Colors of InfoSec Podcast

Episode 7 - Security with Grace with special guest and InfoSec Leader, Charles Nwatu

October 29, 2020 Christina Morillo-Q & Asif Ahmad Season 1 Episode 7
Colors of InfoSec Podcast
Episode 7 - Security with Grace with special guest and InfoSec Leader, Charles Nwatu
Chapters
Colors of InfoSec Podcast
Episode 7 - Security with Grace with special guest and InfoSec Leader, Charles Nwatu
Oct 29, 2020 Season 1 Episode 7
Christina Morillo-Q & Asif Ahmad

Episode 7 - Security with Grace with special guest and InfoSec Leader, Charles Nwatu

In this extraordinary episode, we chat with Engineering Manager, Corporate Security & Security Technology at Netflix, Charles Nwatu (@charles_nwatu) about all things DFIR, Risk, Communications and so much more. 
We talk about: 

  • His start in Digital Forensics and Incident Response (DFIR) and move into Risk Quant, Compliance Engineering & Automation. 
  • Recommendations for getting started in DFIR & 
  • Getting into security via the Cloud versus "traditional routes"
  • Security with Grace, which he defines as meeting people where they are and helping them through their respective journeys.
  • The importance of communication, storytelling, narratives, and how this helps to bridge the communication gap between security and the business.

Resources

  1. Connect with Charles 
  2. Charles's book recommendation on writing powerful sentences: It Was the Best of Sentences, It Was the Worst of Sentences: A Writer's Guide to Crafting Killer Sentences, by June Casagrande

Follow us on Twitter

Music

  • Track: Too much ice
  • Artist: Young Kartz via freemusicarchive.org


Show Notes Transcript

Episode 7 - Security with Grace with special guest and InfoSec Leader, Charles Nwatu

In this extraordinary episode, we chat with Engineering Manager, Corporate Security & Security Technology at Netflix, Charles Nwatu (@charles_nwatu) about all things DFIR, Risk, Communications and so much more. 
We talk about: 

  • His start in Digital Forensics and Incident Response (DFIR) and move into Risk Quant, Compliance Engineering & Automation. 
  • Recommendations for getting started in DFIR & 
  • Getting into security via the Cloud versus "traditional routes"
  • Security with Grace, which he defines as meeting people where they are and helping them through their respective journeys.
  • The importance of communication, storytelling, narratives, and how this helps to bridge the communication gap between security and the business.

Resources

  1. Connect with Charles 
  2. Charles's book recommendation on writing powerful sentences: It Was the Best of Sentences, It Was the Worst of Sentences: A Writer's Guide to Crafting Killer Sentences, by June Casagrande

Follow us on Twitter

Music

  • Track: Too much ice
  • Artist: Young Kartz via freemusicarchive.org


Asif:

Welcome to the colors of InfoSec podcast, a podcast and mystifying, what it means to navigate a career in information, security and technology as people of color. I'm your host and I am Christina Morello , and we're here to give you an all access pass into tech and Infosec's past, present and future.

Christina:

Hey everyone. Welcome to another episode today. We have a very special guest with us, Charles Noah , too , who is a friend, father technologies , uh , advocate and a geek. Right? Did I get that right, Nikki ? Yeah. Awesome . And so we are so excited to talk to you today. We're so happy that you were able to join us.

Charles:

Well, first and foremost, thank you all for having me here today. Uh, so who am I? Uh , like Christina said, my name is Charles Watsu. I have been in a security professional for about the last 13 plus years. I started my career out in the federal space, in the DOD , um, working for different COCOMs , uh , combat commands across the globe, Europe , uh, DC, and all parts of the air , uh, the globe. Um , now that I've sort of transitioned to moved out to the West coast, had a chance to work with tech companies, such as LinkedIn , uh, Twilio StitchFix. And currently I'm an engineering manager at a company you may know, as a Netflix, just a small company. And , um , like for my background, I started off in digital forensics and AR and enterprise security, which I describe as like, how do you manage endpoints , networks, firewalls, and things of that nature. And now I've , um , transitioning into like the risk quantification compliance automation and engineering space, which is , uh, something I'm becoming more passionate about because I believe like a GRC risk compliance. It is security. Like I understand that may be different from other people, like from hacking and all that other things, but GRC risk Boniface is a form of security. I'm really trying to promote an advocate. Bet. So hopefully a good little intro there, and I'm excited for the conversation that we're going to have today.

Christina:

Going a little bit back to the D F I R like, could you, for folks who are maybe new to the industry, can you talk a little bit about what, what is forensics, what is incident response and what that looks like?

Charles:

Yeah, sure. So for me , uh, like incident response is the ability to , uh, within an organization to respond to security events , uh, to have a team that is essentially either , um , looking at alerts or doing alert enrichment, to understand how to respond in the inevitability that something has. Um, Some times you hear it , uh, like crisis comms, crisis management , uh, but really the whole element of incident response is something has happened. What do we do to triage? What has happened? And from there, what are the recommendations and improvements that we can do to ensure that doesn't happen again? I almost think about it from an analogy perspective, like , uh, the medical professions, like you have your ambulances that come on the scene. The first thing they try to do is like, well, let's like stop the bleeding, like let's triage what we can triage and then move to a more established and secure place. So I look at incident response in that manner. Now the digital forensics is like, okay, Hey, something had ha has happened on this entity, this box , this device are there clues that we can surface that can tell us what actually happened here? Almost thinking of like the crime sleuth is going in with the magnifying glass and shuffling the paper in a digital way. Like, can we look at the hard drive game and look at the network capture? Can we, can we keep the pieces together to make this puzzle a little bit clear and say, all right , I have a certain level of confidence that maybe this is what took place. So I will , I consider that to be more of the forensics part. And I think what really intrigued me about this space was that there , there those malicious applications there's reverse engineering. There are things that it's like, how do people want to like break things through the delivery of malicious code or clicking on phishing links? And then when something goes, like ring, ring, ring in the middle of the night, like responding in a way that the business has trust, like, Hey, we know that you got us, like our incident response team got like they have our back. And the other thing I like to tell about incident response is that I consider it to be like the octopus of the organization. Like since so many incidents are happening, it could be a great data point to understand, like what's the, the current maturity level of different parts of the business when it comes to security or operational challenges. So it's a great data point for having security teams to understand like what's going on, how are the investments we're making, improving our ability to , um , minimize our incident exposures?

Christina:

I say to the risk conversation, right? I think that like leveraging that experience that you've had thus far and, you know , transitioning into the risk and GRC space is phenomenal. You can't teach that you can't take a certification for that .

Charles:

I don't , I'm not sure. I mean, if there is, I'd be very interested to see what's in those books. We might have to write one out of

Christina:

Ideas through the Trello .

Asif:

Charles, I have a question for you, right. What recommendations would you make for someone who's out there? Who's passionate about security. If they wanted to get into the DFAR space, what are some recommendations you make to them? So I would

Charles:

Say like the, the journey I went on , um, the experiences I had was mainly from like getting from like the SOC analyst is normally the path that I've seen. Um , and other individuals I've seen as successful in the space sometimes come from a traditional systems administration background from back in the day, like managing , uh , windows environments, or Linux environments or Mac environments, and then transitioning maybe to even cloud environments, because there is a distinction, I would say, doing incident response in a, in an enterprise enterprise facility versus doing incident response in like a cloud infrastructure based environment. Uh, there are , there are some nuances there in terms of like doing something in AWS or Google cloud platform or Azure versus something you would look at maybe from your end points or your traditional networking infrastructure and things of that nature. So to get into this field, like I said , I would definitely look for the entry-level SOC analyst job. Cause I think those are , um, from what I've experienced, those are the ways that I got in. Um, I'd definitely be interested if you all have seen any changes in the industry with regards to just the entry level positions within security, in terms of SOC analysts. I'd definitely like to hear your thoughts, but that's, that's the experience that I've been aware of? Well , for me, for a lot of the SOC analysts, I see them now going that ethical hacking route. And they're trying to get that ch which a lot of people in the industry frown on that certification for whatever reason. I don't know OFCCP . I know that's becoming a very, very hot topic amongst the SOC analyst and the guys that are in gals that are trying to get into that , that space, especially in the IRR space to the DFAR space. Um , sometimes they like to go vendor like an in-case examiner or something else like that. But I see these other organizations are trying to build up the pen testing and I see that's the , that's where I see the industry going

Christina:

Too , because I noticed that a lot of you mentioned something about like the difference between operating at the enterprise level, right. Or like on premises versus in the cloud. Um , and there is a difference and I think that people forget or miss that nuance. So I am seeing a lot of companies like big organs and organizations like Microsoft and potentially Google and AWS hiring a lot of folks to focus on like are in the cloud, right. Specific to the cloud. Um, and then, so I see that as another entry way . Like if you can get, you know, if you can go in a technical program manager position or working within like the product engineering groups of these organizations, it's another route to getting in , um, you know, you, that you can build upon, right. It's not end all be all, it's just another creative way, a way to get in, but there is a difference. And I think that people miss that, people think that because they know on premises that , um, they're automatically going to know the cloud and vice versa. And I'm here to tell you knowing both and having hands on experience in both that, no, it's not what you think. Um, it is a great foundation, but there is a kind of ramp and different learnings. And it doesn't even if you've been in this space for over 20 years. Um, but if you've only touched on premises technology, you, you don't automatically know the cloud. It's not like a default, you know, it's similar to like, just because you're a developer doesn't mean that, you know, everything's security, right. Like I think that's also another misconception. Um, and so, yeah, I'm glad that you, you, you touched that.

Charles:

Yeah. And , and I would actually say there's another point that I sort of forgot to call out. Um, when I got into like the information security profession, one of the things that intrigued me was this idea of, of , um, like, can I create generational wealth for like me and my family as I started out, like with my wife, when we first got married, it was a career , um, pathway that when I saw like the growth in terms of salaries and the projected spend across like the decades, I was like, ah , I'm like, maybe there's something here that I can actually like do and work and live modestly and be like, okay, like , like this is a place, so I'm not going to lie part of it. There was some money involved in, in addition to like liking what I do as someone , I really do believe that , um, cybersecurity information security, this whole domain, there was so many sub domains within it that require a specialty that I think it is , but it offers so much to individuals that are willing to find what they can, I guess, pull across and then claim as their own and then drive and mature. That

Christina:

That's an amazing point. And I think it's, you know, I think we, in the industry, we do a bad job of like admitting to the fact that like, Hey, the money can be good in most cases and , um, or actually better than good, right. Depending on where you live. And so that's, that's, that's a motivator and I think it's okay for that to be a motivator. Um, I'm going to have to talk to you about the generational wealth thing. I need some tips and tricks here because , you know, I got children's , but , um , yeah , I think it's important. I think it's important to be transparent about that and not make it an like an exclusive kind of thing, you know , um, with, with a lot of like hard requirements about in order to move into an entry to the position, you have to have 85 years experience. And the example that I always like to make about having, you know, 13 years experience in a two year old technology right. Versus that critical thinking skills and stuff like that.

Charles:

So, yeah, I , I definitely am an advocate for the critical thinking skills. And an earlier part of my careers is understanding like , you know , how things work. Um, one of my friends, Aaron Rinehart always talks about like complex systems. Like things are always complex, but how do you will get them in a way that you can sort of break them apart and understand the complexity? I don't think things will get easier. I just think things will be more complex. And it's our ability to understand that complexity and sort of test that complexity to understand like what's actually happening. Absolutely you and D F I R for a little bit, then you started to go and get more on the risk side and started making that your day to day . So can you talk about some of the challenges in that transitions, some of the positives and some of the pros and cons? Yeah. I like to say like my risk journey, I'm just probably maybe six to nine months into it formally, but I think I've been doing a lot of it throughout my career. Um, I think one of the challenges that I've noticed is that , um, in the sense of risk quantification, you're trying to reduce your uncertainty about a security event or security investment. And at times I believe as security practitioners where we just follow this, this, the standard of wanting to build a security team are going to have an AppSec team. I'm going to have an incident response team. I'm going to have , uh , a corporate endpoint security. There's all these things that we just inherently have been told we do, right? How do we take a step back and understand, well, how do we know this stuff is actually working? How do we measure these things? How do we actually can talk about the value outside of InfoSec or the cybersecurity space to individuals who may not have the working knowledge in this space? So how do we create that language? Because the , what I've been, what I've been harping on now is that communication matters. Words matter how we frame the narrative of security and the investments we do, the outcomes they provide matters. And if, and if I can't figure out a way to talk about risk in a way that decreases that barrier of entry, I am not doing my job and I'm not doing a service to the security practitioners in our space. So I've been really focusing lately on , um , like my risk is mainly been shifting on how do I talk about this? How do I talk about this in a way that I can give it to you all? Is it like I get what you're trying to do here? I get the measurements, I get your key risk indicators. I get how you're using these things to drive new decisions or understand the decisions you've made before and or how to prioritize the work that's already ongoing. Like that's where I've been at. Now that transition to me is more of a formal acceptance that, Hey, there is a way to potentially talk about this that has a standardization across different fields. And that's what excites me now. Like I, if you see my Twitter feed, I was like risk compliance, engineering, compliance, automation is security. Um , I'm very admin about that. It does support security. So I'm , I'm really pushing that narrative moving forward.

Christina:

And I think one of the ways is really to understand the business. Right. I think that we tend to forget as information security professionals living in these bubbles or in our own bubbles that , um , we are there to protect the business. And, you know, for, for those who remember the beloved CIA triad, right. Um, we need to ensure that at all times. And so again, making it exclusive is not really going to help any anyone. Right. So we have to go into whatever business and understand the actual business, not the security and the technology, like that's important, but in addition, and in parallel, we have to understand what is, what does this business to like, you know, for you? Like, what does Netflix, like, what is their business model, right? Like what, what is it they're really trying to protect against? What are their key metrics are from a business perspective and what are their goals in the next five to 10 years? And how do you leverage your skills and experience and expertise to get them there? Right. So you're helping in parallel. And you're not saying , you know, you're not, it's not about blocking right. Or becoming the blocker in , in many scenarios. And I think that we miss that because we were so involved in like taking the certification and this technology and this technology, and like becoming like , uh , we , we automatically become a barrier. Like we become the, the , the naysayers and the nose to the business. And so then the business loses that like level of respect, like, well , they're just there to say no, and to be a blocker. And that's kind of like the unfortunate truth. I mean, we all know it, right? Like, and we're all trying to change that narrative, but it's, it's been, it's been like a big part of the reason why security people don't get budgets. Right. I think the communication piece is missing Mike , because if there's no, if the business doesn't understand the value prop there, then they're not going to want to spend additional money. They're going to say, Hey, we budgeted a million dollars for the year. That's all you're getting be like, that's , that's it. Like, you're not getting any more because we're not showing that value. Right. And we're not aligning our goals to their goals. I know

Asif:

The funny thing about risk and what I do is a lot of the times that the chat , the biggest challenge, but at risk for me, isn't usually the business per se . It's usually trying to explain to the technical folks, right? That these, these things that I can kind of alluding to what Christina was just saying, like the business kind of gets risk. They understand that . And they're kind of programmed to think in that, in that realm, in that field. But I sometimes feel the challenges trying to tell my technical guys and gals, my technical folks, Hey, listen, these things driver , if these things mitigate risks and these things, you know, we can transfer it. It's trying to get that message across to the technical folks has been a challenge for me. Have you seen anything like that? Have you had some struggles like that, Charles? Yes. If you want to answer it . Yes. And sort of that I look about this , um , I was watching power and , um, one of the characters made this comment about it . I don't know where it came from, but it was probably something famous, but I just watched it in the context of the show. He was like, if you're looking in front of the forest , you only see the obstacles that are in front of you. But if you're able to see the top level view, you get to see all that the forest covers. So when it comes to risk and talking about risk , I've noticed that the experiences that people have had in the past come from an audit standpoint, like they're, they're, they're , they're receiving risk as like, you're about to audit the, that I do to

Charles:

Either tell me that something's off or something's wrong. We're talking about risk quantification. What we're trying to say is that we understand your past experience. We want to change that experience. And this is how we're going to do it. We are looking to understand, as you are the subject matter expert in this space, we want to capture your experience in a , in a mathematical way. So we can say, yeah, that investment you're doing over there around PKI or end to end encryption. Like we understand that it's protecting a critical data store. And we want to understand how we can demonstrate the risk of that loss happening by measuring the investment that we're putting in. So by no means, is it for us to come in and audit and say, wait, what? You're not or not doing. We in fact, want to better understand what you're doing and how you're doing it. So we can actually call out how it's driving down risk. How is driving down the , the , uh , the potential amount of loss the company could experience if this, if an event happened in this space. So it's really just like what we are finding that we are crew we've run into people that are, that are defensive. And I feel it's my job to say, okay, let's walk back is all right, coming to the risk fam you know , on down, tell you what we really hear about. So I think an element there of just changing people's experiences and ensuring that we're not here to audit you. We're actually here to highlight the work that you're doing, and then tie it back to the business and risk loss . So we know we're making the proper investments. So I think once again, there's reiterating communication, communication, narrative, narrative, narrative, and this sort of ties into my thing like security with grace. You gotta meet people where they're at help them to get through the journey. And I think as a practitioner, like my job is to understand where people where they're at and then figure out how I get you to where I need you to get to, how do we walk this walk together, help me help you type of thing. So I'm all about that type of work.

Christina:

Do you feel that that's one of the important qualities of moving from like an individual contributor into leadership? Like that ability to kind of translate right from one context to another and then tie things back together multiple times for multiple audiences is one of like the core qualities of a leader in information security, because I know we have a lot of conversations about, you know, there aren't many of us in leadership roles and knowing that you are one of the folks that, you know , isn't , um, you know, a pretty impressive leadership role at a great company. I'm always curious to kind of understand, you know, how to get there and share with others. Obviously,

Charles:

I think this is, this is the, I call the challenging part of where I'm at in my career. Right? And I look at it this way. I'm being honest. I never wanted to be a manager or a leader. I did not, I wanted to be an IC . Um, but when I was at LinkedIn , uh , my group said, Hey, like we went Charles to be a leader, like our manager for our incident response group.

Speaker 5:

I was like , that's not what

Charles:

Something to be said. And I think why my director at the time, Corey , Scott would talk to me and say, if you're able to impart on people, your thinking and create leverage, where you can be a force multiplier, that as a leader can provide you a different fulfillment. And for me, once I truly started to embrace that fulfillment of how do I create the right models and framing that allow people to take that and apply that to their work and be successful and create those force multipliers. Like once that aha moment happened for me, I was like, know , managing is not bad . You have those people elements of it. And I get that. But then there's also in different companies like leadership does not have to be people driven . You can have the expertise of a technical leader without managing people because of how maybe you solve problems, or you're able to piece problems from different parts of the business and understand the technical solutions that exist. So I think from a high level with regards to like, what does leadership look like? There's of course the managerial side of like empowering teams to be better and , and understanding the skill sets within the team and leveraging that for the business. Then we have those technical leaders that are just technically adept in awareness of what the business needs. And then as you're mentioning , how do we get into those roles? Uh,

Speaker 3:

Sometimes it's just, I personally was like , my was just because of the fact that I just treated people well, and they recognize that as something they wanted on a day-to-day basis. I don't know if I have the answer to say, like, this is the key of doing this, but I do believe that in my role, I put this on me. I have an obligation to promote those that are underrepresented across this space, into positions that allow them to become managers, leaders, or if they're already ICS, how the heck did we get you a pathway to being a leader? If that's your path that you would like to go down a leader, or whether it's a people or of a technical leader , uh , in a space that you're very well versed in. Uh, so I always try to drive, like getting those partnerships, those mentorships, even those sponsorships from people that can help you promote to the area that you want to get into are very, very big for me when it comes to like getting to those managerial or leadership type of positions . Because like I said, I didn't want to be a leader or a manager. I was sort of like offered an opportunity because people around me say like, this would be , would love to have you do this for us. To me, that was just the ultimate compliment. Why is that ? Okay. Like, why wouldn't I sort of move into this area? I just didn't know at the time that it'd be like a real source of joy for me.

Christina:

Wow. That's awesome. That's an awesome discovery, too.

Asif:

An awesome too , for you to share that with us. I appreciate that. Um, I also heard you mentioned something that you , uh, you believe is security with grace. Um, just to give you a little bit of my experience, a lot of the times I experienced security with fear and the type of industry you work in, right? So for you to, for you, you're really an outlier here because the way you're approaching it, and I'm very interested in hearing more about the security with grace. Can you kind of explain it to me a little bit more?

Christina:

Yeah, of course. And did you trademark that yet?

Charles:

Anyone can help me with that and what the process is, please hit me up, but to be quite honest, my wife , uh , gave that to me. Uh, she said , when she talked , she always talks about grace in the human experience. And she always says, Charles, like, you're going to meet people throughout this life that are going to be at different paths . And it's for you to really recognize where they're at on that path. And are you willing to help them or do you see how they can help you? Are you open enough on both of those spectrums to say, Hey, there's something for me to learn here. And when I applied that to security, I took a step back and said, you know, like you mentioned security with fear. That's a , there's a pit inside you that you don't want to , to operate from. Like, why can't I operate from a place where, Hey, how can I help you be better at what you need to do?

Speaker 3:

How can I create services or our pathways that allow you to just understand security? How do I make my interaction with you? Like, Hey, you clicked on this, this phishing link. That means you're bad. Like, no, like there's, there was an error here and there was a failure here. And my job is to help understand that failure to better out to allow those individuals, not to experience that failure again, or if they do the outcome is , is less impactful to them. So I always think about security with grace in the mindset of, you know, how do I help people to get from point a to point B? What role can I play in that? I want to meet you where you're at. I'm not trying to belittle you. I'm not trying to undermine you. I just want to understand your experience with security. And my job is to just improve that, or at least give you a different perspective of how security can be accomplished. So I really, I really take pride in just being more of a people oriented first and then building, helping teams build solutions that help just get security in a better state. So security with grades for me, once again, it's just about meeting people where they're at taking the time to really hear and understand them. And if they're like, I don't want you to have that experience. One of the things I can do to help you

Christina:

Of that, about meeting people where they're at. I always tell people that as well, like, you know, just as a security professional, like that's my job, right? Like I have a responsibility to meet you, where are, whether it's an enterprise , um, in an enterprise capacity or in a consumer capacity, like meet you where you are and then help you get better and that , how do we get on that journey together? Um, but you know, I , I wish more of us thought that way, right. Instead of making, making up these, like making these barriers to entry,

Charles:

I think I'll go out on a limb, a be a little spicy. I think that we do. It's just that we are, we may be, we have fears to actually exercise that in the people around us. That's a good point that they're making a cost that we're willing to not pay to actually have that happen and who is willing to pay that cost to make it happen. Because I can also say in our security field, you know, we can be a little , uh, we can be a little rigid in some areas about things and how do we promote different thoughts, different perspectives without saying like, Hey, you're crazy. You're not supposed to be doing that while you're not doing it this way. Like, like, can we challenge thought in a healthy way? And I'm saying, that's the prevalent, I'm just saying like, could we do this? And the reason why I bring that up is because lately I've been thinking about , um, storytelling , um , and being at Netflix, there's a lot of talks about like, how do you tell stories? Um, and how do we use information security, data, cybersecurity data, to create stories that people can understand versus just hitting people like 56% of people clicked on phishing links.

Christina:

That means nothing ,

Charles:

Probably a story there around like, Hey, meet the person who had some anxiety and was assure to determine whether or not I should click this or not. How do I help reduce that, that pain or that anxiety? What , what, what, what types of overlays or security , um, investments can we make to help that experience? I don't know, but we always focus on, Hey, they , the 56 people that clicked it they're wrong. Like, no, no, no, no, it can't be that way. We gotta gotta be better at that.

Christina:

And also putting the blame all on the user, like, right. I take issue with that. Like, I don't like the whole kind of narrative around, you know, the user is the problem or like the users are weakest link. No, you know, on the, quite on the contrary, I think the users are , um, first of all, I hate the term users, humans, right? Our colleagues are our greatest, our strongest link, but to the point of storytelling, I think that's super, that's super important. I was actually, I think I was talking to you. I said the other day where I was telling you, like, I really want to take like more of like a storytelling or like even looking at journalistic type. Like I don't, I don't know . I was just trying to like, how do I understand how to tell better stories? And I was doing this class from Pixar, right. Just to learn how to tell better stories. I think that's super, super important. And I think that it speaks to the point that , um , we always share on this podcast that, you know, you can't expect to solve today's problems with the scene thinking that created them, you know, because you need to think out of the box, you need to be unconventional. You need diverse teams, perspectives, ideas, and you need to get comfortable with just being uncomfortable. Right. It can't. We have to get rid of the, we've always done it this way mentality. Right. Overall. So I really liked that. But number two, listen, if you work on a Netflix special for information security professionals, okay. I want to come back out. Okay. I agreed experience. I want to come back out. I want to come back. So ,

Asif:

So Charles , um, I think that was, that was amazing as far as you sharing that perspective with the salt , as we all know, this month is a cyber awareness month. So do you feel like there's anything that you would like to tell people or tell, share with fellow professionals in the field , uh , about, about this month or there's things or any tips or ideas you have that you'd like to share? I think the number one thing for me is just, you know, password management , um, whether you're a one pass last log-in like this just, just do better. Like right now , I'm not trying to ask for a lot right now, just do better. It's just make a little improvement, get some, did some complex password phrases that you could remember that just, just do better. You know , this start there on, this is the basic hygiene of your accounts.

Charles:

Like do those password manager managers and just use those things. They really do help. Uh , they have mobile, they can hook it to your browser extensions. There's so many great ways to use them. So I'm gonna say start at the basic, let's do better password management, that's all. And then to , I just wanna address something that Christina brought up about the storytelling I've been stressing communication this whole time. Um, my, my current boss , um , Brooks Brooks, Avins here at Netflix. He always tells me like Charles, as you're thinking about writing, I want you to think of three things, one brevity , uh , being concise and precision and sentence structure, sentence development , uh , transition traditional words are very big and I've been reading a book and it was going to drop this year. It's called the, it was the best of sentences. It was the worst of sentences , uh , prevalent budget, this last name , but by June 1st , Casa Grande day. Um,

Christina:

We'll look into that. That sounds amazing. Yeah .

Charles:

It's been a very helpful guide in terms of helping me improve how I communicate rollerbally. And as I mentioned before, as I've moved into my career and more of a manager leadership role, like being able to articulate my positions in a way that organize my thoughts and then helps inform my readers, I think is the beauty of writing. And hopefully as I transitioned into storytelling,

Christina:

I didn't think I was going to be like, I , I was already inspired by you, but I didn't think that I could get even more inspired by you. And I'm just listen, can you be like our mentor sponsor a friend's number? I know, I know I'm just Katie.

Asif:

Well, he's definitely a friend of the show from here on out. So I think we both, it's very, very inspirational, Charles. I, I, I was definitely moved by a lot of the things that you said. I definitely, I learned a lot. And , um , that's one of the great things about doing this is being able to meet people like yourself is it was truly an inspirational talk. I, I enjoyed it. Like I said, thank you too, for having me give me the opportunity to just break bread with you. I wish to continue doing this more with people within our community and our field. I really do appreciate it. And I thank you. And please always reach out to hit me up. My Twitter DMS are open. I was like talking to people. I like to stay behind the scenes, but every once in a while, people pushing me out in the front. So I want to go back to my hermit crab mode and the go go hiding .

Christina:

Well , not today. Today. Today's share the mic in cyber . So Charles is one of the great practitioners is being featured and amplifying today. So definitely follow that hashtag today and after today or any day, right? Cause it's going to live forever, live on forever. So yeah. Share the mic and cyber on Twitter and go back into your hermit crab. We need you. We need the greatness.

Charles:

I will do my best

Christina:

Things to you. If you enjoyed this episode, don't forget to rate , subscribe and share. You can find us on Apple podcasts , Spotify, Google podcast , among others. Follow us on Twitter or Instagram at colors of impulses. Thanks for listening.