Episode 13 with Jimmy Sanders

Narator:

Welcome to Cyber 909, your source for wit and wisdom and cybersecurity and beyond. On this podcast, your host, veteran chief security officer and Cyber Aficionado Den Jones taps his vast network to bring you guests, stories, opinions, predictions, and analysis you won't get anywhere else. Join us for Cyber 909, episode 13 with Jimmy Sanders.

Den Jones:

Welcome everyone to another episode of Cyber 909, our adventure into the world of podcasting. And every week? Every week, yes. Almost every week. We're recording these now and every week I bring on some great guests that I find from deep within my network and they join and we have good conversation. We try and keep it chill and easy and I am blessed. This guy is a hard ass to nail down man. Jimmy Sanders. Jimmy, welcome to the show, and ex Netflix. And now you're the president of the Global Worldwide ISSA organization. You want to, why don't you introduce yourself so I don't screw it up.

Jimmy Sanders:

Yeah, so my name is Jimmy Sanders. It's great to be here. I'm the current president for ISSA International. I've been in the IT security industry for over 20 years and previously to ISA international of being the president. I was also running head of security for Netflix DVD for over nine years. So it's great to be here with you, Den.

Den Jones:

Yeah, excellent. Yeah, thanks for joining. It is funny, you and I catch up every now and again in these industry events or some ISSA things or SPIRE One and some of the other stuff that we all get involved in or the odd golf, the old golf event. Yeah. Yeah, that's always fun. But I've been trying to get you on the show for a while. You're one of the charismatic people in the industry. You got the charm, you got the weight, you got the wisdom. So for me, I'm like, man, Jimmy's the kind of guy we want to bring on. I'm sure he's got a gem or two. So let's dig into this. Let's go through your career journey. So what got you into it and security?

Jimmy Sanders:

Yeah, so it is always funny because when I tell people, when I get on stage and I do the big conferences, you show your slide and your slide shows you where you went to school and what the companies you work for. But the one thing that my slide generally doesn't show is where I went to school before I went to school. And so before I actually graduated from San Jose State, I had actually started my career in nine three at University of Houston, flunked out, moved to California, went through about six to eight junior colleges before I finally got my associate's degree in computer science. And then I got my double major in psychology and behavioral science at San Jose State. And while I was at San Jose State, I was taking, before I got to San Jose State, I went to a school called Chabot College and I was taking the computer science classes and I was getting frustrated with my computer science classes because as I was taking my Oracle A to I class, Oracle changed the way they did Oracle.

And so the book was no longer relevant because it went from beta to final product. And as you know in software, the beta product is never the finished product. But when you're in school and you're thinking you're learning something, you think what you're learning is static. And that's the one big schism that we have with the education industry and the professional world is that education, they give you a book, the book is good for years and that's what you learn in software. Things change on a dime all the time. And so I started off in nine, nine as an intern in it and in 2006, so I went that became an IT manager and then 2006 of one of my friends was walking around and was like, oh, I'm looking for somebody to do the security engineering position. And I said, oh, I can do it. And so I've been doing IT security, running security for company since 2006.

Den Jones:

Right. So you had been going off on a couple of tangents here. December 99 is when I joined Adobe. I was a contractor back then doing it contracting work and I think I'd been in the industry at that point for about eight years. I was had done manufacturing and stuff, but I got into it. And computers, I love music and you can see I've got some music gear behind me and one of my best friends in Scotland, he had lots of music gear and that's the impetus for me. I didn't really give a shit about it. Right,

Jimmy Sanders:

Yeah.

Den Jones:

But what was the impetus for you? What was your little trigger that made that be the thing?

Jimmy Sanders:

So growing up in school, I'm originally from Texas, and so being a black person from Texas who was smart and was good at athletics, people used to always say, you don't look smart. And I used to always wonder, what does look smart even look like? What

Den Jones:

Does that mean? Yeah, you don't wear glasses.

Jimmy Sanders:

Yeah. Yeah. So for one year I actually wore a fake glasses to see if it would stop people from saying, you don't look smart, but obviously they still said whatever they wanted to say because you have preconceived concepts. So I was good at math, so I thought I should go into engineering. I went to University of Houston to study architecture and mechanical engineering. I was bored out my mind, and so I just got bad grades because none of this stuff. Interesting. Moved to California, I'm going to a lowly junior college, and I take a class called Intro to Java, and I also did intro to Visual Basic and a light bulb just clicked, I love this. It was just immediate. And so I just started taking every computer class I could. So when I actually made it to San Jose State, I had a hundred credits, but you can only take 60 with you because further transfer. But most of those credits were just things that once you fall in love with something, you realize you have the passion, you don't.

Den Jones:

Yeah. Well, it's all about, I mean that's the thing for me, there's got to be some passionate drive that makes you sit up and pay attention now. But you graduated double major psychology

Jimmy Sanders:

And behavioral science.

Den Jones:

Yeah. So what got you in that path?

Jimmy Sanders:

Because I had had my associates in computer science, and so for me it was always about, I was always thinking about the adversary and the way the internet works. I would never work as hard as the people in China, India where they're getting paid cents on the dollar to do the things that we wouldn't do for $20 an hour. How do you compete on the global stage? That was the thing I was thinking of at the time. It's not who's the most technical, who can outthink that person. I used to always play chess and do those things. So I was like, okay, let me figure out the mind game. Because I always had visions of getting into management. Obviously at the time I wasn't in management, but I always had visions. So I was like, what would be the thing that would help me the most? So understanding the way that people think and the way I can use that in my skillset.

Den Jones:

And so as you got into management, what was that driver? What was the trigger there that made you think, shit, I should do this?

Jimmy Sanders:

Yeah, first understanding that they're not out to get you. When people tell you no, they tell you no for a reason. And that's where the psychology part comes in. They may say no because you're killing their sacred cow and they don't want to lose that, but nobody comes to work and says they're just going to, they don't have you in mind when they go to work for themselves or as an employee. And so for you to take it personal to think that they're out to get you, you're not playing the game right yet. And so I had to figure out what was people's motivations and how to align those motivations or align my motivation so that the company wins. And that's what made me want to get into it of because I got tired of, I'm the type of person I hate not knowing how the decision was made, I guess. Because if you're not in the room, they just give you an order that says, okay, build this widget, and you just go build a widget. And for some people that's good.

Den Jones:

And the one thing, and you mentioned earlier about people thinking you don't look smart, there may be preconceived notions of people's view and the diversity angle on that one, right? Oh yeah.

Jimmy Sanders:

When I first got in the industry and I first started attending conferences, I would easily be the only black, only Latino person in the room. Luckily there were some Indians, there were some of Asians and Europeans and white people. Women were still not as represented, but so diversity was always a,

Den Jones:

And I don't always like to dwell on the whole thing, but I've had quite a few females on my podcast as well. Really brilliant female leaders. And I do love going down there only because I'm not going to say privileged white guy. I mean, I grew up with humble backgrounds in Scotland and stuff, but I am a white guy.

But I once had people turn around to these two American guys that I worked with at Adobe, and they're somewhat friends of mine still, but they turned around and said, I only got what it did because of my accent. Now that that is probably the lowest level of bullshit abuse you can probably take. But for you growing up, and what I'd love to do is twist it to a positive for people in your shoes, from your background, your ethnic background, what advice would you have for young aspiring black people that are growing up that just want to kick ass and take leadership roles on? What jams of wisdom could you share with them?

Jimmy Sanders:

There is never a door that if you really want it, you can't get, can't access. The one limitation I've seen consistently is when either your dry falters because life gets in the way, you have kids or things like that. And there's nothing wrong with that, but never have the regret. One, I tell people all the time, closed mouth doesn't get fed. Meaning if I wouldn't have asked for my first security position when he was walking around with a piece of paper, if I would've asked for more money at certain jobs, if I wouldn't have told people I was able to do that because you are knocked down a peg because people want to say that you're bragging sometimes about things. But when I talk to people about the resume and their skillset, I'm like, why would I hire you out of anybody else in the world? Find your superpower and use that as motivation. And for everybody who doubts you, smile. Because use that as motivation because you have to have thick skin. I look at my kids and I'm feeling unfortunate because I think with the way the internet is and the way things are, you have these cyber bullies. If somebody would've sent me an email 20 years ago saying they didn't like me, I would've laughed my tell off

Who cares? But in this day and age, if somebody tells you they don't like you, they're all into the likes and things and

You can't aim for your goal when you're aiming for other people's goals as well, you need that focus. That's what I would tell people. And everybody has their issues, whether it's your color of your skin, your accent, your ethnicity, your gender. Everybody has different obstacles. And it's not to say that yours is harder or easier than somebody else's, but we're all trying to reach a certain goal point. And I don't care how you can't blame Michael Phelps for being six four with big feet. The only thing you can do is try to outwork Michael Phelps or outthink Michael Phelps. You can't use his God giving gives as a reason why you can't achieve what you're trying to do.

Den Jones:

And man, God, three or four little gems in there, Jimmy, right? One of them is don't be afraid to ask for it. And also regardless of the obstacles in your way, chase it and chase it and chase it harder. And I do, one thing I just always thought of is, look, anytime someone gives me shit or wants to fucking run me down, I just look at it. I must be doing something right?

Jimmy Sanders:

Yes. Oh, I mean, I tell people all the time, if you got people talking about you in a negative way, it's like the saying, you judge yourself by your enemies.

And so if somebody talking about you and you even you pay them disregard, that means you are on a different level than them. They are. And also there is nothing wrong with not being a ciso. There is nothing wrong with not being a high-end manager. And in our society where we're always trying to glorify the person at the top or we're always trying to see who's the most popular, find the thing that drives you, whatever that happens to be. And that's what I tell people is because not everybody wants to be tied to a phone or running a hundred people having to lay off 50 people, especially nowadays where they're getting rid of middle management in all the big companies

Den Jones:

Where

Jimmy Sanders:

Now you have to lay off these thousand amazing workers just because the management mindset has changed.

Den Jones:

I had a colleague at Adobe when I moved here in 2001, he was a directory services guy. I mean, we'd done all sorts of shit, but our main focus was directory services. And we were some of the early architects of Adobe's first active directory environment. And I used to be an old novel guy and as was this guy Peter. And what's interesting was we were peers. When I moved here, I became the leader of the team, then I became the manager of the team, then I became a senior manager. And the whole time he was a senior engineer doing ad loving it. He tried his hand at being a lead and it wasn't working out for him. So he asked to not be a lead any longer because it's not, by the way, being a people leader is not a thankful job for everybody.

Jimmy Sanders:

And it's not meaning you're better or worse. It means you have a different skillset.

Den Jones:

So I was just going to say, well, like you said a minute ago, not everybody needs to be climbing the ladder like that all the time. And for me, that guy was happy as a pig in shit, man. He loved it. He was brilliant at it. And one thing that is more important, actually, when I look at my old Adobe team in that environment, the consistency of having the same people run something for two decades. I mean that shit,

Jimmy Sanders:

I would say the consistency of running something. Well, when you have a team that you can trust to execute at a certain level where you don't have to worry,

What I used to tell people was a good thing and a curse when you do security, well, people don't notice because it's like a toothache. If you don't have a toothache, you never really think about your teeth. You're just eating food and doing your thing. But as soon as you have a security issue or the toothache, you're like, oh man, what happened to security? And so people are like, oh, you work at a big company. They see all the actions that happen in all these other companies like the ransomware and stuff. And it doesn't happen at your company, but they don't realize it. They just realize that they're working.

Den Jones:

Yeah, and I mean, look, security is one of these funny things where literally nobody wants to spend money on security. They just don't want to be in the news. Now, I tell people this, CEOs, they don't want to spend money on it and security really. They kind of have to in some cases. And for some businesses it is a business advantage to be able to promote and see how good your security is. But I'm guessing the days at Netflix, I mean like you guys when you were there, it went through rapid transformation. How was that from a leadership perspective?

Jimmy Sanders:

You had to realize that ultimately the number one goal was simply making sure the customer stayed on the site and they stayed happy because it is so easy to click on and go to name the other competitor

Where we had to ensure that we kept people, we made customers feel like at the end of the day, every feature we did was for the customer. It was funny, I was just on a podcast earlier and they were talking about how all these companies are mandating two-factor authentication, like snowflake and things. And I hate mandated two-factor authentication. I don't mind you offering it to me. I hate it that you're telling me I have to use it. I don't want to have to use two-factor authentication to look up a picture of something to me that doesn't suit the crime almost. And the reason why I say that is because at Netflix and@dvd.com, we never implemented captures for a reason. We could have did all this two-factor, we could have made people jump through all these security hoops, but that would just cause more friction between us and our customers. Well, the thing we wanted to do was ensure our customer security while also making sure that the friction between them and what they were trying to do, which was browse our site stream, our movies, have a good experience, came first.

Den Jones:

And like you say, does the crime and the punishment fit The reality of MFA or any security control really is protect your crown jewels more than anything else. When I was at Adobe, we basically done, we put everything behind Okta. We'd like 2000 applications. I mean, so if someone MFA for one thing, then they weren't getting harassed again for 24 more hours. When we'd done our zero trust stuff, we even changed that even better. We got rid of passwords and then the authentication was if the trust level fell below threshold, then we would step it up. But otherwise you're trying to remove the friction. But it's hard. I mean, I found it interesting. I was talking to one of my FBI buddies other month, and he reiterated something he's been saying for years in the valley, 75% of the companies that they saw still didn't have MFA fully implemented. And I'm like, man, we can be working forever. So many companies that don't have their shit together.

Jimmy Sanders:

But one of the things I would say to that is, you're right, 75% probably don't have MFA or something like that. But also if you're the security architect or the head of security for that company, there should never be one type of attack that can break through. There should be several hoops that you have to go through coordinated to break a defense like, oh, you got into the ad, but now you got to do this. Oh, we region lock a certain location or air gap something. One of the things that I always say is never get bit by the same bug twice and reevaluate. Meaning if you get hit by ransomware once, figure out what it takes to never let that come into your environment again.

Den Jones:

Yeah. So jumping back to, so I'll close out on Netflix with you guys went through a huge, huge growth and change going from DVDs to streaming and stuff, and you were the leader in the company From a leadership perspective, what was the biggest challenge you think you faced and how did you overcome it?

Jimmy Sanders:

So the biggest challenge was working for people who didn't care about money. And it was the weirdest mindset shift because a lot of people had made who I worked with went through the IPOs. They had been there for several years. Netflix consistently paid well. So they were well off. They had FU money where,

Oh, they didn't like something. Okay, bye. They could leave and retire or not retire, but lay low for a couple of years. So you couldn't threaten them with the loss of a paycheck. So how do you motivate people who weren't necessarily motivated by money? And that was one of the first things I was like, oh wow, this is crazy. And the other thing, we were leading in what's called freedom responsibility, meaning people could walk up to you and they would say, give me root access to this server. And back in those days, you would have to give it to them,

But that freedom responsibility was double-edged sword. If you asked for it and we gave it to you and you messed something up, you would be fired. And so we had a higher fire rate for people who wanted to overreach their ability, but the ability to create something amazing was always there because we gave you the freedom to do that. And you weren't motivated by money. So you were like, oh, here's your budget, whatever, there you go. Make miracles happen. And so it was a changing mindset. I never, I've worked at a lot of companies that talk about their ethics and their values, but when you see everybody absorb that and then drive toward that and you're growing, I remember when we first went to overseas, we were in Australia and Japan and AWS had to physically move servers from locations to help with our overseas launch. And I was like, are we really that large of a company that a company like AWS is physically moving servers?

Den Jones:

And

Jimmy Sanders:

I was like, wow. And so understanding the grasp and also understanding the impact when you would see the internet numbers and it would show, oh, Netflix is 25%, the internet at the time, or 15% of the internet streaming or whatever the crazy number was, and everything that you do had an impact. But in everything you touched, I could never talk to anybody because if I said something, they would either run to the media or it would end up in some kind of quote somewhere. And so you always had to be kind of cognizant of, watch what you say.

Den Jones:

Yeah. Did you guys do media training at Netflix for executives?

Jimmy Sanders:

Oh yeah. We definitely did media training. We had a media PR team. We also had a tool, it was called scrumbler, that would go through and look for all instances of the word Netflix and things and see if there were malicious or not and things. And that was also the freedom responsibility part as well. They gave me the freedom to go and give presentations to Black Hat and Defcon, but if you overstep your skis, if you go over your skis, they'll slap you upside the head and say, Hey, hey, calm that down.

Den Jones:

Oh man, I had have been kicked I, I'd have been kicked out within the first year. They'd been like, you swore too many times at that conference. I'm like, I dunno. They would've loved that.

Jimmy Sanders:

No, because the security conferences all nice and rowdy, especially Defcon, I still remember those, or BSides besides would love that. All the conferences, my conference, I say we would love that.

Den Jones:

Yeah. Yeah. Well, now it's funny. I was just about to jump onto ISSA. So for those who don't know what the ISSA is, do you want to explain it?

Jimmy Sanders:

Yeah, so our ISSA central Information System Security Association, and it's a location for, if you're interested in security, it's a group that you can join. We have membership dues, but you can join and we do networking. We do meetings, we do trainings. We partner with all the other different entities to offer member benefits such as reduced cost to conferences like the RSAs and the Black Hats of the world. And we're just a global organization now. We're up to about 8,000 members over 150 chapters throughout the world. And so we're very, I think of it almost like the United States, not when I became president, when I was a local chapter president. I didn't think of it like that. But every chapter is its own unique identity, and they have their own set of autonomy where they can do for the members, what they feel like the members need in that location. And as long as they adhere to our bylaws, it's perfectly great for that.

Den Jones:

And the Jews aren't very much, I mean, compared to some other membership, it's

Jimmy Sanders:

Dollars. It's about a hundred, a hundred and maybe

Den Jones:

Something a year.

Jimmy Sanders:

Yeah, a year. And then local chapter dos, which is

Den Jones:

I think for what you get, I think for what you get for your money, then it's definitely good value and the networking and all that stuff. And the events are definitely worthy of your time, I hope. So 2025, what big bets has the ISSA got going on? What fans,

Jimmy Sanders:

Because

Den Jones:

You're new in this role,

Jimmy Sanders:

So

Den Jones:

You've got to do something magical.

Jimmy Sanders:

So the magical things we're doing is really just buckling down on ensuring that when you think about ISA, you think about us in a positive way. We can't grow anything if people are like, oh, ISA isn't. I want everybody to understand that ISA is amazing and that we're inclusive and welcoming. The other thing that we're trying to do is truly be international. We're going to have at least two international conferences devoted just to international members. In 2025, we're going to throw our 40th anniversary celebration in April in 2025. That would be in Texas. And so it will be including all of our chapters throughout the world. We're going to have a chapter leaders meeting there as well. We also have an emerging technologies group where instead of us trying to find out what's the latest, it's trying to find a group of people who are working on what's the latest, greatest, everybody's on the AI kick now, but quantum is coming, containers are here. What's next in terms of security, but also what's next in terms of technology?

Den Jones:

So

Jimmy Sanders:

Those are some of the things that we're doing.

Den Jones:

Brilliant. And I did hear you mention the last thing we met about a little golf event that you're middling on. Are you drumming up much interest on that one?

Jimmy Sanders:

Oh, yes. So there's a lot of interest in that one. In terms of the golf event, one of the things though that I'm trying to ensure that I do is not overreach my ambitions because it's easy to start doing these platitudes and overpromising, but I want to make sure that we have everything that we execute is at a great level. So people walk away like, man, that was amazing. Oh, I was at that conference and I had a great networking experience. The sponsors had a great interaction with our members. The members had a great interaction with our sponsors. The speakers were treated like the amazing speakers that they were. And so that's what I'm trying to work on.

Den Jones:

Excellent. Yeah, I mean, think there's a challenge. One is you're brand new in the role, so you're trying to prove that Jimmy's got what it takes and you're going to make the magic happen. But then at the same time, more isn't necessarily good. To your point, quality is experience.

Jimmy Sanders:

So I'm new in this role, but I was the president for the San Francisco chapter for at least 12 years, and I was on the international board for the last four years.

Den Jones:

So

Jimmy Sanders:

It's not that I'm brand new to ISA or the international board, it's just I'm brand new in terms of the president

Den Jones:

Just in this role.

Jimmy Sanders:

But one of the things that I actually like about that is that everything is on the table, meaning yes, we may not have done, we may have tried that and didn't do it well five years ago, 10 years ago. But with almost everything, things change, personnel change, timing changes, and my whole goal is I'm not trying to do everything by myself. I have an amazing team. I have amazing executive director and other people, and hopefully we are working together to empower other leaders to make ISA international. Amazing.

Den Jones:

Yeah, I mean, look, you've done a lot of big leadership gigs before, and I think having the fact that you've done the previous ISSA roles, you've got the experience of this community building thing. And then more importantly, I think actually is you do have the inside scope on what's being tried, what's worked, what's not worked, why did it work, what would you do? Because just because it didn't work before doesn't mean that it can't work because it's different people, different leaders, different time. So yeah, I'm excited to see what's going to happen over the next few years. I mean,

Jimmy Sanders:

Oh no, hopefully you'll see a lot of amazing things like partnership, obviously this podcast. The other thing that I want to make sure that I do is do a lot more in terms of open collaborations because you have all these other big groups. You have the ISC Squares, you have the icas, you have the Sands, you have the Cloud Security Alliance, all of those people. I am working on formal agreements so that they will be with us at our 40th anniversary celebration. I want to reach out to small, medium businesses in terms of their security as well. There's so much we can do as a community that not one person can do, but hopefully we can partner up.

Den Jones:

And it is funny. Yeah. I mean, look, as a consultancy, there's a million consultancies out there. I don't feel concerned that there's a lot of consultancies. I know the size of the problem is that large, that we can all be there and with ISSA and CSA and SANS and everything else, right? It's like, yeah, there's a lot of organizations, but there's still a lot of things in the industry that we need to help and improve and nurture. So

Jimmy Sanders:

One of the things that I would love to double down on, double click on is that in what you were telling me, what I would tell people about growing up, especially being a black person, is that especially growing up poor, you think that the person who made it out is the only person who could have made it out, and then everybody else loses. And the industry and the opportunities are so wide. It's not a zero sum game. It's not you win, I lose.

Den Jones:

We can all win. Yeah,

Jimmy Sanders:

We can all make, there is so much money, there are so many opportunities, as long as we understand that and not try to undercut or be snake oil people to our peers.

Den Jones:

For me, I think in the last five years, not because of Covid, but other circumstances in my life, I became pretty much more thoughtful about the fragility of life itself. And you mentioned something earlier at the very start of this conversation, which was about regretting not doing something or having regret. I always tell people when I coach people, I'm always imagine when you're in your deathbed and you're like 85 and you're looking back at your life and you're N year, however fuck old you can get to, but you're looking back, it's like, do you have any regrets? What are those regrets? So now I'm sitting there thinking, right, okay, so now I'm younger, I got some years left. So I avoid having those regrets. What am I going to do now?

Jimmy Sanders:

And to me, the things I always try to work on people is never, I mean, you see the movies where they're in the love story and they don't tell the other person they love them or whatever, never not say what you want to say unless it's going to hurt somebody's feelings and never not do what you want to do unless it's going to stop your family or something. Don't go off and spend a million dollars on a Maserati when your family's hungry. Once you get the table stakes down, once you get the basics down, then go and do your thing. Because Covid showed all of us and the epidemic, and especially with the layoffs, that things can change. Nobody saw the change happen. And if you didn't change your life to be more proactive in making it positive, then I empathize.

Den Jones:

Yeah, man, I started doing a quote of the week every Monday through my calendar so I can send it out every week. And because I follow so many of these kind of life leaders and shit, and some of these quotes, but one of them was about if the same stuff you're doing every day, day in, day out doesn't excite you, how do you then decide when you're going to change? When are you going to change and decide that I'm going to do something better? Right?

Den Jones:

Yes. There's

Den Jones:

So many people that just go through life doing the same shit, but yet they complain about the same shit. And I'm like, well fucking stop complaining.

Jimmy Sanders:

So when you tell me about diversity, when other leaders want to tell me about the diversity problem or the education problem or the pipeline problem or whatever problem, it's the reason why I started joining venture capitalist boards and nonprofit boards was that I got tired of watching good security companies that I know are good. They just couldn't get the funding. So they would fail and I would see the bad companies win. I was like, there got to be something that can be done about that. So what I started doing, I started joining the venture capitalists so that the companies I thought were the good companies would actually win. And when I see people who want to complain and not do I let them do all the yap they want, I just stay away from 'em. I don't speak on them, I don't highlight them, because you can live in your misery and do all you want, but hopefully me and the people I encompass myself with, when we see a problem that we think is a problem, if we're empowered to change it, let's try to change it. Nothing's going to happen overnight if you're looking for the quick fix coming, that's not the way life works.

Den Jones:

Yeah, yeah. Well, there's no substitute for consistency and commitment and hard work. I mean, it's just,

Jimmy Sanders:

We'll do it everybody. I know who I've started who it used to be funny because I used to give all my mentors, I mean mentees, the a hundred thousand K challenge. And I said, if you put your head down for one year and you study these things, and I would give them my, say, you take a flavor of Linux, you learn the command line and you learn how to do some scripting or some automation, and you come back up after a year and you've learned that, and I give you some quizzes, I promise you, after that year's time, you'll be making at least a hundred thousand. And the few people who would do it, they would take me up on, and I see 'em five years from now and they're like some manager or some big company, but it's the people who didn't want to take the time to bulk down or be committed

Den Jones:

And

Jimmy Sanders:

To be, if you're not committed to something, I don't know how we can really do business. Because when I get into an endeavor, I'm going to show you my commitment by putting some skin in the game, whether that's monetary or time or passion, and I expect something of equal value from you.

Den Jones:

Yeah, yeah. God, man, I went through my whole career not being the brightest, but ultimately, ultimately hard work. But from an ideas perspective, I always thought that I was the one that would come up with a crazy idea that everybody would say that's not possible. And then we'd peel it off and then I'd be like, look, there we go. Now, later on in my career, I'm blessed to hire great people who come up with great ideas and really being devil's advocate and pushing them through the thought process of why do you want to do that? How's that going to succeed? How's that going to be better for the experience? How's that and going through it all. But I love the process of ideating on how we can solve the big business problems. I mean, for me, that was always, always,

Jimmy Sanders:

But what you're saying to me is the behavioral science and psychology part of it. How do you get the motivation? And one of the other things that I try to tell that I firmly believe in is that there's a firm difference between intelligence and being smart and being savvy. I see a lot of great salespeople who aren't the most technical, but they're savvy and they understand emotional intelligence. They can read body language, they can understand needs, where they can, where they provide great value in their product because they're not selling you a bill of goods and they're not wanting a transactional sale. They're looking for a sale over time. So

Den Jones:

When I ever coach salespeople, I always tell them, stop worrying about selling something. Just worry about building a relationship that's based on trust and credibility. The other shit happen. And you and I have been in this game a long time. I pretty much on my cell phone have less than 10 salespeople's numbers and they have mine, but over 30 years, you think I'd have trusted more than 10. But pretty much,

Jimmy Sanders:

I would say that's my same way in terms of those leaders though,

Den Jones:

That

Jimmy Sanders:

I have a lot of peers, but I've met so many leaders who are over promise. They'll say, oh, well we're going to make this deal in Q1 when they never intend to make the deal.

Den Jones:

Or

Jimmy Sanders:

You see all these security leaders, I see 'em at these amazing state places that we go to eat, and then they tell you how they don't have time to mentor, they don't have time for something else. I'm like,

Den Jones:

Yeah, you shitting me. Yeah, exactly. Adobe had done this great thing called Women's Executive Shadow Program,

And it was to help aspiring women leaders and they could shadow executives. And funnily enough, somehow I managed to be considered an executive and I'd done this shadow thing and they would do it for one day, whereas I wouldn't, I'd be like, okay, I'd meet the woman, I'd meet her manager, I'd figure out what they're trying to get from the experience, I would then speak to my team. I'd then circle back with the woman and I'd be like, okay, I think if you want to get these five things that's not one day, let's bring you into these kind of meetings, these kind of situations, and you can shadow along and it can be hours split over many weeks. And I remember several years later still in touch with some of these women that have gone through that experience because they were just like, wow, that was so cool. And it was different from how all of the other women that done the shadow program experienced it. They just got one day. Whereas I'm like, let's continue this relationship and how can I help you in the future?

Jimmy Sanders:

But to me, it also shows that you're really invested in the success. When people feel empowered or they feel like they have a soft safety net, when they think that somebody's really invested in the success, they're going to really look out. For me, it makes the hard road not so hard.

Den Jones:

And I think when it comes to mentorship, one thing is a lot of mentors just think of it as them teaching someone else something. Whereas a seasoned or more mature mentor, someone who's experienced the shit, will recognize that they also will get to learn something. So the more people you can mentor, the better. Sometimes. I mean, time permitting,

Jimmy Sanders:

No, it is like how are people communicating now? Not everybody wants to communicate over email back. It used to be not everybody wants to communicate over letters. Not everybody wants to do phone calls. What is the modus of communication now? What is the comfort level? And also understanding the cultural differences. As I've been traveling across America and things, every culture, every little pocket of America's a little different.

Den Jones:

And

Jimmy Sanders:

The way we do it in California and Silicon Valley is drastically different than the way they do it in Nashville. But hopefully the goals and aspirations of the people are consistent. They want to be successful in their career and they want to live good lives.

Den Jones:

But the music scene in Nashville is way better than San

Jimmy Sanders:

Jose. I know. I dunno about that. You like country then you're definitely, it's funny. I dunno,

Den Jones:

I'm not a country fan, actually. It is not my music genre of choice, but I do appreciate a good live band and some

Jimmy Sanders:

Good drinks. Live bands were amazing.

Den Jones:

And

Jimmy Sanders:

The music hall was amazing as well. But I was in Atlanta, I've been to Seattle, I've been all over just talking to different members and things. And as I said before, that's the beauty about ISSA, but that's also the beauty of security is that we're all trying to make sure that the companies we're working for, we secure them in the best way possible. Nobody ever wakes up and says, oh, I want to do a bad job is

Den Jones:

Secure.

Jimmy Sanders:

But the leaders I feel sad for, or the leaders who don't understand or have never actually talked to other leaders that they're their peers, leaders who don't even know about DNO insurance or contract negotiations or things like that. And to me, that's a great thing about Spire One. That's a great thing about ISA. That's a great thing about other groups is that you're not alone and you have people to talk to about that.

Den Jones:

Yeah, exactly. So I know we blew it right through time there. Jimmy, I appreciate you, man. I appreciate you coming on the show. For folks that don't know, we're recording this on Christmas Eve, so as if we've got some spare time, I'm like, oh, getting ready for Christmas and shit. So hey, I appreciate your time, man. Have a great Christmas with your family. Merry Christmas.

Den Jones:

Yes,

Den Jones:

You too. And I all the best for 2025. We're going to kick ass in 25 because I'm excited about this. So thank you, sir. We appreciate it. And everybody, if you enjoy these like subscribe, I guess some bullshitty things that you do in the socials, but we appreciate you taking a few minutes out of your day to listen and hear from the amazing Jimmy Sanders. Thank you, sir. Happy

Jimmy Sanders:

New Year. Merry Christmas everybody. Thank you Den. Thanks.

Narator:

Thanks for listening to Cyber 909. Subscribe wherever you get your podcasts, and don't miss an episode of your source for wit and Wisdom in cybersecurity.

‍