The Intern CISO: Dave McKinnon on Leadership, Trust & Cybersecurity

Show Notes

Dave MacKinnon, N-able Chief Security Officer is our guest today with an impressive career journey to share. From the early days of horsing around with a Commodore 64 to becoming a major cybersecurity player, Dave's story is a perfect blend of nostalgia and cutting-edge tech.

We chatted with Dave about everything from his tech roots to his unique approach to leadership. He has a knack for creating a dynamic, trusting environment among his teams, which he attributes to his three golden work rules; do cool things, work with good people, and have fun. Dave also shared his thoughts on secure vendor partnerships, personal fulfillment, and the importance of building trust relationships, especially during crisis situations.

Offering a rare behind-the-scenes look at a successful CISO's journey, Dave gave us the lowdown on his career path, his humble approach to leadership, and how candid feedback has shaped him as a leader. Juxtaposing his dislike for job titles with his high-stakes role in cybersecurity, Dave’s unique insights are not only refreshing, but also inspiring. Whether you’re a cybersecurity enthusiast or someone aiming to scale the professional ladder, this episode is a treasure trove of practical wisdom and leadership insights. 

Get an in-person rundown on what N-able has to offer including products, insights, networking and more.

The N-able Roadshow is visiting more cities than ever before in 2024. Take a look at our first group of locations; we may be in a city near you! -> http://spr.ly/6000RsTOq

'Now that's it: Stories of MSP Success,' dives into the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn Managed Services into the thriving sector it is today.

Every episode is packed with the valuable insights, practical strategies, and inspiring anecdotes that lead our guests to the transformative moment when they knew….. Now, that's it.

This podcast provides educational information about issues that may be relevant to information technology service providers.

Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice.

The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent.

Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors.

The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe.

All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements.

Chapters

• 0:00: Reflections on Cybersecurity and Career Path
• 4:13: Career Path and Crisis Management
• 12:51: Build Strong Teams, Positive Work Environment
• 17:03: Approachability, Security, and Building Trust
• 25:11: Secure Vendor Partnerships and Personal Fulfillment

Transcript

Speaker 1: 0:20

One, two three.

Speaker 2: 0:22

It hurt me, and it hurt me in a good way. It was something I needed to hear. What I was able to do from that was kind of figure out some of the why.

Speaker 1: 0:28

I'm Chris Massey. On this episode, I sit down with enable CISO Dave McKinnon to reflect on his passion for cybersecurity, challenges with leadership and unique career path.

Speaker 2: 0:41

What I really hope to see is MSP is really giving guidance to their SMBs about you want to be this tall and you want to make this level investment, because when you don't make the investments is when you have a really bad day.

Speaker 1: 0:54

Welcome to Now that's it stories of MSP success. We'll be diving to the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn managed services into the thriving sector it is today. With us today is David McKinnon. He's the vice president and chief security officer here at enable. 20 years of experience leading global security teams focused on cybersecurity, incident response, forensics, threat intelligent across various industries. Most people refer to him here as DMACC, though, so DMACC, welcome to the Now that's it podcast. Thanks for having me. So you and I have very similar upbringings from a technical perspective. Our parents or dads got us in to introduce us to computers. Talk a little bit about that.

Speaker 2: 1:40

Yeah, so God, I don't even know how that was probably it's seven or eight and we had a Commodore 64 hooked up to our TV in our living room, and that's where it started. So my dad was definitely a geek. He was interested in computers and Tinkered when I was exposed very early on.

Speaker 1: 1:55

You were also a car guy too at a young age and almost pursued that.

Speaker 2: 1:59

I am a car guy.

Speaker 1: 2:00

All right, it was that didn't go away.

Speaker 2: 2:02

Yeah, so I've always like when I was little I had dirt bikes and I've always liked wrenching on cars and I did consider when I was in high school actually going down that path and ended up doing computers instead.

Speaker 1: 2:13

So you said, all right, computers is it? I'm gonna go to college for it. But then you changed your major.

Speaker 2: 2:18

One day, Well, I changed my major the second day of college, so it wasn't one day, I made it two whole days. So it was weird. So when I went to college, they required you to declare a major Right and I knew I wanted to do computers, but I really didn't know what that meant. Like I was exposed to like word processing classes and things like that in high school, but it's not like it is now where you have coding classes and I'm sure there's AI classes and a bunch of other things.

Speaker 2: 2:40

For me it was like it was very limited picking. So when they were like, well, what do you want to do for computers? I was like I'll do CS. Computer science makes total sense, I'll just go do that. And then I went to my first class, which was an Eiffel class, and I was like I don't want to do this for the rest of my life. So I promptly went and met with my advisor who was kind of shocked. He's like you're changing one day. And I was like, yeah, my roommate's an IT major and that sounds really cool, I want to do that. And I made the jump and I'm obviously very happy that I did.

Speaker 1: 3:05

This is crazy. Similar story to me Go to the Ohio State University, major in engineering six different types of engineering and then one day I was like I think I want to go into computers and I took a Fortran class and I said I don't want to be a programmer. So I knew I didn't want to be a programmer and then got into a sysadmin type. Yeah, I did the exact same thing. Yeah, that's awesome. So what kind of experience did you get in college?

Speaker 2: 3:31

Well, I learned everything. So I mean, you know, some of it going really dating myself, some of it was just being exposed to the web. I mean, you know, going back to Netscape Navigator days and actually connecting to the internet or or even all the way through like starting gaming, like playing Quake and things like that. But I learned how to build computers. I learned basic networking, subnetting, routing. We really started playing with power line technologies back then. I mean this is going back now 25 plus years ago, you know, getting into databases, admin, coding. So I kind of got. I had the opportunity to touch a lot of different things so I became a really good generalist, which has really kind of helped me as I've moved into a more professional career.

Speaker 1: 4:11

Yeah, almost identical, crazy. So you graduate college and then you moved to Atlanta. Why Atlanta?

Speaker 2: 4:17

No snow. It was really simple, I mean. So I went to college in Rochester and there was a lot of snow in Rochester. I didn't have a job and I was like, you know, be nice to have a car that could be a Rural Drive and not just be a summer car. And on a whim I moved. I really had no money to my name. I managed to get an apartment. I won't really discuss how I did that, but I got an apartment and I moved to Atlanta to figure out life.

Speaker 1: 4:42

And you stayed in Atlanta. I moved to LA also no snow in Ohio and then I said no, LA's not for me, so I'll move back to Ohio, Enjoy that snow.

Speaker 2: 4:50

Yeah, I got, I moved back too. So I think I was there for seven or eight years and I moved back, and then we moved back again about eight years ago. So I've kind of bounced back and forth.

Speaker 1: 4:59

You got a job in Atlanta, though what was your first job?

Speaker 2: 5:02

So my first job was actually as a sock analyst at the SecureWorks. Wow, dumb luck, but that's where I ended up.

Speaker 1: 5:07

So, first job in cybersecurity, great opportunity to learn.

Speaker 2: 5:11

Absolutely. When I went to SecureWorks and I interviewed, I didn't know anything about security. I walked in and they, you know, we went through the interview process and I was transparent, like I didn't know what they needed me to know, and they were very focused. You know, you know networking, you know assistant men, you can code. We can teach you the rest. The other benefit of that job is I worked six PM to six AM and I was every other Wednesday, thursday, friday, saturday. So it was like the perfect schedule to be on when you're trying to move to a new, like a new city and make friends and things, because the nights that you want to go hang out you don't have anymore. So it provided me the opportunity to really read and learn and play with snort boxes and really kind of immersed myself in technology, because not a lot was happening at three o'clock in the morning and that really is kind of what jumped started my career.

Speaker 1: 5:58

So SecureWorks for a period of time, and then you had an opportunity to go to ISS Yep Larger company. What were the opportunities there and why the move so?

Speaker 2: 6:10

you know, secureworks was in a weird spot then I mean, really, if you date the company where we were at, they were figuring out what they were going to do. Like they had the eye sensor, they were kind of doing the MSSP thing, but not really doing it at scale. And you know it was during the dot com bubble, so like money was getting harder to get from a VC perspective and it seemed relatively unstable. You know, fast forward, not the problem anymore. But at the time, you know, and I had a few friends who had left SecureWorks and went to ISS and they presented an opportunity there to go work in support.

Speaker 2: 6:40

So I made the jump and walked in and it was a pretty perfect schedule for me. It was three to midnight, so I could play hockey in the morning and then I would take a shower and I go to work and I just work to midnight and repeat every day. And I came in and just learned all the different products like how did they work, you know and really kind of immersed myself more into the just the world of cybersecurity in ways that I hadn't. You know, what you read in a book isn't actually using all the tooling. So it kind of gave me the other half of that coin as I went through it.

Speaker 1: 7:07

So you moved to Atlanta to get away from the snow, but you play hockey to play in a cold sport.

Speaker 2: 7:13

Yeah, I hate the heat, I just don't like the snow. Yeah gosh.

Speaker 1: 7:18

All right, so you leave ISS, but you stayed in security. But you got into something a little different, right, it was research and intelligence.

Speaker 2: 7:28

So I had a few different jobs when I originally left ISS and I spent almost a decade there so, and I had a lot of different roles. Like you know, I worked in engineering. I worked in professional security services like I was doing pen testing. I had I got and wore a lot of different hats, which was awesome, and a friend of mine actually hit me up about an SE role. So in sales engineering, it was a brand new role for me, it wasn't something I had done before. So I gave it a shot. And the first company I went to was Damballa, which was kind of short-lived for me, like I think I made it maybe eight or nine months and it just wasn't the right fit. And you know I'm very much of the mindset, you know, fail fast. And I also had my first, first or we had our first child. So when Gavin was born I was traveling all the time and like I didn't want to be away from him. So I was offered a job with net witness to start doing more forensic type work, still in an SE role, but more just hunting, which for me was awesome. So I did that for a couple of years.

Speaker 2: 8:24

We were acquired by RSA while I was there and then I went back to more of the practitioner side. So I had the opportunity when I left there to go to ADP. When I spent a couple of years at ADP where I've I worked obviously on the IR team. We also worked on the fraud team, so we had the opportunity to sit down and look at financial fraud and things like that and really again really being more on the practitioner side, more doing the IR work. So I spent quite a bit of time there and then when I left there that's that's where I started to get more into R&D.

Speaker 2: 8:51

So I went to FishMe, which is now co-fence, and that was it was an interesting position for me to be in because Aaron Higbee was one of the founders. When he and I talked he basically said he's like I want to hire you, but I don't really know what job it's for, and we're going to figure out the job. And for me it was kind of a big leap of faith to like go to a job but not really know what I'm going to be doing. And within a few months we kind of figured it out. Like threat research moved underneath me and then in time, r&d came underneath me. Obviously I owned internal incident response, so I had to wear kind of a number of different hats but also kind of work on the creative side as well, as you know, some of the product enablement. So it was it was a neat balance and I spent a couple of years there just working with some really awesome people, and it was a great experience.

Speaker 1: 9:34

That's awesome. What? What crazy interesting experiences you have. It's. It's really neat and the I could definitely see you as a sales engineer. I also went down that path and also said the travel is too much. So you have a knack for crisis management. Where do you think that comes from?

Speaker 2: 9:50

Well, for my dad, I mean. So my father not many people know this, but he was a fireman. He was a fireman for 43 years and we always had kind of preparation things at the house. So you know, in the event of a fire I knew, like I tell you, what sure we would be able to meet in front of in our house. You know, if somebody came to us in a parking lot and we didn't know them, we had a secret code word that they had to give us. So my dad had always kind of infused that in us to be prepared for those things and I think it was kind of a natural fit. I think I'm also a tinker, like I wanted to have things work. I mean again kind of having that mechanical background and like wrenching on cars. So IR is kind of a very natural fit for me. It's it just kind of found me. I don't know that I found it and it's it's a good place to be.

Speaker 1: 10:33

Were there any points in your career that you sort of realized that this crisis, you know pressure thing, you were pretty good at it.

Speaker 2: 10:42

No, I've never looked at this, because the crisis thing isn't a you thing, it's a team thing. So I've never sat down like man, like I nailed this, like because I'm not the reason that we have like an effective response Collectively, as a team, we come together and we work together as a team and we have good success I'm not the reason that happens Like we are. So I've never sat down. I've obviously sat down and said, man, we have like these awesome people on this team, we have the right people, we have the right makeup to do, to do great things. But I've never sat down like, well, I'm the reason that this works well, Cause it's not me.

Speaker 1: 11:12

I think you're selling yourself short. I think a lot of that, though. In a crisis, some people have a tendency to get frantic and you don't come across as somebody that is like that. You have a very sort of cool head, you almost. I remember the story that we were talking about a week or so ago, where you were dealing with a crisis and you were almost sort of jovial about it. You were excited, which doesn't seem normal, but that's sort of the way you look at it.

Speaker 2: 11:40

Here's the reality. What's happened is happened. So sitting down and flipping out about it, you can't change it. But what you can do is figure out what happened. How did it happen? Why did it happen? What do we need to do? And candidly, I think that's what helps my relationship even with John. When I talk to PAGS about what we're seeing, he kind of reads my body language to say is this something that should really scare John? Or is Dave sitting back saying, no, we've got this and I don't need to worry? You don't cry over spilled milk. If you're in the middle of an incident, you're in the middle of an incident. It's the folks who can step up and actually execute, and that's who you want on that team. You don't want the people who are like flipping out, going we don't know what we're going to do because they don't do anything.

Speaker 1: 12:18

So IT is constantly changing and it seems like security, in particular, is just moving it up at breakneck speed. How have you been able to manage and evolve as a practitioner and a leader in the industry?

Speaker 2: 12:34

So I think it's that combination in that order. So I'm very hands-on. My team would probably tell you I'm two hands-on, but I like this stuff. It's fun, it's cool to geek out. I enjoy getting calls with my team talking about what they're looking at, what challenges are they having. I may not even be able to offer any insight, but I'm learning from those folks.

Speaker 2: 12:51

I've been very fortunate to be surrounded by a great group of people and that kind of comes into the leadership which is. We've built our teams out, especially here over the last years. I've been here for like the last two and a half years. What you end up finding is you have folks that you work with again and again. So even in my current role, I've got a number of folks I've worked with. This is our second job together. I have one person I've worked with. This is our third job together.

Speaker 2: 13:16

It's one of those things where, once you have that level of trust and you know that you're kind of all working towards that same goal, your team comes together in an effective manner. So it's really that combination. It's keeping your head in the weeds, and I don't want to be a PowerPoint and Excel guy. That's not what I aspire to be, although I find I do it more than I like to these days. But I do have a great group of folks who have unique insights and I learn from those folks every day, and that makes us all better.

Speaker 1: 13:41

You've built an amazing team here. I've gotten to meet and spend a lot of time with a lot of them Super smart people, great people, very little turnover, what? How have you been able to keep your team together and obviously get them excited to come to work every day?

Speaker 2: 13:59

Yes, I think there's a few things. I think part of it is having good leaders with me. You know so some of the leaders on my team have known for a long time. One of them happens to be multiple jobs with them, but I also have a really simple, well, I guess, two rules when it comes, or three rules when it comes to work and two rules when it comes to kind of a job. So my three rules and I tell my team this all the time is, you know, my philosophy as I come to work is I have to do cool things, I have to work with good people and I have to have fun. Like, as long as those three things happen in my day to day and it's not perfect, you know, perfect every day but as long as those things are happening, I tend to be a very happy individual. Like that's my happy place. And I think the other thing is really being at a job where they respect your balance, to ensure that you do have that kind of work-life balance and your expectations are correct, and that, to me, is really important.

Speaker 2: 14:49

So you know, like when I talked earlier about kind of when Gavin was born and deciding what I'm going to do from a travel perspective. Even coming here, like I was nervous I'm not going to sit here and be like, oh yeah, I had it all figured, I didn't. I, you know, I had imposter syndrome. I'm sitting here wondering am I ready to make this step? And you know, one of my bigger fears was also, like how much traveling I'll be doing and I worry about that for my team. So I talked to John about it. He was he's actually the one who kind of convinced me that this was the right move, because he explained like with his kids he makes the time to coach and that is an environment that I want people to be in.

Speaker 2: 15:23

Like I don't want you to be sitting down worrying about hey, how do I balance this? You know, somebody's sick. I got to deal with it Like you don't. Like life happens, work happens. We make the two of them happen together and I think as long as there's other three, like the three realities of enjoying what you're doing, having fun when you're doing it, and that's I do tend to be a pretty laid back person. I also hate titles, so we haven't talked about this, but you know I hate my title. I think titles are dumb. I understand that they're required for specific reasons, but I don't want anybody in like on my team or any team, really to be scared to come talk to to me or talk to us, because, because I feel like they need permission to do so. I think titles are crap and I think that's what that helps build those relationships, because there's never, there's never a hierarchy Like we're all peers, we're all on the same team, we all want to be successful and that that creates that ecosystem that I hope people want to be at.

Speaker 1: 16:16

I've heard you introduce yourself as the intern. Why is that?

Speaker 2: 16:20

Because I really do hate titles. So I, some folks on my team I have complained because they you know the new hires come to the office and they they put a meeting on the counter, like you know, come meet the chief security officer, dave McKinnon. Like stop doing. I was like put me in down as the intern. Like I really do want people to be comfortable when they're talking to me. Somebody legitimately believed I was the intern for a little bit and for me it's really to. I don't want people to see me as a title. I want them to see me as Dave, because when we work together that's what I am. I'm Dave, I'm here to help us, like we are going to be successful. So I I'm all for not actually having a title, but the intern is what I use internally the most.

Speaker 1: 16:58

I'll start introducing you to customers as the intern.

Speaker 2: 17:00

You could, I would. That would actually make me really happy.

Speaker 1: 17:03

I think you are a very approachable person, dave, and as, as someone that's only been here for two years as well, I've never been afraid to sort of pick up a phone or I am about a question, and even with a title like you have, some people might be afraid of that and you don't give that impression off, and so I think that's great that you think that way and it obviously in a role like you have around security, people need to feel comfortable that they can ask our Chief Security Officer a question if they don't know right.

Speaker 2: 17:36

Well, and the reality and the way I look at it, when we have a security incident, it's not just the security team that's responding. We're pulling in engineering, we may be pulling in QA, we might be pulling in DevOps, we're probably pulling in support. We have legal involved. When you break down all the different teams that we need to be successful, the only way to do that is by forging those relationships where you're approachable. If you're a jerk and nobody wants to work with you and you ask for a favor, guess what? You're not going to get Much help in return. So for me, it is important to kind of build those trust relationships with teams and not do it just during an incident. I was quoted at a previous company for walking me like I just want to like meet you when I'm in a good mood, because we're not in the middle of a cyber incident, because I'm a real jerk, sometimes during an incident, because it's like we have work to do and sometimes like buying pizza and beer goes a really long way with those folks.

Speaker 1: 18:24

Sure does, especially when you're in a stressful situation, and before a stressful situation too. It goes a long way. So you're not the traditional CISO path per se. How's the body of work that you've had provided you?

Speaker 2: 18:37

with such value Many miles wide and not probably as deep. So I'm a generalist in a lot of areas. I didn't kind of go the classical like go down the financial services route and kind of work my way up. I've been more of a chameleon where I've had the opportunity to kind of jump back and forth. I've also left leadership a number of times but I always seem to find my way back, but it's not intentional, it just it kind of happens organically.

Speaker 2: 18:59

So I've been provided the opportunity, even before I came to enable, when I was with Warner Media, you know, like the position grew and grew and grew and it grew with an AT&T and I've just I've been fortunate to have latched on with organizations where I could grow as an individual and a professional to become a better leader, because I haven't told you this before, but when I started I was a horrible leader, like I was the worst, and it really took quite a bit of coaching and time for me to get better at it because I just I was very immature and I didn't know how to read people and I didn't know how to relate to different personality types and traits to help really motivate those people. So having gone through all those different kind of scenarios from a leadership perspective but also from a technical perspective. It's given me kind of a pretty wide range of tools in my arsenal.

Speaker 1: 19:48

Wow, that's surprising. It's great to hear that you've been able to evolve like that, because I sure couldn't tell it. I, you know, I definitely see the way your team sort of gravitates to you and any situation, and so well done to obviously recognize that and get some.

Speaker 2: 20:05

And it's not all. So I was fortunate in that I had some folks come to me and talk to me when I was young on as a leader, and they gave me some very candid feedback and it was hard to hear. I'm not going to sit here and be like oh yeah and like it hurt me, and it hurt me in a good way. It was something I needed to hear, but what I was able to do from that was kind of figure out some of the why, like, why am I looking at things this way? And a lot of it for me was actually trusting. So I think the folks that I worked with who helped me become a better leader because I would never have gotten here had they not stopped to talk to me, like it just it wouldn't have happened.

Speaker 1: 20:36

You don't have, like an IT vendor, specific histories or even the MSSP history. So what brought you to enable so a few things.

Speaker 2: 20:45

So part of it was the culture. The culture for me was big. You know, I talked to John and kind of got the just the vibe I mean I don't know a better way to describe it.

Speaker 2: 20:55

Like it's just. There's something about this company where they genuinely do care about people and that, for me, was very appealing. You know, coming from a company where over 200,000 employees and you're a number and you also hear a lot of oh. You know, we've always done things a certain way. You know, changing it is not going to happen. And I think the other half was the opportunity to really come in and build really a net new program. We started off as a new company. We I had the opportunity to and I'm a builder Like that's what I enjoy. I will always love doing that. So those were probably the two biggest selling points I've been very fortunate and that the leadership here has been great to work with. They've mentored me tremendously because I'm still very green in a lot of ways and it's just been. It's been. What I've realized is is it's not necessarily the company size you're going to, it's more the company culture and this has just been the perfect culture for me.

Speaker 1: 21:50

So, dave, you're a big believer in transparency and collaboration when it comes to security, even amongst business competitors. Can you elaborate a little bit on that?

Speaker 2: 21:59

It goes back to what I said before. Like security is a team sport and whether you're talking internally or you're talking externally, we're all fighting the same fight. Like there is no reason whatsoever that security should be considered a competitive advantage between different companies. Like I get from an offering perspective that that's a thing. But I do very much believe that when you share information, you collaborate actively, you work inside the community. Like you get what you give, so I'm all for it. It's not an area where we should be again kind of creating walls and not ready and willing to work together.

Speaker 1: 22:32

Where do you see cybersecurity going for SMBs and MSPs here in the future?

Speaker 2: 22:38

The challenge there is the threats continue to zero in on those SMBs. If you look at, just generally speaking, the evolution over the last probably 10 years, go back 10, maybe 15 years ago, it was all PCI, like hey, they're breaking into these big box retailers, they're stealing credit card data and they're walking out. And then, with the evolution of ransomware and kind of the pivot of that into SMBs, everybody is now fair game, like everybody's on the internet, everybody has many services that are cloud based and that's going to continue. The challenge will be is how do those MSPs kind of guide their SMB customers to properly protect their castle and that's classically how we built it how do they evolve their security to support that?

Speaker 2: 23:27

There's kind of a I always joke but you have to be like this tall to ride certain rides, and what I really hope to see is MSPs really giving guidance to their SMBs about.

Speaker 2: 23:37

You want to be this tall and you want to make this level of investment, because when you don't make the investments is when you have a really bad day and it's not to say it's all about money, like it is actually a business strategy and it's a business resiliency strategy, and that's the conversation I think you're going to see MSPs having with those SMBs because it's not a dollar spend at the end of the day, it is 100%. How do you make sure that you're opening your doors, because a major cyber event could cost $100,000, cost $600,000, or cost a million dollars. Are you ready to shell that out all at one time? Can you? Does your cyber insurance cover it? Do you have cyber insurance? All those questions are really their conversation point and they're very relevant right now, especially if you look at just kind of how the evolution has moved with the SMBs being targeted or continue to be targeted. I want to say this is a new thing. It's on everybody's mind.

Speaker 1: 24:27

Interesting. So how do the large vendors that are supporting these industries respond to the changing needs and threat landscape?

Speaker 2: 24:38

So I think part of it, especially in our world, is making sure that we're partnering with the right vendors to support those customers.

Speaker 2: 24:45

What you don't want to do is throw 100 different vendors and be like, hey, go pick one, one of them is probably good, because that makes the decision process extremely difficult when it's like, all right, I need well, why so?

Speaker 2: 24:58

Versus us coming in and, I think, providing some insight into the why Like why is this the right vendor? How can it help improve your business, how can it protect your customers. And that's really where our role is. That enables figuring out. How do we make sure that not only partnering with the right vendors, but we're also partnering with secure vendors. So one of the big things we do on my team is like when we bring in somebody new and we're going through a full vendor due diligence, we're making sure that they have pen tests, we're making sure that they're securing data properly, we're making sure that they're not full of crap, like they're actually somebody that we want to put our name on as we go out the door, so that when those MSPs are looking at those vendors, there's a level of trust there so that they're making the right decision for their business.

Speaker 1: 25:39

Excellent. So, dave, we like to ask this question to all of our guests on the Now that's it podcast when did you know that this was it?

Speaker 2: 25:50

I don't know. So I feel like for every job I've ever been, in the first six months you're like man, what were they thinking? Why do they hire me? I'm an idiot. And then after six months then you start to feel like you have a little bit of swagger From a security perspective. I knew almost right away that security was the right place for me. I remember when I got the job offer for secure works that called my dad and I was like it's different, but it's cool and I like this. So I knew security was for me probably in the first few hours after I interviewed For this job. I would say it probably took six months or a year. But I'm constantly learning, I'm constantly getting better and I will tell you, as we've gone through even more and more exercises and I see the team executing more effectively, that, for me, is where I sit back and go damn, we've got it, not me, we've got it. And that's what excites me.

Speaker 1: 26:44

Dave, thank you so very much for sharing your story with you today. You have such an interesting background. It's just always great catching up with you.

Speaker 2: 26:51

Thank you, thanks for having me.