It's real. It's real.
I don't accept your recording.
There we go.
You don't accept it, OK?
A little hurt.
Well, hey, this is fun, right?
This is episode one.
Conversations by Salem, pending, you know, name change.
Uh, I think we're testing the audio.
Just downloaded zoom for the first time today, so I think.
In the future, we'll have conversations with other Infosec people, but today it's just you and I.
The dream team.
I'm excited about this.
Yeah, I am too.
Yeah, this is really what the world needs.
You know, another podcast.
Yeah, yeah, I think I listened to a podcast this morning.
That said that.
Need more podcasts?
It must have been Gary Vee
#4,500,002 or something like that.
Yeah, yeah, right.
So obviously we started a company together.
Salem Cyber, you're nice enough to wear our shirts and I was nice enough to show up like a bum today.
So I don't know, I think.
Like, let's just chat.
We haven't chatted in a while about the business and everything and.
Uh, I think there are some good stories here.
You know background, I started this company that we now co-lead a little more than a year ago.
It's been about six months for you.
You come from the business world and I guess you know why?
Like why take a plunge into a cyber security startup?
Yeah, there's a few things, so.
I think regardless of cyber for a second, there was the big opportunity for personal development.
I think I had stagnated somewhat and regressed in terms of my own, you know, kind of personal development.
I think, like many people, I had really anchored my opportunity set to my current reality and now I'm really invested in myself and I'm excited about like investing in my own personal growth and development.
So that's exciting.
I think being an entrepreneur really enables me to do that so much more.
Additionally, you know, Jon, you know, I like to talk about flexibility all the time.
It's, you know, the lifestyle change and choice that we have here is just so much different and better.
I think that the flexibility is huge, you know?
Flexibility means a lot different things to different people, but I think to us it really means like, you know, do what you want to do when you want to do it.
Obviously you still have to work hard, but being able to choose and kind of dictate things a little more yourself, that's huge.
And additionally be able to influence your own outcomes.
I've always wanted that.
I think you'll like this too. Like the ability to build.
I've always wanted to be an entrepreneur, so it's really cool being able to actually get out there and do this now.
But then obviously the last part was like, you know, the opportunity presented and you know when you came to me.
Gosh, was that July of last year? and I kind of pushed you off for a few months.
But I think that itself.
Yeah, I did a lot of arm twist things.
It’s pretty incredible.
I never really found the whole problem / solution pair that I got really excited about.
But then you came with the thesis and the vision.
Then I saw it, I understood it, I appreciated it. I didn't have to have a cyber background to really do that.
Additionally, you know there's a relationship with you and me.
We probably still be friends and it's cool to be able to jump into something where you work with someone you trust, and that creates a whole different level of opportunity for us.
Finally then you mentioned Cyber earlier, look it is a great industry.
I didn't know much about it beforehand.
It's lot of smart, hardworking, proud people out there that are in this industry and, you know, it's growing. That's a cool thing.
I've been in industries before where they say it's a great industry, but this one is obviously growing.
There's a lot more opportunity for category creation and change to happen here and then really the thesis that you brought to the table, which was in my words, you know, business model innovation.
Helping to resolve a problem that I could really appreciate.
That wasn't a cyber problem, it was a business model problem.
I really got excited about that.
Then, you know, from an economic standpoint, it has incredible unit economics.
We just gotta go drive more units and make this happen.
But you know, here's the real question you started at the top of the market, right?
Billion, you know, 10s of billion dollar valuations of companies and now everybody thinks we're heading into a recession.
So would you do it again like if I was twisting your arm today, would you come in and say like, alright, we're going.
To do this.
We're gonna make it happen.
I think the nice part with where we are in our lives, we've had the opportunity to go work elsewhere and build up not only our skill sets but also our, it's called, you know, financial backing to be able to make a little more risky choices.
If you also look at the market now, I mean the market is still hot in some ways.
It's certainly in you know it's on a downside in other ones too, but.
You know my unique set of circumstances in my last company so like, Yes, I would have made that leap now again and I'm very happy doing so and feel much different now that I've made leave though I was before.
You know, you always get stuck on.
What do you think is like I said earlier, that you know the opportunities that you have?
So you kind of view with hey, here's what I have now vs. then.
When opportunities that changes and you can try something new, you really feel like there's a lot of different opportunities going forward.
And so I would, I definitely make this choice again.
I think it's an easier question to answer when you don't have to make the choice again, right?
Like we're in it, right?
Well, of course I would.
Yeah, no problem.
Uhm, you know, I think the other thing, just to kind of keep on this vein for a while, we talked about this a lot, mostly because I become a huge a** when I'm stressed.
Uhm, what is it like being a co-founder?
Well, I think.
There's a lot of, there's a lot of positive sides to it.
First, it enables you not to be in an echo chamber.
I think you and I.
Even though there are two of us, we still experience that sometimes, but especially when you were by yourself for a while.
Like it's hard to really think strategically and have a good, you know, kind of counterweight, or a second set of eyes, second opinion, etc. on different ideas.
And that really comes to light in a lot of ways, not just where we should go, but like priorities we should have.
So I think that that's a huge boon.
There's obviously the other main thing is like diversity of skillset and ideas, etc.
I think you and I certainly have way different backgrounds, not only just cyber, non cyber, but also the functions that we've worked on previously.
So that is immensely beneficial to me.
Yeah, I think that's the part that I was really excited about was like the diversity of skill set.
Like, I'm really good at things like we've known each other for 15 or so years like, I feel like I have an appreciation for what you're good at and it's like really complementary and so like.
I was really excited when you wanted to come on board.
I think the learning for me has been, you know, we're both sitting in a chair. Right?
Like I'm a bigger guy, right?
There's not a lot of room left in this, in this chair, and in my prior life, I'm used to I feel like, in a nice way, bulldozing people.
But like, you know, I kind of had my lane and kind of was directing traffic and it's been really interesting.
Like, you know, you have responsibility.
Areas and my opinionated Ness comes out and I'm like, well,I would probably do it this way, and I don't feel like I can tell you that.
So I just like do something super passive aggressive.
It gets the same point about it, like just comes out anyway.
Yeah, you know, I thought the hardest part would be, you know, everybody warned you against starting a company with a friend 'cause it'll like change the relationship.
I think that that has been the benefit.
I think, you know, I like to tell people without.
Kind of going too far into the details that part of the value of us having an existing relationship is we can talk in more specific language than you could with others.
And then everybody says, you know, it's impossible to be a solo founder.
And that's the part that I found the most difficult, is being a cofounder.
It's like, OK, you know, together we're doing this together, we're in charge and that's difficult.
It's like a football team.
You know, you have two quarterbacks.
You have no quarterbacks and.
You know, we have complementary skill set, but like, you know, that overlap I think has been a personal struggle to me and I've been trying to improve and I ask you all the time if I've improved and you always like, you know, yeah, maybe a little bit like, OK, well, thanks, I'm, I'm working on it.
So, but that's been really interesting for me at least.
Yeah, it's certainly a struggle in some ways.
I think struggle is not necessarily a bad word, right?
You're working to improve, and so am I in many ways.
Outside of our marriages and probably some other family relationships, this is probably one of our top relationships that we have in life and get the work on it right and your work on yourself, working relationship and.
There's certainly times where I try to be like, you know, deferential, where.
Do I know the answer as well as you?
But like yeah cool let's like let's move on, let's let it happen and the the, I mean one of the benefits your personalized, your ultra-competitive and you haven't used to have that that he said second quarterback type of thing to compete with for QB1.
But I think in many ways. We're trying to really figure out our roles as we're getting farther into this.
UM, so where it's below, like, right?
Well, maybe you're the quarterback.
I might be the Mike linebacker.
We're on the field at different times, but we're doing similar things so.
Ooh, I like that we're on the field at different times, yeah.
In different ways, yeah.
You never know.
I'm going to write that down.
Boom. Look at this, therapy session concluded.
Look at it, yeah.
Other things that can be.
SEO later for our site as we talk here.
Oh my God.
If I never have to hear the term SEO again, I'd be a happy person.
Uhm yeah, what else we want to talk about? So I'm really also interested we were having a conversation the other day just casually about how it was like your experience with cyber in like non cyber roles like that's been my background for the majority of my career and obviously you know that means it get involved with all these like controls and like objectives to like try to help users be more like cyber aware and cyber secure.
Uhm, what was your perspective of corporate cyber? In your lens.
I'll try to say this in polite terms, but I think most people don't care and or are not aware of the other details.
When I thought of cyber previously. You know you don't want to be the person who opens something bad in your e-mail, right?
Like you don't want to be like on the news for some doing something stupid.
But outside that, do you really appreciate all the things that are going on?
Not really, or all the things that it takes to actually run the organization, how they're run, etc.
I think you there's generally a sense of like, hey, it's part of the IT team that they're gonna help, you know, shut things down when they happen.
Maybe they do smaller things proactively, like teach people stuff.
That's about it.
And in my sense, maybe I was, you know, not in the top percentiles on awareness or anything like that, but I don't think I have.
No, I think, I think that that's probably how everybody feels.
I had an interesting experience a long time ago.
I was working at a company. I won’t say what company.
And I got this e-mail that was a link to a survey and like the link looks so sketchy.
And so I hit like the report phishing button, you know, doing my job.
And I was talking to somebody else.
No, yeah, that was so sketchy. I reported that as phishing too.
And another person walked by who's also in the security department and was like, oh, I clicked on that, whatever, who cares?
Just like kept walking and it turns out it.
Was like fine, but it was like.
You know, it probably comes down to everybody’s tolerance for risk, you know?
It's like, is this the thing that's gonna, you know, takedown the company?
Like clicking on this survey link?
No, like I'm doing it, whatever.
Yeah, well, maybe it's, uh, maybe it’s a pen tester, right?
With the person’s role they're like. Yeah, someone also did that.
No. Yeah. OK. So.
I guess another piece I always thought about to come when I was not in that role is I think as you kind of get into more like the leadership positions, risk becomes a big factor.
And that type of business risk that I appreciate more now, normally doesn't come to the top of the list when you're not like don't have a cyber background, et cetera, you normally think of market risk, industry-specific risk, company specific risk, things like that that are related to like the business you're in and stuff like that, not so much cyber, right?
And certainly different entries get attacked for different reasons and our target differences, but that that was never on their radar, that of the conversations I had normally as part of.
Maybe that's different at some of the exec levels, but I feel like given that most executives kind of grew up in the same general area that I was growing up in.
They probably thought the same way.
Yeah, I, you know, I think every conversation about cyber is really just a conversation about risk.
I always get I'm really bad with expressions.
I always get them wrong.
So I think it's saying it's not a zero-sum game is accurate in that like you know there is no finish line, there is no like.
You know I've, done cyber, you know wash my hands about you know about it.
It's more about controlling risk, acceptable risk levels, mitigation.
Yeah, controls and monitors.
Very much like an auditor would think about controls and monitors.
Obviously the ones and zeros are very different and like the types of risks and types of controls and stuff like that and.
It's like deeply technical.
And then you're also like, I feel like in financial controls, uhm, you know, it's more about like keeping people from doing stupid stuff or like, you know, making sure people aren't like operating in the gray area or something like that.
And in cyber, there's a much more like active, motivated person who's presenting risk to you.
So like that lens is very different as well.
But ultimately it's the same conversation about risks and controls and mitigations.
I think we read somewhere it was one of those articles by Ross, but like the term health.
And I think health is a pretty good one for cyber, especially for yeah one term that's always confused me is like what they call a cyber program, but I'll leave that aside for now.
But like the health of the team, the health of the infrastructure and the ecosystems built around cyber, I think is huge 'cause it's, it doesn't mean point in time like you mentioned there.
Like it means over time and you want to keep evolving and stay healthy.
There's a lot of ways to do that.
Not just the team, not just the processes, but much more
Yeah, you know, health is interesting and this is kind of like probably an aside, but we talked a lot about burnout and I know I just posted something the other day responding to somebody else's article about burnout and I'm sure I was like way sassier than I needed to be.
But you know, I've been in cyber, right?
And so I think about all of the pressures and like cyber is a cost center and nobody really understands like the value and stuff like that.
So you know, this person recently was making a point of like, you know, there's a downturn. The cyber team is going to get cut.
But I think, you know, without getting into like, like too big of socioeconomic issues, it seems like burnout is kind of a thing everywhere and like these same feelings or a thing everywhere.
And maybe they're not that unique to cyber.
I don't know how you feel, well.
I know exactly how you felt, I don't know how you experience that in other parts of Corp but.
The 4th wall of podcasts like we just broke.
Yeah, the 5th dimension.
No, it definitely is.
That, I think, is the main reason why I felt that the problem that we're trying to solve is something I can relate to 'cause like I've been in a similar role before as an analyst, just in a different capacity.
But also, the problem is really, at its core, a disparity between volume and capacity, right?
There's too much to do, right?
Don't have the capacity to do all the things.
So then what do you do?
And people react differently.
Organizations react different to that fundamental problem that happens throughout a business, throughout non businesses too, or just other organizations, firms, another kind of phrase.
People, you know come together.
So it's yeah, it's definitely pervasive and I'll give an example, I used to be a pricing analyst and.
When I was a pricing list, we had requests that come through, right.
Not a risk thing, but more of an opportunity, but generally was kind of a deal making thing.
Or what we had to do with that.
We had to analyze each thing individually.
Well, that takes some amount of time.
How much time do you have?
Well, OK, you got X amount of time that really is relatively static, but then there was so much coming at you that you couldn't get everything done.
So what happens?
You're not as productive, you're not going to get through everything, something gets missed
The work is not great and oh by the way, your personal outside, you know what you start and burn out, you start, you kind of go downhill in a lot of ways and that creates I think what we see really in cyber here a lot of risk because when the team is not functioning.
The way it should be or each individual is not happy.
Or whatever. Maybe maybe?
Like that will then create you know, different corners being cut, etc. which creates risk.
Yeah, that's a great analogy.
It opens up so many like other possibilities like you know.
The mortgage analysts, right?
Like they see like a million applications come across their desk.
Like, are they doing a good enough job like reviewing each application or are they just going?
Like seeing something similar to this before like next move on.
Yeah, we definitely see that in cyber, right?
Like, people get stuck in ways.
I mean, I've seen whole teams like basically shut off alerting from certain sources because like, you know, if you get so many false positives from something, then you just don't trust that it can find any true positives anymore.
Uhm, you say it's low confidence, right?
I have low confidence in this source.
It's not. I feel like it's not that you have low confidence that it could detect something.
It's just like an excuse to say like, I'm just going to ignore this stuff.
Because I just don't have time for it.
So, well, and then.
Like this is someone as someone who's newer to cyber.
Like, I probably don't know the right term.
For this but Like as someone on the other side of the table.
I would think you know as an attacker or what's the right word threat actor, bad actor. Whatever the term is now, I've learned everything perfectly yet.
But you know they they're appreciating the same thing, right?
They're knowing that people are getting burnt out, they're knowing that people are going to be not looking at certain things so.
Guess what? Good place to attack
It might be harder to do.
So it might be a little more complicated or whatever the right way to phrase it is, but they're aware and that's where like, you know.
As being somewhat new to cyber, you appreciate that.
Cyber really just people versus people and technology is in the middle?
And they will realize that.
Yeah, you know, it's.
Just kind of following on what you were saying the motivation of threat actors is like so fascinating is probably the right word.
But like we've experienced and I've written about this recently too, like we've experienced a lot of very targeted like phishing and smishing -- that's a new one for you.
And it's like, shocking.
It's like, hey, like, why would anybody bother with us?
Like, we're relatively small fish. Like, shouldn't we be?
No pun intended.
We're relatively, you know, small unknown like wouldn't you focus on the bigger, bigger people and then somebody you know was like, yeah, of course you're going to focus on you because you're not thinking about cyber, right?
Like you're think while we are, but like other small companies, like they're just pulling you off a list of startups.
Uhm. And then I was also thinking as I was telling somebody else's story, it's like, well, you know, startups are generally, you know, you go through these giant cash infusions.
It's like you have poor like internal controls and a lot of cash in your bank.
Like, yeah, I guess I would have attacked us too, but sometimes you have to like put on that lens of like what is the motivation of like the group that's focusing on you and that's not always easy to do right?
Like it's not a lived experience, like I haven't been out there trying to steal from anybody, so.
Yeah, it's sad in many ways because you know, they generally target people who are more vulnerable, right, in whatever way it turns out to be right, whether its age, whether it be like immature company status or something else,
but it's also, it's also funny to like what are they going to do to try to like get ransom from us?
Like good luck with that.
We’re a very bad target for ransom.
Fun fact. We'll just start a new company.
Winston Cyber, yeah, yeah, yeah.
We'd have to start with a more aggressive name.
You know, we went with the soft, friendly name.
We'd have to go with the.
You know, it's grown on me.
Yeah, you hated our name when we started.
It started as a 5/10 for me.
Now 6 to 7 somewhere in there.
I was keeping count of how many times you like mentioned like something on the order of like when we rebrand or like you know it's a good name for now.
Or something like.
Talk about me being passive aggressive, like when I told you the name, like you could not get off how much you hated the name without like coming out and saying you hated the name.
That's also an interesting dynamic.
You mentioned earlier about, you know, the whole co-founder piece.
Like, there are a lot of things that were your baby right 'cause you started with the idea and you started building, I joined you, you know, in a part time capacity a couple months later and then a full time capacity several months later.
Like by that point, you had already become anchored to so many things that you'd worked on, proud of so many things you worked on, which is.
Great. And then It's like, well, where do you change, right?
Where do you evolve and it's always funny like well.
Is that a perfect name?
No, but like, is there a better one?
We haven't found it yet, so why you don't care about anymore?
Yeah, I'm sure we'll get like a letter from like Salem, Massachusetts at some point like.
I don't know.
We're going to get as many like witch and like Headless Horseman and like whatever, puns in before we’re forced out of this name.
Yeah, if only people knew all the different project names you had.
But yeah, I'm excited.
I don't know when it's going to happen.
I'm not even sure if they're going to tell me, when it happens.
But you know the dev team wants to add witch mode to the product.
Yeah, and I don't even know what that would do.
Like I just imagine it like cackling at me all day like.
Yeah, that wouldn't be miserable at all.
I think I'm in for like an October 30th surprise, I’ll wakeup to a cackling noise.
Well, if you need voice talent for it.
Let me know.
I practice a cackle or too.
Yeah, you gotta be the voice actor.
I got the face for voice acting.
No you've got, you've got the pretty face, you're going on all our posters, right?
You're gonna have that. You're going to be in that shirt, you know, join Salem Cyber and you're gonna have the you got the executive haircut and you know the $1,000,000 smile.
Even if you leave we’re going to have you on our posters for, like, 10 years.
Know it's gonna be like an old sun-faded like image of you.
This would be a good time for our commercial break, right just.
Oh yeah, commercial break this podcast.
This podcast sponsored by Salem Cyber.
Yeah, it's brought to you by Trevor and I.
This is fun.
You know and Maybe it's worth in like, Why the heck are we even doing this?
I think, you know, maybe our motivations are like mixed allover the place.
I was a guest on a podcast, Shout Out to Task Force 7 radio.
Uh, and I really enjoyed it.
And I was like, how do you get on more of these?
And then I was like, do I really want to go and just, like, say the same thing over and over again?
The answer is yes by the way.
And yeah, it's.
I've got five really good stories.
Then let me get through them all, and then next, next week, I'll tell him again.
But yeah, then like separately we have all these like really interesting conversations with people like who are practitioners who like are experiencing like funny situations that are, you know, so real and like so different than like the marketing doublespeak that you know, people in our position like push out all the time.
Uhm, and I just think that those are really interesting things.
And so it was like, hey, we want to do this like you know, we'll sponsored ourselves or be a lot cheaper than sponsoring somebody else is, and then we'll just get interesting people on here to tell.
Us like, you know, their war stories in their talk about their battle scars and, you know, whatever the heck else we find interesting.
I think that It's huge 'cause, you know, we've been to a number of these cyber conferences together now.
I'm sure you've been to many more than I have, besides that.
But you know I feel like there's a lot of topics that are talked about there that are relatively the same every time so those get stale.
And then there's always the really cool type of war stories that most people will never experience, right?
Like NSA, FBI comes and talks about something that is declassified enough to be able to talk about.
And then outside of that, what else happens that’s relatively new or interesting content?
And there's so many other stories that are out there, I think that, you know, happen to be analysts and their experiences happen to be whatever other, you know, blue team or engineer, etc.
And I think those are the people that we've asked for us to talk to 'cause you know those are in many ways I'm enjoy the practitioners are the majority of the industry and we're actually doing the work today and see a lot.
They're just not always the ones who are highlighted.
So I think it'll be fascinating.
If for nothing else, it will be a lot of fun conversations for you and I.
Just try not to put them to sleep.
Yeah, I know right?
This is my excited voice.
You know, if you want to hear my non excited voice, it's about like 3 octaves lower.
I always rag on you for that, but it has not come through. Like not that at all today
I was expecting to be like you know, listen to the call and all of a sudden, Jons talking and fall asleep, then that would that was it.
Yeah, I don't know I get excited about these things.
Well hey listen, we got the zoom timer came up.
I was too cheap to buy to pay the zoom subscription, sowe're getting kicked off the call here.
We are a proud, Microsoft shop.
Yeah, yeah, yeah. Uh. Teams is great, but here we are on zoom.
Question for you.
Last question, what's next?
What's next for what? That's a very open-ended question. So I think in terms of Salem and personal are different answers but I think I'll take the personal and tell you what's next.
You know continuing down that that personal development path I think I've really been spiral of things you've been doing the last 15 months.
And how you can work on yourself in terms of skill sets, in terms of things that you didn't know much about the board learning to learn about and trying things.
So doing more of that type of stuff myself and then in terms of what's next for us, I mean.
It's been a little bit less than two weeks ago we launched our first products and have gotten, you know, really strong market feedback there and good market traction and worse, keep building.
You know we've got some great team members on board with us and we just brought someone new on a couple weeks ago and there's a way bigger, better, and love to have more people on the team with us and you know, obviously we're going just hard and make this happen now and I think the thesis has been beyond validated.
I think people get it.
People see the problem they experience, probably know the problem.
They just don't always believe that, you know, AI or some other buzzword might be a helpful solution to them.
Or I think might be a fear sometimes I might replace them, but you know, we have not really seen that in terms of when we actually talk to people.
So that's. That's incredibly inspiring.
So I think what's next for us is just focus on execution and getting more people on the team and onboard with us.
To go do that, getting more partners and more friends in our community and getting out there to really, you know, get the word out but also then learn from others.
So I, I recently joined, you know this, the Charlotte ISSA chapter and start meeting a lot more people there and learn more things as you know my knowledge of cyber is dangerous enough now, right.
But it's still pretty, pretty shallow.
So want to go, you know, learn that and obviously then finally you have people in cyber like cyber, is all about people and it's much more of a community than I've felt in other industries.
In the sense that there is obviously that the common enemy, the common thing, but I think only time you really see people compete in cyber is for talent.
But that really just shows the young people, you know people are the the main piece of cyber so just gonna go more, meet more people.
What do you think next?
But back at you. It was a good opening ended one.
Uh, well, I'll probably have dinner here in a little bit and then, you know, maybe, maybe some Splunking
No, you know,
Think I agree with everything that you said, I'm really excited because we've gotten to a point where it's more about executing on the plan.
Yeah, and that feels great.
Like I've always clearly been a person who wants to bet on myself and I've always felt, you know, more comfortable when you know the path in front of me is known and it's now just like here to walk it and I feel like you know, I spent nine months wandering in the wilderness, you know, trying to figure out where the path was and, you know, you came on, which was a huge boon.
And you know, we got some resources to build the team, which is a huge boom and the machine is running, you know?
Like it's, you know, everything we thought we could do to this point we've been able to do, which is like massive.
You know, I was kind of hoping that by the end of the year I'd be on, you know, the cover of Fortune magazine.
But, you know, maybe, maybe March. No, I'm just kidding.
But yes, it's just down to executing so I think we've got great team, great motivation and drive and you know it's just on us to go make it happen.
That always feels good.
And just no one knows what's gonna happen in future, right?
And why not us?
Yeah, why not us? Cool.
Well Trevor, Uhm get back to work. No, we'll talk later.
This is fun.
We obviously talk all the time, but next time I will interview you. We will get some other insights and nuggets for you, Jon.
Oh yeah, people can play it right before they go to bed.
Yeah, alright, I'll talk to you later.