Screaming in the Cloud - 26 Years of Corey Quinn with Brandon Shaw
Episode Date: December 31, 2020About Brandon ShawBrandon Shaw is a senior program manager in security operations at Discovery, Inc., an entertainment company that owns several premium cable brands, including Discovery Chan...nel, HGTV, Food Network, and TLC. Previously, he worked as an applications manager at CRISP and a senior software applications engineer at CompuGroup Medical, among other positions. Brandon has a slew of certifications, including CISSP, CISM, CDPSE, CCSK, PMP, ITIL, and three from AWS.Links Referenced:Â Discovery, Inc. WebsiteConnect with Brandon on LinkedIn
Transcript
Discussion (0)
Hello, and welcome to Screaming in the Cloud, with your host, cloud economist Corey Quinn.
This weekly show features conversations with people doing interesting work in the world
of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles
for which Corey refuses to apologize.
This is Screaming in the Cloud. actively ridiculous, by trying to throw everything at a wall and see what sticks. Their pricing winds up being a lot more transparent, not to mention lower. Their
performance kicks the crap out of most other things in this space, and my personal favorite,
whenever you call them for support, you'll get a human who's empowered to fix whatever it is
that's giving you trouble. Visit linode.com slash screaminginthecloud to learn more and get $100 in credit to kick the tires.
That's linode.com slash screaminginthecloud.
This episode has been sponsored in part by our friends at Veeam.
Are you tired of juggling the cost of AWS backups and recovery with your SLAs?
Quit the circus act and check out Veeam. Their AWS backup
and recovery solution is made to save you money, not that that's the primary goal, mind you,
while also protecting your data properly. They're letting you protect 10 instances for free with no
time limits, so test it out now. You can even find them on the AWS Marketplace at snark.cloud slash back it up.
Wait, did I just endorse something on the AWS Marketplace?
Wonder of wonders I did.
Look, you don't care about backups.
You care about restores.
And despite the fact that multi-cloud's a dumb strategy,
it's also a realistic reality.
So make sure that you're backing up data from everywhere
with a single,
unified point of view. Check them out at snark.cloud back it up. Welcome to Screaming in
the Cloud. I'm Corey Quinn. I'm joined this week by Brandon Shaw, Senior Program Manager of
Information Security at Discovery, Inc. Brandon, welcome to the show. Thanks for having me. So you're at Discovery,
not Discover Financial. I keep running into those companies in various cloud stories,
and I always get the two of them confused. So you're the one where I talk to about Shark Week,
not credit cards, right? That's us, correct. Fantastic. And we'll get into that, I'm sure.
But first, a little backstory here.
I think at this point, we've known each other for what, 26 years?
Yeah, something like that.
I mean, at this point, our relationship has grown up, gone away to college, come back,
moved into our basement, gotten through the surly stages, and is now trying to venture
back out into the world.
But there's a pandemic on, so it's having some trouble.
Yeah, you forgot the part about both of us getting married, both of us having kids, both of us. That's right. We're
both freshly back from paternity leave. That's right. At the time of this recording. Yeah,
and congratulations again. And to you as well. We both had our second kid. At some point,
it's weird. Our lives sort of diverged for a while and then wound up going back into something that
resembles, oh, I could actually justify having you on the show now. Great. But it's amazing how much our lives really have,
I guess, split apart and then reconverged. It feels almost like it's a story about technology.
I mean, as soon as we use the word converged, I'm sure Nutanix somewhere is perking up,
oh, hyperconverged? That's our word. You owe us a dollar for using it. But I don't think
they're sponsoring this episode. If they are, oops. Yeah, so what I wanted to jump in just for
all of your friends and fans. Both of my friends. Let's not over-exaggerate the case.
Excuse me. So I want to jump in and explain to both of your fans this week what Corey was like
as a kid. Oh, dear God. Here we go. I feel like I've been bamboozled.
You have been. What I want to say is the reason why we've been friends for 26 years is that you
have definitely been the guy and always have been who is not afraid to be your most authentic self.
That's a very kind way of putting it. Thank you. In practice, it's that I have no filter and no
social skills. The only challenge was living long enough to evolve it into a way where it was at least halfway socially
acceptable. Let's not overstate that. Well, I mean, that was really the thing. I mean,
I always appreciated you and your sense of humor, but... I think you were the only one.
Still maybe. But a lot of people, when we were growing up, they were just like, oh, Corey, that's the same tired joke for the 15th time today. Just give it a rest. But
for you, it's still funny. And you know what? You never give up on those jokes.
I never do. My jokes are for me. And if other people like them, that's great. And if they don't,
well, get your own podcast. So I will say that I'm really glad that you've been able to find this forum for yourself
as a place to have people listen to you whether they want to or not.
Exactly.
The nice part about podcasts as a medium is that people tend to listen to these things
with headphones on when they're washing the dishes or mowing the lawn,
which means that they generally find it very inconvenient to stop the podcast.
So they're really forced to listen to me.
It's a captive audience model more than anything else.
Well, absolutely.
And, you know, so it's different than being in the middle
of French class when you're trying your jokes out.
But certainly to, again, both of your fans,
whether you find them funny, again, both of your fans,
whether you find them funny, charming, abrasive, whatever,
you are the same guy that I met like 26 years ago.
Uh-oh.
Well, let's go to more color on that.
Why not? It's my show.
I can talk about whatever the hell I want.
Sure. The problem that I had was that my dad was one of those folks
who always wanted to go be somewhere else doing
something other than what he was doing. So I come by it honestly. In his case, that manifested as
being a bit of a nomad. So midway through the seventh grade, I wound up moving to Maine,
state motto, not a lot of people come here on purpose. And because I was a lucky child,
I was midway through a series of various lung surgeries. So I missed a hell of a lot of school.
I wouldn't say I was missing it, Bob.
And I was socially stunted.
I was always having to make new friends,
which I was terrible at, still am.
And it was this weird dynamic
where you were one of the only people at the time
who said, hey, look at you.
You're a sad, lonely loser.
Me too, wanna hang out. And it was really something redeeming about that. I mean, despite the fact that our lives have
taken us in very different directions, we live on opposite coasts, et cetera, it's always been
like coming home whenever you and I have a conversation. It's, oh, it's been a year since
we last spoke. Great. Let's play catch up for 20 minutes. And then it's as if no time had passed. The other
side of it, and it's a bit of a challenge on a show like this, is whenever I talk to you,
suddenly I revert back to being that angsty 12-year-old who needed to go and prove himself
and is terrified that no one really likes him. It's the reason I never had my mother on this show.
I thought that we already covered that before. You still are the same angsty 12-year-old.
Absolutely, except I'm larger now
and don't have the metabolism that I once did.
So you and I met where we spent
our formative years, respectively,
in a small town in Maine,
because it's not like there are large towns in Maine.
And some of the best things that we ever achieved
on a personal triumph basis was leaving Maine. Now, I know this annoys Red Monk's Stephen O'Grady,
who lives in Portland and loves Maine. But I spent enough years there to say that growing up there,
it sucked. I don't miss it in any sense. What's your take on it? Well, let's first look at the numbers, right?
And that's the biggest part is Maine is number 37 out of 50 states for economical opportunity.
It was also the second least diverse state in the country as well.
And least diverse state in terms of religious diversity. As well as, most importantly, Maine is number 42 out of 50 states in infrastructure and number 45 out of 50 for internet access.
People like us today, now, cannot live in Maine. If you enjoy technology and you want to work from home, chances are you can't
if you're living in Maine. We have so many friends who are waiting for 5G to come to their forest.
It's not happening. It's not happening. Besides that, there is no opportunity. It's cold.
It's awful.
The only thing that you can do in Maine is sit around in the cold and develop your personality disorders.
Yeah, exactly.
I dated a girl who was valedictorian of her chemical engineering class, and she was on the front page of the Maine Sunday Telegram, which you can probably already tell is the largest and only newspaper in Maine.
And the whole story is about how she had to leave the state to get a job.
Every year, the governor goes to the University of Maine and does a whole commencement speech about how stay in Maine with what jobs?
It's impossible, at least the time that I live there, to effectively grow yourself professionally living there compared to the opportunity available in other places. And maybe that's changed. It's been 20 years, but I kind of question that. Well, University of Maine's
biggest son is Stephen King, who is probably the only person that I know who's made a name
for staying in Maine. And anybody on Twitter can go ahead and tell me wrong, right? But look at
what he's doing. Yeah. Anna Kendrick grew up in Cape Elizabeth, next town over from where we were,
and how did she succeed? She got the hell out of Maine. Yeah. But let's go back to Stephen King
for a second. What is he known for? Sitting in the dark, writing things that scare the shit out of you.
Yep. And all he's really doing was telling the stories about his typical week.
Yeah, this is what it's like living in Maine. Get out. In all of his stories, there's something about trying to get out and you can't do it.
That is the best synopsis of living in Maine that I can possibly imagine. One of my favorite
Twitter accounts, I know you don't do it, is
Maine underscore gov, where it's a
parody account where it winds up
crapping all over Maine to the point
where the governor's administration had to
respond with, this account and its posts
are not affiliated with the state
government. And everyone knew
that because it had a personality.
All right, that may actually get
me on Twitter.
You might've sold me there. Exactly. That's all it takes.
So the audience generally knows what I've been up to, but let's talk about you. You've been at the Discovery Channel slash Discovery Inc slash Sharkbait for a while now. Yeah. I mean,
you want to talk about ways that were not the same.
You've had a gift of being able to be at the same place for multiple years without either getting bored and leaving
or, in my case, more often, getting yourself fired.
So it's a different world, one I'm deeply envious of,
but you've been at Discovery for a while.
What do you do there?
So my job here is really as a senior program manager
for the operations arm of our cybersecurity team.
So it is my role to coordinate incidents,
respond activities, and remediation efforts
across the entire global enterprise.
It is also my job to stay engaged
with internal and external teams
and make sure that they can understand
and can
attest to all the appropriate security measures and best practices that we provide to it.
Now, I'm going to say the quiet part out loud because that's what I specialize at.
Your information security convinced me that you're not effectively a blative armor for the company,
where your job is to sit around and wait for the data breach and then be
ceremoniously fired to protect other executives with, I would say, other loftier positions or,
let's be honest, more political savvy. Changed my mind.
So that's absolutely fair. I'm not going to say that I am not on the chopping block,
you know, next time something happens. But really, I will say that Discovery has put itself in the line of fire with a lot
of our acquisitions, with our footprint, with everything that we do.
We have a massive, massive company.
And the truth is, we don't want to be that same media company, back in 2014, hackers accessed and wiped personal data from
tens of thousands of employees and users. And that's just who we don't want to be. So
it's my job to actually make friends with everybody across the environment and to bring
them on instead of pull them along, kicking and screaming,
to understand why we need to have our security best practices.
One of the challenges I've always found with InfoSec is ignoring the trash fire of a community
that most of it seems to turn into invariably. It's been this idea that I deal with on the cost side as well,
though at somewhat lower stakes,
where people only really seem to care about either cost or security
right after it really would have been beneficial for them to care about those things.
So right now, I'm in this weird space where, at least on the cost side,
if people don't optimize their cloud bill and then they have to bring me in,
well, the cost there is they spent a little bit extra than they should have until
I'm engaged. On the security side, it feels like there's always an announcement about your data is
extraordinarily important to us, is what companies say always right before they announce the data
breach that showed that security was clearly nowhere near as important to them as it should
have been. It always feels like it's a backfoot thing that can always be punted until suddenly it bites you in the face.
How do you get away from that reactive mindset?
That is a great question.
And I will say first that as a program manager, that I work for a great team of people who are futurists and enjoy learning about new technologies and especially
not just use but abuse cases for all of the opportunities that we have.
And so staying ahead of security is really the ideal goal.
But really it is about, in my opinion, controlling surface area and knowing
whether you're leaving the back door open, whether the door is open at all, and making sure that you
close it. But the truth is that information security, it's always moving faster than we
think it is. And especially if you have somebody who's very highly skilled and motivated, they're going to
find a way. And I mean, that's the ugly truth about security. So instead of us saying that
we're doing this for lip service, and I mean that, you know, instead of just saying that we're doing
this for lip service, we mean it. You know, we're not going to be a company without our customers. We're not going to be a company
without our product. And it is our job to serve our customers and our content in the best way
possible. And credit where due, there's a lot of companies out there where they get it wrong and
people love to twist the knife in them.
I don't know too many people
who have negative associations with discovery as a whole.
Maybe the Bloodhound Gang song from years past,
but that's about as far as it goes.
There's something to be said for being a household name,
but not pissing people off as you do it.
Meanwhile, I'm not a household name
and I still piss everyone off as I do it. So back when we were going to school together, you were focused on computer
engineering. It seems like there's a few steps between that and getting into information security.
How'd you get to where you are? So I think that you'll recall that when I got into college,
I actually hated computers.
And getting out of college, I didn't want to do anything with computers at all.
I think I read some statistic out there that 10% of people who graduate with a degree do something tangentially related to their major.
And so my goal was to be part of the 90% because
I was just burnt out. But after I took a little bit of a detour and taught English in Japan for
a couple of years, I came back and realized that I actually missed it. And so my first real person
job, if you will, was as a software engineer. And it took me about two weeks before
they said, so what do you think about project management? Because I am the worst programmer.
By just being close, just being in the Washington DC area, I thought that there would be so many
opportunities to get into cybersecurity. So that's what became my graduate
degree in information assurance. And so I just kind of rolled with that. It was really kind of
organic, just looking at the opportunities that we had in the area, or that I had in the area,
excuse me, and taking advantage of everything that I could.
This episode is sponsored in part by our friends at
New Relic. If you're like most environments, you probably have an incredibly complicated
architecture, which means that monitoring it is going to take a dozen different tools.
And then we get into the advanced stuff. We all have been there and know that pain,
or we'll learn it shortly. And New Relic wants to change that.
They've designed everything you need in one platform, with pricing that's simple and straightforward, and that means no more counting hosts. You also can get one user and 100 gigabytes
per month totally free. To learn more, visit newrelic.com. Observability made simple. How do you work in InfoSec without becoming profoundly
paranoid? And that's not entirely a tongue-in-cheek question. Something I've noticed about my friends
who've gone down that path is increasingly they start to view everything as this hard divide of
everything is a potential vector for being exploited, and it starts to color their personal
relationships as well.
We all know the types, the folks who email you,
but you don't know what it says because they GPG encrypt the thing,
and who can be bothered to decrypt it in the modern era.
You've never gone down that path.
Is there a philosophical reason behind that?
Are you just a terrible InfoSec person and know whatever pointed it out before?
What's the answer?
Well, I will say that my role as a project manager,
as a program manager, as a leader of a team, really kind of brings a different perspective
than the regular InfoSec person. And yeah, it's really easy to go to the place where the sky is
falling and nothing's right and the whole world is burning. But that's a really hard message to sell.
Nobody wants to hear that. Nobody wants to be presented with a problem without understanding
what you can do to fix it. And so that's my job. In part, it really is a sales position.
Nobody's buying anything here, right? Every contact is an opportunity for me to educate
people. And that's really where my passion lies, is learning new technologies and understanding
new use cases and being able to say, hey, wait, this is really cool, but maybe we want to pump the brakes. Or this is really cool, and let's go for it.
I don't see any problems with this.
And so I see InfoSec as enabling technology.
It's really easy for InfoSec to say, no, whatever it is, no, you can't do that.
We're not going to let you.
Please submit a form, and we're going to deny it again in 30 days.
Oh, yeah, you have InfoSec, s Please submit a form, and we're going to deny it again in 30 days. Oh, yeah.
You have InfoSec, sysadmin types, and engineers.
And those are the three real points on the spectrum of no, where engineers are, sure, we can do that.
Sysadmin is, nah.
And InfoSec is no because it's easier.
At some point, that doesn't work anymore.
You have to come up with something different. The amazing part of all of it to me is just that there's so much that can be done if you work collaboratively with the business. And historically,
a lot of folks who got into InfoSec didn't get to do that. And when I dabbled in it,
the thing that really disillusioned me with it, besides the crappy people,
was that it was less about breaking into systems or defending systems against being broken into than it was about time to fill out some forms for an auditor. And policy and governance are less
exciting than, you know, as all the movies show, wearing hoodies and gloves and a mask to type into
a laptop in a dark street corner somewhere, which of course is how we all write code, right?
Yeah. I mean, who doesn't want to drop from a ceiling and break into a server
that is guided by laser sensors that you can't stand around? That sounds really cool. That feels
like a problem that someone at AWS winds up worrying about every day of their lives. And why
shouldn't they? And I pay them to worry about that, so I don't have to. You're right. You're
absolutely right. It is paperwork, and it is a lot of reading,
and it is communicating and collaborating. And I think that people who get into InfoSec just
because they love the power and they love to say no are really probably the wrong people to be in
such a friendly and well-liked company as Discovering. So recently you wound up adding some letters
to your name. Now, that doesn't mean that you went out and got a doctorate. It doesn't mean
that you've decided to retcon yourself into being the fourth person in your family line,
but rather you got the C-I-S-S-P, which sounds an awful lot like it's a word I don't want my daughter to hear,
so I'm spelling it to you. What is it really?
C-I-S-S-P, it stands for the Certified Information Systems Security Professional.
I looked into it once upon a time because I have my flaws, but one of my strengths is that I test
well. So sure, I can sit down and take a test. Turns out, in order to even qualify for the exam,
you have to have done a fair number of things that I'd have to really stretch the truth to qualify for. Yes, and I will actually say that
I have heard stories where people have used upgrading their own personal laptop as, you know,
five years of experience for the CISSP. Well, that really depends on their laptop now, doesn't it? I'm just saying, right?
But the experience that you need is really, really kind of vaguely worded.
And you are looking at eight domains where you need to be able to attest to just a couple of them.
So yeah, you can be a mail admin, or you can be a network engineer, or you can just do a lot of paperwork for an auditor,
and you can still attest to five years experience towards the CISSP.
So I used to have a very negative approach to certifications in general. I thought that they
were a waste of time, that I would be much better off having built something myself and putting that
on the resume instead. And it took me a long time to realize
that that was a very naive perspective
on a couple of levels.
One is that everyone learns differently
and there's an awful lot of privilege
that gets baked into the,
well, just do it for 10 years
and then it's on your resume.
It's easy to say from the other side of that,
when you're starting out, it becomes valuable.
And from the hiring side as well,
it's convenient because I know that
if someone has a
certification in technology, that there's at least a good chance that we can have a conversation
around the topic in question using localized terms of art without having to stop and make
sure that we're on the same page. Now, the other side of it that I haven't experienced a lot of is
you're a giant company and you're trying to hire 5,000 people with cloud skills or security
skills or whatever it happens to be. You need a formalized training and testing program if you're
uplifting your entire existing staff skill set. Who is where on their path? So certification
programs in that sense also tend to add significant value. So my old take of certifications are
garbage and it's a ding against you was immature and frankly wrong.
Well, it's the easy joke to make to say, I have 20 or so letters after my name. And so I am just
making it really easy for HR professionals to find me in a crowded pool of applicants.
But from my perspective, I mean, I live in the DC area. There's consultants everywhere.
And where I live, it's very much about accumulating letters and displaying all
the certifications on a LinkedIn resume. But really, where my perspective is, is
I'm a project manager. I've been doing this for 13 years now, but really, what does this mean?
Project managers, they serve as a jack of all trades,
but a master of none.
And so I will be called on to fit a variety
of technical leadership roles
based on the nature of the work or whatever I want to do.
But as soon as I say something dumb,
like, let's go install the agent on the Lambda function, or why don't you just reboot S3, I'm going to lose all credibility, and the project is going to fail.
So it is really, for me, a measure of my success and my capacity as a project manager, not just to speak to these pieces and to speak to all of the letters behind my name, but to also not be the dumbest person in the room.
That's my job.
And you do a great job at it.
But, you know, truly, the best bit of career advice I can say is whatever your opinion is on these certifications, I feel that they are a good measure to understand what it
means to have a general level of understanding on a topic. And it's also good to have external
validation to prove that I am knowledgeable in a particular subject area. And so it is really
working to my advantage not to be the dumbest person in the room. I was doing a webinar thing recently where
there was a Q&A section and someone asked, if I know nothing about security, what do I need to
know to get started so that I can wind up building something in the cloud without blowing my own foot
off? And the answer was, oh God, I don't know. What's your answer to that one? That's actually
a really tough question and I'm going to punt on that one.
Cool. No, that's fair, because I don't have a good answer either. It's a, yeah. Oh, God,
you don't know where you're going. Where does it start? I really just love auditing. How do I get
into auditing? I just don't know that. Yeah, it's like, I like computers. How do I get into those?
It's such a big topic, but it's also a problem because you don't want people to have to go
through eight years of security school to be able to write Hello World.
No, and that's really kind of the point that I will say is kind of a knock against AWS, is that you really do need to spend hundreds of hours just figuring out everything that's out there.
There is no taking a sip from the firehose with AWS. There is no
dipping your toes into security configurations. You really need to dive right in and take the time to
ingest all of it. And that's the biggest problem. My biggest beef with AWS is that there is no guidance that they really do provide,
especially for casual users or small startup companies
that are not going to pay for a business tier support package.
That's part of it too.
But there's also this idea that what AWS says and what AWS does are two very different things.
You have this idea of a shared responsibility model, which winds up requiring 45 minutes to explain and overly complicated graphs.
The honest fact of it is, is they handle the physical stuff.
You handle the configuration stuff.
If you get breached, it's probably your fault.
The problem is, is you can't tell a customer who just got breached that it was because of your fault.
The end.
Wow.
What do we do with the next 44 minutes and 30 seconds? We sit here awkwardly.
So you need to have a more convoluted story there. And also a lot of the decisions they made,
which I don't blame them for, but the way that the world has evolved has dramatically set people up
for failure. Here's S3. It is simultaneously this public-facing static website service that works at a global
scale super easily. It's also a place where you can store your deep, dark, encrypted backup company
secrets. The fact that the same thing does both of those means that it's relatively easy to trip
and make it do both of those things simultaneously, and that's where people get into trouble. I mean, absolutely.
We have a culture where it's so easy to just point fingers.
And I can't just write my password down, stick it to my monitor,
and then get mad at Post-it for my account getting compromised.
That's just not how it works.
And when you partner with a cloud provider like AWS,
you do get the ability to offload risks like costs
and managing your own platforms and services,
but you don't get to transfer liability
or responsibility for this.
You can transfer work, but not the responsibility.
That's the thing that always bothered me
about breach disclosures,
where a third-party contractor did,
I'm going to stop you there.
Look, I don't have a relationship
with your third-party contractor.
I have a relationship with you.
You've been a custodian for my sensitive data
that I have chosen, ideally chosen,
if you're Equifax, maybe not,
but I theoretically have chosen to entrust you with.
And your lack of vetting of your contractors is a problem.
To date, one of the best things I've ever seen was the Pokemon company. There was a Wall Street
Journal article on it where they declined to do business with a third-party vendor based in part
upon that vendor's lack of security controls around how they interacted with S3 buckets.
I thought that was phenomenal. If you don't validate that the people you're
entrusting with customer data are doing things right, then that's not the vendor's fault. That's
your fault. Oh, absolutely. Lord knows I filled out enough vendor security forms from the consulting
side that it makes sense. I know what these things look like, and most of them are fairly reasonable.
There are times it turns into maddening stuff, like what kind of antivirus do you run on everyone's laptops?
We are not that kind of company.
I'm sorry.
No, and that's absolutely the point, though, right?
I'm going to push back, and I'm going to say that I want to have all that information.
If I'm going to partner with you, if I'm going to give you my business,
then I need to know that you are a great custodian. And if you can't
answer what antivirus you have on your laptops because you don't know, or you don't care,
or you don't do it, maybe you should. So what's next for you? You've been at Discovery for a
while. You were an InfoSec project manager. Now you're an InfoSec program manager,
which I assume, based upon no idea how real media companies work,
that you're in charge of programming.
So what can you tell us about the next Shark Week?
Awesome question.
No, program manager is just really kind of the man behind the curtain for this.
It's similar to a project manager,
but different letters that you can use for Scrabble.
That said, what my next step is, just hanging out.
I'm happy to be at Discovery.
We're doing great.
I'm happy to be a part of such a technologically progressive company.
It is so easy to go knock Discovery for just being Shark Week, but we're massive.
We're Shark Week.
We're Food Network.
We're HGTV.
Our entire portfolio is over 150 channels
broadcast across 220 countries and territories
in over, I believe, 50 languages simultaneously.
I have coworkers who've gotten Emmys. in over, I believe, 50 languages simultaneously.
I have coworkers who've gotten Emmys.
I actually sat across the desk from them in the cube park.
That is really cool.
I'm having a really hard time here,
just contextualizing this with the fact that we used to rotate around to each other's basements
to play D&D 20 years back.
And it's, yeah, the world has changed.
I guess we're still playing make-believe, but now the stakes have gotten a little higher,
which, you know, I'll take it. I look back at the confused kids that we were. I'm pretty happy with
where we wound up, all things considered. Yeah, I think that we're doing all right for ourselves.
We really are. So if people want to learn more about who you are,
what you're doing,
what you're up to,
and I guess, honestly,
reach out to you for inside baseball stories
they can use to eviscerate me
when I have them on the podcast in the future,
where can they find you?
I am only on LinkedIn right now.
I do not do the social media thing
and I do not do Twitter.
I'm still learning how to shitpost effectively on LinkedIn.
It's a process.
Yeah, but no Twitter.
I have kind of drawn my line in the sand,
but that is the line that I will not cross.
I don't understand some of your life choices.
But again, different strokes for different folks.
Brandon, thank you so much once again for taking the time to catch up with me.
It's always a pleasure. No, it's mine. Brandon Shaw, Program Manager for Information Security at Discovery Inc.
I'm cloud economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this
podcast, please leave a five-star review on your podcast platform of choice. Whereas if you've
hated this podcast, please leave a five-star review on your podcast platform of choice and tell me why you didn't like our episode here about Snark Week.
This has been this week's episode of Screaming in the Cloud.
You can also find more Corey at screaminginthecloud.com or wherever fine snark is sold. This has been a HumblePod production. Stay humble.