CyberWire Daily - Jeffrey Wheatman: Sometimes you just need to open the raincoat. [Career Notes]
Episode Date: November 5, 2023Jeffrey Wheatman, Cyber Risk Evangelist, from Black Kite joins to share his amazing story. As a strategic thought leader with extensive expertise in cybersecurity, Jeffrey Wheatman is regarded foremos...t as an expert in guiding public sector clients and Fortune 500 companies in connection with their cyber risk management programs. In his current role as Cyber Risk Evangelist at Black Kite, Jeffrey works to get the message out about the business impact of third-party risk and solutions to treat those risks. Jeffrey shared his career, along with is passion for cyber by explaining some of the roles he did moving up into his role today. He says as a leader we all need to be aware of the fact that "We make mistakes and I I'm a, I'm a big believer in sharing those mistakes and I think it's important to open the raincoat as it were, and let people understand that we're not perfect, we all need help and then that way they feel comfortable coming to you and asking for help" We thank Jeffrey for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. My name is Jeffrey Wietman.
I am a Senior Vice President, Cyber Risk Evangelist with Black Kite.
Well, I think just like most people my age, I wanted to be an astronaut.
I was informed that it would not work because my vision is terrible and I had to wear glasses.
And in retrospect, I'm probably better off not being an astronaut.
I was always a big science and math guy.
And then, of course, when computers came out, I taught myself how to
program, not well, but I taught myself how to program. And I think from there, I was really
off to the races. I have a somewhat unusual pathway. I actually, believe it or not, started
off managing a hardware store in New York City. I was selling plumbing supplies and electrical to a bunch of superintendents
in the garment district. And every day I got home and I was more and more unhappy. And I
decided one day I like computers. I'm going to go be a computer person. And I put myself through
a training class for Novell NetWare 3. So I'm dating myself a little bit. And I found out
that I was having way more fun doing that than working at a hardware store.
So I first started out as a team manager for a company that installed color printers for
MCS Canon back in the day. And what I quickly realized
was while I was technical, I was much better at communicating about the technology to non-tech
people. So I really found my sweet spot really is as an ombuds function between technical and
business people. I built a bunch of consulting practices for some small companies.
I ran network operations and cybersecurity, although back then it was called information
security at Martha Stewart in New York City. And I did pen testing for a while and I realized I
was not a super good pen tester. So that was sort of my sweet spot was that communication ombuds function.
I spent 15 years at a large IT advisory firm, and I really, really enjoyed that.
But what I found was I was so far from the solution, from the problem, that I didn't feel like I was doing a lot of good.
And I saw that organizations were really struggling with third-party risk and vendor
risk and supply chain risk. And when I stumbled across BlackKite, I really liked what they were
doing. I reached out to my now boss, who is our CEO, and I said, I think I can help you make this
bigger, better, faster, more. And he agreed. And 20 months in, I think we've had a lot of really good success. And I feel like I am
able to help people solve their problems at a much sort of granular and closer level than
earlier in my career when I was operating at the 50,000-foot level.
One of the interesting things about my job is I do so many different things. So
my job is really to think about things and talk about the things that I think about.
The one thing I've learned in the last year or so is I'm very good at being a connector.
So I find people that have stuff to do, and I find people that can do those things,
and I make a lot of those introductions. My dad taught me a long time ago. He said, any day where you don't learn something is a wasted day. And I try to make every
day an opportunity to learn something new, even if it's a small thing. I think that you can teach
technology to people. It's harder to teach them those softer skills.
And I think it's something that people constantly have to work on. But at the end of the day,
you can be the best at your job. But if people on the other end of that transaction, for lack
of a better term, don't understand why what you're doing is important or useful, they don't see the
value there.
I think being able to put yourself in the shoes of the other person,
so empathy for what it is they are going through.
I've had conversations with CISOs and I say,
so did you talk to your business stakeholder
and ask them why they won't do the thing you want?
And their response is invariably,
well, why would I do that?
And I think that is a huge, huge issue,
particularly in our career, because it comes across as wizardry for a lot of people.
They don't really understand.
They don't care.
They don't understand why they should care.
There's a quote that's attributed to a couple different people that I paraphrase.
When you speak with someone, they remember how you made them feel much more than the specifics of what you told them. And if you engage with your audience and they find you
interesting, they'll invite you back and then you have another opportunity to share something.
But if you don't engage them at that level and they find you tedious or that you're talking
down to them, they won't invite you back. And then you potentially
lose really good opportunities to communicate valuable pieces of information, value pieces
of data, pieces of intelligence, things that will help them make better decisions and be able to
understand why certain decisions are more informed. I don't like to say better or worse,
but more informed and more defensible. And I just think that, you know, sitting in front of a
technical console all the time, while that may be fun, does not demonstrate a tremendous amount of
value for the person on the other end of that relationship.
the person on the other end of that relationship.
I am definitely a lead from the front person.
When I did manage people, I only had two rules.
One, don't lie to me.
And two, don't put me in a position where my boss asks me a question
and the best answer I can come up with is duh.
I think openness, transparency,
I think it's okay to let people know that you don't
have all the answers, that you don't know everything. We're not perfect. We make mistakes.
And I'm a big believer in sharing those mistakes. And I think it's important to open the raincoat,
as it were, and let people understand that we're not perfect. We all need help. And then that way,
they feel comfortable coming to you and asking for help. And the only way really to do that is to live the,
it's to live it, right? Walk, walk the walk and talk the talk.
if you find something you love people will pay you to do it and i think that loving what you do and really getting down in there and and finding enjoyment not necessarily in every second or every
minute but you you do need to end the day feeling that you've accomplished something,
that you've done good, that you've shared knowledge. I think the other tidbit I would give, especially for cyber people, I always tell people, don't try to learn it all at once because
you're never going to be able to absorb that kind of information. So I think the key is find some
stuff, do a deeper dive. If it's something that you really like, maybe you can go
deeper still. But I always tell people, you want to focus on some different areas across the board,
but you're never going to learn everything really, I think is the point there.
I would like people to look and say, you know, that Jeffrey Wheatman guy,
the world is a better place for him being in it. And I think that's really what I try to get to. It's what I try to get my kids to think about. Incrementally, I hope the world is better. I hope people feel like they learned something from our engagement.
And I also, I don't, on the flip side, don't ever want anyone to look back and say,
you know, that guy was mean to me or that guy was inconsiderate or that guy was unfeeling or
uncaring. And I would like the world to be an incrementally better place because I was a part of
it. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
and their families at home.
Black Cloak's award-winning digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members
discover they've already been breached.
Protect your executives and their families
24-7, 365 with Black Cloak.
Learn more at blackcloak.io.