in thousands upon thousands of hours in my music craft. That's why I'm good. It's not talent. It's not just, oh, I'm just good at music. That means nothing. If there's not been countless hours going into that expertise. That's what we're listening to. The reason we listen to a maestro is because they put those thousands of hours in on the back end that I don't care about. I just want to see the output. And I think when it comes to communicating, it's the same way.

No one's a natural communicator, no one's born, and they're just really good at being able to share a hard concept in front of a whole mass of people. Everybody starts out nervous, like, literally everybody. And so you're right, we get better at this by practicing, and I've had a lot of practice myself. Right. I've been fortunate to be in roles as a professor, being as a banking executive, where I've given lots and lots of talks, and I've just learned how to speak in a way that can get people's attention. But it's not natural. I'm an introvert at heart, and it's not something that I just knew how to do. It was really awkward and hard. You should see some of the old stuff I used to do. It's really bad. So, yeah, I totally agree.

Connor Swalm:

I always love looking at, not necessarily YouTube videos of you specifically, but if you look at a YouTube channel that's been around for years, go back to their very first know, sort by oldest, and you're, wow, it's like, this is light years different. And the thing that you genuinely arrive at after looking at a lot of those videos is all this person did was keep going. Right? They just started six years ago, here they are today. And the difference is the six years of videos, of practice that they've put in.

Wesley Spencer:

This is so true. And this is where I think you can take a lot of encouragement from. Whether it's, dude, perfect, whether it's Mr. Beast, whether it's. I mean, it doesn't matter. It's so cool to think that YouTube is unique in that you can go back to the ancient of days when they first got started. You're like, wow, they built their empire starting there. That should be the encouragement to you. And the same with me, right? If you go back to my old YouTube videos or it's really hard to do this on LinkedIn because it just doesn't work as well. But I did go and find some of my original videos where I was sitting at my tiki hut, like, right in the middle of the pandemic, and I'm like, I remember those really bad.

Wesley Spencer:

Videos, dude, they were bad. I mean, hopefully the content was okay, but the quality was really bad. So, yeah, I'm totally with you. Just get started and you'll be amazed at how that will carry you forward.

Connor Swalm:

If you're taking donations, I will gladly sponsor a tiki time with Wes YouTube video anytime you would like. So if we're talking about bringing empathy and communication into the cybersecurity world, I would be remiss if I didn't ask you about empath cyber. So you're the founder of Empath Cyber. What's the 32nd spiel on what it is empath. What you're doing with Empath? And then also, how does it tie into all this?

Wesley Spencer:

Sure. So security is hard. Messaging it and talking about it is harder still. We know those reasons why. Go listen to all your podcasts, Connor, and you'll just hear that the challenges are real. Right? And I learned one thing at perch. One of the things I learned is imagine trying to sell a sim down market in 2018. That was really difficult when people are like, I don't think I really need this, and I don't think this is important. And we saw that msps struggle with it. One of the things I learned was, I would tell my MSP friends, hey, if you can just put me in front of about 20 of your clients on a Zoom call, I'll do everything else. I'm not going to sell a sim.

I'm going to sell why security is important, how threats have changed, why it's really damaging, and how you haven't caught up with it. But through some simple things that you can do, you can really build a better security strategy to protect your business. And I started doing that, and all of a sudden, it worked. And msps are like, this is great. My clients ready to go on this. They're like, I didn't know all this. Let's make it happen. Right? And I realized that is what msps need. There's so much good content out there. If you're trying to grow in your technical capabilities. You have YouTube guys like John Hammond and John Strand. You have university, you have books, like amazing people. But when you think about the roles of virtual CIOs, you think about the roles of people like account managers and directors.

Like, how do we actually talk about security? How do we explain it way that makes sense, or even the talent pipeline. Msps are not hiring people from crowdstrike. They're hiring people from the at t store. So how do we get them up to speed and make sure that they're cyber conversant and they're comfortable? They're not experts necessarily but they know how to speak cyber. And that to me is what empath cyber is. All that's why I built the platform is I really wanted there to be a landing place, a safe space for those people to come in and say, this is what we're all about. This is what we're training and teaching and educating. We're all going down this journey together. It's way more than 30 seconds, sorry.

But I get passionate about it because I really believe that if we get, and it doesn't matter if you use empath cyber or not, if we get better at Speaking cyber, everything falls into place. The client gets what they need in terms of better security, in terms of making sure their livelihood is set for the future. You get what you need, which is a really good business and good revenue. Everybody wins out of this. And so I think it's really important that we get better at all of that. And that's why I created empath as a way to help in that.

Connor Swalm:

That's one of the things I say. People who listen to this podcast regularly probably feel like I'm a broken clock, is I remember talking to people when I was studying math in college about the math I was studying, and it was something I was super passionate about. As you said, there are these wonderful security practitioners who are great experts, but that doesn't necessarily mean they know how to communicate it in such a way that somebody else is going to care about on the other side. And I see the same thing happening in security that happened to me in person is the light dims from their eyes as soon as you open your mouth and start the conversation.

Their mother, their brother, their uncle, their friend they haven't talked to in seven years is calling them from the next room, and all of a sudden they got to go and you're like, oh, is it something I said? Yes, it was everything you said, actually. So that was one of the things that I had recognized early on is, oh, that's my fault. I have to find a way to make this relevant to the people that I want to have an impact on, not the other way around. I have to go to them and talk to them how they'd like to be talked with, not expect that it's going to happen the other way around.

Wesley Spencer:

So here's the key to this. I don't think we talk about this enough. In security is body language. This is like, really learn how to get better body language and you'll notice that things start to open up when I first start talking to somebody that I literally don't know. And to me, this used to be the most terrifying thing. At perch, I'd sit down with a group of people on a Zoom call, and I'm like, I'm supposed to talk about perch and hopefully sell it. This is really difficult, and they don't know who I am. So one of the things I've learned to do is put a big smile on my face and to just jump in, like, hey, tell me about your MSP. Tell me about what you guys are you're doing. Tell me what security looks like for you.

Tell me where you're trying to grow. And I'm telling you, when you lean forward, you have a big smile on your face. You have this open body language. It truly disarms people because no one wants to be the guy or the gal in the room. That's like the mean person to somebody that's smiling and happy and genuinely cares about them, right? So practice that. I know for us, it nerds, it's really hard to smile sometimes. Like I'm doing right now. Like you're doing. If you're just listening, just trust us. We're smiling, but it's really important. And you can go so far in using good body language to disarm someone, and then they're going to be receptive to listen to what you're saying because they're like, that's different. I don't meet a lot of people that are acting and carrying on this way. Right?

So don't be inauthentic about it, but find a way to truly disarm them. And a big smile goes a really long way.

Connor Swalm:

If you're able to make a friend, I promise you will make way more sales. If there are any people who have to sell security listening, just worry about making the other person on the end of the line feel like you're friendly, warm, inviting, conversational. And don't even ask them to buy anything. At the end. Just say, maybe this is a fit. Or honestly, get to the end and say, doesn't sound like we're a fit here. Go over here, though, and check these people out. I think they might be able to help you. That gives you so much more credibility. When I used to do the sales, I used to turn away people. It's like, you know what? Actually, I don't want to deal with this right now, so I think someone else can help you better.

And they're like that meme, like the Zoidberg meme. Or they're like, take my money. It's like, they want you. They feel like you're being genuine and you're being honest, and that's what people really care about.

Wesley Spencer:

That is so true. And again, practice in front of a mirror. Maybe that's your how to. I'm trying to make sure I always give, like, practical how to practice in a mirror. Seriously, about talking about security, about introing some of those open ended questions you like to begin a conversation with a client on, and just practice it in front of my mirror. Make sure you're smiling. I'm telling you, it goes a really long way. But, yeah, that whole idea of empathy, maybe I'll just close on this one. Connor, is empathy is about stepping into other people's shoes. Empathy is about understanding from your perspective, what does this look like? And if I can truly step into their shoes, I can prove that they understand.

One of the things my wife and I have is just a rule between us, is anytime we're having a disagreement or an argument, I will not give my retort, or neither will she until we've both proven that we can understand the other's point of view. And that's been so helpful to us in our relationship, because even if I disagree on something, if I can communicate to here's why. I understand where you're coming from, and this makes sense to me, but now here's my point of view. It really eliminates a lot of fighting that can happen back and forth. So to strive to step into the other shoes before you try to do something else.

And so I think that's a powerful way that we can bridge that into our security conversations in a way that I think we'll find more success and collaboration with our clients.

Connor Swalm:

Seek first to understand before being understood. Yeah, I don't know who said that, but somebody was Yoda. I've quoted Yoda, like, seven times on the podcast, and I never attributed anything to know.

Wesley Spencer:

You miss the shots you don't take. Wayne Gretzky, Michael Scott. Right.

Connor Swalm:

Yeah. And now there's a third one. Connor swam. Now, we're three levels deep here, but I completely agree with you. Is being able to be more conversational, be more empathetic, really starts with taking a genuine interest in the people you're talking to. And I've tried to communicate that to everyone I come across, is people. First question people ask, how do I fake being interested? It's like, that's a great question that tells me you have no idea what you want to do here because you can't fake it. People suss it out. They feel it like the body language unintentionally will give you away at some point. So taking a genuine interest, asking questions.

I used to asking questions until I got embarrassed and I would say I can't start talking about myself until I feel embarrassed about asking these questions because I've asked so many in a row. Stupid, seemingly stupid. Things like that are just so helpful at learning how to talk with people better.

Wesley Spencer:

Indeed. So. Indeed. So this has been such a fun conversation.

Connor Swalm:

Well, where can people find you? Where can people find empath if they wanted to take a look and maybe see some more of your bright smiling face?

Wesley Spencer:

Yeah, so easy to get to it. Empathcyber.com is the best place to go and you can kind of see what it's all about and kind of see the mission behind it. But a couple of other things I would lead you to as well, if you're interested, is we do have platforms for the entire MSP if you want to bring your whole team in slash join and it'll give you all the info you need. But also the other thing is I've got a newsletter now, Connor, and I'm doing a weekly newsletter and just covering things I think are interesting. Giving links to videos and other stuff that I'm producing and you can get to that@empathcyber.com. Powerup so it's what I call the Empath Power up newsletter.

And so I think I got close to a thousand MSBs in it already, which is really cool and would absolutely love anyone else to join as well. So thanks for letting me shout out myself a little bit.

Connor Swalm:

Anytime. I love what you're doing. I love what you're up to at empath. And actually I was going to say I hope it's called Wes's wisdom. But now I feel like Wes's wisdom would have been a more catchy title. But I'll let somebody else make the branding decisions for you. That's okay.

Wesley Spencer:

A little too presumptuous for me. I think.

Connor Swalm:

I'll workshop it then. But anytime. Always happy to come chat like this. I learn an incredible amount, as I'm sure all of the people listening do as well. So once again, thanks for joining us. There. Any last second pieces of wisdom, Wes's wisdom you want to give to the.

Wesley Spencer:

Folks listening other than just thanks for the opportunity, thanks for learning. Just keep it up. You guys will get there. Every MSP. I love seeing the growth and it's been probably one of the most exciting things for me over the past few years is just weekly, monthly, yearly catch ups with my MSP friends and seeing them grow in their business because man, when one MSP does the right thing, it affects many thousands of other people and that's why we're doing this.

Connor Swalm:

That is some wonderful information once again. Wes, thank you so much for joining me. I feel blessed to have you here in my presence, even if it is virtually. And for those of you listening, I'm the host, Connor, CEO at Finn and we will see you on the next episode. Thanks so much for joining today.

Thanks so much for tuning in to gone fishing. If you want to find out more about high quality security awareness training campaigns, how to launch them in ways that actually engage employees to change their habits, then check us out finsecurity at phinsec.io. That's SEC IO or click all of the wonderful links in our show notes. Thanks for fishing with me today and we'll see you next time.