Experts of Experience - Turn Your Cybersecurity Strategy Into a Marketing Superpower
Episode Date: June 11, 2025Think cybersecurity is just an IT issue? Think again. Eden Data founder & CEO, Taylor Hersom, joins us to expose how security is no longer just about avoiding breaches — it's a powerful tool for bui...lding customer trust, boosting sales, and standing out in a crowded market.He shares why smart companies are making cybersecurity part of the brand conversation and how marketing and CX leaders can leverage security to win hearts (and wallets). We also dig into the uncomfortable truth that most data breaches aren’t the work of sophisticated hackers — they’re caused by everyday human mistakes.From the surprising details behind the Coinbase breach to the silent risks of AI misuse, Taylor pulls back the curtain on what’s really threatening your customer experience. If you think your team is in the clear, this episode might change your mind. Key Moments:00:00 Who is Taylor Hersom, Founder & CEO of Eden Data?04:39 Taylor's Journey to Cybersecurity07:49 Building & Scaling Eden Data29:53 Current Cybersecurity Threats39:20 Client Engagement and Cybersecurity as a Sales Strategy45:56 Cybersecurity Training and Human Error47:54 Leveraging AI in Cybersecurity50:32 Future Threats and Everyday Security Tips57:43 Recovering Trust After a Data Breach59:35 Building a Culture of Cybersecurity –Are your teams facing growing demands? Join CX leaders transforming their AI strategy with Agentforce. Start achieving your ambitious goals. Visit salesforce.com/agentforce Mission.org is a media studio producing content alongside world-class clients. Learn more at mission.org
Transcript
Discussion (0)
If you are a company that collects customer data, then you need to build what we call controls to be able to protect that.
Target got breached through their HVAC system.
They had an HVAC system that was connected to their corporate network.
So it's like, nuclear weapons, cyber security. This is how big of a deal it is.
Everyone knows about, don't click that bad link.
Yeah.
Now it's getting sophisticated.
It's getting pretty darn hard.
Cyber security is this constant marathon.
We're just constantly trying to stay ahead of regulations
or in the worst case of bad guys who are trying to break in.
A lot of times it's looked at as a cost center.
So how can you make the experience wonderful?
Security is fear, uncertainty, doubt.
You're going to get breached. You're going to end up on the internet.
This is just another way to earn trust with your customers.
This is a way you can boost your sales.
This is a way that you can stand out on the internet from your competitors.
The cybersecurity industry is built on trust.
Security and compliance and privacy,
it's very much a loop and not a line.
I'm talking to ChatGBT, but I'm using some sort of API
or something that's leveraging that.
How secure are these things as they stand?
A lot of customer success folks are using AI
in their everyday functions.
You have a system that you're dumping a bunch of data into
with not a lot of controls.
We still will sign customers and find out that they're uploading patient health records and financial data.
We now have this battle with China and Russia. They're all battling on who has the better
algorithms, who has the better LLMs, and we're all training it on data.
When you think about these companies, what threats are they facing currently?
What's out there that people do need to be aware of?
Welcome back to Experts of Experience.
I'm your host, Lacey Pease.
And I'm Rose Shocker, I produce Experts of Experience.
And today we talked to Taylor Hersom, the CEO of Eden Data.
Because here I was thinking, oh, AI is coming, AI is our biggest looming threat when it comes
to cybersecurity.
And that's not even the case.
Humans, humans and human error.
Yes. Still making little human mistakes.
Yes. Coinbase is a really good example.
And we got into the recent data breach with Coinbase with Taylor.
I think I until this interview, I really never thought about cybersecurity
when I think about customer experience.
I'm in the position to spend a lot of money
with some companies and give you access to a lot of my data,
a lot of my customer's data.
So learning how to communicate and be transparent
when it comes to cybersecurity
and how you protect your customer's privacy is key.
And I think not something I hear about very often.
No, people don't talk about it a lot.
And going back to, we live in the age of AI now,
what's ahead for us is a lot more deception
when it comes to fake voices, fake faces,
people calling you and saying, I'm your wife,
and it sounds like your wife, and hey, wire me money.
So with LLMs now, people are actually using ChatGPT
and taking healthcare data and
putting it in chat and asking it to reformat it as though like that's not a massive security problem.
I did not know that and he even said like the free ver- people are using like the free versions of things
and giving it all of this super sensitive data. I didn't even think about that.
I don't know that this is happening at large scale in really big companies. I hope not. I hope not.
Though I'm sure there's the person who
works from home that's on the side doing that.
But whenever you think about a smaller business or medium
sized business and what they need to look out for
and what they need to prepare for,
you do need to think about what other tools are my employees
using on the side, or what am I as a leadership team
actually using that I should not be using.
So we cover a lot of that in today's episode
about how important cybersecurity is,
why cybersecurity is everyone's job.
So I'm really excited to be able to share that today
since we haven't really covered that many
entrepreneur stories on experts so far.
True, and I love when these really impressive entrepreneurs
talk about imposter syndrome.
That was really cool to hear him talk about.
At 28 years old, he was a chief security officer
and he said it was really challenging
to the point where he left, he quit officer and he said it was really challenging to the
point where he left. He quit. And he said something really succinctly, which I liked. He said,
where there's risk, just add process. So, you know, the more people you have in your company,
the more human error there is likely to exist. So there's plenty of risk, but what do your
processes actually look like? Yeah. Yeah. And I really like that because it takes away the
assumptions of like, oh, my process is this way.? Yeah, yeah. And I really like that because it takes away the assumptions
of like, oh, my process is this way.
Where do I need to put in a security step
versus like, how do I just rewrite the processes
and make it more secure from the get go?
But before we get over to Taylor from Eden Data,
I have a huge ask for all of you.
Please hit that like and subscribe button.
It means the world to us.
And here's Taylor Hersom, CEO and founder of Eden Data.
Taylor, welcome to the show.
Thank you so much for having me.
I am excited to be here.
It's an amazing setup.
Yeah, well, I'm excited because you're our second
studio guest for this show.
So number two.
Oh my gosh, no pressure.
You told me that at the beginning.
Yeah, sorry.
Yeah, that's amazing.
Pressure to perform now.
Still honored to be here.
Yeah, of course, of course.
Well, I want to kick it off with just a description
of what is Eden Data?
Because your company is a little bit newer, right? It's a little bit on the smaller side. People may not have heard of it yet.
Absolutely.
So give our listeners a taste of what is it that you're doing.
Of course. It changes by the week, I feel like. But I did, I started Eden Data in 2021,
and it's essentially a cybersecurity firm that works with a lot of venture-backed startups,
scale-ups, publicly traded companies
in building cybersecurity compliance and or data privacy.
So we can help with anything from people that are trying to align with a specific regulation
to trying to protect their assets on the internet to aligning with privacy regulations in other
countries.
We do it all.
And then we built it to be kind of like the outsourced team.
You know how lawyers, they'll typically have in-house counsel
and then they'll outsource a lot of the technical stuff.
That's how we try to treat ourselves as well,
of being that resource to existing team members
and be the specialists that they need when they need it.
Yeah, yeah, no, that's awesome.
And I kind of want to get into the origin story of Eden Data
a little bit because I think it's very interesting.
But before we go there, a huge part of our audience
is customer success leaders, business leaders, right?
They may not be in the weeds on IT and cybersecurity.
So could you give us a definition of when
you say we help with cybersecurity, what
is cybersecurity?
What does that even mean?
Well, and for context, my background, I feel like, is arguably more on customer success
than it is in actual hands-on keyboard cybersecurity work. But for the listeners, essentially,
if you are a company that collects customer data and you're putting that somewhere, then
you need to build what we call controls to be able to protect that.
And so this could be things that are technical, having systems be scanned for vulnerabilities
and having mobile device management
deployed on your laptops.
But it can also be things like,
I just need to check to see who has access to the system
every once in a while to make sure they still need access.
I need to make sure that the person in finance
is actually getting approvals
before they're sending out massive checks,
things like that.
That's essentially what we're doing in a nutshell.
And then you have a lot of these compliance regulations
that there's optional and there's required.
So HIPAA, a lot of people have heard of HIPAA.
It's Protected Health Information,
making sure that folks aren't selling my medical data
on the internet.
And then you have optional ones.
A lot of SaaS companies out there
are aligning with things like SOC 2.
That's probably the most popular.
And that's optional.
That's like an optional certificate
that you can go put on your virtual fridge.
But it's like a security standard
that checks for all different ways
that you are protecting your customers' data
with an application that you provide to that customer.
So typically, those customers have a SaaS solution,
they're storing the data in AWS or Azure or Google Cloud.
And you give that as a means to be able to create
more trust between your customers to showcase,
hey, I care about your data.
And here's something that I went out and did
that I didn't need to do in order to prove that.
Yeah, I love that.
Okay, we're gonna dive a little bit more into all of that.
I'll make sure not to get too nerdy on it though.
But before we do, I want to talk about Eat and Data and kind of your foray into cybersecurity
because I read on Medium that you wanted to be a chef.
Oh my goodness. You went to the way back machine.
Yes, I did.
Tell me about that. How did you go from, I wanna cook to,
now I'm working in cybersecurity.
Classic, like growing up,
not knowing what you wanna do with your life.
I did love to cook.
I got great influence from my grandparents early on.
And so in high school, I took on a job where I was,
I started at Chick-fil-A,
and then I worked up to a random Italian restaurant
and then another Italian restaurant.
And by my senior year, I was a sous chef
and I was like getting out of school early
to go cook at this restaurant.
And so it gave me all this passion for cooking
and I'd come home and I'd cook for my family
and do all these cool things.
But then it quickly became a chore of like,
I love to cook and I don't want to ruin that for myself.
Yeah.
And so I'm so thankful for that job opportunity because I had applied for culinary school.
I was set on going to culinary school and then I realized, I think I like this as a
leisurely activity and not so much as a profession.
So I pivoted and then I briefly went for physical therapy before.
Yeah, I was in physical therapy and shout out to,
I went to college in University of Montana
as like a rebellious, I'm born and raised in Austin,
but wanted to get away from my family.
I'm gonna go the opposite side of the country.
How far is Montana?
How many people are out there?
It was an amazing experience,
but they make you go through business school
regardless of where you,
what you're going for in terms of degree.
So huge shout out to David Firth, my professor for MIS 270.
He was the one that said,
physical therapy is probably not the best profession.
You would be better in business consulting.
Why don't you just switch your major?
It helps that I was like almost failing all my classes.
So for going from a straight A student in high school
to going to like anatomy and biology,
oh, it was terrible.
I was so bad, so bad.
Yeah, I took anatomy in college
and that's what turned me off to,
I was gonna be biomedical engineer
and I was like, I love math, I'm great at math.
And then I sat, I remember like almost being in tears
in my first anatomy class being like,
there's just no way, there's no way
I'm gonna be able to memorize these,
there's no way I'm gonna be able to pass.
And I went straight to my, to the college like admin and I got switched to mechanical. And I went straight to the college admin
and I got switched to mechanical engineering
because I was like, okay, I don't need to know body stuff.
Yeah, like, no, thank you.
Did you have to do the cadaver as well?
No, I didn't get that far.
That's what ruined it for me.
Yeah.
No, no, thank you.
So then, okay, so you've decided at that point,
okay, I'm interested in business consulting.
Exactly.
And then how did you get over to cyber?
So that when I switched over, that was my junior year and I like going from physical
therapy with low grades to MIS.
All my friends were getting internships at KPMG and Deloitte and UI and I applied and
nobody would even give me an interview. I just looked terrible on paper. So,
I basically gamified. I went out and did all of these volunteer activities. I got more jobs. I
boosted my grades. I was volunteering at the school doing all these things and I got this
incredible opportunity to, I got a full-time offer from Deloitte my junior year. And so,
I just was like, I've never heard of Deloitte.
I've never been to Portland, Oregon, but sign me up.
This is what you go to college for.
So I signed up for that almost a full two years before I started.
And then I blindly just accepted what they gave me, which they put me in what's called
IT audit.
So essentially working on the IT controls when you're auditing financial systems for these huge companies
And I was mostly like fortune 100 life sciences and healthcare
So I was like working with those types of large enterprise companies, especially right after college
You come straight out of college now
You're like working with these fortune 100 brands to help them with their IT
Yeah, what was that like it it was a bit terrifying for multiple reasons
one of the scariest parts was that they really just throw you
right in the deep end.
And these customers are getting charged hundreds, if not
thousands of dollars an hour to put basically what I felt
like a college kid coming in there with no experience.
And they were putting me on these engagements.
And you're interacting with C suites at these companies.
And it was basically like you sink or swim.
They throw you into the deep end.
They give you the coaching somewhat,
but otherwise you're isolated on these engagements.
And it's a pressure cooker at the Big Four,
especially simply because they have so much churn
in that first two years.
You either love it or you don't.
And so it was a good wake up call for me
because I was never good at like detail.
And this was something that I, so many work papers
and you're literally auditing the financial systems
of these companies.
You better be good at details.
Yeah.
So did you end up loving it or kind of like
where was the path for you after that?
I realized I didn't answer the second part of your question
of that IT audit technically doesn't have anything
to do with cybersecurity, but there's some overlap.
So with IT audit, you're still testing what we call controls
to figure out how people are protecting
the financial systems that they hold their financial data in.
And then I got an early opportunity at Deloitte
where I was able to get on a cyber project.
And that's right when cybersecurity started becoming a thing.
Like what year was this?
2015 or so.
And so by that time you have the Target breach,
you have the Home Depot breach, you have a few.
And cybersecurity was becoming very exciting
and it was still new.
And so then Deloitte paid for all this training for me.
And so I kind of got this early unfair advantage of being able to, uh,
to jump into an industry that was just budding, uh,
still working with huge companies versus the ones we work with today.
But it gave me the fundamentals because there's so much overlap in those
industries between the audit side and the, uh, the, the cybersecurity side.
So you, we,
we explained to our customers now that you're always trying to protect yourself
either against an auditor or a hacker.
Like that's the way you look at it.
We all have to go through audits for various reasons.
And so a lot of the fundamentals are the same.
So I was actually super thankful.
It's not fun to be an auditor.
Nobody wants, like nobody likes auditors, I don't think,
but it was a good experience nonetheless.
Yeah, okay.
And so then carry me through from that experience at Deloitte to,
oh, I'm going to start Eden Data. Like what happened between Deloitte to founder of Eden Data?
I wish that I had like this master plan that I could tell you about and that I had this all figured out.
Yeah, in your college dorm room. Yeah, yeah, and that I had this all figured out. No.
In your college dorm room, you had to wait out.
Yeah, yeah, yeah.
I was no Mark Zuckerberg.
Yeah, I actually, I always used to call myself
a one-entrepreneur because I would read countless books
on entrepreneurship and I always told myself
I wanted to be an entrepreneur, but I never took the risk.
Like I never made the leap.
And so right when, in about the 2018 period, I got an early
opportunity to become a chief security officer at a company in Austin. And so I took that
opportunity, did it for a couple of years, hated it and quit my job. And I had all these interviews
and I was just thinking I was on top of the world. I was a little cocky, frankly. That was February, 2020.
And so everybody paused their hiring efforts.
All my interviews dried up.
I had just proposed to my now wife.
I had just bought a house.
It was like all of these life events happened
and then COVID hit.
And so I was actually out of necessity trying to figure out
how the heck am I gonna put food on the table?
And so I just did a bunch of research online
and found Upwork.com.
And that was for the folks that aren't familiar with it,
it's essentially a freelancer website
for all kinds of things.
You can find video editing, you can find marketing,
fractional sales.
Yeah, we use it all the time.
Yeah, okay, so it's incredible.
And it had cybersecurity opportunities on there.
So a lot of like consult me on SOC 2 basically.
And so I was just offering my time on there by the hour
until I figured out, oh my gosh,
there's a massive opportunity here.
And so I kind of gamified Upwork a little bit
to where I was offering my services for an expensive price and then dropping them a message
and saying, I'll do this for free
or I'll do this for really cheap
if you just give me a five-star review.
And so I built up like 20 to 25 five-star reviews.
And then all of a sudden,
I put out a million applications and nobody responds back
and except for the handful.
And then I get 20, 25 five-star reviews.
And suddenly, I was in a bit of a pickle
because everybody accepted at that point.
And I had all these contracts that I needed to execute on.
So it was a wild time.
But I was on Upwork for about that February to March
time frame of 2020.
And then by August of that year, I
was Googling how to start an LLC
and launched Eden in January, 2021.
Yeah, okay.
So can I jump in?
What was the worst part or the most challenging part
of being a CSO at a younger age?
Like in my head, I'm like,
oh, that seems kind of cool to be this young executive
in the C-suite, but what was the most challenging bit
that made it hard enough that you wanted to just
leave? Yeah, such a phenomenal question. So for perspective, I was 28 years old at that time,
and I just didn't know what I was doing. That was probably the most intimidating aspect. You can
find a lot of information on the internet, but someone gave me an early opportunity and I just felt like I didn't wanna squander it
for multiple reasons, but the biggest reason was
that the opportunity allowed me to be a little bit more,
I guess, public, and so I was in front of a lot of people
talking about business, and I had this very brief moment
to be able to build a brand and kind of lean in. But it was terrifying because I just kept telling myself that it was imposter syndrome.
So it was very much I shouldn't be here. I don't know what I'm doing.
And then it was a good experience for me to figure out.
I think a lot of people make up a lot of things a lot of the time.
Yeah.
And so you can do that at any age.
And so being able to understand that not everybody
has it figured out, even folks that are twice my age,
and then having confidence that, hey, I
know as much about this particular topic
or more than the person I'm talking to,
that was something that I got to figure out through trial
by fire, for sure.
Do you still struggle with imposter syndrome now
as a poundage?
Yeah.
I don't know if it's, I imagine most folks do. by fire, for sure. Do you still struggle with imposter syndrome now as a founder? Oh, yeah.
I don't know if it's, I imagine most folks do,
but even now, I'm a first time founder
and I feel like I got accidental success.
And so you're constantly telling yourself,
some days I figure out, I'm sitting there,
I'm like, what am I supposed to be working on right now?
Like, what am I supposed to be doing to move the needle?
Because I'm just throwing darts at a dartboard. Yeah.
But I think intuition goes a long way.
And then I think that a lot of people just
don't actually always know.
They're just willing to take action.
And that's a huge part of anyone's success.
Well, action and risk from that intuition, right?
I think we get stuck in these cycles of supposed to.
Like, what am I supposed to be?
How am I supposed to be presented?
What am I supposed to look like? And if you just shake that, and you're like, there is of supposed to. Like, what am I supposed to be? How am I supposed to be presented? What am I supposed to look like?
And if you just shake that and you're like,
there is no supposed to.
I'm doing this for the first time.
I'm doing this company for the first time.
I can literally do whatever.
So how about what do I want to do?
Right. Right.
And asking that question instead of,
what am I supposed to be doing?
And you get caught up in these rules
that you think society has set for you.
I think we were talking about Upwork.
Like even Upwork, when you're applying for gigs,
it only allows you to put a project
or an hourly rate in there.
And so I had to basically figure out
how can I get folks to just pay me a monthly retainer
instead of me charging my services
by the hour or by a project.
And so working around that system
and not just accepting it at face value
ended up being arguably one of the biggest game changers
for me because I started getting recurring revenue on Upwork,
which then turned into our model today because I failed
to mention this, but Eden offers our services
as kind of a subscription style service, very similar
to the companies that we sell to.
And that has been a huge difference because you have,
it's the antithesis of kind of what I learned at Deloitte
where it's like, just charge everything by the hour.
There's a finite end to everything.
You're incentivized to take as long as humanly possible.
That model just didn't work for me,
but back to the original topic here of rules
and expectations and just questioning those constantly
will take you far in life.
Oh, for sure.
For sure.
Well, yeah.
And what I like about this monthly retainer model, I find it really interesting, is because
cybersecurity is this constant marathon.
Like, we're just constantly trying to stay ahead of regulations or, in the worst case,
of bad guys who are trying to break in, right?
So like, they're not slowing down or stopping.
So there is no end to their motives, right?
So there shouldn't be no end to you being concerned or trying to, you know,
create a really strong foundation for your cybersecurity in your company.
So I think that that makes a lot of sense having this like monthly recurring model for sure.
Yeah, absolutely. Well said.
Even even on the compliance side, if you are,
we were talking about SOC 2 as an example,
if you go and you align with that standard
and you get audited against it and you pass,
that's awesome, except that that was for the last year
and now you restart.
Everything that you had to do, you have to restart it
and you have to prove on a continuous basis
that you're doing the things you say you're doing
and issue that report every year.
So security and compliance and privacy, it's very much a loop and not a line.
And so that, yeah, I like your perspective there.
So what else are you doing at Eden Data that's different than maybe how these other big firms
are doing things?
Oh my goodness.
So we very much, I came out of Deloitte with a chip on my shoulder of like, they set a great foundation for me,
but there were so many things that I just didn't love about how business was being done.
And so I tried to, a lot of what we were building, I tried to think, okay, what would Deloitte do?
Let me do the opposite.
And so the subscription is one example.
Do you have a little bracelet instead of like, what would Jesus do?
What would Deloitte do?
What would Uncle D do? Yeah.
So we also, our brand, if you go to the Eden Data website,
like we were very obsessive about not being the like,
the blues and the grays and the whites of the marketing world
when it comes to being a consulting firm.
And you have people in business suits on your website
and whatnot, it's just so boring.
And so we went with, what could we do to stand out? We may have gotten a little
carried away with that neon. But now the neon is like a big part of our brand. We send all
of our employees neon signs that they have in the background. We did little things like
that. So we very much focused on the brand and making it exciting. And then I think that
the last thing that we're fairly, that we're really proud of is just that a lot of
times security is fear, uncertainty, doubt.
It's like vendors use it to say, you're going to get breached, you're going to end up on
the internet, you better pay us a lot of money.
And we've used it as a mechanism to say, hey, look, this is just another way to earn trust
with your customers.
This is a way you can boost your sales.
This is a way that you can stand out on the internet from your competitors by saying,
look, I care about your data more than those folks do.
And so that was a big accidental learning lesson pretty early on that allowed us to pivot
and achieve success with it.
So from your perspective as the founder and the CEO, how are you thinking about customer
experience for your clients too?
Because it's like you talked a lot about brand and marketing and kind of how you set up the
company differently, but how are you actually treating your customers differently?
Oh my goodness.
We have said, I said, oh my goodness again, but I'm, I like, this is another topic that
just is so darn important to me.
I have obsessed over customer experience since the beginning because at the end
of the day we're selling a service that while it's needed, it's not very exciting. People don't care
about cybersecurity and compliance. That's actually why they hire us a lot of times. And so to be able
to make sure that they have a wonderful experience with us, I mentioned in the beginning nobody
likes an auditor. Well, nobody likes a cybersecurity
person as a close second, right? Because it's just not a very exciting topic and a lot of
times it's looked at as a cost center. So how can you make the experience wonderful?
One of the things that we do is we are obsessive about how we gauge the performance of our
employees based on the customer service that they're giving. So a lot of times you can, it's easy to look at utilization and
obsess over hours, but that's all quantitative. The qualitative aspect of
how are you treating your customers? How are they responding in
customer surveys? How are you making sure you're proactive about the things
that are important to their business and pointing that out
to them early and often. And then we do little things like making sure that we're sending new
customers gifts and making sure that we're remembering kids birthdays and trying to focus
on ways that we can be more a part of the team rather than a consultant that's just sending an
invoice every month. Those are just a few of the ways. And then the last thing I would say is that we don't have it all figured out.
We are certainly still expanding on how we're offering
customer success.
And so we are like, as we plan out for 2025,
we're hiring more customer success managers
and we're looking at new ways to be able
to touch our customers more often
without just sending them a simple survey.
So those are just a few.
What's your guys' head count right now?
Right now we're about 75 folks.
Okay, and then how many clients are you guys serving?
We have the last time,
like across all of our services,
we've surpassed the 500 mark.
Oh, like, cool.
Okay, that's a lot.
Yeah. That's a lot.
For a small head count.
For perspective,
we have our subscription style customers that are long
term.
We have our penetration testing team.
And then we also have one off services, internal audit services and implementation services
and all that fun stuff.
So then as you've grown from like, I'm on Upwork, oops, I've been off more than I can
chew.
There's way more people like coming saying yes, they want to work with me than I thought.
This turned into a business for you now. How did you go from that step of I'm on Upwork to
now I've taken them off these clients off of Upwork. I'm working with them directly.
Oh I'm going to hire my first team member. Oh now I have 75 team members. Like talk to me a little
bit more about this like scaling process. Yes. It was very, it felt during the time
that I was just making it up as I went along,
in hindsight, I think I had it a little more put together.
Like I put in a tremendous amount of effort
to make sure that I was reading as many resources
as I could and figuring things out.
But I also, back to that mentality of,
let me look at how other companies are doing it
and figure out what I can borrow and what I should avoid.
And so that was very helpful, especially early on as I was trying to define our culture and
define the people that we were hiring.
But in terms of how we were able to grow in the first place, the thing that we were able
to be successful in is I basically said the cybersecurity industry is built on trust.
And so the average business is not
going to go on the internet and say,
I need cybersecurity services, and then just hire
the first vendor that they find.
It's usually word of mouth.
And so I went out when it was just me, myself, and my dog
and tried to build relationships with a few vendors.
And so I cold messaged one of the top audit firms
out there that was doing a lot of audits and
likely had customers that need help getting ready for those audits.
They put me on the map.
They just respond after you pester them enough on LinkedIn.
They do respond.
And then-
Sliding those LinkedIn DMs just again and again and again.
And then a huge shout out to Drata.
They're a great venture back scale up that's been around for about the same amount of time
and they've just had massive growth.
But early on in our trajectory, I messaged the founders
and I just kept pestering them on LinkedIn saying,
I wanna be a partner.
I can, a lot of times with partnerships,
people are just saying, give me, give me, give me.
I want leads from you and I want you to help me.
And you gotta focus on what your partner needs
and just give, it's kind of the Gary V model
of getting free value and then they'll take care of you.
I can-
It's kind of like flipping customer experience right now.
It's partner experience.
Exactly.
I have like a great experience with my partners, yeah.
Yeah, as a, for customer experience specifically,
like you just need to obsess over what is it
that my customer needs and how can I make it happen for them?
And then your customer is gonna be indebted to you for,
that's one of the things that we figured out early,
both on the partnership side and on the customer side.
And for timeline wise, this is during COVID, right?
This is all happening. This is all during COVID, yeah.
Like you're not able to meet up in person really
with people and like build those types
of foundational relationships.
You're doing this all virtually.
Exactly, so 2021 time period is when we established
some of our most successful partnerships and they're still with all virtually. Exactly. So 2021 time period is when we established some of our most successful partnerships and
they're still with us today.
And then that was a weird part of all of this is that coming from Deloitte, where I had
to be on site every week with customers, not meeting most of my customers in person was
just such a surreal experience.
Them giving me money over the internet, that's just so weird.
But thankfully the world accepted that.
And so it made it a lot easier for someone like me
that didn't have the means in the early days
to be able to be that high profile consultant on site.
So I wanna talk more about current threats
that people and businesses need to be aware of,
especially, because you work with smaller companies,
as well as medium sized businesses, right?
Yeah, all the way up.
We have some publicly traded companies.
Wow.
Okay.
Yeah.
I think our biggest client has over 10,000 employees.
Yeah.
Wow.
So like when you think about these companies, what threats are they facing currently?
And I want to be mindful of what you just shared, which is you don't like to talk a
lot about like that.
We call it the FUD.
Yeah.
If you're uncertain about doubt.
Like you don't want to be, I don't want to lean into that too strong but I do think it's good to be super
realistic and honest about like what's out there that people do need to be aware of.
Yeah and for what it's worth the risks are there whether we want to talk about them or not but
regarding companies as a whole right now what's funny about cyber security is a lot of it is still
related to the basics so we had the the Coinbase breach last week, actually.
And if you go and you look at these data breaches...
I didn't see this.
So tell me more about that.
What happened?
Yeah.
So I read one quick article on it.
So I probably can't speak to...
Teen up rose.
Yeah, there we go.
What I found was the breach was not due to a technical vulnerability, but rather a human one.
Cyber criminals exploited the trust placed in customer support
agents by offering bribes to a few overseas contractors.
These insiders with legitimate access to customer support
tools extracted sensitive user data.
The attackers then used this information
to impersonate Coinbase representatives aiming
to deceive customers into transferring their cryptocurrency
holdings. And we're writing a LinkedIn post for it later this week,
but I can talk about a million data breaches,
Okta, the Home Depot breach, Target breach.
There's a lot that are very,
they're very much related to simple things.
And so this is not that someone had a
super sophisticated attack
and followed them for months.
And there are some cases like that.
Solar winds is a prime example here in Austin,
but most of the time it's like someone forgot
to change their password.
Someone didn't enable MFA.
Is it really that simple?
Yeah.
Someone didn't get removed from a system.
Target got breached through their HVAC system.
Like they had an HVAC system that was connected
to their wifi and then they were able to,
or not their wifi, but their corporate network.
And they were able to compromise through that.
So the focus a lot of times is starting with the basics.
And we're still in this golden age
where security isn't viewed as valuable
as like marketing or finance.
And I think it'll get there,
but it's certainly not there today.
And so you don't usually get as much funding for it.
A lot of people just kind of ignored it.
I mean, just last, in the last two years,
there were not even half of the Fortune 500
having CISOs on their staff.
And so the world's still catching up
that cybersecurity is important. So focusing
on the foundational stuff already makes you a smaller target. But also, like specifically
is AI right now with the the boon of AI. A lot of customer success folks are using AI
in their everyday functions. And so with that, you now have an LLM, you have a system that you're dumping
a bunch of data into with not a lot of controls, like we were talking about controls before.
And so there's a big uptick in how do you focus on the cybersecurity behind these AI
functions that you're using to ensure that you're protecting the data that's going into
it because it's a whole different ball game than how we were doing business before.
Well, now I'm thinking about like even chat GBT,
like the amount of stuff, personal stuff
that I've put into GBT to help me like solve my life, right?
You know, you're like, oh man, I hope no one sees this.
But that's not even business stuff.
That's not actual like healthcare information
for someone or whatever, right?
But it's the same, a lot of these companies
are using the same kind of foundations. Yes. These LLMs.
Right. So it may not be I'm talking to chat GPT,
but I'm using some sort of API or something that's
leveraging that.
Right.
So, yeah. Like, how secure are these things as they
stand?
Well, first of all, I would I shout out to you for
understanding that that
at least for for chat GPT, like you're not you're
not just going and uploading massive amounts of health records records. Yeah, unfortunately a lot of people are really
Yeah, you with with chat GPT specifically of multiple subscriptions
So if you look at the fine prattling free version that data is is at
It's accessible to that company and you can use it however they want
But we still will sign customers and find out that they're uploading
it however they want. But we still, we'll sign customers and find out that they're uploading
patient health records and financial data and they're saying, oh, can you organize this in a table? Well, you're uploading the original file of these poor people's dates of birth and social
security numbers and such. So a lot of times it's simply just not understanding the value of what
you're uploading and then not having any kind of controls around who has access to that.
So I would like to think that OpenAI specifically has a lot of incentive
to make sure that they are not ending up in the news.
And so they're going to throw massive amounts of money at security.
But then a lot of these startups that are just adding AI functions,
I mean, we went through this
whole last year, probably every SaaS subscription you have contacted you and said, hey, we have a
new AI function. Yeah, 10 times. Yeah, exactly. And so the protection behind that, it's the wild
west right now. People are just blindly doing it because they're focusing on capitalism first,
which makes sense.
They have to operate as a business, but figuring out how do you protect that?
There's the implications of, of course, personal data.
And then there's also the implications that we deal with, with like nation state risks.
We now have this battle with China and Russia and the USA.
They're all battling on who has the better algorithms, who has the better LLMs, and we're
all training it on data.
And so now it's who has the better data set.
And so being able to protect that data
so that you're not giving a leg up to a nation state
that has implied that harmful intent,
like things like that,
adds a whole new element to all of this.
Well, I mean, and speaking of the stakes,
like what's at risk with cybersecurity,
we have another podcast called Big Ideas Lab.
Oh yeah.
That we talked to folks
at Lawrence Livermore National Laboratory
and they work with nuclear weapons.
Oh my gosh.
Like, you know, like, okay, this is like a,
this is a national security issue.
Like, so something we have to be prepared for
and like look out for.
But every single person we've talked to
also talks about cybersecurity.
So it's like nuclear weapons, cybersecurity. This is how big of a deal it is. It's not just
this small little, oh, like something bad could happen. Like we've got sci-fis on sci-fis on sci-fis
being released about what could happen if a China or Russia can get ahold of our security systems
and break in. Right. So like, and that kind of stuff is happening. So, so it is, it's, it's
interesting because like from a military standpoint,
we are like, I think well-prepared,
or we try to be at least,
and we're definitely talking about it.
But at the business level,
which from like a China or Russia perspective,
they still wanna get that information from the businesses.
It's not just from the military.
Like there's plenty of valuable stuff
within a small company that they might want.
So it is interesting to me that like we paid
such big attention from a military standpoint
to cybersecurity, but then like as little
individual companies, we have not been doing that.
We're not putting enough money there.
We're not planning enough for our head.
Like something that I definitely wish more people
would think about.
Very well said.
They have these 10 person startups out there
that have this intellectual property.
That's their entire
business.
And it's extremely valuable.
So passing that off to China or Russia, you're just giving them an unfair advantage.
So it actually just becomes more applicable.
Or your competitors.
It may not even be like these states outside of you, right?
It could be like, oh, other business over here that's also trying to make a business
that's similar to mine.
If I'm putting in GPT this idea that's novel,
now suddenly it's out in their data set.
So now it's not really hidden or novel anymore, right?
Like, so from an IP perspective, it's a nightmare.
Exactly.
And from a different example, what was it?
Three, four weeks ago, Portugal and Spain,
they lost power across the entire country.
Oh my God.
And they're still speculating on what happened.
And there's all kinds of theories around malfunction.
And I don't want to imply that I know everything about what happened there,
but just think about if that were a lot of our infrastructure has very basic function in general
and not a lot of protection from a cybersecurity standpoint.
Well, it takes a lot of time to upgrade it.
Yeah, starting to figure that out.
So taking down the power for millions of people like that
on a whim, again, not implying that that was a cyber attack,
they're still speculating, but that's terrifying.
Yeah, I remember I think it was a year or two ago
and like the AT&T towers went down for no reason.
Do you remember this?
And like there's still no explanation released
about like what happened.
And I didn't have, I have AT&T,
so I didn't have phone connection for a whole day.
I'm like, no one's gonna tell me what happened,
no one's gonna own up to something,
we never covered this.
The impact is insane.
The CrowdStrike update that went wrong
and took down all the airlines.
Oh yeah, yep.
That's crazy to me.
And then, yeah, it's just, it's nuts.
So the stories are in this here
I am doing for your uncertainty doubt but
back to your original question of risks a lot of it really is foundational so I do think that
That the we talk about all these articulated attacks and sophisticated rather and in reality
It's a focus on the basics and it sets you apart quite a bit
Yeah Rather, in reality, it's a focus on the basics and it sets you apart quite a bit.
Yeah, so whenever you're talking to new clients
or people you're already working with,
how are you positioning this to them?
What are you saying, hey, this is what you need
to be prepared for right now,
this is what you should be prepared for in a year,
here's how we can support you
and what you can do to actually solve this.
Because I don't wanna just leave our listeners at,
there's this problem, so get a cybersecurity expert. But how should we be thinking about this? What can we actually solve this? Because I don't want to just leave our listeners at, there's this problem. So get a cybersecurity expert.
But how should we be thinking about this?
What can we actually be doing?
So we have this principle at Eden Data
where it's very much focusing on when a customer comes to us,
we have to assume that they don't always know what they need.
And so a lot of times with security,
a company will get contacted and say, hey, I need anti-malware
and they'll sell them anti-malware.
But we are focusing on,
let's actually talk to them
that knowing that this is not typically a topic
that people understand deeply,
why don't we understand more about their business,
understand what they're trying to accomplish,
understand why they are asking for,
what they are asking for.
And then oftentimes the goalpost moves.
And so in our sales discovery calls,
we don't have presentations. We don't send them a huge pamphlet on all the cool things
that we do. We just have a business conversation. We trained our sales professionals to be able
to ask questions about what do you do as a company? What countries do you operate in?
Who is your customer base? Are you selling B2B? Are you selling B2C? Figuring out some of those foundations.
And then from there, we're able to advise on, hey,
this is actually what I think you need to align with.
And again, it's crazy how many come through asking
for one thing, and we pivot them to something else.
Or we tell customers, hey, you actually don't need us.
You actually don't need this for X, Y, Z reasons
because this landscape is so hard to navigate.
There's so many freaking acronyms.
It's ridiculous.
So that's kind of our approach to a lot of this.
And it's worked out really well
because if you can tie cybersecurity and compliance
and privacy to a business strategy,
then you suddenly have buy-in from CEOs and CTOs and people that don't normally care
about security as much or prioritize it.
So what's interesting to me about everything
you've just shared there is first off,
the sales strategy is brilliant.
Because from a customer standpoint,
we're talking about customer experience,
oh, you actually hear me, you're actually listening,
and then you're actually giving me something
that's gonna solve this problem that maybe I didn't even yet identify was my pain point, but now you've helped me. You're actually listening. And then you're actually giving me something that's gonna solve this problem
that maybe I didn't even yet identify was my pain point.
But now you've helped me kind of figure out,
oh, this is what I need, right?
Or, hey, we actually can't do that.
But here's maybe someone else that could do this thing,
right?
So you're like actually listening.
So from a customer experience standpoint,
I think that's brilliant.
I wish more sales teams would do that
versus the like 60 slide deck of all of our features
that is probably like a bunch of acronyms that no one understands anyway,
cause they're not the expert in security. Um, so I love that.
Just want to commend you guys for that.
And the other thing that you mentioned around helping tie the cybersecurity to
to helping tie cybersecurity to like this executive leadership, right?
You're actually helping people tell the story, right? So you're helping your training, your sales team on like storytelling executive leadership, right? You're actually helping people tell the story, right?
So you're helping, you're training your sales team
on storytelling, hey, this is how you present
this to your leadership team to get buy-in.
Here's why this is important.
And I think a lot of cybersecurity companies,
IT companies also struggle with this.
It's really hard to bridge the gap of like,
here's this technology that you definitely need,
and here's how to tell the story in a way
that executive leadership would actually
hear you on why you need that technology.
Exactly.
If you're selling cybersecurity, a lot of times
it's a CTO or the head of DevOps or a CISO
or someone that speaks this language that you're initially
selling to, but everybody needs to buy in on this.
And we're all speaking different languages around security.
The CEO does not care about security in the same way that the CISO does.
And so being able to interpret that Pig Latin in a way that they can understand and that
they can apply to their metrics is quite important.
And then also having more than you touched on just our particular sales strategy related to customer experience in buying.
One of the things that I very much was surprised to understand
as I advise more and more companies
is that sales and customer experience are oftentimes
not tied together at all.
Yeah, I know.
And so then suddenly, you're selling them one thing
to try to get what you think that they need.
You're trying to meet the quota.
Not to mention, get your quota, get your commission, and then you hot potato that over the fence
to customer success that's trying to put a square peg into a round hole.
And so having equal incentive for both parties to be able to work for the entire life cycle
of a customer just seems like a no-brainer, but it's a minority approach for a lot of
our customers that we talk to.
And I advise various companies on it.
And it's just wild to me because at Eden, we make sure that the sales team and the customer
experience team are the same team.
How do you do that?
We have them, sorry, they're the same department.
And we make it to where if a customer is not sold something that they are happy
with and retain with us for a long time, then both people suffer.
But then if they, sorry, that's a very blunt way to put that.
Yeah, yeah, suffer is not the right word.
Come with us and you will suffer.
So we make it to where both parties are incentivized for the success of the customer, both today and a year from now.
And so a lot of sales teams specifically
will not benefit the sales rep when they do a renewal.
For example, that seems so silly to me.
Like there needs to be some kind of buy-in
that you as a company as a whole,
when you're trying to sell trust on the internet
and build trust, that everybody
is bought in on that and everybody is showcasing that to the customer.
So if you've touched the customer, a lot of times a salesperson has the relationship and
they can collaborate with the customer success manager or customer experience leader and
be able to add value and help the CX leader to meet their numbers as well.
It's just something I'm very passionate about
because I don't understand why it's not structured
that way more often.
Yeah, I don't get it either.
And this is where something that I've said a lot
is that experience is everyone's job.
So customer experience is literally everyone's job, right?
Which while I was preparing for this interview,
I was thinking about how cybersecurity
is also everyone's job, right?
Like from the per, anyone that's connected
in your system in any way,
we just talked about Target with the HVAC, right?
Like everyone needs to be trained on that.
And I think, well, at least what I've seen happening
with larger companies is that cybersecurity training
is like a 15 minute video that you watch on onboarding.
So I am kind of curious, like,
how are you helping companies
teach their employees about cybersecurity?
Yeah, so I actually have a pretty non-traditional approach
to security training in general, simply because of being
in this industry long enough, what I've figured out
is that humans make a lot of mistakes.
And so this is not something that interests us.
The cybersecurity is not the most exciting topic.
We talked about that already.
But how can we remove the risk from,
like how can we remove the human to remove the risk?
That's the focus that we do.
And so we do do cybersecurity training.
It's the requirement for various compliance regulations
and standards.
And so people have to watch a video,
we'll do live trainings, we'll do a more interactive.
We try to gamify things like a tabletop exercise
and it's like your laptop was compromised
and or you left it at a Starbucks
and it had all this big PHI file on it, what do you do?
And then we throw in different scenarios,
we try to do that and make it more engaging.
But at the end of the day, this is not like something
that someone's gonna get super fired up about in general. But at the end of the day, this is not something that someone's going to get super fired up about
in general.
So how do you remove the human and create
what we call automated controls as much as possible?
So things like access management,
you can manually go and review your users in a system
and say, OK, John Smith here shouldn't be in here anymore.
That requires a human to log in and look at all the users.
Or you could just do what's called just-in-time privileges,
which is like you give someone temporary access and it expires.
And so they need access to this system temporarily
to do their job function, and then it expires.
They can't get back in, so therefore that account
can't get compromised.
That's how we treat.
We basically remove the awareness part in some cases because we just think that humans should focus
on the things that we're great at
and take away the nuisance that is cyber security.
For sure, I love that.
I love that perspective.
So are you guys using AI?
It sounds like you're using automations,
but how else are you guys using AI to support that?
We are, yeah. So we're using AI? It sounds like you're using animations, but how else are you guys using AI to support that? We are, yeah.
So we're using AI in a couple of different ways.
So we leverage a lot of, there's a lot of amazing tools
out there that are built by great companies that
are incorporating AI to be able to identify threats faster,
to remove threats.
One of the biggest components of our industry
is a lot of threats are false positives.
So you get so many events happening on a system
and it was humans scrolling through that before.
And so a lot of people offshore that to contractors,
which creates its own set of risks.
Yeah, it's still human error potential, right?
But AI is getting better than humans at this.
And so being able to just sift through and say,
hey, I should actually pay attention to,
I just suddenly, our CEO logged in to our financial systems in India,
and I'm sitting right next to him in Boston,
those kinds of things, being able to focus on those.
And then also creating, on our end,
we have all these wonderful cybersecurity professionals
that we usually hire pretty experienced
rather than out of college.
And so as you master your craft, you want to work on exciting things.
You don't want to be sifting through a bunch of monotonous work and work papers and policy
building and such.
So we focused heavily very early on on how can we remove the monotonous stuff, the things
that we're not even, we can't even argue that our employee would be better at than
AI, for example.
And so we've built a lot of tools
to streamline processes internally
so that we can do things like project management
and tracking our time and other productivity elements
in order to give a better experience to the customer.
So it's not just for cybersecurity,
you guys are using them, yeah, for your employees.
How do I get my employee back some time
so they can focus on this thing
that's actually more interesting than logging time?
Or inadvertently give the customer a better experience. So we split in how we look at
AI. There's certainly other ways to leverage it, but those have been the big impact areas
for us in the last year or so.
So as we think about AI as we're moving forward, and so let's say I'm maybe a small business,
right? Like maybe I've got 500 employees. What do I need to be prepared for in terms about AI like as we're moving forward and so let's say I'm a maybe a small business right like maybe
I've got 500 employees. What do I need to be prepared for in terms of security and the things
I should look out for in the next couple years as AI improves? What are you kind of preparing for?
Oh my yes so the the biggest threat that we're we're seeing right now is just figuring out
uh fiction from reality in terms of like like phishing emails everyone knows about.
Don't click that bad link.
Yeah, they're getting sophisticated.
Now it's getting pretty darn hard.
And so you can't expect for humans
to be able to pick up on that constantly.
And so there are a lot of great tools out there
that will pre-scan the links in every email and such,
check the attachments, that kind of stuff.
Those have been out for years.
And companies don't use them,
they're getting more affordable.
And so any size company should be adopting things like that.
I try to look at the biggest risk areas,
that's a big risk area.
The other one that we've seen,
we've seen a few sophisticated attacks around
being able to train AI to sound like an executive
and then try to get...
Or your daughter, like, I need money, mom.
Oh my gosh.
They've done that.
Yes.
I mean, they've been doing that for years.
One of my big inspirations for cybersecurity, my poor grandmother got a call and sent $8,000
in cash thinking that I got arrested in Wyoming.
And we were able to get the cash back, thankfully.
But that stuff's been happening for decades at this point.
But now there's no way that my grandma could pick up on it
when they take a video of me speaking on LinkedIn
and make an AI version.
It's just, it's terrifying.
And so being able to have awareness
that these things are happening
and adding again, back to the word controls,
like for, I wish I didn't have to say this, but there are a lot of companies out there
still where the founder or some executive has full power to just transfer money whenever
they want.
Yeah.
And so being able to have some kind of checks and balances, no matter if it's like we have
checks and balances at my company and I'm the only founder, like there needs to be multiple
checks and balances on,
okay, are you sure you wanna make that wire?
What is this for?
Validate in a few different ways, that sort of thing.
Just adding process where your risks are.
Those are the biggest areas that I would say to focus on.
And then just focusing, like we've talked about standards,
SOC 2 and ISO 27001 and all these cool standards
that are fairly easy
and getting more affordable to adopt in general.
And those are great ways to not only make you look good
to your customers like we already talked about,
but it's also just setting a baseline for yourself.
It's like a workout routine.
You're starting with the basics, those are great basics,
and they allow you to incorporate a lot of controls
into your environment that allow you to stay on top of
at least
the big areas of risk.
Yeah.
You mentioned a little bit earlier
that a lot of these breaches that are happening
are from things that are just small and could be prevented.
So any basic tips from that standpoint of change
your password this often, things that we probably as a team
need to hear, because I know that like,
shout out to our CEO Stephanie, who's upstairs right now. We've been using the same password to log into our accounts
for like three years.
So what's your like basic tips for people?
It's gonna seem so basic to probably most of your listeners,
but multi-factor authentication is a game changer.
Just being able to have multi-factor authentication,
that's easier than ever to set up.
If a software solution that you're using today
doesn't have MFA at this point, that's a problem.
You should get away from it.
That's like, it's par for the course now.
And so then password managers,
like there's so many password managers,
you can get free versions.
I don't recommend you do a free version,
pay the $5 a month or whatever the case,
or use the one, iPhone has an incredible password manager.
Just using that and stop saying the name of your dog
and the year you were born and exclamation point.
Just using randomized passwords goes a tremendously long way.
And then the last thing is just doing a general audit
of your, this is on the business
side and on the personal side, people forget what they sign up for and they forget what
they're using.
They forget to figure out what software solutions are being used and what's being uploaded into
it.
And I know it sounds tedious, but even just taking one application a week and saying,
do we still need this?
We're getting charged for it every month.
And sales just imported this into our sales force.
And now we're importing all of our customer data.
Like there's a lot of that shadow IT floating around,
both in our professional and personal lives,
just going through and cleaning that up.
It was such a long way.
I need an AI tool that does that.
And it's like, hey, by the way,
Lacey, are you using this subscription that you signed up
for two months ago?
Yeah.
Right now it's our CFO who angrily Slack messages me and is like, are you still paying for this?
I'm like, oops, sorry.
It's a great idea.
There's a couple of tools that will scan your QuickBooks and whatnot and say, are you still
using this?
That's what I need.
But yeah, as you get bigger as an organization,
there's just so much that slips under the rug.
Yeah, yeah.
Is there any like quirky non-traditional thing
that you do just as a consumer to protect
just with everything that you know
about what's going on in the world
in terms of cybersecurity?
Ooh, putting me on the spot, quirky.
So I definitely do all of the basics.
I, in terms of...
I saw something recently, I forget who it was, but he talked about as just turning off
your phone once a day and turning it back on.
Same with your laptop.
I do do that.
I forget that that's not typical.
Yeah, it's not typical.
That's a thing.
I had no idea.
The other one, love my wife to death,
but I have her use a shared password manager
that we have that I can force her to use password manager
so that she's not just using the name of her dog
and she's been using the same password for decades.
That's my husband.
Yeah, being able to not take control,
but be able to just, not take control,
but be able to just kind of force some controls on her
of like, hey, these are some things we're gonna do now
as a family.
That's another, I guess, quirky thing that I do.
So I'm trying to think of if I have any other tips
and tricks up my sleeve.
Or are you super analog in any ways,
like with all the vulnerabilities that you're aware of?
Are there certain things that you just you don't keep online or that you think other people
shouldn't despite the obvious? Yes, I'm not very big on social media. I have social media accounts
but I don't post a lot on my personal life on social media excluding LinkedIn. So LinkedIn,
I'll do the professional stuff all day, but personal, I don't even know
the last time I uploaded to Instagram.
That kind of stuff I've been kind of private on.
And then now I really encourage my friends
that have kids to be very mindful
of when they're putting things on the internet,
just not making it public.
That's a pretty, another control example.
It's like just going through and cleaning up your friends
and making sure, does everybody that sends you
a friend request need to be your friend?
That sort of thing.
Because we won't go into the details
but the risks are great there.
Of course, yeah.
So yeah, great question.
The question I have now is imagine I'm a Coinbase
or a Target or whatever, how do I recover trust
with my customers after something like this?
Oh, my goodness. Yes.
It's oversharing is probably going to be the best strategy.
This is purely my opinion.
But when you when you damage your brand like that, it doesn't matter.
All of the complexities behind it.
I think that one one way to not do it is like Uber back in 2016.
They they had a lot of sketchy stuff going on
with their data breach and the CISO being federally charged.
But Uber threw him under the bus
and didn't take any ownership
when there was a lot of skeletons in the closet
related to how they were funding cybersecurity,
how they were treating the importance of cybersecurity
internally as a culture, all of that.
And so taking the approach of, oh, this was one person's fault and not the company's is
a silly move in my opinion.
Sure.
Yeah.
So basically coming out and apologizing, which it's crazy that I have to say that, but you
can go look at a fair amount of data breaches.
They just try to dismiss it and say, it's not a big deal.
This data is not that valuable. Customers don't understand this stuff. A fair amount of data breaches, they just try to dismiss it and say, it's not a big deal.
This data is not that valuable.
Customers don't understand this stuff.
Any data breach, anything, even your shopping habits on Amazon, people are going to say,
they're going to have a knee-jerk reaction that this is important.
Coming out, apologizing, saying exactly what you're going to do, exactly what their risks
are, and then sharing with them periodically.
Like, hey, this is something else we incorporated. Here's some more things that we're doing to invest in your security.
There are great companies that have done that in the event of a breach. I think CrowdStrike
handled it quite well, for example, but Coinbase should absolutely be doing that over the coming
months and not turn it into like another Equifax situation who's now been breached multiple times.
Yeah.
What a joke.
Yeah, or Wells Fargo. Oh my goodness, yes.
Yeah, so for like larger companies, how are you thinking about or how do you,
what advice do you give to larger organizations on how to instill this culture of cybersecurity and
this like mindfulness with what you share and how you're keeping data secure?
So I have two answers to this.
One is the element that we talked about at the beginning
where using security as a sales function, as a brand builder,
you can never be too big for that.
There's a lot of companies that I've seen
that take on this approach of we're so big
and anyone will do business with us,
our brand's too big to fail.
And it's simply not true.
Like we can talk, we were just talking about Coinbase,
for example.
And so going and investing in security
and then bragging about it on the internet,
there's a lot of cool companies out there now
that allow you to build basically like a security page
on your website that just talks about
all the cool things you're doing.
And so we build that for every single customer now
and even our largest customer, simply because it's a great way
to just put an additional merit badge on the internet saying,
look, we're doing all of these things to invest in security.
But then that depicts a culture externally and internally.
But then you also have to realize that especially for a large organization,
most people there, whether you want them to or not,
feel like a cog.
And maybe that's a belittling term.
I don't mean it as such, but it is certainly a,
it's such a massive company that they're not gonna have
the same buy-in as the CEO, for example.
And so how can you incentivize them with the carrot
and not the stick, right?
The stick is that if people are failing,
right now this happens every day at enterprises,
someone fails a fishing test,
and then they have to go through this horrible training
and they're bitter and resentful,
and it's just not a fun experience for anyone.
Oh man, this makes me feel stupid.
Exactly, yeah.
So I think the education element is still important.
There's tools out there that can just prevent this
from happening altogether, and so investing in those,
but then also rewarding people for reporting links
that are suspicious and knocking out optional trainings
on security.
Like there's a lot of LMS platforms,
learning management systems out there
that give trainings on security.
And there are some weirdos like me that love this stuff
and work likely at your company.
And so it's like, how do you incentivize those people
to want to care about this?
Because then they're gonna be the evangelists to others.
So creating these little champions in your organization
by rewarding them is something that very few enterprises do.
And we really try to encourage it simply because no matter how hard you try,
people are just not going to just wake up one day and be like, man, I love security.
Well, I think if you kind of mesh it with their personal perspective as well,
like, by the way, this is information that you can use in your personal life.
Like if you're a cog, quote unquote,
in a machine at one of these really large organizations,
I may not care fully about like, I may not feel like I have ownership fully in this company,
but I'd have ownership in my own life.
So if my education helps me personally,
I think people would be more likely to put that cap on
and like be eager to learn than if it was just,
oh, this is this small little thing
that maybe will help this big company
that doesn't care about me.
I love that.
There's so much overlap between your professional
and personal life anyway, when it comes to security.
You gotta protect passwords no matter what.
You gotta keep data private no matter what.
Those things are constants.
And so I do think that if you, even little things like,
we have one customer that just pays for the password managers
for an entire family, for any employees
and their dependents basically.
Oh, that's smart.
Little things like that is a small expense for them in the grand scheme of things.
Well, yeah, because if you think about it, if I can weasel my way in with the husband,
you know, like, and get some information there, then it isn't too far to say that then, oh,
the wife who works at this big company, maybe I can get information on her, what she's working
on.
Exactly.
Yeah, it makes total sense.
If his laptop's compromised and connected to the same home
Wi-Fi as hers, there's a risk there.
What about security for the security cameras
that you have, like the Ring doorbells?
Oh, yes.
I've heard crazy stories about people hacking into those.
The internet of things, they're so commoditized
that it's almost impossible not to want to use them.
People want security around their home.
But the problem is that a lot of those cameras
are coming from China and a lot of them are also
just small companies that are not investing in security.
So going and looking, like the rings of the world
are actually big conglomerates that rings now owned
by Amazon, they are incentivized on security.
Same with Apple, same with Google.
They don't want to end up in the news as compromised.
And so you're taking a risk-based approach here
of would I go with Ring or would I go with
some little startup that just came out with security,
what's that one?
There was one that I, I'm forgetting the name,
but it seems like every week there's like a new
internet of things style startup. Well, and you think it's a small name, but it seems like every week there's like a new internet of things style.
Well, and you think it's a small company, but then it's actually owned by Amazon.
Like I think it's Waze.
Oh yeah, yeah.
Or Wyze.
Yeah.
W-Y-Z-E.
Right.
That one is actually owned by Amazon.
They've got a weird strategy.
Yeah.
And you're like, Oh my God, like I'm at Home Depot.
I'm like, which one's most secure?
All three of the brands, totally branded different.
All of them owned by Amazon.
Yeah.
Okay.
One easy thing is just to look up
where their headquarters is.
I hate to say it, but if it's based in Russia or China,
then you have to, like, what is it worth at that point?
And so, just a US-based company
that has a pretty big presence
is how I recommend.
But to answer the question succinctly,
I don't tell people to not use cameras.
I would love, like I'm nerdy and have a closed system
that only I have control to
that's not connected to the internet.
But I don't think that's realistic.
You have like a panic room
where you've got the security system set up.
I wish I was that cool.
Maybe one day, yeah, yeah. I love that stuff just from the tech standpoint. I don't think that's realistic. You have like a panic room where you've got the security system set up. I wish I was that cool. Maybe one day. Yeah, yeah. I love that stuff just from the tech standpoint.
I don't think anyone I don't think I'll ever have to use it,
but it's just awesome to be able to nerd out on that
and build like the most secure home network system and such.
How secure is home Wi-Fi?
Like I've got Google Fiber.
Yeah.
Yeah.
So you have mostly the the routers themselves and the modems.
Like a lot of people today will rent their modems from their internet service provider.
I don't recommend that simply because you're inadvertently just sharing all your data with
them.
And so that data ends up somewhere and then they have to be able to protect it.
It doesn't matter how big your ISP is.
I don't like that idea of that.
But then the Wi-Fi routers and modems themselves,
a lot of folks are still buying those from China and Russia
and such, mostly China, not Russia in that case.
But looking for a US based company again
and looking for ones that come with security plans.
Just like you'd be appalled.
My parents included were running the,
they were rocking the admin one,
admin one username and password of their router.
Anyone can go connect to that.
So that's not what you wanna do.
So just getting a basic like Netgear and Motorola,
they have some like, their cybersecurity,
not compliant but versions, the Nighthawks
and they give them all these cool names.
Oh my gosh.
I highly suggest like paying the extra 20 to $120
to get something that's- I would just do that for the name.
Like I've got a Nighthawk watching over me every day.
I mean, it looks cool too.
It looks like a frigging spaceship.
Yeah.
Yeah.
Awesome.
Okay, Rose, any lightning round questions to wrap up?
Welcome to the lightning round, Taylor.
Oh dear.
I'm going to throw a few questions at you.
I love it.
You can skip if you don't have anything for it.
What's one cybersecurity myth that you wish could just die already?
Ooh, besides that all hackers wear hoodies. I think that the other myth is that there's always the
intention of wanting to steal data. The intention for cybersecurity, you have basically like
three categories. You have like the capitalistic side of wanting to make money. And so you
have ill-intenders that are wanting to steal data and sell it. You have the nation-state side, which is like causing strife and causing pandemonium.
And then you have folks that are literally just interested in security and are going
and trying to break things on the internet to test their skills.
And so being able to understand what your threats are and why they are threats is quite
important. That's a myth that I feel like people still to this day
just think everybody is some person in their mom's basement
with a hoodie on.
And it's a little more complicated than that.
Sort of speaking of,
is there a movie or show that you've seen
that's felt the most realistic to you?
Oh.
Mr. Robot?
Mr. Robot? Mr. Robot for sure. They brought in a
famous cybersecurity expert to consult on that show and he wrote the whole
first season. I have not seen this. It's a good show. That one's pretty
spot-on. The one that terrified me the most was, goodness gracious, it's on
Netflix, it's Ethan Hawke and Julia Roberts.
And-
Oh my God, yep, I'm looking it up.
Kind of a weird style for filming,
but it was such a great eerie movie of them escaping,
I think to the Hamptons when a cyber attack-
Leave the world behind.
Leave the world behind.
Oh, that one, yeah.
Really, really, that scared me pretty bad.
Cause it's this realistic, realistic,
I'm saying realistic cause it seems realistic depiction
of like what would happen if you just sort of knocked
everything out.
Yeah.
Right.
And didn't the Obama's help write this one?
I think they were maybe producers.
I think so.
I'll have to check that.
But yeah, very creepy.
Do you have the shipping container that that happened?
Like those, what was the company?
Maersk, was it Maersk or
this happened back in 2018 with the not pet yet attack of our entire shipping
industry basically shut down overnight because of one bad piece software and
costing billions of dollars planes falling out of the sky movie Tesla's
there's like one white Tesla's just all running into each other.
Yeah. Wild movie.
OK, moving on.
What's to a light heart, more light hearted question?
What's your favorite nerdy gadget tool or productivity hack?
Nerdy gadget tool or productivity hack.
Oh, I really love OK.
First of all, shout out to whoop.
I have their newest whoop band, and then it just makes me obsess over my data,
and then I get overwhelmed,
and then don't do anything with it.
But I like to have the option.
Yeah, exactly.
And today they now have a medical grade version,
which does a few, it's got like,
now you've got EKG or ECG,
I get those mixed up and blood pressure
and a few other things.
So I really like that one.
Doesn't it give you advice too though?
It's like, hey, based off this,
this is how you should be behaving
or cut caffeine at this time or whatever.
Exactly, yeah.
Super practical.
It gives you a recovery score
that's kind of like mind boggling
as you say, oh, I got eight hours of sleep
but my recovery score is like 20.
Garmin has a body battery,
which is like the same thing.
And you're like, oh my God.
It's incredible.
I slept for eight hours, but I guess that glass of wine
that I drank right before I went to bed really affected.
And I wonder how much of it's placebo of like,
oh, well it's telling me that my recovery is at 20%.
So therefore I feel like crap.
I feel like crap, yeah.
And then I love my Remarkable tablet.
Yeah.
I've been supporting Remarkable since the beginning.
I love their stuff.
I'm obsessed.
I really do think handwriting things helps me retain information. Oh, for sure. Oh love their stuff. I'm obsessed. I really do think handwriting things helps
me retain information.
Oh, for sure. Oh, for sure.
You're building a SEAL Team 6 of security pros. What quality is non-negotiable?
They have to bring their own batteries. That's something that we say a lot at Eden. It essentially
just means like you have to be able to bring your own energy and you have to be excited
about the things that you do both professionally and personally.
And I don't mean like, I'm not like so concerned about the personal side, but I think that
a lot of your work-life balance ties together.
And so having people that are positive and bring a lot of energy to conversations is
important but more importantly is having people on the team that constantly need to be
reassured and constantly need to be uplifted, it becomes a cancer. It's just unfortunately,
you have to always be juicing them up and you're inadvertently giving your own energy for that. So
we look for that in interview processes and I'm usually the one that will do the interview that decides the
battery element.
And we've had people make it all the way through and then I say, nope, this is not it.
So how do you kind of like sniff that out, I guess?
I think it's about the only thing I'm good at.
For interviews, I'm terrible at taking notes.
I'm terrible at following processes, but usually I'll just start asking questions around their
personal lives and saying whatever you're comfortable with and getting shifting topics pretty frequently and
and then figuring out how they respond to all these different things and and getting them to.
I don't love when people are like crapping on their previous employer, for example, and asking
people like what is something that you're obsessed with right now? If someone does not have an answer for me,
that's not a good look either.
It's like, I want people that are passionate
about things that they do outside of their work.
And so those are all little things that I look for.
But the energy level is like fairly easy to pick up on
very early on in an interview.
And one thing I've gotten better on
is like ending interviews early
if I feel like someone's not got the batteries or if they do like there's people that I'll talk to
for five minutes that you have the job. I think that that's such an important quality.
I had a lot of misses in the beginning on hiring. Everyone does. Yeah. But that one has been tried
and true for us the last two years especially. What's one mistake that you're glad you made?
I actually look at leaving Deloitte as early as I did as a mistake and that worked out really,
really well for me. I'm so thankful for that. I shouldn't have taken that job. I thought of it
as a mistake for the longest time and it ended up being just such a huge reward and putting me on a path to where I felt like I was able to learn
and grow from.
So that's probably the biggest one.
All right, last one.
What's one experience you've had as a customer lately
that's left you impressed?
Oh, I get to interact with a lot of customers.
One thing I'll do, two-pronged answer.
One is some of our customers are just so dang cool
and they are changing the world.
I don't get to talk about all of them as much as I would like
because some of them like to keep it under wraps
on cybersecurity, but like we have a really cool customer
kind body, they're changing the world in the fertility space.
And I just, every time I talk to these companies and how They're changing the world in the fertility space. And I just,
every time I talk to these companies and how they're changing the world, I just think,
gosh, what I'm doing is not cool enough. They are so cool. So there's that element.
And then we had one customer more recently that I just had an incredible experience to be able to
see how they interacted with one of their customers because we get brought in on a lot of sales discussions to say,
wearing the security hat and saying,
you should sign up for this service because we are keeping it secure
and you're all the ways.
And so I get to see, I got to be a fly on the wall recently with an AI company
that we support that is blowing up Silicon Valley in a good way.
And they are, the way they,
it was like a master class on sales and interaction
with this customer that had recently signed up
and was needing help through the platform.
I learned a lot from it and took a bunch of notes
and then asked them after the fact,
if I could steal some of their playbooks.
It was just like, it was incredible.
Very cool.
What was the name of that company again?
That one I'm not allowed to say.
Oh, okay.
I'm sorry, I should have used one that-
Kind Body.
Yeah, Kind Body was a great example.
Yeah, gotcha.
Kind Body, shout out to Function Health
or another really cool brand here in Austin.
So things like that, when they make acquisitions,
they just made an acquisition a couple weeks ago.
We get to like celebrate in that
and it's probably the coolest part of my job.
I think that working with those fortune 500 companies
back in the day, I had a harder time like resonating
with what they were doing simply because I felt
like such a small cog in the wheel.
Whereas these folks, I get to interact
with the founders every day and see the passion
that they have.
And this is for companies that are thousands
of employees now too, and being able to talk
to those founders and see how their vision has changed.
That kind of stuff I could talk about till the cows come off.
Do you share those wins with your team?
Because I feel like it's a great way to keep passion and morale up as you guys grow.
We have an announcements and a recognition channel and then we meet every week as a team
across the board.
And so we make it an agenda item to make sure
that we're covering all of these,
because otherwise I become like selfishly,
it only happens to me if I'm on these calls
and I don't share it with these folks,
they don't, there's that kind of founder to founder trust
where I get to see a lot of this stuff
that my employees don't get to.
And so being able to share that they're kind of making
that impact, even if they're not directly seeing it
is very important in our culture.
Yeah.
Okay, one final question for you.
We've asked everyone that we've had on the show
this question.
Okay.
I don't know if we've prepared you for it
so if you need a moment to think about it.
Okay.
You can, okay.
What's one experience you've had as a customer,
maybe with like a local business that you would
like to shout out?
Franklin barbecue.
So it's very popular.
But my very first experience with that was I went to an event here in Austin and got
to be served barbecue by Aaron Franklin himself and ended up having this like 10 minute dialogue
with him talking about barbecue.
And I could see the passion.
It was like this incredible experience.
I got swag and I was just like now everybody, all my friends come to Texas and they say,
what's the best barbecue?
And I don't even care what the right answer is.
It's just Aaron Franklin's barbecue for me simply because of that experience.
I'm new to Texas.
So I haven't.
What is Franklin's barbecue?
I haven't heard of it.
Oh my goodness.
Yeah. Okay. So he's I was about to say the OG is not the OG, but Aaron Franklin's barbecue? I haven't heard of it. Oh my goodness, yes, okay. So he's, I was about to say the OG, he's not the OG,
but Aaron Franklin was like a,
doesn't have a culinary background.
He basically started making briskets
with a cheap like Academy electric smoker
because he was passionate about it.
Turned it into a food truck,
turned it into one of the most successful barbecue joints
in Texas and in the nation at this point.
And so they're right there on the east side.
And to this day, you still have to stand in line.
They'll hand out beers and such, even if it's 730 in the morning.
And no judgment.
And it's just an incredible experience.
But the barbecue is like very simple.
And he just focuses on quality instead of like having super sophisticated rubs
and ingredients and such. He just focuses on high quality and it really is truly
incredible barbecue. I'm hungry. It's lunchtime. That sounds great. I love that.
I guess you know what? I do have another food example too. Your chef is
showing. Yeah, I know. So little fun fact, I actually just bought a little farm in Maine.
Congrats.
That's amazing.
And I'm going to be splitting my time between Maine and Austin.
And so my first time going out there, I got to go to a really cool restaurant called Primo
out there and they got a James Beard Award and they had all these cool accolades.
But it's like a farm to table.
You just roll up and it's in someone's house and their garden is in the back.
And that's where they're getting their ingredients from.
It's a little more sophisticated than that.
Like it was a big house.
It was an awesome, awesome venue.
But being able to go there, meet the chef,
have this incredible experience,
be telling them that like,
oh, we're thinking about buying here
and like them sitting down with us
and telling us about Maine for 45 minutes.
And then giving, they sent us home with like pasta and things to make
and all, it was just like an incredible experience
through and through.
I don't know if for customer experience,
I always recommend the book, Unreasonable Hospitality.
I'm not sure.
Yeah, yeah, yeah.
And so this kind of ties into that.
It does not matter what profession you have,
but I think the food industry applies
in so many different ways.
Yeah. And this was a prime example of that.
That was another really cool recent experience.
Oh, I love that. I love that.
Well, Taylor, this has been fantastic.
I have loved our conversation.
I am now starving.
So thank you for that.
And I hope we can cross paths soon.
I am so honored to be here and I can't thank you enough for the dialogue.
Where can our listeners find you?
Oh, my goodness.
LinkedIn would probably be the my goodness. Yeah.
LinkedIn would probably be the best one.
Okay.
Yeah, LinkedIn.
And then I am on X as well.
I don't post as often there, but LinkedIn and then my email is taylor at Eden Data.
So drop me a line anytime.
Pitch slap him.
Yeah.
Awesome.
But I can't thank you enough for the experience.
Of course.
And this was an awesome dialogue.
I had a lot of fun.
You too. And thank you for the listeners for taking And this was an awesome dialogue. I had a lot of fun. So thank you for the listeners
for taking the time to listen to us.
Of course. Awesome. Thanks, Taylor.