CyberWire Daily - Perry Carpenter: Turning composition into computing. [Strategy] [Career Notes]
Episode Date: April 30, 2023Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 and host of the 8th Layer Insights podcast, sits down to share his story trying different paths, before ultimately switching over ...to the cyber industry. After trying to go down the paths of music and law and finding neither were what he wanted to do, he decided to take an internship to get more into computer programming. That led him to getting his first job. After his first job, he moved onto other big name companies like Walmart, Alltel, and Gartner, and landing finally with KnowBe4. He compares his work to working with music, when he initially wanted to begin making music early in his career. He says "I think for me, when it was the kind of the connection between music and computing is that whenever you're kind of joining things together or at a, a musical scale to make chords, or whenever you're adding different, um, instruments and octaves together or timbers together to get some kind of bigger result." We thank Perry for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
Hi, my name is Perry Carpenter, and I am the chief evangelist and strategy officer for a security training company called KnowBefore. I had no idea what I wanted to be when I was growing up. I started out really, really focused
on music. I was a guy that played multiple instruments. I played keyboard, guitar, and bass,
a little bit of drums, and some experimental instruments. All throughout that, though,
there was this component where I was also very interested in technology. And so I would
convince my parents to buy me the newest computer gadgets that I could get at the time.
And this was back in the 80s.
And in all of that, I focused a lot on one of my hobbies being computers.
But it was only later on after I kind of tried a few other things in college that I realized that
computing and then specifically security was where I wanted to spend my time and effort.
I think for me when it was the kind of the connection
between music and computing is that
whenever you're kind of joining things together
in a musical scale to make chords
or whenever you're adding different instruments
and octaves together or timbres together
to get some kind of bigger result.
It is very similar to what you can do
in computing environments
when you're putting code together
and you're adding other libraries to that
or you're enabling other things
that become more than the simple components
that you've started with. And I think you do see a little bit of a symphony in the way that
computing environments work together.
So I started my college years as a music major, specifically in composition. I loved writing songs and
being a composition major and being a music major in general requires way more discipline than I was
capable of and was probably tapping me out creatively and talent-wise as well. I think I
kind of was hitting some of my limits. And as I was exploring languages and
thinking about what I wanted to do there, I had a really interesting discussion with a professor
because I was thinking, hey, after college, if I want to explore language, maybe I could go be a
linguist. And I had a professor that said, that's a great idea, other than the fact that you're
going to have to wait for somebody
to die to get a job, because it's just not a populated field. So I then looked at my happy
liberal arts degrees that I had and said, what do I do now? Ultimately, decided to go to law school
and realized that similar to music, my first choice in what I wanted to do for a master's program was way off.
And ended up taking an internship in computer programming at a company called J.B. Hunt, simultaneously starting to work on a master's degree in computer science.
in computer science. So ultimately, that internship paid off really well. I was there doing research and development, and that was like really interesting work back then. And then ultimately,
J.B. Hunt decided to hire me without me needing to complete my master's degree and just kind of pay me what
they would give me if I'd completed that. And then I got hired out of J.B. Hunt by Walmart in order
to create an email system that they plan to use in their stores and clubs and got hired. Day one
in Walmart, got pulled out of the line essentially and assigned to a very large project team creating samsclub.com because that was the very beginning of the dot-com boom.
And Amazon was a really big up-and-comer back then, and Walmart wanted an answer to that.
We finally launched samsclub.com and then got brought back over to the project that I was originally hired for, which was to write email systems for the stores and clubs.
Spent a while doing that, as you can imagine.
So that working on email was my introduction from security to identity and access management and from identity and access management to cybersecurity proper.
After Walmart, I ended up going to a company called Altel and doing more security work and getting a real love for the human side of cybersecurity that typically gets neglected.
And so from Altel, I went to Gartner Research
and focused on security awareness and training research and CISO mentorship
and then ultimately ended up where I work for KnowBeforeNow,
which is a security awareness vendor that I attract and advise back when I was at Gardner.
Adversity comes in a lot of different forms. Sometimes adversity is just disappointment that I've not been able to do the thing that I hoped that I could do,
whether that's a limiting factor with my personal capabilities or whether that is a thing that for
some reason doesn't align with whatever organization I'm working for is hoping to
accomplish or whether there's some form of thing that's totally outside anybody's control. I think adversity
comes at us all. And the way that we can get out of the potential emotional spiral that comes with
that, the way that I get out of that is I start to look at the bigger picture. And luckily for
those of us in security, there is a cause that we're working towards.
There's a purpose that we've given our lives to, which is helping to create a more secure
world through reducing risk. So it is kind of zooming out and then saying, all right,
maybe this one thing didn't work out, but how can I now move forward in a way that will help accomplish that cause?
And who can I bring alongside that can help us accomplish that?
One of my major goals here is to release a body of work and help other people so that ultimately, when you start to think about the human side of security, there is a set of learnings, a set of processes,
security, there is a set of learnings, a set of processes, a support system that will ultimately raise all boats regardless of the vendor or the tool set that people are using. I want to be
somebody who is advocating for ways that we can accomplish this that don't necessarily tie to a
vendor. And yeah, the things that I do, the processes that I help build
or the learnings that I help uncover
might be applied in a product in some way
through the vendor that I'm working for.
But in general, you can extract those learnings
and apply those in several different ways
throughout the industry
or regardless of the vendor that's there.
And I think that that's a value that many people in my role like to bring. When you're kind of in this
evangelist role or this strategy role, you are really serving something greater than the
organization that you're working for.
Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been
done. Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our
listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout. The only way to get 20% off is to go to joindeleteme.com
slash N2K and enter code N2K at checkout. That's joindeleteme.com slash N2K and enter code N2K at checkout.
That's joindelete me.com slash N2K, code N2K.