[00:00:00] I did bring my own tissues for my tears later. I know they're coming. Ghost Island. Anything with ghost in it. There's a red flag. I feel like It hits you later. Should we continue going? I feel like you have one more in you. Yeah. All right. Let's keep going. Are you trying to get me to cry? Do you have lunch plans after this?

I'm going to regret this. Why can't we just have a coffee like a normal person? All right.

Welcome to Hot Ones. Starting starting now on air. All right. Welcome Jan to the show of hot takes with CISO's and South Korea leaders Maybe to start off, if you tell us a bit about yourself, uh, where you are these days, and yeah, just a bit about yourself. Yeah, thanks. I'm, uh, at the moment a group CISO for a university, uh, in Australia.

Um, been in [00:01:00] security for a good, uh, decade, and, you know, in IT for a a good, uh, 20 years all up. It's great to see you here. When we're back in Melbourne, we live three kilometers from each other. We only see each other here and there, but we only meet in the U. S. for some reason. Yeah. This is the most common place we meet each other, San Francisco.

So, um, no, it's good. It's good to see you both face to face. Likewise. And actually maybe considering having hot food as well. What is the hottest food you've ever had in your life? When I woke up this morning, I regretted, regretted agreeing to this. I thought, why can't we just have a coffee like a normal person?

But, uh, uh, it took me back to probably a decade ago. I was in, um, in Malaysia, in KL. And it was the last night I was there. I was flying out the next day and I, and I wanted something local. So I went to a hawker market. And got the local food. It was, you know, very, very cheap, very popular. Yeah. Uh, and got a dish that came on, you know, the stainless steel plate with, uh, the roti bread and sauces and, um, all sorts of stuff, dips everywhere.

God, it was so hot. It was so hot. Like it was, um, absolutely burning and I could feel it [00:02:00] for two days afterwards. I instantly regretted it. I regretted it all night and I regretted it on the plane the whole of the next day. So it was, uh, yeah, it was some local spicy, uh, spicy Malaysian food. Did you ever find out what?

It was like what it had wasn't, it wasn't in English. It was just one of those ones where you point and nod and hand over the money. So it was delicious, but there was only three or four different sources and one of them just killed me here. Wow. So what advice, if you don't, if you can't read it, don't put it in and don't have an early morning flight the next day.

Oh, okay. So you actually walk in the plane, just holding on to yourself. No bumps, no bumps, no bumps. Talking about regrets in life, we should probably start with the hot sauce. So obviously, I've got them in the order of the mildest all the way to the hottest. And we've got, to make it interesting, we've got some original fried chicken.

And if you're feeling spicy towards the tail end, we've got some spicy, uh, chicken as well. But these are, this is supposed to be grilled nopales or grilled cactus. Fairly mild is what I've been [00:03:00] told so far. So I'll let you do the dabbing yourself for your chicken. Straight on or? Yeah, I mean, yeah, you can go straight on if you like.

Or, or over there. Yeah, probably a smarter thing to do is just to put it in there. Uh, I just go with the little dab on the top. And cheers, and hopefully we'll be surviving after this.

Oh, that's fine. That's alright. Yeah, that's alright. I do taste a bit of cactus though. Imagine if cactus were a thing, this is what it would be like. Yeah, I was expecting a jalapeno type taste, but it's different. Let's just go holy moly as well, this is the other one. Why not? We're just like, while we're at it, maybe you don't want to put it on the same thing as that.

Yeah, yeah, that's right.

It's okay. That's manageable. That's not, um, I guess the challenge is to, so far, no one has gone for the [00:04:00] milk yet. Okay. So we have, we have to maintain that benchmark. I did bring my own tissues for my tears later. I know they're coming. If you were not a CISO, what would you be doing? So I've always loved computers and technology since I was sort of five years old.

I had, um, had the Commodore 64 back in the day. I had the 286, 386, 486. So I always would have done something technology. But now looking back, I think something I would have enjoyed, um, would actually be construction. Right, so I've been a builder, um, of some sorts. Like houses? Houses, yeah, I think houses or commercial maybe.

But I'm a very organised person, I'm very, um, I like to plan ahead, I like to sequence things, I like to see the big picture. Yeah, yeah, yeah. And I like to get, you know, organise things and see it through. So I think I might have enjoyed Like a big project. Yeah, a big project, sort of coming up with the concept and then watching it come to life.

I think, um, I'd probably be good at that. Builder? Oh, like Dan the Builder. I mean, there's a ring to it. Yeah, if I wasn't into something tech, maybe that's something I'd enjoy. But, um, yeah, I love tech, so I don't [00:05:00] see myself leaving. Actually, and how do you explain yourself to your non technical friends to what you do?

So most of them have no interest, but I usually just say I work in, I work in IT. Right, right, right. I work in IT. And then, in 50 percent of cases, there's no more questions. That's it. The end of story. And it's a good gauge to work out how technical that person is, right? So then they might ask, Oh, what do you do?

Are you a developer? Oh, right, yeah. They do know a bit. Oh, no. Not a developer, I work in cyber. Like, oh, okay, that must be, usually it's like, oh, that must be hard or interesting or whatever. And then sometimes they probe a little bit more. What do you actually do? And it's, all right, well, I lead a team or whatever it is.

So, yeah, it usually starts with the IT and that. That ends the conversation at the end of the time. The way to kill a conversation is just go say, I work in IT. Like, kill the conversation, oh yeah, I don't care, I'm like, okay, moving on. It's a good filter, it's a good filter. At what point in your career did you choose to, like, what was that turning point for you to kind of go, oh, I'm gonna go do science, I mean, obviously you had an interest in computers for a while.[00:06:00]

What made you go cyber security? Because you could have gone down the tech path as well. I guess, yeah, I always had an interest in, uh, in, in technology. I went to uni and studied, um, studied IT. I worked in IT at the same time. So a part time job in IT, like most people, started on the service desk, help desk, that sort of first level support.

And then, you know, Over the decades, I, you know, I did a lot of engineering, a lot of infrastructure stuff. So looking back now, it really, it really helped me from a security perspective. So, you know, I have a deep, deep understanding of how Active Directory works. Um, I was, uh, accountable for a data center at one point, so I understand the physical security.

From a networking and firewalls perspective, I managed those and deployed those. So, uh, sort of as my career progressed, it sort of lined up with where cyber was playing out. Coming on its own, becoming a sort of a career on its own. Um, and about 10 years ago is where I started to focus on just being in cyber security.

Having that background in, in infrastructure really, really helped. Um, and, and I sort of followed the path and I thought this, this, this is going to be something big. This, uh, this is like a, an actual career of its own now [00:07:00] and I could see the future of it. So I, I sort of pivoted, um, out of infrastructure into, into cyber security.

Okay. Cause that's an interesting dining point. A lot of people. Not even remember that cyber security wasn't even like a thing of its own like tech was tech used to exercise its own. So I think in, in, in banks, uh, and, you know, maybe governments and, and, you know, defense contractors, there was dedicated departments.

Um, but if I'm looking back 15 years ago, security was, you know, the firewall person. That was it. You're looking at an IT team and that was it. And, um, you know, it was really about managing firewall rules and that was the extent of security. You know, you might have some antivirus products here and there, but there was no dedicated security function, no, um, strategy.

Uh, there wasn't broader discussion, uh, around risk or, um, awareness or anything like that. It was very much just, you know, very, very technology focused. So I think it, it's a, it's obviously opened up into its own, um, own domain now in the last 10 years. It's a great question because, uh, I see it within my team.

Like how did you get into cybersecurity? Everyone's got their own, [00:08:00] their own story, right? It's not like, When you become a lawyer, right? You've gone through uni, you had a placement, and then you became a lawyer. Yeah. So like, it's pretty, pretty, pretty simple. Yeah. Pretty straight path. But in cybersecurity, everybody's got a different story.

It's, it's, it's really interesting. Yeah. And I think I've met people who have come from musician backgrounds, lawyer background into cybersecurity and go, What made you go cybersecurity? I mean, it's like, I mean, I'm all the way all for diversity as well, like different fields coming in, because they bring in their perspective.

But to your point, I would definitely encourage people to find out what. Was the background before cyber security because I think I definitely find that personally fascinating now as you kind of traverse through like from infrastructure to security At what point did you think oh, I'm gonna go into a leadership role because what was their turning point back in those infrastructure roles I had done a lot of team leading was infrastructure manager for three or four years in a place as well I really enjoyed that That the leading the team and building teams.

I really enjoyed building teams. And even where I am now, it's all about the people. People first, um, surround yourself with great people and you can be [00:09:00] successful. And you can't, you can't use the tools. You can't. Deploy, um, can't run any programs without the people right. You've got to have the right people and passionate people there.

So, um, I've always sort of gravitated to those leadership roles, whether that's technical leadership or people leadership. And, uh, yeah, I guess when I joined my current organization, this was, it was a new role. It was their first CISO. And naturally it was, it was the, you know, the team manager. I definitely find that people who would choose a path of, yeah, I'm just not, not going to manage team.

I'm just going to go become an individual contributor or continue on the path. And being able to work across a broad team, I would say, is a lot more stressful than just being an individual contributor. There's a lot more that carries with it as well, so, I mean, yeah. And I think it's a role for the time, right?

So, in some cases, you might want to contract for a couple of years and get deep into the technology. Or, you know, it might be your lifestyle. It might be traveling. Do you want to do some contracting instead? And I think it just, you know, comes and goes. And you can sort of move around and gravitate. You don't always need to do one role.

Yeah, for your whole life. Yeah, I feel like, I think, and someone said this, I thought it was really interesting. They said life is like a season. Like this could be your contracting [00:10:00] season where you just want to go deep dive, but then your season of being a CISO or something else and maybe just taking time off and just go, well, I'm just going to travel the world and see, come into a dangerous city like San Francisco and have hot fried chicken.

Like, why not? Danger everywhere. Well, hopefully the San Francisco council is not listening to this one. They're like, never coming back again. But talking about building and dangerous. We should build up on this. The next sauce is a Alaskan Serrano Bull Whip, which is using kelp and Serrano hot sauce. Let me know if you want to go up with the original as well.

I mean, so far we're level three. If you feel like you want to go up. Let's see how we go. Um, interesting color. Yeah. All right. Cheers, man. Cheers, man. That's not bad. Like, yeah, like it hits you a bit later. Yeah. Yeah. Definitely has hints of spice in there, but no, no, it's nice. That's a good flavor. Some more spice with ghost island now, ghost island.

Anything with ghost in it, that is a red flag. [00:11:00] Like, uh, if you know where that flag is, if it says ghost, or if you can't understand what's written over there, you don't. I think I feel like I'm going to go a bit brave and just go for the hot one this time. Oh, I can already smell this. You're like so far away, you can see my teeth.

That's how spicy it is. Yeah, don't rub your eyes with it. Yeah, yeah, I was thinking the same, yep. I feel like It hits you later.

I think it was fine, it was fine, and then right at the end of my throat, as I swallowed it, it was like, leaves like a, Hey, I'm here by the way. Should we continue going? I feel like you have one more in you. Yeah, alright, let's keep going. Are you gonna go for Dragon, alright. Oh actually, I should point it out.

It's called Dragon Repellent. Dragon Repellent. You should at least try one of the hot ones after this, by the way. Yeah. Uh, like, well, maybe not the last one as a hot one, because that's supposed to be the spiciest. [00:12:00] Alright, cheers.

It's not bad. I definitely feel it was the hot wings that made it even hotter the previous time, but it's not bad. This is not bad, actually. Wow, you should be proud, man. You're like on level five now. You feel like, confident for level six as well? I'm worried about this hot chicken. If you could change anything about cyber security, what would that be?

Oh, I see this with my colleagues, with my team, with everywhere I've worked. It's um, it's probably the manufactured urgency. I think as cyber professionals, we can get burnt out because we're always responding to something urgently. Something's critical. But I think a lot of the time, It's manufactured, right?

So we do need to respond quickly when there's an incident and and the right reasons But a lot of the time it is not urgent. So There it's an audit filling in a spreadsheet attending a meeting I think there's a lot of this this false urgency and I think across across the industry We need to sort of work out how to manage that and save the urgencies [00:13:00] and the priorities for when When they are actually required.

So during an incident, I think it really adds to the burnout and the mental fatigue within the teams. Um, so I think, yeah, that's the one thing I would change is probably that culture around, not everything is actually urgent. So what, what, what's important when it's a bit of a, you know, the boy, boy cried wolf.

So if you keep doing that, people just that when it, when there is an incident, They're not going to believe you or not believe the urgency because if everything's urgent all the time, yeah, it's not to be an ambulance chaser, I guess. Yeah, yeah, yeah, I think that definitely was a, and maybe to kind of add one more layer to this, if you're dropped into a company which doesn't have a cybersecurity program.

And you are been given the role in a CISO in 2024. What would be some of the first things that will come to mind that you want to start off with if like never done cybersecurity as a company and now you've been dropped into the, hey man, you found that great CISO. Why would you take that job anyway? Why would you take that job in the first place if you do?

And if you're, for some reason you have some hot fried, yeah, you have some hot fried chickens and [00:14:00] like, you know what? I'm going to, I'm going to go for this. That was a great idea. Like a bad bet gone wrong. So if you were to drop into a situation, why would you, what would you start off with? As much as I'd love to dive into tools and technology, again, I'm a, I'm a planner, right?

So you can't, you can't manage what you can't measure. So take a step back, pick a framework, see where you sit and work out if that's what How you want to move ahead through the program. So, um, yeah, measure the organization, whatever framework you're using. Yeah. Yeah. That'd be the first thing I'd do.

What's the risk level? What are the controls like? The, um, the maturity of the controls. Where, where are your exposures? How does that, uh, translate across to, um, the risk appetite for the organization? What's manageable to do? So what are some quick wins? Um, and, but where do we want to be in, you know, three, five years?

Those sorts of things as well. So sort of understand it's a, you know, the measuring stick to work out where you are. And, uh, so you can sort of measure where you want to get to. Awesome. That's a great answer. There's no time for my rapid fire. So it's going to go for hot fried. So we're going for the hot one this time.

And I think, uh, [00:15:00] you can, you can choose how much of this, uh, level six you want. Uh, cause this is a rapid fire. So we kind of, we can't, can't technically have too much time to think as well for this. Oh, Oh, you're smart. You only got one dab out of it. By the way, for people who are watching this, you can only take out one drop at a time.

So when something is like one drop at a time, I'll put a couple of drops. All right. Uh, cheers. Thank you.

I think it's spat out. I can't even think if it's the chicken or whatever. This one's probably had the most kicker. Yeah, the producer has spoken. We're trying hot fried chicken with some ghost pepper sauce. The producer with her ideas. Cheers.

Are you trying to get me to cry? It's still good. It's a nice mix. It's a bit sweet. Alright, I think we've passed the test so far. But we should write, uh, Firebird Fire. Being a seesaw is [00:16:00] hard because? Uh, it's always changing. If a seesaw could be a superpower, what would their superpower be? To stare someone down until they do what you want.

Solve one rebellion. What is your favorite invention of the modern world? This is a boring one actually. I think the, the, the mobile phone. So like the iPhone, for example. I think we don't appreciate how much it's actually changed our life. Yeah. So when I was a kid growing up, you'd watch cartoons. You'd like the Jetsons or something, right?

They have a piece of glass where they're talking to people. Yeah, yeah, yeah. And all of a sudden, you know, come, you know, 15 years later, we've got that. Like I can talk to someone on the other side of the world in my hand. I've got everything there for traveling. It's, you know, fantastic. I've got the maps, I've got everything.

Actually you're right because you can drop into any new city and find your way wherever you want to go. You can call a cab. Call an Uber or whatever, uh, get to a hotel, you can book a hotel using this, check in with this. I mean I think in New South Wales you can even have your driving license on there.

You can, yeah, yeah. I think Victoria is getting there, they're doing the pilot, but um, yeah, it's, it's, it's amazing. I think we don't appreciate [00:17:00] how much it's changed, just all of a sudden it was there. Can you imagine, so I've done a lot of traveling like yourself. Turning up into a city. Yeah, without your phone these days like it.

Oh Like I'm old enough to have traveled with maps and what Just you got to you know, take the bus somewhere. Yeah at the time So yeah, are you it's actually opened up, you know, these new industries like like like a good like uber, right? Yeah, three having these yeah, I mean Airbnb uber of all of them I'm being in touch with family like FaceTime is a great way or a final question What is the spice of life that makes life interesting?

Again, it's a bit boring, but um, I think both traveling and getting outside. I love getting outside every day, like I feel, I feel energised once I have the sun on me, I like to go for a walk every day, get the sun on you, I think it's really therapeutic. You know, arriving in a new city, going for a walk, seeing the sights and the smells and whatever's going on around the city, I think it's, I think it's fantastic and um, yeah I just, I love traveling, I've always loved traveling and arriving in new places and you know, trying the hot food, hot rum.

Yeah, going, going for a walk. So I think, yeah, both [00:18:00] traveling, um, you know, experiences in different cultures, different ways of living, um, and then getting outside and getting amongst it, you know, getting away from the screen and that type of stuff. Yeah, and, and trying sources that you can't even translate names in.

I mean, going back, I have a flight tomorrow. Well, it's probably not going to happen at home, right? So yeah, it opens up those opportunities. Yeah, fair enough. I mean, yeah, you would not do that back in Australia. You might as well do that. I've got three fun questions for you as well, not that the other ones are not fun.

First one being, what do you spend most of your time on when you're not solving cyber security challenges of the world? So I've got a young family, I've got two kids, so anytime, uh, anytime I can, I try and spend time with them. Whether it's just walking to or from school, or taking them to their activities, or traveling.

Yeah. Um, even on the weekends, try and get out, go for a bushwalk, go for a walk on the beach, those types of things. That's awesome. And, uh, what is something that you're proud of that is not on your social media? Why wouldn't I put it on social media? Facebook or it didn't happen, right? Probably don't share a lot about my kids and family.

Like I try and keep that a bit private on social media. So I've got, yeah, two young kids. I'm very, very proud of them. They're [00:19:00] both unique individuals. They're kicking goals at their age of life. So yeah, I'm really, really proud of them. We should put this clip for the kids to watch one day as well. Like this is what dad said about us.

Uh, third question and final one. What's your favorite cuisine or restaurant that you can share? Probably my favourite food is Vietnamese. Uh, Vietnamese and, uh, so Pho or Pho restaurant. The kids love the Pho. And actually where you were in Melbourne, in Chelsea, there's a Pho restaurant there run by a Vietnamese family and it's fantastic, yeah.

Wait, do you put, I mean, uh, do you guys enjoy the Pho with the organs and stuff in it as well? Or is it just the regular meat? I mean, I don't know if, because I've not been to Vietnam yet. But I've heard that the fur that they make is with like different kinds of organs and other parts as well of animals.

Yeah, yep. So, um, I'm not sure where the broth comes from, but often it's, you know, been going sometimes for generations. Yeah, right. Okay, keep adding to it. Um, uh, I usually go for, for a chicken, a chicken, a chicken one. Um, and then yeah, chuck the chili in there. Yeah. Oh, it's just, [00:20:00] it's so simple. It's hard to get wrong.

Yeah. Yeah. But yeah, it really comes down to, to the broth, like the broth is. Yeah. I think the broth is the secret, like even more than the noodles. In there as well. Yeah. Yeah. I think I definitely, I mean, it's so simple, but um, yeah, I think there's, there's really, there's, there's a lot of good Vietnamese restaurants in Melbourne.

Yeah. Um, but this one, uh, in Chelsea is, uh, Would you say, it's funny, I think I, I had, I've always had this question, like, why is hot places, like hot tropical places like Vietnam, have like hot food? Yeah. Like, one of the best things that came out of Vietnam is pho, and it is a hot soup in a way. And I'm like, wait, so imagine boiling outside and then you're just having like this bowl of hot soup.

Yeah, yeah. Like, I mean, even that is, or maybe it's because it makes you precipitate more, I guess, but whatever the reason is. Maybe you don't notice the heat. Yeah, you're like, you forget like how hot is it after that. They do, they do great coffee as well. Vietnamese coffee is fantastic. Oh, is that, that's the sweet one?

Yeah, so usually it's with the condensed milk, and it's quite, it's quite strong coffee as well. So it's like dripping. Oh, okay. Then it's, it's [00:21:00] sweet and, uh, and strong. I did. So next time I'm back in Australia, I need to try the weird thing. This place. I did not even know I was so close to her before I moved to the UK, but now like I've gone so far from your favorite place.

But, uh, thank you so much for coming on the show. Where can people find you on the internet to connect and talk more about hot sauces and probably LinkedIn. So you've got the LinkedIn profile. Um, that's the main place of time post particularly, uh, work related stuff. Awesome. All right. No, so much. Great.

You did a great job. You went all the way to level 6 if you're not even badged over there. Now thank you so much for coming. I'll video. This is the That's required. Done.

‍