In this episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by guest Gary Hayslip to discuss thought leadership and knowledge sharing in the cybersecurity community. But is it thought leadership we seek or thought mentorship? 🤔
Guest: Gary Hayslip, Chief Security Officer at SoftBank Investment Advisers
On Linkedin | https://www.linkedin.com/in/ghayslip/
On Twitter | https://twitter.com/ghayslip
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________
This Episode’s Sponsors
Imperva | https://itspm.ag/imperva277117988
Pentera | https://itspm.ag/penteri67a
___________________________
Episode Notes
In this episode of the Redefining CyberSecurity Podcast, host Sean Martin and guest Gary Hayslip engage in a conversation about thought leadership and knowledge sharing in the cybersecurity community. They discuss the process of creating a matrix or list of topics of interest and grading them based on comfort and expertise levels. But is it thought leadership we seek or thought mentorship? 🤔
Gary emphasizes the importance of passion and purpose in thought leadership, viewing it more as mentorship rather than traditional leadership roles. He shares his own journey, starting small by speaking at local chapters and gradually expanding to larger conferences. Various writing platforms like LinkedIn, Medium, and personal websites are discussed as avenues for sharing content and seeking feedback from the community.
The conversation emphasizes the continuous learning and updating of knowledge to provide valuable insights. Gary highlights the qualities of a thought leader, including passion, purpose, and a genuine desire to help others.
Overall, the episode offers insights on thought leadership, knowledge sharing, and the process of becoming a trusted mentor in the cybersecurity field. Listeners can expect an engaging and informative conversation between Sean Martin and Gary Hayslip that focuses on the practical aspects of sharing expertise and making a positive impact in the community.
____________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
____________________________
Resources
When Virtual Reality Is A Commodity, Will True Reality Come At A Premium?: https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72
Questions on Developing Your Thought Leadership: https://www.linkedin.com/pulse/questions-developing-your-thought-leadership-gary-hayslip/
CISO Desk Reference Guide Website: https://cisodrg.com/
So You Want to be a CISO?: https://www.linkedin.com/pulse/so-you-want-ciso-approach-success-gary-hayslip-cissp-
____________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Sean Martin: Hello everybody, this is Sean Martin. You're very welcome to a new episode of Redefining Cybersecurity here on ITSV Magazine Podcast Network. And, uh, as you know from listening to the show, I try to figure out how to operationalize security, which seems to become more difficult every day. And, uh, I'm not sure how CISOs do it and the practitioners stay above water, but somehow they do, for the most part.
And, uh, and when, when they figure that out, I feel it's important to give back some of that knowledge to the community. And to be honest, there isn't anybody that I can think of that does more of that. And my guest today, Gary Haislip. Gary, good to have you
[00:00:46] Gary Hayslip: on. Thank you. It's been a while and I'm really happy to be here.
[00:00:49] Sean Martin: It's a pleasure to see you again, my friend, and glad you're well. And today we're going to talk about thought leadership and kind of sharing, sharing our learnings with others and the value of that both personally and to the community. And, uh, yeah, as I was alluding to, it's an important part of our process, right?
Continuous learning and... And applying those learnings to our own situations and our own programs. Um, for those who haven't met you yet, Gary, maybe a few words about some of the things you've done, um, San Diego prior to San Diego, up to your, uh, your role at SoftBank now, just kind of, kind of set the stage for folks of who you are and what you're about.
[00:01:37] Gary Hayslip: Yeah, I, uh, I said I've been in cyber and it, uh, for years. Um, you know, the, um, I don't like to go ahead and say the date, 'cause then I'm like, whoa. It's actually been that quite long. Um, it's just, you know, I, you know, did a, uh, a whole tour, active duty military, uh, retired from s with the US Navy, um, retired from the Navy.
Um, worked for the federal government for a number of years, you know, as a CISO for the US Navy. Um. And then, you know, it was the first CISO for the city of San Diego. And, uh, which was really interesting, massive city, smart city projects. Um, I think that's where I met you, Sean, for the first time when I was there.
Um, and then I decided to go ahead and do something different and jumped in the private industry. And so for a number of years, I was the CISO for WebRoot software. And so that gave me a chance to see what it was like to work with sales and marketing and the product teams and still run cybersecurity and do, you know, IT as well.
Um, and then, you know, the company got acquired, you know, so first time they actually see what it was like to get acquired and go through the acquisition and, you know, and to help with all of that. And, and as that wrapped up, um, SoftBank, you know, the vision fund, um, Was picking up steam and they were growing exponentially from, you know, 50 people to 500 people in less than 12 months.
And, and, you know, the, they needed a system, you know, and, um, the new CIO that they had hired, um, was looking for somebody like me that could do four or five different types of jobs and somebody that wasn't afraid to, you know, get involved with startups and work with audit and, and build a security team.
And he had a whole really interesting idea of going a hundred percent SaaS. Nothing on prem. And, you know, I was intrigued to how I would build a security stack for that and be able to manage the risk. And that was about four and a half years ago. It's been a fun ride. It's been really, really interesting.
[00:03:31] Sean Martin: And I think that's probably a story into it. So that whole, that whole journey, cause what it looks like today. Certainly doesn't look like what it did four and a half years ago. And then, you know, in terms of what was possible. So yeah, go ahead. No,
[00:03:45] Gary Hayslip: I'm just saying, and then as you mentioned, in the, in our community, um, I've helped, uh, coauthor several books, you know, the CISO desk reference guide series.
And, and then I've written, you know, cybersecurity books for small businesses. And we wrote an executive primer that's actually for like the CEO and the CFO to kind of help them explain to them, Hey, this is how you work with a security team. And this is what a CISO does. And stuff. And, um, and then on LinkedIn, I published probably about 120 articles of different things.
I had to do stuff. And, uh, it's just really big and, you know, creating content and figuring out ways to help people.
[00:04:22] Sean Martin: I love it. I love it. You're an inspiration. Gary and very, very prolific and certainly a nugget for everyone to, uh, to chew on, uh, depending on the, yeah, for every role I can, I can imagine and every position and level.
So let's, um, I guess your, your books, um, are those an inspiration? Well, how did the books fit into thought leadership for you? Yeah, let's, let's tackle
[00:04:52] Gary Hayslip: that first. You know, it's, I mean, the story, how we got started was, you know, it's, it's kind of funny cause I, you know, I joke about, you know, over fish tacos and beer, you come up with great ideas, you know, like here in San Diego.
And honestly, that's how it happened. I mean, I met with my two coauthors. We were at a startup event. There's a large cybersecurity community here in San Diego, a lot of startups. And so we're at a startup event. Um, and at that time I was writing cybersecurity articles. How to do different things and how to be a system and stuff.
And it was for veterans, you know, I was working for fellow veterans and trying to help many of them transition and come into the cybersecurity field. And, um, and it just happened to be Matt Stamper was like, why don't you write a book? And I was like, no, that's too much work. I don't want to write a book, you know?
And then Bill Bonham was like, well, why don't we write a book? And it was just kind of a, you know, the three of us, uh, over, you know, some great fish tacos were like. Hey, that's, you know, we started kicking the idea around, um, because we all wanted to do something, you know, um, to be able to not just give back to the community, but we were intrigued at the whole process of how you would actually write and what you would do, um, Yeah, because we've got friends of ours that have written books.
And, you know, so we were, we were intrigued and we decided to take it to the next level. You know, now that we did, we decided to write a book. We actually stood up a publishing house on, you know, the Kindle desktop platform, you know, actually, you know, went through the whole thing with lawyers and, you know, and, uh, and it was, I have to admit, it was cool.
Now we're. We're actually publishing other authors besides ourselves and we've got quite a lot of books now that are published, you know, in the, uh, in the, what we call the, the CISO DRG publishing or, you know, CISO desktop, you know, you know, publishing. Um, But, you know, from a thought leadership perspective, you know, what, what I find intriguing about it now is we've been writing books since 2015 and the books pop up all over the place.
We've had it in multiple languages and roughly about 35 different countries now, um, where the, you know, the books are being published and I get people from all over the world who come up to me at Blackhead or RSA at different conferences and they shake my hand or they talk to me and they've used my book to help them for, you know, the new job that they've got, or.
They use, you know, you know, one of our books to, you know, uh, prep them for some big projects that they were doing or reporting to the board for the first time, or, hey, they were looking at doing cyber insurance. And we had a whole chapter on breaking down all the different things that you need to know.
And they were like, you know, I actually got a chance to work with legal and audit while we were looking at cyber insurance. And I understood what they were talking about and could actually provide, you know, information to them. And that's what we wrote for us. We were like, you know, we, we wanted to go ahead and start with something that we thought, you know, uh, people would use, you know, practitioners would use.
And what's been interesting is, is that, um, it's the print and, you know, ebook version. And we find people by both and we never could figure out why. And this one, somebody explained to me, they were like, Yeah, I buy the print version because I like to take notes and I keep it with me. It's on the bookshelf.
But then I buy the ebook version because I have that on my iPad. So when I'm on travel and I need to look up something, I pull it out and I look it up. And yeah, it's been, uh, it's been really cool. I mean, you know, just the people I've met just from writing the books has been, um, You know, it's been probably one of the best things, you know, I could have ever done, you know, professionally.
[00:08:23] Sean Martin: I love it. My memory serves me, which it very rarely does. I think it was Helen Patton, who I'm sure you know. Um, I believe she wrote a book and she said the book was a way to scale sharing some of the knowledge and experience that she's had. Um, it's one thing to, to get on stage and have a talk and, and connect with a certain group of people.
But if you can get a book out there and in the hands of people not in the role yet, smack dab in the middle of the role. So, looking to move on and train the next generation on that role, it's a great way to kind of scale that and, and connect with the larger, larger group. And so, uh, yeah, huge congrats to you and the crew for the publications and the platform and everything you're doing there.
I presume the articles you write are on your own, which are different than the collaborative nature of writing one or more of the books. Does that process change how you approach? Obviously an article is a smaller bite sized piece compared to a book, but, uh, how does, how does working solo compared to working in a group?
[00:09:42] Gary Hayslip: You know, it's... Well, like when we work in a group and a team and we're writing a book and it's a project, you know, it's interesting because we mind map out the chapters. We'll mind map out the chapters. We know what subject each chapter is going to be. We know what questions we're trying to answer to each chapter and then we hold each other accountable.
And then we got a process that we follow as we work on each chapter and we go through it and we check back and forth with each other, you know, uh, every couple of weeks, you know, you know, progress wise. And, um, and my whole methodology, like when I'm into it and I'm writing a book, I, um, I typically write an hour a day.
You know, I'll have it mind mapped out. I'll have pulled my research together. I'll already pretty much have a skeleton way of, you know, I've already jotted down kind of how the, you know, the chapter is going to flow the way I'm thinking of it. Um, but I'm very disciplined that I only do an hour a day. And the reason is, is that, you know, if you just write And write and write every day, you burn yourself out and you get to the point to where you hate doing it and you'll start procrastinating and you never get done.
But if you just hold yourself for an hour, you know, and so I usually do my first 10 to 15 minutes of reading when I wrote, you know, before the night before, and then I may write some more and then I'll find a good stopping point and then I'm done, you know, and um, and so it's, it's very disciplined like that.
Articles on the other hand, when I'm writing an article, it's just me. Um, It's, it's interesting because I, you know, the, um, one of the articles I just recently published on LinkedIn was about, you know, developing your thought leadership. And I talked about my process, you know, I, you know, I basically built out this matrix, kind of like a spreadsheet where I track just ideas.
You know, ideas and things that I know very well, you know, um, or things that I think would be really interesting to write about. And, um, you know, I put all these ideas together and, um, and then I actually carry that list, um, you know, on my various laptops and on my phone with me. And I'm constantly adding to it or taking things off of it.
And, you know, and it helps remind me. of stuff that I want to write about. And then, you know, when I decide to go ahead and select something, you know, on that list, you know, I set up a folder. I'll start collecting, you know, articles and different things, you know, to kind of just to refresh my memory on it and also kind of help develop the way I'm looking at it.
You know, because you have a voice, you have a way that you talk about things, and I typically don't talk at the executive 30, 000 foot level. I'm usually at the below 10, 000 foot. I'm not usually at the practitioner level. You know, I'm very technical, but also strategic. You know, I can. Talk about, you know, working with the board and working with peers and the other business units and doing strategy, or I could talk about, okay, this is about setting up a firewall and doing protocols and, you know, and, you know, going through logs and looking for, you know, doing threat intelligence, um, yeah,
[00:12:48] Sean Martin: talk to me about them, talk to me about the matrix, because I.
Yeah, I, I, I just started, uh, I've written tons of stuff, publications for vendors, white paper,
[00:13:01] Gary Hayslip: and what do we, and what you basically do is, I mean, I made the matrix, you know, I made this list and then you grade it. So each entry that you put in,
[00:13:10] Sean Martin: or are there columns of attributes that you also. Well, there's
[00:13:14] Gary Hayslip: like columns, you know, and, and each column is like a different level, you know, like if it's a, uh, if it's a level one, it's something that I'm kind of interested in.
Um, I'm not comfortable with it yet cause I don't know enough and I need to do some more research. If you know, I grade it one through five. If it's a, if it's a five, you know, if I grade it as a five, you know, I'm filling in column number five, I can speak about it for hours. I'm very comfortable with the subject.
I don't mind doing a keynote on it or, you know, going ahead and, and writing an article or helping, you know what I'm saying? So it's one through there, one through five. And then what I do is, um, and three being kind of in the middle where I know enough about it, I can speak intelligently about it. Um, I know some research that I can pull down for it real quick.
Um, but I probably need to update myself on it just because of what's current. Um, so anything that's three to five range after I've gone ahead and I've go through my whole list and I grade it and, and the, and the grades will change over time, but anything that's between three to five is what I focus on, you know, so I may have the full list and then the next tab.
It is the three to five, you know, and then from the three to five, I go ahead and, you know, a lot of times I'll, you know, low hanging fruit. I'll look at the fives that I can quickly go ahead and talk about and, um, you know, that I've, you know, that I've got research on or that I, you know, I know. Is current and I know friends like, you know, Chris Roberts and, you know, people, you know, or Alan Alford, you know, people that are, that are doing stuff already, I can just talk to them real quick, you know, and, and I'll write, you know, and I'll go ahead and I'll talk about it, but you kind of build this matrix and.
And you know, the big thing is that you're continually looking at it, you know, and then I carry an app on my phone where I'm constantly, I'll take notes, or I'll take different ideas. It'll come up in my head, you know, that I'll add to the list. Or there'll be times where I'm like, you know, Hey, this subject was pretty cool, but you know, it's.
It's been superseded by other things. And I don't think I could, I don't think I could really do well talking about that and I'll remove it from the list. But what it does is it builds you a, you know, a place where you can kind of concentrate your thoughts. And so you can think about which things that you feel you would be comfortable writing and speaking about, you know, and then with that, you can start doing research, you can start collecting things and start putting together, you know, an article or, you know, start putting together a.
You know, a slide deck or a speech,
[00:15:42] Sean Martin: but does it have to be level of comfort for sure? Level of interest for sure. Does it have to bubble up to a level of passion or can something else draw it from the list and say, this is just such a hot topic, or I've heard this 10 times in the last five meetings. I can write about this now, even though I'm not really passionate, but.
[00:16:02] Gary Hayslip: I actually will flag those that I'm passionate about because I find sometimes you can be very passionate talking about something and people will overlook the fact that you don't know enough. But yeah, which I think that's all of my stuff. You know, but, um, but, but I mean, I, I do think you have to have some level of passion just talking about something because everybody else was talking about it.
You are just squawking you, you gotta do something that you know, you like, that you, that you enjoy, that you know, you know what I'm saying? That, that, that's part of you. I mean, for me, when I write and I create something and I'm putting it in the community, I'm doing it because I like doing this and I want to help, you know, and, you know, you know, uh, Rick McElroy and I had, um, you know, I think the last time we, we actually all got together was in 2019 at RSA.
When we did that whole speech about, you know, why the CISO role sucked and what you needed to do to fix it and stuff like that. But one of the things that we had talked about was leaving a legacy. Of writing and speaking and doing things with a passion, with a purpose, you know, for the community that go ahead and bring people up to go ahead and help it grow.
And, and, you know, I mean, you can do stuff without a passion, but why? I mean, life is so short. I'd rather do it because it's something I love doing, you know, and I, you know, there's a purpose behind it. And
[00:17:25] Sean Martin: I, I feel that the, the other side of the coin, the recipient of, of the, the outcomes of that work. Uh, benefit better.
I think they'll, I think they'll recognize and feel that you've lived through something or you experienced something or you have a view, particular position or view on something that really comes through.
[00:17:48] Gary Hayslip: Yeah, and I think that's the big thing is that when you write something you really want them to be able to have the context of how it fits within their story, within the path that they're on, so that they can, you know, be better and do something with it and help them, you know, and that's, it's something that really drives me.
[00:18:06] Sean Martin: Let's talk a bit about that. So finding a way to actually. So taking it from the list and expressing your views in a way that fulfills your, your desire to share, but then also fulfills the. The recipients or the readers desire to learn. Talk us
[00:18:33] Gary Hayslip: through that. Well, I mean, you know, and some of the things I, you know, I talk about is, you know, you create your matrix or your list, you go ahead and you grade it.
You balance out those areas that you think you're going to be good that you feel comfortable with writing or speaking about. Now to speak, if you've never really gone ahead and been in front of people and talked with people and stuff like that, what I recommend, honestly, um, You know, for me starting out was, um, I did a lot of stuff for ISSA and ISACA and a lot of the local, you know, chapters, you know, in my area, you know, you know, a lot of the people, you're comfortable with them.
You can talk about a subject, you can test out, you know, a PowerPoint or, you know, basically you can test out a slide deck and a speech, you know, subject that you want to talk about. And take their feedback and everything. And once you're comfortable, make the tweak, make the adjustments and then try to move up, you know, and go to, you know, maybe you're going to do B sides or maybe you want to apply for Blackhat or RSA, or there's so many different conferences now that you can go ahead and apply for, you know, so I typically talk about.
Keeping it small, keeping local chapters first, kind of developing your style, you know, developing your slide deck, developing your topic, feel comfortable with it, and then start applying for different conferences to go ahead and get a chance to talk. Um, and you'd be surprised, you know, um, there's a lot of times they're looking for people.
You know, um, who are unknown or who coming in with new topics and so that was the way I did. It was, I kind of started that way and then I grew into that. I found it was very effective, you know, and I've now spoken to a group of like 10 people and I've been in, you know, Beijing talking to a room of 10, 000 and they were streaming it to another 2 million, you know, you.
So I've had all kinds of stuff, you know, so I mean, it just, uh, it just depends on the writing side, you know, um, I think on, on the writing side, you've got so many different options now, because I mean, you can write about something and just publish it on LinkedIn. And just ask for feedback, you know, and make sure to share it within the groups that you're in and stuff like that.
And just ask for feedback. You can decide to just go ahead and set up your own page up on Medium or, you know, a lot of, you know, blog sites like that and just start posting there, you know, and reach out to your friends, say, Hey, read this, let me know what you think. You know, can you share it? Um, you know, I've done both of those, you know, I've used both platforms.
Um, You know, there's people that like to go ahead and write stuff and then they share it on Twitter or X or whatever the hell Elon's calling it today. You know, or they go ahead and um, they get in the podcast, like yourself. The number of cyber podcasts, I think, has like increased 300 percent over the last five years.
You know, just people want to be able to talk about, you know, different subjects. You know, my thing is that there's so many different mediums out there that are available now, you know, you can start with something small and then go ahead and jump from that. I mean, I started writing and, and started publishing it, um, you know, on LinkedIn and started putting it up on Medium.
And then I've started publishing on Forbes and, you know, and I've submitted stuff, uh, the Wall Street Journal and to other, you know, uh, magazines and stuff like that as well. You know, so I mean, it's, you start small, you start growing. You ask for feedback, you adjust, you know, and again, that passion, that knowledge, you keep educating yourself.
And that, and that's the other thing I explain to people is that once you create your matrix and you got your subjects and you're starting to write and start to speak about it, it's a continuous process. It's a continuous process of adding things to it. It's a continuous process of educating yourself on those that you were speaking about and creating content on.
It's a continuous process of looking for places and platforms to share, you know, um, You know, to grow your audience, to grow, you know, people that follow you, to just for me to go ahead and, you know, push it out there and help people. And what you'll find is, um, a lot of people will just set up their own personal website and put links to all of their stuff, or they may go ahead and use something like Medium or one of these other different, you know, sites is their core area where they post everything.
And then they just share off of that site, uh, LinkedIn, or they share off of that site, uh, Facebook or Twitter or wherever they're, wherever they're sharing to. Um, but you know, that's, yeah, and that's the way I kind of look at it is you start small, start with, you know, your community, you know, the core group of people that you work with, that you associate with, that you're, you know, you go to conferences, you do things with, have them read your content, take their feedback, you know, and then adjust accordingly.
[00:23:10] Sean Martin: So thought leadership has the word leader in it. The, I'm going to say a few things here, so follow me. I like to do this. Um. To be a thought leader doesn't mean you have to be a leader. You don't have to be in an executive level role or even leading a team. It just, it can be that you're aware of certain things and passionate about certain things and you want to share your thoughts on them, or even just share that you might have un, un, uh, unanswered questions about a topic and you're seeking advice.
So I guess the first point I want to make, and I want to get your thoughts on all this, as I string them together is. The idea of what, what is a thought leader? And then in your, your LinkedIn article, which was the inspiration for this chat by the way, um, you talk about qualities of thought leadership. So maybe if you can kind of connect those two, what, what, what does one need to be?
What qualities do they, or should they possess to begin sharing thought leadership in whatever form? We, I think we spent a lot of time on writing, but it could be a presentation, it could be a webinar, it could be a speech at a conference, whatever it might be. Yeah,
[00:24:21] Gary Hayslip: I need to look at my article now just to remember what I wrote.
You know, I guess for me,
[00:24:28] Sean Martin: it says passionate as I relook at it myself.
[00:24:33] Gary Hayslip: You know, and the thing is, is that I don't really look at it as leadership, it's more mentorship. Really is what it is, you know, um, because there are people that use this and they turn this into a different career, you know, and, and they turn this into, you know, Hey, I'm going to quit being a system.
And instead I'm going to do this. And I have a passion for this. I like helping people and they turn it into their second job. And I don't. You know, there's, if people are able to do that, I don't have a problem with that because, you know, they're, you know, they're helping the community and they're, they're doing something that they love and they're not hurting anybody.
I mean, they're, you know, you know, I think it's really cool that people who've been able to do that. Um, I still like being a practitioner and working in the community and, and working with my teams and stuff, but, you know, I look at the fact that it's, you know, thought leadership is more like thought and mentorship.
Subject mentorship or, you know, um, you know, kind of like a, um, a servant leader or a mentor and, you know, some of the qualities I look at is, like I said, was that, you know, one of the things I talk about, you need to have a passion about the subject and, you know, you need to have humility. Because you're never really going to know everything and there are times when you're going to make mistakes There are times where other people are going to have opposing opinions and you can still learn from it you know i've had times before where i've had people when I asked you when they comment and they respond to my uh, My articles and my content that I have on linkedin and everything.
I'll tell them. Yeah, I I beg to differ. I look at it this way. I get which way you're coming from and dah, dah, dah. But I still look at it this way, you know, and I honestly think that, you know, you know, and you know what I'm saying, but you have to be humble, be willing to listen to other people, um, and learn and continuously learn and grow as a person, you know?
Uh, so even if you are like 200, 000 followers on LinkedIn. To me, that is, that is a blessing. It's been amazing. You know, the people that I've met and how this has happened, you know, over the last 15 years, um, and there isn't a day that I don't think that, you know, I'm blessed to have that and that people, you know, read what my content and I mentor and I talk with people out of the blue and, you know, and I help startups and I work with companies and I serve on boards, you know, and everything.
And much of that is tied into writing and speaking and being active in the community. You know, and, and, you know, and, and so for me, the, the thought leadership piece, I guess, is that, you know, don't look at it is, you know, I'm going to go ahead and be this, and people are going to listen to me. No, think about it is I've got something to talk about.
I like this subject really well, and I think the content of what I'm able to put together is going to help people, or it's going to provide more input. You know, to the subject within our community to help the community as a whole. And that's really what it should be. You know, if you, you know, get hired into a new job because of, you know, the, the thought mentorship that you put together.
More power to you. Awesome. You know, if you, um, if you, it turns into another new revenue stream, you know, for, and your husband and wife are stoked that you're bringing in extra money. Hey, more, again, more power to you. I'm, I'm not barking about that at all. You know, my thing though, is that you should be, again, it's to me, it's a, it's, it's a mentorship thing.
You know, how are you making the community better? How are you helping people? And hopefully in the process, you are also helping yourself.
[00:28:00] Sean Martin: Yeah, and I was just going to make that point for me. It's often, I'm also learning in the process of putting my own thoughts together, either, to your point, going off and researching something I wasn't quite familiar with or didn't know enough about, and even more importantly, if somebody does engage and shares their own thoughts on what you wrote or what you shared.
Different perspective, different detail, different fact, perhaps even. Um, it's all, it's all a circle of, of benefit. And I wanted to, um, Talk to you a bit about kind of the the concept of broad strokes versus specialization. I don't know. It's another Point you make in your in your article. Do you have any thoughts on maybe it's just driven by different people and what they're trying to accomplish But is it is it better to specialize or better to have a broad stroke?
Master of all trades Jack Jack of all trade. Yes What are your thoughts?
[00:28:59] Gary Hayslip: Well me and it's Yeah, and obviously I'm speaking about cyber, you know, perspective. I'm not speaking about, you know, other things. Um, I find that it's good to be specialized starting out because those were core things that you probably know really well that can get you started.
You learn your voice, you learn the process, you start meeting people and you start growing within the community. And then you can broaden out and talk about more things. If you start out, you know, with a very wide conversation. You know, and cyber is freaking huge, you know, from a domain perspective and all the different things that are inside cyber and that are being added to cyber, you know, today, it's almost impossible starting out to write about all the stuff in cyber, you know, um, in fact, it's quite overwhelming and I've had people tell me that and I told him, I said, you know, hey, narrow the aperture, focus on something right now in front of you that you know, that you currently do right now.
That you could talk to your husband or your wife or your kids about and you feel comfortable about it. Focus on that and just grow with that, you know, and then get comfortable with that, grow with that, and then add something else and add something else. You know, before you know it, you've got. Quite a large group of subjects and things that you're talking about, you know, and you, you're building a following and you're building, you know, content, but, you know, it's okay to start small.
And I, and I explain that to people, you know, not just in, in cyber. I mean, maybe you're in talking about it, or maybe you're talking about robotics or stuff like that. It's good to go ahead and start small and get your feet wet and get started, you know, and kind of develop, you know, and you may get into it and realize.
I really like talking about this over here. I'm going to go talk about gaming. Yeah. I'm all into, uh, you know, I, you know, I play Daisy and World of Warcraft and blah, blah, blah, I want to talk about that, you know, and, uh, and then maybe I'll, you know, every once in a while I'll talk about security or, you know, factor something else in there, but yeah, I want to talk about gaming.
You know, you start in one area, it gets kind of small, build it up, get comfortable with it, and then you start thinking, you know, with that matrix that you've built. What else do I want to add? What else do I want to add? You know, is what I kind of look at.
[00:31:14] Sean Martin: I was actually going to ask if you had any advice for, for people getting started. Do you remember what your first share was? Was it written? Was it a small conference?
[00:31:26] Gary Hayslip: Do you remember? It was actually written and the article was, so you want to be a CISO and it was actually, um, it was actually a joke, you know, um, and, um, you know, talking with Rick Howard and a bunch of people.
And it was like, yeah, and it was kind of a joke. We got to talking, um, and this was back in 2013, 2012, 2013 timeframe. Um. And, and, you know, and, and basically what it comes down to is, you know, some people were talking about the CISO role, it was starting to pop up more, more people were, you know, getting involved in it, and there was chatter that was going on about it, RSA was just starting to talk about it, and so I wrote this article about, so you want to be a CISO, I broke it down into five domains and kind of walked you, walked you through, um, if you're accepting your first CISO job, here's how to do it.
You know, and here's, you know, kind of the five domains or core areas you need to think about. I built the whole mind map on it, kind of broke it down. That got me invited to RSA to share a stage with Rick and a couple people. And we, um, we presented, you know, and there was probably like 3 or 4, 000 people in the room, you know, and it was fun.
I mean, you know, and that's where I got bit by the bug I was like, whoa, this is cool, you know, and but that was the first one, you know, and and honestly the And that article when I first wrote it it was actually for the Department of Defense it was for you know people in the military and people that were You know, transitioning and coming into the civilian community, and I was talking about the CISO role.
And, you know, and I basically broadened, again, started small, and I started broadening, started looking at private industry, and then I took that article down, and each of those five subjects became a whole separate article in itself, where I explored that section of the mind map, and broke through all the different things, and then that article eventually became the 30 60 90 day plan, which is another article that I got.
That I'm mining that for, but it was, that's what I'm saying is that, um, but that was the first one, you know, and it was something that I knew very well. I was in my third role as a ciso. I could speak about it, you know, I'd been already, um, and I'd been ACIO twice as well. And so I, you know, walked through what it's like to go ahead and, and get started in something I could easily speak about in my sleep.
I kept it small, just focused on that area and didn't let it branch out. I
[00:33:56] Sean Martin: love it. I love it. I've written a ton for SC Magazine and Dark Reading and CIO, CSO magazines in the past, looking at market trends and tech trends and all kinds of things. And, but my first article for me was not cyber. Funny enough.
And it was all about, uh, looking at the world of, of virtual reality and, and the, this philosophical idea that the true reality would become more sought after than the virtual world that, that, uh, I feel we're going to end up in. That's going to be a common denominator world. That's going to be boring, but I digress.
But anyways, that was my first real article.
[00:34:42] Gary Hayslip: But yeah, I mean, and it's interesting. You, you have articles that are kind of like almost opposite of what you do or what you work that do really well. I mean, I will, I wrote one on, on recruiting and it was just a rant about. How the whole recruiting process was screwed up.
And when I posted it on LinkedIn, it exploded, you know, to the point where I had to go ahead and shut down comments because I had like almost 2 million people over, you know, a month period had jumped on that thing and it was just cruel. Like, I'd say 90, 95 percent negative people were not happy with the whole recruiting process, you know, This was back in like 2018, 2019, you know, uh, I don't think it's gotten any better since then, you know, but it was just like, uh, you know, and it was something totally outside of what I normally talk about, you know, in cyber.
And I have found some skills talking about soft skills, just talking about things that you need to do. You know how to be able to work with people and how to be able to, or how to troubleshoot and solve problems. Not technical at all, you know, but it's more of how you just, you know, uh, you know, work with other carbon based life forms.
And it's, I find some of those articles actually work really well, you know, cause people are always trying to figure out where do I fit? How can I do good? How do I, how do I work with this person? How do I solve this problem?
[00:36:01] Sean Martin: Yeah. I think as humans, we're hungry for a lot of things, not just technology.
Certainly, as cyber professionals, we like the tech. Oh yeah. Um, and some of us, like me, I like the process. But, but ultimately, we're humans, we have to work with each other. And, and so understanding that too, and how we tick and how we stay safe and healthy. I know we've talked about that and Rick's talked about that a lot as well.
Oh yeah. Um, so huge part of it. So, uh, yeah, I'm glad to hear that you enjoy, enjoy those concepts too, those topics. So, uh, Gary, um, It's fabulous chatting with you. I have tons of things on my mind. I think directions we could go, but I think we'll, we'll leave it here. I'm going to link to your article on LinkedIn.
That was the inspiration for this. So some people can read through that and pick up more nuggets from that particular piece. And of course, I would encourage everybody to, let's, let's boost it up above 200, 000. I'm honored to be one of those by the way. But, uh, more people follow you and engage with your content there.
That would be fantastic. If they get a chance to visit you at a conference, that's a, that's a treat as well. So hopefully, hopefully folks get to do that. And hopefully I get to see it at one soon.
[00:37:14] Gary Hayslip: Yeah, we definitely need to be able to get together and talk more.
[00:37:18] Sean Martin: You know, I'm, I'm going to go very right back to the beginning.
There's tacos and beer that I was, I was set right then I've had them in San Diego and Newport and Laguna and productivity sores when you have fish tacos and beer, that's for sure.
[00:37:33] Gary Hayslip: Oh yeah. Definitely come up with a lot of ideas. Exactly.
[00:37:38] Sean Martin: All right, Gary. Well, thanks a million for, uh, for joining me again.
Thrilled to have you back on the show and thanks everybody for listening and watching and, and, uh, hopefully you enjoy this conversation and, and everything that Gary does. And of course, uh, please share, subscribe and, and do so for Gary and, uh, stay tuned for more in here on redefining cybersecurity on ITSP magazine.
Thanks everybody.
[00:38:02] Gary Hayslip: Thank you.