Simply Solving Cyber

Simply Solving Cyber - Shawnee Delaney

Aaron Pritz

Discover the unexpected synergies between spy craft and cybersecurity as Shawnee Delaney, ex-intelligence operative and CEO of Vaillance Group, shares her thrilling escapades and invaluable insights. Her experience, including a thwarted attempt to help capture Osama bin Laden due to miscommunication, offers a unique lens through which we examine the human elements essential to protecting national and organizational assets. Shawnee's anecdotes not only captivate but also elucidate the critical role empathy and understanding motivations play in managing insider risks.

Tackling the underestimated threat of insider risks, our conversation with Shawnee reveals the foundational pillars of creating a culture of cybersecurity awareness. We expose the vulnerabilities that lie within organizations, often overshadowed by the focus on external threats. Shawnee, drawing from her extensive background, advises on the establishment of an insider risk program, highlighting the importance of a dedicated manager and the strategic communication necessary to engage employees without invoking fears of intrusive surveillance.

As we shift our attention to the cultivation of future cybersecurity talent, Shawnee imparts wisdom for those embarking on or exploring a career in this dynamic field. She stresses the vast opportunities that look beyond technical expertise, weaving in the significance of human psychology and intelligence. Moreover, in a surprising twist, we pull back the curtain on a former Disney performer's journey, exploring the art of preserving Disney's magic, the power of networking, and the cultivation of professional relationships that can unlock doors in ways you never imagined.

Speaker 1:

All right. Thanks for tuning in to Simply Solving Cyber. I'm Aaron Prince and I'm Cody Rivers, and today we're here with Shawnee Delaney, CEO from Viance Group, which means courage and bravery. I just learned that in French. I'm very impressed. How's? It going Shawnee. How are you doing?

Speaker 2:

today. I'm good Thanks for having me.

Speaker 1:

Good, Well, we're excited to hear your story. I know Cody and I got a preview at the HISAC in the fall I guess it was late November. But I don't want to steal any of your thunder, so I'm just going to go right into the first question, which is give us your story and I know it's an interesting story into cyber and take it away.

Speaker 2:

Yeah, I probably have a little bit of an unusual background getting into cyber. So I was the black sheep of my family and I decided at a very young age that I was going to be a spy when I grew up. So I doggedly pursued this dream. I ended up working for the Defense Intelligence Agency. I was CIA trained down at the farm. If you watch the movies, you know what the farm is.

Speaker 2:

But yeah, so I did that for about eight and a half years and I liked to joke. You guys saw my keynote, but I liked to joke that I used to steal secrets for a living and now I help people protect their secrets, which is actually very, very true. So I did that. I stood up inside our threat programs for major Fortune 500 companies. I had left government, went into private sector and then I missed government, I missed the mission. So I went back and I worked for Homeland Security for a while in their industrial control systems Cyber Emergency Response Team, which I don't know if it was the name or what, but that program didn't last very long.

Speaker 1:

So I did that for a while, went back into private sector and then, about I don't know five years ago, stood up my own consulting firm, All right, let's start with how does one at a young age become a spy, or what do you put on your youth development plan to go in that direction?

Speaker 2:

Yeah, I think I probably put actor.

Speaker 1:

What is probably some good traits.

Speaker 2:

Well, yeah, I did. Actually, when I was younger, I did theater very begrudgingly. I got dragged into it because I was a really shy kid, but those are skills that you use when you are conducting clandestine operations Because you are living a cover right. I was an alias when I was meeting with sources and assets, so all of that acting actually really came in handy.

Speaker 1:

Yeah, no, that's true. So I know we heard a fantastic story of kind of one of your cool missions at the HISAC. But before we pivot into cyber, give us one of your best stories as a spy and maybe draw some correlations to how those tactics were useful in the cyber side or the corporate side of your life.

Speaker 2:

If you know me, you know I have more stories than anyone you've ever met in your life.

Speaker 1:

Hard. Right, You've got to pick yeah.

Speaker 2:

I think probably the most well-known one is I was very, very close. I had an incredible asset who was close with Osama bin Laden and I was very close to being the one to say this is where he is. There was some major miscommunication going on between the intelligence organizations I was working with, between my source and between my interpreter, and I kind of joke that this is like my biggest success because I recruited this guy who, I mean, how many white Western chicks can say they recruited like the right hand man to Osama bin Laden, but they misunderstood where he was saying Osama was, and so I woke up a few weeks later, probably three weeks later. I woke up and on CNN and said, you know, osama's caught in a bot-a-bot and I was like, oh my God, that's what he was saying. Wow, I was like, oh, close, but no cigar.

Speaker 1:

Yeah, in any parallels, like I'm just reflecting on that point of like human communication and translation, I worked at international companies and tried to get awareness messages out and like just silly accidental translation company mistakes, that one thing that you think would translate fairly easy turns into something that's accidentally offensive or not funny. What are your thoughts on kind of? I mean that probably happened all throughout the spy game, but how do you drop those learnings from what you experienced in the field?

Speaker 2:

I think really the bottom line is and this is for any company that employs humans, which is all of you right- Link, link yeah.

Speaker 2:

Every person is different and every situation is different. Every investigation is different. So every time I was running a clandestine asset or trying to work with a developmental source to recruit them, you had to figure out their motivations and vulnerabilities. And really it's the same thing in your companies your employees all have unique motivations and vulnerabilities and you have to figure out what those are and you have to encourage those as well and you have to push people along and you do need that positive deterrence as well as the negative deterrence. But it's finding that balance.

Speaker 2:

So, with that said kind of looking at your organization, culture is so, so critical and it is the same thing in espionage. In that arena too, culture matters, understanding people matters and I'll add, above all else, empathy matters. I mean, like the story I just told you, and I told you a tiny, tiny nutshell. There's a podcast out there somewhere where I tell the whole story. But having empathy is critical, right, you have to empathize with what people are going through, no matter what it is in their life, and I think that a lot of C-suite sit up there and they look down and people are numbers and you can't do that and that's where that human factor comes in and when people need to realize that that is I mean insider risk is your biggest risk. You have all these people with access, all these trusted business partners, all these vendors. So what are their motivations? What are their vulnerabilities? Are those changing? Yes, they're changing every day, depending on their personal situations.

Speaker 1:

Yeah, yeah. What do you say to the I would say stereotypically, the more technical cyber leaders that you know, I've heard you know fairly senior leaders say we're never going to fix the human, like humans are going to always make mistakes. I'm not going to fund awareness, we're going to just get as many tools to take the thought pattern out of it. What would your counterpoint to them be, based upon what you were just saying?

Speaker 2:

Yeah, I think that's BS really when you're talking about humans, right? Like I just said, everyone. Every day, our priorities are changing. Maybe you have a sick loved one all of a sudden. I have a dear friend whose mom just died two days ago. Right, you don't know what's going to happen today. You don't know what's going to happen tomorrow. So the thing is, with training and awareness, you are building the foundation. If we're building a house, that is the foundation for everything you are building above it. If you don't have enterprise wide awareness as to what the threats are and how us as employees could actually contribute or make it worse, you're going to have a problem. You can have all the tools in the world, but if you don't have people saying, oh shoot, I'm recognizing that someone over there on my team is acting different and I understand now that that could be a red flag for something nefarious. And I need to report that if you don't instill those behaviors of that good muscle memory and that good cyber hygiene, those tools are going to do you no good, really.

Speaker 3:

Yeah, and you get some great points there. So, going back a little bit to the transfer from clandestine operative recruiting high level intelligence agents in other countries and what you're doing now with inside a risk air nigh and reveal risk as a whole, two are very strong on the pillar of people in process and so I think inside a risk party your presentation we saw was about like don't wait until something bad happens to start building a program, and so I think, kind of talk through us about what you're seeing as far as a good strategy, because a lot of times I talk to folks about awareness programs and there's like I don't know where to start. I don't know how much it's going to cost out of the people for it. Or I came in with leadership to Aaron's point earlier that this is an important thing to even invest in. So what are you seeing right now with your clients in the market?

Speaker 2:

Yeah, the same, really, when you think about it, and I think Ponaman just came out with their report for 2023, and they found in their report I think it was like almost 92% of organizations, they're investing their security budget in external threats. But the thing is, over half of these organizations recognize that social engineering and other attempts like that are actually the leading cause of all of those outside attacks. Right, so they know it. I talk to people every day in my business who know they need an insider risk program or insider threat program, whatever you want to call it. But, like you said, they don't know where to start, and I think what a lot of people don't realize is that you probably have good bones already and you probably have tools and processes and people that you could pull from and not have to reinvent the wheel. Now I really really think that you need a program manager for that program. I really really believe that you need to make this a transparent program.

Speaker 2:

I really believe in marketing and branding of this program and the mission of the program the right way, so that people don't think big brother's spying on me. They're watching me all the time. Instead, it's we're here to help you. We want to keep you and your family safe. It's all in how you sell it to your employees to get that buy in. And then also creating a working group, creating a steering committee above that, where you have people from every single stakeholder. That's kind of what I like about it is you're working with everyone across the company, right, and so you're building those relationships. You're teaching all of these groups that gosh. When something interesting happens in an HR or someone's put on a performance review or a PIP or something, maybe they should let the investigations team know and the insider threat team know, or maybe they should be monitoring with the IT security team. So bringing all those people together, sometimes it's a hurdle, but it's doable. I've done it, I've seen it, I've seen it all the time.

Speaker 3:

Well, and the thing I do I see a lot too is even looking back at what is insider risk and insider threat. I think a lot of folks right away think that, well, it's a spy or my company or someone's you know, corporate espionage. So we don't have I trust everybody, we're a small company, we have a good culture, so we don't have anyone trying to spy on our company and exfiltrate IP or secrets, which is a real thing and there is a lot of cases that go on. But give us a little insight too about the different kinds of insider threat and risk.

Speaker 2:

Yeah, that's a great question because that, to your point, that's what a lot of people think theft of IP or espionage, and that's it. I've had cases where, like I still feel bad for this manager, there was a manager, her employees who she was very close with. They were friends. Two of her employees were committing fraud I mean massive amounts of fraud and when she found out she was crying on my shoulder saying but how could they do this to me? And I said they weren't doing it to you, they were trying to survive. Right, this is right. Before COVID they didn't make any money, they were external employees, they weren't full-time employees, so they didn't have that loyalty. So there are a lot of things that happen in people's lives. They're not doing it to the company.

Speaker 3:

I think one thing you also mentioned too, like the difference from unintentional and intentional and the power of the awareness programs and building the education, and like strengthening your unintentional insider risk which then drives security and builds maturity to the intentional insider risk.

Speaker 2:

Yes, yeah, and I think basically I like to put it in a pyramid, if you have that graphic. So at the bottom of that pyramid is the unintentional, the negligent. That could be someone who makes a mistake, which is the vast majority of cases. That could be someone who thinks well, I'm not doing anything bad and I know I'm not supposed to do that according to policy, but I'm going to do it anyway. You know, a lot of people are doing things just to do their job. They're trying to find a workaround. They're not trying to be malicious, but that's compromising. Whatever you know, ip, whatever. There's a whole bunch of options. The next category is the compromised insider. Those are basically the malicious actors who are feeding off of those negligent employees and stealing credentials and things like that. The next category, the top of that pyramid, would be the malicious actors. Luckily that's the smallest category.

Speaker 2:

Now the thing is, when we talk about training and awareness and investment, you can train away heavily that negligent and that compromise those two categories, the big base of that pyramid. You can bring awareness, where people stop doing dumb things because now they know, oh shoot, I shouldn't do that. But people are going to argue and this is totally true, you're never going to train away malicious insiders. If I am set on stealing IP or committing workplace violence, I'm going to do it. My training is not going to matter, but by training everybody else, you now have eyes and ears everywhere where they understand the importance of reporting, they understand what red flag indicators there are, they understand when someone's pattern of behavior has changed and they know how to report.

Speaker 1:

Yeah, they see something, say something, like if people don't know that that's part of their job.

Speaker 1:

They're not going to do it. So we've talked a little bit about awareness and the connection to Insider. Talk to us and I know we actually both had some experiences in pharmaceuticals and Insider threat experiences and programs. Where do you get started? Like when you're coming into a new company, talk about how you help them get over the hump of, as Cody mentioned, we don't know if we need it, and then two to start building the building blocks of the program. What do you do first? How do you evaluate what the needs are?

Speaker 2:

Yeah. So the first thing I say to people is well, do you employ humans? The answer is yes, then you have insider risk. 100% of your employees are your insider risk. That's the risk of someone making a mistake, of someone being human. The insider threat is when someone that's right of boom instead of risk is left of boom, as we say.

Speaker 2:

So what we do when we come in and I really like this process is I've basically broke it down into four phases. The first phase is doing an insider threat vulnerability assessment I like to call it a human risk assessment and in that you can look at what is the ground truth of that organization, because you could think your culture is great, you could think you've got all the governance and all the tools, but really when interviewing every stakeholder it could be an absolute nightmare and I've seen that. The thing with that also is important is it's looking at morale, it's looking at culture and it's looking at what you're doing right. So when you take that report, then you can build off your program from that report and you can understand what you need to really focus on, what you need to improve, especially related to like process or governance, and then kind of how to take it. So those are the first two. You know, the human risk assessment, the governance building the program, and the first phase is everyone's favorite trading and awareness, because again, you need that foundation Right.

Speaker 1:

What would you say and I've had this in many different companies to an executive could be a CIO or a CEO that said we're manufacturing but we don't really have IP, we don't have the crown jewels, we're not an R&D focused company, we're a manufacturing delivery company. What would your comments be to that?

Speaker 2:

Yeah, actually there is a major tech company and the CEO made an announcement to everyone in a huge meeting and this lasted for years, like the morale effect. It affected morale for years, where he said we have no IP, we have no trade secrets, we have nothing to protect and he was absolutely incorrect, by the way. So my comeback to that would be do you have anything within your business, within your data sets, within your emails, within your knowledge base, that would help a competitor? Because if the answer is yes, then you have intellectual property, you have trade secrets. Do you have processes that are special and unique to you? Yeah, probably. Then you might want to protect those things.

Speaker 3:

One thing I see, too is to your point of supply chain right, are you a door to a bigger fish? So why I may not be interested in what you house I mentioned in the keys that you have to other companies and to back doors.

Speaker 3:

That's why we see a lot of things on third party risk, which is a different topic for a different day, but a lot of times I think, when you're looking at what are people interested in from the outside to then solicit my employees to get access to, I think that is often undervalued or underestimated.

Speaker 2:

Absolutely. Do you want to be on the front page of the New York Times? Probably not.

Speaker 3:

Reputational risk. I think Aaron says it's great when the four options for risk and one's transfer and Aaron always says you can share the risk, you can't transfer the risk because, yes, you can probably offset some of the financial damage, but reputational damage is reputational damage, so you can't transfer that risk. Aaron, do you want to take your thunder there? But I love that you say that on certain calls and I think it's very valid because I think some of the tech focused people think I'm good, I got this, I'll get some cyber insurance and then I'm good, risk transfer and they'll look around my plate.

Speaker 2:

Yeah, and I think also like throw in social media in the court of public opinion. That could be pretty nasty and even if the direction and the opinion is completely off base, it's really hard to change that narrative when social media is just fueling it.

Speaker 1:

I think all three of us. It's fair to say that we all love coaching people. Obviously, we wouldn't be in consulting if we weren't but Shawnee talk about coaching new talent into cyber. What advice would you have for listeners that are maybe just getting into the field or thinking about getting into the field? What's your advice for them, knowing what you know, this far into your career?

Speaker 2:

Yeah, just do it. Go ahead, Cody.

Speaker 3:

Actually added that too, because I have. I've been to a lot of entry level people and cyber and they always ask me I'm not in the tech and tools by life cyber, what else is out there? So that's what just Aaron said. I think that'd be super valuable, for hopefully my mentees are listening to this podcast, but I think they'd be very grateful to hear.

Speaker 2:

Yeah say, I do a ton of mentoring as well and I am constantly pitching out insider threat and here's why. So, first of all, this is a field that is in cybersecurity, but it's really that human factor overlying. If you think about all the phishing emails, it takes someone's finger to click that link right. That's the human angle. So when you're looking at this realm, I am not techie. I have a master's in cybersecurity. I hated doing my labs, I hated cracking passwords, right.

Speaker 2:

But you can do psychology. You can do industrial, organizational psychology, behavioral psychology, forensic psychology all this applies. You can have a law enforcement background, like me. You can have an intelligence background. You know I used to steal your secrets. Now I can help you protect them. Right, cyber IT. The cool thing about this is there's so much in this realm. Understanding people's motivations, understanding why people do things, is really key. Digital forensics like they're. Really I could tick a ton of boxes and, like I said earlier, every case is different and that's the fun thing is figuring out why. Why did they do it? How did they do it? You know for the people out there that, like all the drama crime shows and CSI, whatever it's this kind of stuff and it's a lot, a lot of fun.

Speaker 2:

I'll also add network your ass off, like seriously. Leverage LinkedIn, leverage people you know. Ask them who they know. Ask them if there's anyone you could meet or be introduced to in the field. Find a way to get to. Yes, a lot of times people are applying to roles as newbies, as being green, and they're struggling to get in, even though we've got a deficit of hundreds of thousands of positions just in the US. Keep pushing. Don't take no for an answer. Find a workaround. Take a different role in a company you really really find appealing or whatever, and then learn constantly. Learn. Take every class you can and inside our threat, there's a ton of free training available through the government. There's paid training also, and all of them are very, very interesting. Each one. You're going to learn something different, but work every case you can, at any level you can, just to learn all the different processes around these things.

Speaker 1:

Cool, yeah, I went through the FBI Citizens Academy this last fall and I'd seen them before, but some of the videos that they put together dramatically reenacted but all about corporate espionage and insider threat and some ways that you wouldn't think that it would have happened in industries that you wouldn't think that they were targeted. But yeah cool stuff.

Speaker 2:

Yeah, absolutely. And I think like to one of your earlier questions too, when we were talking about what is insider risk and insider threat. People need to really recognize that it's such a wide scope of what it entails. Right, it can be workplace violence. It can be an interoffice relationship gone bad. It can be bad publicity on social media or media leaks. There's a lot of different stuff under that umbrella.

Speaker 3:

Yeah, I think to cap on that as well too. Looking at new professionals, a lot of my mentees say, well, I don't have three or five years of experience in this or in that. I'm like do you have problem solving? Do you have people, do you have leading projects? Do you manage a budget? Those are things that are very, very tied to cyber related, that aren't so technical. But I say work on the story and I think to your point, learning what insider risk is. I get it and an idea of what that is and then take your skill sets, match those and kind of put that in your resume as you reach out to people.

Speaker 2:

Exactly.

Speaker 1:

We just started working with a new client that has almost every tool that you could want to have, no dedicated cyber talent, all run by infrastructure, and they're just turning stuff on and we're like let's take a step back here. We need to think about people process, what you're going to do with the results. Yeah, yeah, the tool active doesn't mean that you are capable of taking the intelligence or whatever it's spitting out and turning that into a risk reduction. So I think, cody, to your point, there's plenty of roles beyond running the tech that are so needed and, in my opinion, more needed. That's more of a deficit in the market.

Speaker 3:

Yeah, so, aaron, and in that same vein, this is great. It's almost like this is scripted. So technology and cyber is always critical, but, chania, I'd love if you can give us a story about a project or initiative within your corporate that only exceeded through people and process focus.

Speaker 2:

Yeah. So an organization that I was working with standing up a program I won't name the company, but is a major, major company they had no tools, no tech, nothing, and we're talking about tens and tens of thousands of employees globally. So the program the only thing we had to stand up this program and to get any buy-in was through the processes and through the relationships that we built with all the stakeholders, kind of like what I was alluding to earlier. What we did was leveraging training and awareness. We made very short, like 30-second Hollywood style videos just showing reenactments of cool cases, trying to get people. I mean, look, we're like a Netflix nation now, right, we need to be entertained. Everyone has the attention span shorter than a Goldfish, by the way.

Speaker 2:

So we really focused on making things interactive and engaging. We leveraged pop culture and what was going on in the world the Oscars and the Emmys and the awards season movies. We made things fun and we got so much engagement and we actually got people constantly emailing the insider threat team saying thank you so much for doing this. We brought in keynote speakers to talk about how to protect your family at home, how do you lock down your weird Alexes and series and all the things, your refrigerator and your oven everything's connected. Now, how do you keep your family safe? Yeah, so by doing all of that, not only did we get buy-in and support from the employees, like, oh wow, the company really cares about us, but all the stakeholders were like, oh wow, you're not trying to step on our toes, you're actually here to help. And it worked and culture started shifting and we had a really successful program, even without the tools.

Speaker 3:

Yeah, I think your point earlier about culture is important. Two things in that is. I think that one a culture of fear or trouble if something is reported or something is seen is that we've seen that go well because they make a mistake, they pick on a fish. They have two options. I can report myself and maybe probably get in trouble or get some kind of reprimand, or I can not say anything and hope it goes under the rug and it goes away. One option is leads to a longer time of something you ever be discovered or a breach going on. The other one is hey, we found it. Let's focus on training and let's educate.

Speaker 3:

I think people have a intrinsic drive to learn and to educate or to learn about this Because it is interesting. What we've seen is, to your point, it's a hearts and minds campaign. It's like why is this not just important to you as an employee of company X? This is important to you for your kids, your parents, your grandparents, your cousins, because it happens to folks in personal and work environments. So once you can start correlating that this knowledge is transferable to another job, to a family, I think you drive that and then the only challenge is just saying let's just come up with relevant content and like relevant messaging, so we're not sending out 30 minute videos of old school.

Speaker 3:

Onboarding of policies and procedures are very important, but it's like how do I make this real? And distill it down. And in the hearts and minds campaign we do a lot of programs for companies, small and large, and we have some live action, some characters, some branding, but just some limited branding on some like items and making it real. You get people to educate, you want to learn about it. And then to your point, now they're asking questions. They're coming to you saying, hey, what about this idea? They're cross functional. So these are marketing folks or HR or finance. This is not like your info, your info sector, your technology people.

Speaker 2:

Yeah, to put an espionage spin on it, because that's what I do. When you are trying to recruit someone and you're developing that relationship with them, you have to. I mean, these people are putting their lives on the line right, or their family's lives on the line. What's in it for me is going to be question number one. So when organizations look at it that way and you put the benefits upfront to those employees, they are much more likely to be engaged and to learn than they are if you say do it because we told you so.

Speaker 1:

Kevin. All right, I've got a couple more questions to close us out here. Sean, what's your top takeaway If you were, if speaking to all the leaders that are on calls? Top takeaway for insider threat if they're to do one thing, go back to their company or their job, and maybe they have an insider threat program. Maybe they are just getting started, maybe they don't have one. What's like the number one thing that you want to leave with the listeners?

Speaker 2:

Really, the first thing that comes to mind is it will happen to you Period. Yeah. And like I said earlier to getting into cyber, just do it. Stand up a program. You might not have a budget, you can do it with little to nothing, but stand up a program, have people understand what it is and start engaging with your employees, like everything we were just talking about. It's like brand recognition, right. Oh, there's that cool insider threat thing. I think sharing case studies is really important because if you hear these real world stories which you guys heard when I was on stage I share stories when you hear these stories, you're like, oh crap, that is real, it happened here. It's really impactful.

Speaker 1:

Awesome, Great segue again. Storytelling Super important. We've talked a lot about that throughout this episode. Let's end on a personal note. Give us a story that maybe not a lot of people that know you know about. I know you have a ton of stories, both personal and professional, but what's your favorite story to put yourself out there and entertain the group?

Speaker 2:

God, that's a tough one.

Speaker 1:

I should have prepped you more, but it's not well thought out.

Speaker 2:

Something that tickles people a lot is that you know, yes, I used to be a spy, but I used to work at Disneyland.

Speaker 3:

Disneyland or Disney World. Disneyland the original yes, all right, yes, yeah, that was.

Speaker 2:

I always tell people that was probably the best job I ever had. Yeah, because you and I use those skills. I went through Disney University twice because I changed jobs. I went from the character department to an actress and, um, yeah, so you got to give us your roles.

Speaker 1:

What roles did you play or what jobs did you have?

Speaker 2:

I'm going to ruin the magic for people. Yeah, you can't. So, aaron, this.

Speaker 3:

I do know you can't say. You can say I was friends with someone, yeah, but part of the thing is, when you leave you can never say who you are. It's like hey. I'm friends with so-and-so.

Speaker 2:

Yeah, I knew Pluto, and you are really well though, okay.

Speaker 1:

Okay, yeah, I was going to ask if you were a princess, a character with a big head or a, you know, big, big character. Okay, all right.

Speaker 3:

Yeah, she was good friends, good friends with them.

Speaker 2:

Good friends, very good friends.

Speaker 3:

Very good, awesome Hug along.

Speaker 1:

I really appreciate you coming on the show. This has been a great conversation, as always. Best of luck in your business and really reaching your audience and really helping to get the message out there around insider, because you are right, just doing it and starting and acknowledging hey, yes, we have a problem, let's figure it out. Yes, that's really where everyone needs to be. Yeah, yeah.

Speaker 3:

And one thing too is that, to your point earlier, shawnee, just reach out and like networks I know I heard you speak and you walked us like, hey, hold on for a second. We had a brief conversation, it was like five minutes in San Antonio, texas. And here we are now. As we've met, we have some partnerships working up and everything, but be bold and just ask folks to talk about it because no one has it all figured out. So I think everyone in the industry likes to talk about things.

Speaker 2:

So and for that networking another tip. Here's another espionage tidbit for you. People love talking about themselves. So when you are nervous or like I don't know if I should approach, ask someone about themselves and you will open a big old door.

Speaker 1:

Love it On that. Go forth and prosper. Everyone, Ask somebody about themselves and make it happen. Thanks so much You're having me.

People on this episode