Transcript
Narator:
Welcome to Cyber 909, your source for wit and wisdom in cybersecurity and beyond. On this podcast, your host, veteran chief security officer and Cyber Aficionado Den Jones taps his vast network to bring you guests, stories, opinions, predictions, and analysis you won't get anywhere else. Join us for Cyber 909, episode seven with Jason Cenamor.
Den:
Hey folks, welcome to another episode of Cyber 909, your podcast for, I'm going to say cyber leadership and life skills as opposed to the incidents and the breaches, because some other people cover that shit really well. So in this episode, so Jason Cenamor, I'm going to try not fuck up that last name. I just Cenamor Cenamor. Anyway, smore, you can introduce yourself, Jason, because I could do a great job, but I think you could do much better. So welcome to the show.
Jason:
I dunno, Dan, US Brits, we don't really like to talk too much about ourselves very often, but I can give you my name. Yeah, Jason Cenamor. So yeah, Jason, I'm based here in Chicago, as I just said, and you can tell from my accent, like our gracious host here, I'm not originally from the Shores, but came over here 12 years ago and I've held onto the accent for a few reasons. I am the chief Community officer of the CISO Society, which is a community that I started off about three years ago. We will probably get into it a little bit, but what it is today is definitely not what it was intended to be in the first instance, which has really been a pretty cool evolution. And then aside from that, just a bit of a background in the event industry, technology being kind of like the industry within the event industry that I've kind of found myself in, not by choice, just like a lot of folks in our space, but I enjoy it a lot. And when I get the chance to chat to folks like you and meet awesome members of our community just like yourself, it kind of makes it all worthwhile.
Den:
And so the CISOs Society, because a collection of CISOs or people who run security organizations, and it's funny, you may or may not have the exact title of cso, but when I ran enterprise security at Adobe or Cisco, I was the person running IT security. So that could have been called cso, but it wasn't, and I really didn't care. But you've got, what is it, over 1200 CSOs now?
Jason:
1200. Yeah. And to your point, right, it's a good one because when I first started it, not to start jumping into it too soon, but basically this is something that started, as I said three years ago when I first started it, I was very much focused on you got to be CSO by title in order to get involved. Because the whole reason behind it is I worked in the event industry and quite honestly became a little bit disillusioned with the state of the event industry and not because I don't think events aren't valuable, I do, I think events are extremely valuable, but there are a lot of pretty crap events out there. And then naturally, a lot of these events, they make all of their revenue through sponsorship investment in those events. So a lot of events. Then as a result, whether by choice or not, quite frankly, they start going down a route where everything the event stands for is based on what vendors want to get out of it.
And naturally, you get invited to an event, you spend a day or two or sometimes even more going to these things. I can understand why it's a little bit frustrating for CISOs whenever they're invited to anything. It is always because there's a vendor there looking to control the conversation or talk about what their product does, even if not directly, indirectly. And so the CISO Society was created. Really, it's just as a safe space for CISOs to get together and talk about the things they can't talk about openly on LinkedIn and stuff like that. But more importantly, talk without vendors constantly prying on the conversation or controlling the conversation to say. Now, I will say, like I said, originally it started, it was more of this way of, okay, I can push back against the event space, having lots of conversations with CISOs, CIOs as well at the time, but having lots of conversations with CISOs about groups they belong to and events they find valuable. And this thing would often come up time and time again. It's like, I just wish there was a space I could just talk to CISOs about. And I was aware of really kind of raw small groups that existed, or little WhatsApp groups,
Narator:
Because
Jason:
CISOs would show me, I'm in a WhatsApp group with a few of my buddies, and
Narator:
We get
Jason:
Together once every couple months, we chat, whatever it is. And I was like, I loved that. I loved the fact that it was just CISOs talk about what they wanted to talk about when they wanted to talk about it. And so I was like, okay, well, I can use my event experience to put maybe a little bit more structure around something like that. Because
Narator:
The
Jason:
One thing that a lot of them would tell me is, we get together, but we have to pass the buck. We don't have time to organize these things.
So I was like, well, I can do this and I know I'll have to do all this kind of stuff, so I'll do it. But the original intention was really for it to act as a way for me to, number one, expand my network. So the effort, the time and everything that I put into, it's like, well, I get to expand my network and I'm a massive advocate of network as everyone should be. I get to learn a hell of a lot, even if 75% of what you guys talk about amongst yourselves goes over my head still to this day I learn a lot. And then third, my original plan was actually, and I started, I say plan. I actually started, it was a consulting business, and that consulting business was going to be focused on helping vendors with their customer advocacy, customer advisory board programs.
And what I thought was, well, I can then when needed chat to some of the members of the CISO society if I know they belong to customer advisory boards and get their feedback on what their experience has been. And that would help in my consulting. Well, so that's where it came from. I say all of this, then to get to the point of when it started, I was like, it's got to be ciso, ciso, CISO by title. And it was the members that then came to me, look, I get it because yes, as CISOs, we want to talk to other CISOs. We get invited to events and it's a CISO event, and then it's all security analysts, this and
Den:
Whatever,
Jason:
No disrespect to those folks, but CSOs want to have a more strategic higher level conversation about what they're doing. And so I was very much like title, title, title. And then they were the ones that said, that's a bit disrespectful. A lot of folks who do our jobs, they just don't have the C in front of the title.
So then it opened up a lot more into those individuals who might be directors or VPs or SVPs of security in their respective organizations. They're the most senior security person. It's just that they don't have that CISO title attached. So now it's become ciso, the CISO Society by role and or title. And we've even now started allowing people in who are maybe one step below a ciso, but naturally their next career progression is I want to be in that CISO position. So they're able to lean on the community for a lot of guidance and advice on how to get that, and also to get access to opportunities to become a CSO through the roles that get posted and all that kind of stuff. Anyway.
Den:
And generally speaking, it's a member referral kind of situation. I mean, I'm sure some people can just reach out, well reach out arbitrarily on their own. But I mean, the way that I've understood it was, Hey, somebody recommended and introduced me to you. And then I've done the same. I look at the role of CISO as evolving over the years. So while you've evolved the community, I've seen the role of a CISO evolving. Now, I want to get to that in a minute because I had another thought that I totally forgot about. So you're in the event space, you could have picked any leadership role to set a community up about why did you pick security and CISOs? Why did that come about?
Jason:
So two reasons mainly, and for transparency and context, when I started the CISO Society, I also started a CIO Society. The CSO society grew far more mature, a lot faster, and no disrespect to any IT executive that might listen to this,
Den:
That could be five, could be five of them.
Jason:
I enjoyed the CISO engagement more. And the reason for that, Dan, again, we're being candid, right?
Narator:
Yeah.
Jason:
The reason for that is CISOs, when you get them together, they really do talk to one another. They share. And so I started coining a phrase, CIOs talk, CISOs share. I can put two CISOs from competitive organizations in the same room together and they will walk out knowing exactly what tools both of them use, where they have gaps in their infrastructure, what their plans are moving forward, the challenges they're experiencing, they just go for it. Whereas CIOs tend to be a little bit more guarded in the information they share with one another because naturally, as much as security has started to become something that can give you competitive edge, it is
In the IT world. When you think about the harnessing of customer data and information, all that kind of stuff, which ultimately falls underneath CIO to a certain extent, they don't want to give all of that away. CISOs do. I think CISOs are a little bit more battle scarred. So naturally they're a little bit more kind of like, yeah, I've been through it. So they tend to have a little bit more humility about them. And then third, really it's because, well, look, I honestly don't think anyone could agree with the statement I'm about to make. Security is only going to become more and more and more important in not only the business world, but even the consumer world as well. Everyone's lives, it is going to be of utmost importance. And so when I looked at all of that, I thought, this is the era I want to focus in. I enjoy it more. I find the conversation more fascinating because it impacts me as an individual as well.
Den:
Yeah,
Jason:
Why?
Den:
Well, I think that's great. I didn't know that about you and the origin story really, right? I mean, because I knew you were working somewhere else while you were nurturing this in the background, and all of a sudden you're full time. And I think from a monetization, so how you afford, because it's not a nonprofit, right? You're trying to build a business as well. And I think when you've got a thousand plus CISOs in a group, then obviously you become a big target for vendors looking to sell their shit to you. Now, when I started 9 0 9 Cyber and even before then, but when I started this, especially so many security vendors reach out, they want to partner with me, and in the end what they really want the series a's or the pre-series a's what they really want is me to introduce all my CSO buddies. And I'm like, I'm not your sales arm. I'm not going to do that.
I want to remain a practitioner. Although starting my own firm as A CEO, I'm not going to be as practitioner as I am going to be business development, but I still want to be a practitioner. I still want to be working with clients and solving problems. And that's a great part of what we get to do, and we get diverse problems to solve the CSO society and this because send all these little startups your way every five minutes, I'm like, oh, you should speak to Jason. He has an avenue for this. And I think that avenue your startup showcase, I think is brilliant because I think it gives vendors the ability to connect with CISOs, but I think it's a connection in a way that is great for the CISOs. Because what the difference is is we don't want to walk the vendor shitty hall of RSA and go talking to the latest and greatest there. We actually go there to socialize really, I think, and build our connections and meet you and all the other CISOs and stuff. So when you're thinking about the monetization or the business model for what you're building, how do you see that evolving over the course of the years?
Jason:
Yeah, so I'll start with going back to how it was created and where the plan was build a consulting business. So monetization of the CSO society was never the plan.
We got a year into it. We had 250 members. My consulting stuff just wasn't picking up. I mean, so many people have experienced this. It's like, oh my goodness, word of mouth runs out or whatever. And again, I said at the beginning, US Brits we're not really too keen to talk about ourselves too positively. So to sell myself, that's hard. So I took a full-time job. CISO Society was about 250 members, no monetization. Took a full-time job with a VC firm, and the intention was to stay with them for the foreseeable future. That was it. And honestly, when I did that, then I thought the CISO society would suffer and potentially even fizzle out, but kind of the opposite happened. So what happened was in the year I was then working for the VC firm, the group doubled more than doubled in scale, but more importantly, members, the level of engagement started taking off because the members almost took it upon themselves to be like, well, Jason can still organize the odd virtual discussion for us, but when it comes to the daily interaction and asking questions of one another, it's on us now.
And obviously there's amazing advocates within inside the group who would really drive a lot of that forward. And then it just became this thing that was second nature to everybody. And so now, I mean, you've seen it our Slack, it's unbelievable. Every day, bang, bang, bang, bang. Question, question, question. So go back to the monetization piece. So what happened was after doing it for about a year, and some of the members were starting to come and come to me and whisper in my head like, Hey, this is something pretty cool. What are your plans? How are you thinking of keeping this going? You've got to try and monetize it. At some point you've got to feed yourself, which
Den:
It's not charity.
Jason:
Exactly. And my response after you was always, there's no intention. And then as the group started growing, the questions started coming up more and more and more. And people who were close to me and know me would say know that. I would say to them, I dunno how to monetize this because here's the thing I never wanted to do, Dan. I never wanted to turn our members, and this is still
Den:
Moving
Jason:
Forward.
I don't want you to become a product. So the event world that I came from, you are the product that they sell to vendors. Hey, CISO of X company's is going to be at this event. You need to be there and it's X amount of money to sponsor it and all that kind of stuff. To the point where some of these event companies put these attendee lists behind password protected pages and stuff, they don't want people to see it. It's all like, oh, come and have a look at this. And I've been in that world. I know what those tactics are. And so I was like, I don't want you to be a product because that already exists and I know the frustrations CISOs have around this. So it was very much a case of, well, how do we monetize this thing? Now that was a little bit of a light bulb moment for us because some of the members started going, well, what's your hesitation to bring vendors into the community? Well, for the point I mentioned, I don't want to turn you into a product. Now, some of those trusted members who were giving me a lot of advice in that stage were saying, you need to understand that it's not that we don't like vendors, it's the way in which we are afforded the ability to engage with vendors. That sometimes leaves a bad taste in our mouth. Second to that, it's the fact that we very rarely have any control over what vendors we engage with. When we go to these types of gatherings,
You have these events that take you out to Arizona or whatever it is, sit you down, and before you know it, you've got eight, one-on-one meetings with vendors. You haven't even like, what? I didn't choose to meet with these folks, what's going on? So that was the problem. So we're like, okay, that's an idea. Alright, how do we potentially do that? So that was the idea of, okay, so we can bring vendors into this discussion. When applicable, the CISOs, it's not that they don't like the vendors, it's the way they afford the ability to engage. Okay, fine. And then what happened was, this was very organically in our Slack group one day, and this is going back about 18 months now, nearly two years ago now, but the Startup Showcase was born because what happened is one day someone was talking about their frustrations or how overwhelming it is of the sheer number of vendors in the marketplace right now in information security. And that kind of followed into a conversation about how there's a new company every day. And then when it comes, when you speak to most CISOs and you ask them What types of vendors are you interested in learning from or meeting with? Naturally, they're going to say, well, the ones that I either have a direct need for right now or the ones that I don't already know about, and I need to understand what they do to see if they might be able to help me.
Narator:
Now,
Jason:
When you follow that trail that ultimately a lot of the time ends up in the startup world, the ones that the CISOs don't necessarily know as much about because they can't afford to go to RSA and build a mansion on the trade show floor and they can't afford to be at every single event and just have their brand in front of you all the time. So this idea of the Startup Showcase was born. So we started on this path of, okay, well let's create an experience where we can bring some startups into basically showcase their product to the group. But the kicker for us was I can go out there and speak to any startup under the sun and find them, but I don't know if they have valuable products to share with the group or whether it is just another product under the disguise of a new brand. So that was where the showcase was born. With this initiative of members, CISOs, you've got to be my litmus test. I only want to bring startups into our showcase that have been nominated by members of our group. So there's an essence of CISO validation behind them before they've even got a chance to get in front of them. So that's where these referrals started coming from, and that was awesome. It enabled us to really focus on the top 10% because ultimately it's a CISO saying, I think this company is worthy of the time of my peer groups.
Narator:
And
Jason:
Then for me, that was the perfect shield for me to say, and if they fail, I can point to Dan and go, well then nominated them, so go and take it out on him, not me.
Den:
Oh shit, man. I didn't realize I was on the hook for that.
Jason:
So that's where it kind of came from and it's evolved and it's evolved. And then the other idea was, okay, when we look at these startup programs, I was just having this conversation earlier today, there's a lot of these shark tank style things that exist, and they're all valuable in their own. A lot of VCs do these things and they're really cool. And you go to a lot of in-person events. Now they have these startup demo days or whatever it may be, but actually most of them in that style, they give a startup maybe three or four minutes to tell group what they do. Now, what is the startup going to do in three to four minutes? They're going to promise you the world because they want you to have an interest in what they're doing and they want to have that follow up conversation. The challenge is what's the CISO's most precious commodity right now time? So I could spend four minutes listening to the startup and then go, right, I'll schedule a 30 minute demo with you and then I've wasted 30 minutes because your product doesn't do half of what you said it could do.
So what we went is that little step further where the startup gets the chance to introduce themselves and say, this is who we are. This is why we started the company. This is the challenge we're solving. But then we actually go into an actual demo, as you've seen, right? We dive into a demo, show us the product, show us how it works, show us how you're solving the challenges, not just claim you can, but show us how that helps the CISOs go, all right, now I've got a pretty good handle on what they do. So for me to then schedule a follow up with them is because I know I'm not going to waste 30 minutes because I already have that. So that was how it was born, this how the showcase born, and now from there, it's just evolved into other programs because naturally the CISOs then go, Hey, this is great. Have you thought of this? This could be really valuable. So this is where some of our case study initiatives were born round table discussions were born. Now we're obviously going and doing more in-person stuff now that I can do this full time. We're doing things like working lunches and our networking dinners, all these different things. But it always starts with the CISOs kind of presenting the idea to me and the challenge they have and me going, okay, well let me bounce this around you folks.
Let's trial a few things out. Let's see if this sticks and if it does, awesome. If not, don't worry about it. We move on to something else. And so it's always just follow the signal and don't sit here trying to assume what a CISO wants. Just let them tell you what they want. And
Den:
I was going to, yeah, so you're one of few people who I think get to interact with CISOs every day and have been doing so for a number of years. How do you see the role evolving during the time you've been involved? And what do you see as their biggest concern? What's top of mind for CISOs?
Jason:
I think it's to say, so I'll start with the top of mind. I think it's impossible to pick that one thing. I think really what's top of mind for a lot of CISOs right now is how do I stay out of trouble, really?
Den:
There's
Jason:
A lot of people that are a little bit fearful. There's been conversations in our group just over the last couple of days about CSO insurance, like going beyond DNO and things like that. So that's a little bit top of mind for people is do I really want to do this job
Narator:
Because
Jason:
I'm putting myself in the firing line here. If I'm not working for an organization that supports me when it comes to then just career development and things like that, A lot of CISOs are ultimately putting themselves in positions to be in the boardroom to have the level of respect that security requires in its organizations. So the funding you need, the relationships, the decision making, all that kind of stuff. So there's a big push towards that, and that's top of mind for a lot of CISOs as well. From a pure technology play. I mean, it depends on the ciso, depends on the organization. And as much as it's been done to death this year, AI tends to still come to the surface. We did a poll in our group recently. We were developing our 2025 calendar for a content, what do you want to talk about with your peers?
And AI came up a lot, but I think it's misguided on what CISOs or what people think CISOs want to learn about ai. So from my perspective, it's not necessarily the use of AI and your security strategy. It's how the hell am I securing all the crap that everyone else is buying in my company that's using ai. That's the bigger part. So those are top of mind things. And then when it comes to the CISO role, I mean, look, again, I appreciate I run a CSO community, so naturally I'm going to kind of lean more towards, and I've already said how I profess CSO over CIO, but I think the CSO needs to be a far more prominent position in every single organization. I think no company can really make a decision about product development or evolution or anything like that without thinking about the security first. Now you've got to think about how is this going to impact us from a security standpoint? And once you've got that infrastructure in place, now you can go and innovate and r and d all you like, but you can't turn around three years later and go, oh, we didn't think about that. And then the CISO comes along and goes, wait, our data is where, and you're doing what with it.
So it's got to be something that is in the psyche and in the culture and the mindset from day one. And that I only think comes if a CISO is put in a position that they respect or that they are respected in the organization. So I think the role will continue to evolve In a similar way, the CIO role did into more of a strategic role.
Again, that is heavily dependent on the size of company, industry, et cetera, but more of a strategic role. There is a fear I think about a lot of things that people, that the role might disappear at some point. I don't personally think that it might merge and stuff like that. People talk about the chief risk information security and risk officer and things like that where you merge things. But I dunno, I personally see at some point it getting to an area where ccio O and CISO are 100% equal. If not CIO could even potentially report into ciso. That might be farfetched, but that's where I potentially see it going.
Den:
Yeah, I look at this governance risk and compliance is a huge driving thing for most organizations. And quite often that role may evolve into it's all about risk reduction. So is it a CSO role? I mean, it's just the title, right? Is the title CSO or is the title chief risk officer or trust or whatever. And the reality is I kind of look at this, is it a senior business enabling position where you're trying to reduce risk for the business and we're using people process tech to do that or accept risk or whatever. But the reality is it can be a business benefit, and I think it should be at the senior executive level reporting to the CEO or somebody who reports to the CEO O so that you're getting that level of authority within the organization. And I kind of look at it. I mean, shit, I've done the gig.
And I remember at SonicWall, I was briefly the CSO there, but the conversation I had with the CEO and the chief of strategy who I reported to was really along the lines of, in order for me to want to be here and be doing this job, these things need to be kind of met. I can't have the accountability, the legal accountability for that title unless these things are all in place, because otherwise I got a level of liability here and I don't have the ability to actually do the job. So when I think about most CSOs now, we're all sitting there going, do I want the liability? And if I'm not empowered to do the job, I can't stay whether I love the company, by the way, I think Sonic Wall is a great company. They've got a great strategy in the direction they're trying to move to some great people there, but that doesn't matter. What does matter is I've got a house, I got kids, I need money to feed them all and keep this shit running. And if I'm legally responsible, I don't like jail. I probably look great in an orange jumpsuit, but I don't really feel that's the lifestyle for me. So sometimes we've got to decide,
Jason:
Looking at the branding for 9 0 9, you'll be wearing an orange jumpsuit. It might not be the type of orange jump suit most people are familiar with, but I,
Den:
Yeah, there'll be orange. It always really funny was as colors go, I've never really been a fan of Orange. And then what happened was when I was working with the designer team on the company brand, I basically said, here's the color palette of the TR 9 0 9 drum machine, which is nine oh nines came from there. And in the color palette there was a gray, there's an orange, there's a cream, there's a whatever, a blue black. And the designers were brilliant. And literally the guy that came up with a logo, Jason, that prompt, he turns around and he's like, there you go. What do you think of this? I'm like, holy shit, that looks great. My son's favorite color is orange. My favorite color is gray. So this gray background that we have here, my lack of creativity, right? 9 0 9, cyber was the name of the company, couldn't come up. I had other names for the podcast, but couldn't really come up with anything decent. So we just twisted it and went Cyber 9 0 9, I guess
Jason:
I like it.
Den:
Whatever man. So I know we're kind of close on time and stuff. If you would give somebody some advice on their strategy as a ciso, how they think of the next 12 months based on what you're hearing from the existing CISOs, is there a piece of advice you'd say, something to avoid getting caught up in that you hear? Yeah, I'm trying to think of how to phrase the question, but I would just love to hear you talk to CISOs all the time. So some of it, I know that we talk about the whole, I would never do that again or I wish I hadn't made that decision or share an advice with other members. What's the one piece of advice you'd share with people in a new ciso? Avoid blah.
Jason:
I mean, look, it's hard for me to give advice having not been in the seat myself. But the one observation that I think I've been able to make, and it would be advice I would give to CISOs, whether new or kind of experienced and just humans in general, is try and avoid getting caught up in a lot of the disdain and the negativity. That tends to dominate a lot of the conversations that groups have together. There's a tendency when you bring CSOs together, it's a phrase that a lot of different kind of companies and stuff you used in the past, but there's tendency where they kind of tend these little group therapy sessions, which is good because it means that you can confide in others. It means that you can really kind of like, okay, other people are having this challenge and who else am I going to talk to about this?
So it's nice to be able to get together with your peer groups and have these conversations about the struggles, the challenges and all that kind of stuff. But it's like anything, don't moan about the problem. Figure out what the solution is. Now, you may not always be able to find a solution for it, but as long as you're trying to find or you are walking down that path to finding some form of end goal, then solution to it. So it's like conversations that happen about anything. They could be technical in nature, it could be more to do with your role, but it's okay. So we've identified the issue. Let's not dwell on that and walk away kind of all kind of, oh, what am I doing? Let's go, okay, well how do we overcome this? And it is just very small steps. And so I think always trying to focus on the importance security has in an organization, whether you are respected or not, the role that people do, they've got to focus on that is integral to every organization.
And while you can't develop an ego, because that's also a slippery, slippery slope, just try and avoid getting caught up in too much of a negativity and try and steer conversations towards a solution. And a solution could be as simple as I know somebody else who has this problem, I'm going to introduce you to somebody who I know has overcome this issue instead of you. And I just constantly wallowing in our own self despair. It's not what we want. So I think that would be the best piece of advice. And just to be open and ask. That's the thing about the security industry in general. It is unbelievably supportive of one another. And you've just got to ask, don't be afraid to be vulnerable. Don't be afraid to ask a question that you think might sound stupid. I assure you there's a ton of people in the same room as you that want to ask that question. They just have the same insecurities that you do.
Den:
Yeah, the good thing is I don't have insecurities. I'm always free to ask silly questions on our Slack channel. And I think like you say, right, there's a wealth of knowledge and there's also a desire within our community to help each other and share. And I've asked questions, I've asked for templates. I mean, there's a great collection of assets and collateral that has been assembled within this group. So for me, I mean, it's been a great benefit. If people want to learn more about the CISO society, how can they go learn some more about,
Jason:
So I mean obviously, yeah, feel free to reach out. So George Ed, who works for us, he kind of manages our community and stuff now and he's incredible. He knows a lot more about security than I do as well. So he's very well positioned to have conversations that I can't. We have Larry Whiteside now who's our chief advisory officer there, and a lot of people know Larry, Steve Hindel, our CSO in residence. Awesome. So naturally you can reach out to us and ask us, but actually what's kind of cool then is next event you go to ask around if people are aware of it, you'll find a member. And we were talking to a prospective new member yesterday and he said, so I was referred to you by this particular individual, but you've come up in a few conversations at some of the events I've been to lately.
So people are out there. It's really cool. In our Slack group actually, you see it when they're at industry events and they'll be like, sos. And just for everyone's benefit, we call our members sos. It is a slide double entendre in the sense that socio is a shorten of a society. So it's a belonging to a society, but also because there is an element of sociopathic tendencies that members require, right? So it was intended that way, but they'll be like, Hey, socio selfie in New York or something. It's like, oh wow, cool. George was just in Montreal at an event. He's like saw some CISO society members. And that's the cool thing. So when you're at events and you are asking what groups people belong to and what they find value in, we'll come up and you can reach out and they can refer you or you can reach out to us and say, somebody asked, told me I should get in contact with you.
We are a very, very welcoming group. We like to make it accessible for people. We don't like to discredit people just because they don't work for a Fortune 500 company and things like that. It's very open and it's all about the collective hive mind, just learning off one another because there's always something a member can help somebody else with. And that's really kind of the true community at work. I say a lot, but real community at work is when everybody is there pulling together in the same direction. And that's what we try and create as a culture within the CISO society. And I'd like to think that our members can see that through not only the activities that we create for them, but also just the way that the members feel free to engage.
Den:
Yeah, no, that's excellent. And maybe we can drop in a link in the show notes and stuff so people can know.
Jason:
Just don't judge the website. Again, started this, I've built this thing on Squarespace, don't judge it. People
Den:
Don't judge your website.
Jason:
We'll get there eventually, but you get the website, you can see kind of stuff what it's about, and you can reach out to us and happy to chat, get you involved. And the more the merrier I see of it. But again, it's never about quantity, it's always about quality, of course. Brilliant. And that's where the referral system has really shone, because naturally what happens is people refer people in that they know they're going to contribute as well as receive. And so that's where the high level engagement has come from. It's because people join based on referrals saying, you should join this group. You'd get a lot out of it, but I think you could also add a lot to
Den:
It. Add a lot to it. Yeah,
Jason:
That's the key.
Den:
Excellent. Excellent. Well, hey Jason, thank you very much, man. I appreciate your time. It's always great getting together better in person though, but San Jose, Chicago, it's not like it's a four minute drive. Exactly. So thank you very much. I look forward to catching up in person soon. And folks, if yeah, reach out to Jason and we'll put the links in the show notes and we will see each other again. Man. Be good.
Jason:
Yes. Cheers. Thank you. Appreciate it. Cheers mate. Thanks.
Narator:
Thanks for listening to Cyber 9 0 9. Subscribe wherever you get your podcasts, and don't miss an episode of your source for Wit and Wisdom in cybersecurity.
.svg)
.svg){kind=icon}
