We Hack Purple Podcast

We Hack Purple Podcast 21 with Guest Sasha Rosenbaum

January 22, 2021 We Hack Purple! Season 1 Episode 21
We Hack Purple Podcast
We Hack Purple Podcast 21 with Guest Sasha Rosenbaum
Show Notes Transcript

In episode 21 of the We Hack Purple podcast host Tanya Janca learns what it's like to be a People Manager and how to do Enterprise Sales, with Sasha Rosenbaum! Sasha is a Sr. Manager, Managed OpenShift Black Belts at Red Hat. In her career, Sasha has worked in development, operations, consulting, and cloud architecture. Sasha is an organizer, above all else.

Follow Sasha on Twitter! Her website is here.

Thank you to our sponsor UBIQ Security! They now have a free tier of their product for developers, which you should definitely check out!

Buy Tanya's new book on Application Security: Alice and Bob learn Application Security 

Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/

Join our Cyber Security community: https://community.wehackpurple.com/
A Safe place to learn and share your knowledge with other professionals in the field. 

Subscribe to our newsletter for free content and other goodness!

For live virtual corporate training contact info@wehackpurple.com 

welcome to the we hack purple podcast where each week we interview a different guest who has a different type of job within the industry of information security i am your host tanya janka and this week we will be talking to sasha rosenbaum who is a people manager at red hat this week's episode is sponsored by ubiq security they do api encryption as a service and it's pretty sweet but i bet you're thinking we don't want to hear about all of that tanya what we want to do is meet sasha so without further ado i'm going to welcome our guest hi sasha hi tanya thank you so much for having me over i am super excited to be here today thank you i'm really happy too um definitely this has been a long time coming yeah it's definitely like we i think we've been trying to schedule this for a few months now so i'm excited it's finally happening me too and you somewhat recently changed jobs and i'm super excited to talk about your new job because how about you tell us your title and like just like a little bit about what your job is sure so yes this is interesting because when we scheduled this i think i didn't intend to even change jobs and now i did so um things happen sometimes quickly uh so um i am now a team lead on a i would define it as a technical sales team um at red hat uh so we are there to help customers basically adopt openshift and manage openshift on uh cloud providers public cloud providers and be successful with it um so yep um you could ask me more questions like oh i have so i have so many questions yeah sure for our audience super briefly could you explain what openshift is because maybe some of them don't know yeah so i so this is a great question because like um i i guess i would say the openshift is a enterprise version of kubernetes like that's my best way to sort of put it and i don't know if this is official marketing tagline up in the three weeks so you know um this is my take on it more than uh you know i i know what the official party line is but um i will say that like you know it's a redhead implementation of openshift and more right so it takes care of security it takes care of some of the cicd pipelines and stuff like that basically provides you more services on top of kubernetes and it's also kind of cross-cloud so you can deploy it in azure you can deploy it in abs you can deploy it on prem so it is like a very useful way for you to be able to deploy the apps with the same architecture across different um environments okay that's awesome and that's like a really great way to very clearly word it so thank you everyone already learned stuff and we're like two minutes in nice so can you describe what your job is because we haven't had anyone on yet that does technical sales and we haven't had anyone on yet that's a people manager so you kind of have like two aspects to talk about if you're open to that sure so let me try to pick up technical sales first so i i want to talk a little bit about my background i'm so i come from like i i consider myself a developer first and this is where i still spent most of my years in development compared to anything else but i've also had a number of different jobs right i was an i.t admin at some point and i did devopsey stuff when you know we started calling it devops um and i i was a product manager uh relatively briefly but um you know and i did dab relish type things so kind of like been around the block and held a bunch of different uh jobs in this industry and and i did uh technical sales for microsoft uh for a number of years which was fun i know you worked for microsoft too i i really like the company so i i had a lot of fun there yes um and and so um basically i guess i i just came over to redhead to sort of come back to the technical sales bit um i think technical sales is so sales has a bad name a lot of times right when people hear sales they're like oh my god you know use car salesman kind of picture in their head and stuff like that i think technical sales is that happy place where what we do is help people use technology right because a lot of people um like technology is complicated there's a lot of stuff you know coming out every month and a lot of a lot of it is confusing a lot of it is new right and what essentially you want is to kind of have an expert come in and explain and help um and and this is where technical sales shines right it's not about me coming and shoving something down someone's throat and like making them pay me money but it's more about like can i help you solve your problems with my company's solutions and help you be successful yes yes as a person that it now runs her own startup i have to buy different products and when i meet with a sales person i'm like listen these are my requirements can you meet them and um you're a big company so you can't lie through your teeth some small companies make up some fiction but mostly like the salesperson will be really honest with you and say like yeah it does this and this but it doesn't do that but you can like integrate this thing over here and then it will do these things etc right and i find they'll often like help what help you decide what works for you and will actually solve your problem rather than saying you have to buy my product sign here that's it and so so my kind of way to express this is like you can sell lies once but only once right like people are not going to come back if you're if what you're selling isn't real so like you have to meet your customer where they are and you have to be honest like if this is going to work for you great if it's not going to work for you then not and a lot of times when we're talking about complex implementations like it will work for you but we need to figure out some technical difficulties to make it work for you and that's another thing that again technical sales can do for you it is help you be successful right so it provides that so we often talk about devrel in that similar sense right providing a bridge between the product team and sort of the end user can you only whatever is oh absolutely so um i and i think again technical sales has a lot of kind of dev relish influence in it especially kind of the team i'm building right now um so developer relations and again the like everything in tech it has multiple names and a lot of people call it different things uh but developer relations is essentially um kind of a way to to do i don't want to say technical marketing but it's sort of like you know if you had to if you had to think about it this is your way to provide a message one too many right it's like it's i am going to the world and i'm explaining to people what my product does and why it matters why it's important and also in in as part of this it's always about telling stories right it's it's always about like hey you know we were successful um let's say at microsoft by doing xyz right or we were successful at github or you know we were you know we failed in something and we want you to learn from our mistakes right that's why you see a lot of folks from like netflix coming up on stage and going to present what their solution was and stuff like that so and i know you you spent time in devrel right so you can you can also help us define that yeah it's definitely marketing from the bottom up if that makes sense so the people who are hands on keyboard helping them solve their problems helping them see potential solutions or like just super cool stuff that they could do that maybe they hadn't thought of um but yeah it's that and it's also a lot about creating content that then can help people know how to use your products so that they're happy right like if they don't have to call support and instead can find an awesome blog that walks them through and solves their problem they're happier because no offense to people that do support everyone would rather feel enabled to solve the problem themselves rather than ask for help right if they can like follow a blog and or watch a video and have sasha demo something to them then they're like oh i got this i'm awesome and documentation is such a big part of it right like like people can't just guess what your product does right so it's always about writing good dogs providing good demos explanations and stuff like that right and again but that's so it's so tech is always styled siloed right so it's always like dev doesn't like ops doesn't like security doesn't like sales doesn't like marketing whatever and everybody's like oh don't call me that i'm not working i'm not sales i'm at this i'm not that like i am like we are working towards a common goal right like in the end of it all we are trying to help businesses solve problems that's what we do and whether you call me devrel or or sales or engineering or whatever it doesn't really matter to me as long as i know that i am actually helpful to people to actually deliver their business value to their customers oh my gosh sasha if every single person had that attitude the world would be a happier place i do think so okay now people management what is that like so it's new so um you know we're gonna find out but i so i i think in my personal opinion um people management is about enabling people more than anything else right so you know on one hand we have this micro management approach and like you know like let's tell everybody what to do and how to do it and watch them do it because if we don't watch them for five minutes they're gonna you know not work or whatever um i think i'm on a totally different you know side of the spectrum right and i'm like i trust people to do the right thing and i believe that they always want to do the right thing um very like special circumstances you know sometimes like things really go wrong but um this is about enabling people to to do their best work right and people kind of shine in different ways so you have to kind of find like what does the person struggle with and where does a person where does the person shine and help them maximize their strength there's this um so there's this book called the strength finder um and so like i'm not so it goes a lot about discovering people's strength and i'm not so concerned about like particular strengths because it kind of map you out and give you an assessment or whatever um but i'm more concerned about the message itself which is they kind of found through their research that when people focus on their in uh kind of enhancing their strength they do a lot better than when they try to like fix their weaknesses right so let's say someone's not good at planning but really good at presenting to people right so that person can spend a lot of time trying to be better at planning and kind of still suck at it or they can pair up with someone who's really good at planning and spend most of their time talking to people which they will do really well right that's brilliant that's brilliant um i've done a lot of people management in my zillions of years in tech and right now at my current company we do this thing called a 360 review every month and so yeah it turned out that so one of the co-op students said he just he's like i really really really want to be the best sales person you've ever met and whenever i get feedback it's always you're awesome i don't want to hear i'm awesome i want to hear if this one thing could have been better or this or that and he's like i want real genuine feedback and so we start having these super deep conversations and i've had 360 reviews before that usually i spring on my manager against their will where i'm like listen this is really working for me but i need more positive reinforcement or like if you don't answer my emails for a week fyi i'm going to make the decision for you and i'll tell them like this is how i want to be managed and so we have these and it's not like a formal review it's more just like i want to know what i'm doing that works for you i want to know what i'm doing that doesn't work for you like do you have the tools that you need to get your job done is there stuff that's frustrating that's not working for you and so sometimes i'm like okay you no longer have to work on that products or whatever someone else is going to work on and i like swap things around a bit but quite often the things that people really like or don't like really surprise me like one of them told me when we went over our company values that that was so meaningful for her and that it was really important to her that we follow these values and going over that really mattered well another one was like i get so lonely working from home could we do like one so like he was living around 35 kilometers from me and he's like could we do like a social distance but in the same place because i'm just i haven't been around and i live alone and it's killing me so i was like yeah let's figure out like a safe way for us to do this right and like adjusting for each person are you having so so this is this is a very interesting topic and it's more like you know i want to learn from people what they do right now then i have like a lot of advice but like we're gonna on board a whole new team to the company while being completely remote and not being able to meet anyone face to face and this is like a new thing right um and it's so much like i am pretty good about finding the right people to talk to and scheduling calls and and like being proactive about this and stuff like that i'm also super burned out of video calls oh my god but like it is so much easier when you kind of can walk up to people and just like talk to them when you need something and like ask them questions take them out to coffee take them to lunch just like you know come together as a team i'm ironically like i joined github about a year ago like my previous job right and except for the people who came with me from microsoft like i didn't i've never met my team in person so i left the company before after meeting my team in person and that sucks like so bad you know what i mean it does it so does and like you don't get to have that kind of like intimate connection where especially if if you're the leader of the team like you need to instill such confidence that they're willing to follow you right like unless you want to be one of those people that yells at everyone all the time which i think we both agree like that's not our style because i probably wouldn't have invited you on the podcast um but like then you have to like gain their trust and and earn it and earn that they will follow you right and like it's harder to do that not in person or i and just generally right so like psychological safety is super important and as much as like everybody is always making fun of like oh it's your bonding exercise and just like climb trees together you know what i mean like these like uh stupid game things but they work right like as part of this you're kind of having a shared experience and you're learning about each other and it's a laid-back environment it's not about like oh my god we get to deliver things and it helps build that trust that is tremendously important i so i'm going to give a talk next week that is about growth mindset um which i've been meaning to give for a long time i haven't finished my slides yet so wish me luck but we're going to share a link to it um to the talk yeah of course um but like i really so the more conversations i'm having with people and and you know that at microsoft of course mindset is kind of a big thing and everybody talks about it all the time like the more i'm having conversations with people outside the more like people need to hear this like people need to hear the stop people need to read the the book by carol black about mindset because this is just like i am finding that so many people are afraid to ask questions so many people are like kind of constantly afraid to come off as not knowledgeable or like you know constantly feel the need to prove themselves and it's especially so like right if you're an 100 person in tech um like it's especially so right people feel they need to extra prove themselves all the time and i feel like like in my career i just basically take the opposite approach i ask all the questions all the time right and it works for me and i i'm not saying like everybody should be like me right but i it's okay to be vulnerable and to ask questions because people want to help you and people want to provide you information and usually people actually open up and kind of think of you as a smart person not a dumb person people think of you as a dumb person if you try to impress them and you fail right not when you ask them a question again that's been my experience right i feel that being vulnerable and admitting you don't know something is a thing that very confident people do and that people that have a severe lack of confidence will pretend they know lots of things that they don't which is quite dangerous especially with multi-million dollar products and projects and or many other things right and right i am a firm believer in asking questions and also taking in the input of lots of other people but so i'm i'm putting the book underneath you so it's mindset the new sex fault the new psychology of success yes and it talks about growth mindset but the book name is mindset and the book is amazing i am reading it just so i can give this talk and like she's done all the research for me like i literally like i don't have to pull extra quotes because they're all in there already like you know what i mean that already has all the stories and all the things just it i think it's a life-changing book and i always say like i wish someone gave it to me when i was 13 rather than 30 because like that would save me so much my life journey you know i know that feeling will you briefly explain what a growth mindset is yeah so when we when we talk about ability there's kind of two ways to define ability ability is either something you have so it's inborn everything i sort of am came with me inborn so and it could relate to anything can relate to intelligence could relate to sports ability could relate to art how artistic you are right even to personality right so like whether or not you can change your character is also part of this um and then when you say fixed mindset that is when i believe everything was inborn and when you say growth mindset is i can continue developing my entire life right and i think in in different parts of my life i kind of had had this realization of like i can continue changing things about myself and that was like always very freeing but um in particular like when i read the book like it just like all clicked i'm like oh my god this is why we struggle so much because we constantly we constantly think that we need to prove ourselves right and once you free yourself from that and i can't say i'm completely free right i still like i'm competitive i want to be the best at things and stuff but but like when i free myself from that like i have to prove it like i have to know things already like you know i mean and i can be like i'm improving i'm a work in progress this is you know that this is constantly changing and then then it works a lot better and uh one thing that i mentioned right that everybody at microsoft talks about gross mindset because i think such an adele is very insistent on the fact that like growth mindset is a thing and i think this is part of what like the new microsoft is right kind of where we came from like microsoft came from like sort of being a old-school company into being a very you know the new tech giant right that's competing with all the like new shiny sag giants um because where we are in tech we constantly have to learn things and we can no longer be like oh yeah like we know everything about sql like i don't know sql released five new updates today like i don't know everything about sql you know what i'm saying yes considering like and and like if the the more you go like the more the broader your perspective gets the the less you know right because like your your domain gets bigger like anyway no no it's so true thank you because i love that i love that idea and i totally subscribe to the idea that i can change myself i can learn new things whenever someone says you can't teach an old dog new tricks i'm like well maybe you just don't want to own that dog right like maybe we have a great comment in the chat so ubik security says great advice sasha we never stop asking questions and it's vital for us to always be curious and to never stop learning and i completely agree and i want to take this opportunity to thank you big security for being our sponsor of tonight's podcast they planned this way in advance because they wanted some divine ops they wanted to support sasha's episode so sasha's handle online is divine ops and it's such a good good handle and i wanted to tell everyone that ubik has actually they just launched a free tier for developers that allows them to so basically they do like encryption as a service um and it's really cool so you call them in your application they just do all that messiness for you and so their free tier is up to 100 000 um ap alcohol api calls are like encryptions per month and so if you want to check that out you should go to ubiksecurity.com and the trial is free for everyone and i really like giving away free stuff on this podcast and so definitely go check out ubiksecurity.com and then go to newsletter.wehackpurple.com because we hack purple academy has made a whole bunch of well a whole bunch we've made two free mini courses that we're giving away and one is on instant response for application security incident and the other one is how to scale your security team and your security program without extra security dollars and so like how can you scale things better and get more of what you want which is usually in our case secure software and so go on down to newsletter.wehackpurple.com which oh wait i'm gonna put i'm putting the url of ubik security and then i'm going to put the newsletter one up after but i have more questions for you sasha sure while you're doing this while you're putting the links up there i just want to say mention that i just read your book and like it's excellent i just want to do a plug for you everybody should buy tiniest book alice and bob learn application security um and so this time my life goes like i have like 12 books in like you know on the list that i want to read and i bought the book and i was like i probably won't read it for a while and then i started reading it and it was so great and i just couldn't stop and i just finished the whole thing so you should definitely read it is my point thank you thank you so much for putting quotes online it is so funny to see people's responses to like you'll put in like one line from the book and then people will make these huge assumptions and they're like well what if this i'm like it doesn't say that she didn't type that like you're that's twitter for you right but i also like how positive you are you're always like really positive in your responses like and because sometimes i'm like i just want to like be be cunning but i know i feel like if you say on twitter i like cats 100 people will be like tanya hates dogs and she murders them sometimes it's like whoa whoa i still pet all the nice dogs i still pet all the nice dogs don't worry snakes are also okay with me and lizards but before you know it you are the person that hates dogs and you're like all i said was cats are cute i'm sorry yeah yes exactly speaking of like my twitter feed so i am divine ups on twitter and like my twitter feed is full of cats so if you like cats like you can follow me she has serious cat gift game and also like super cute memes as well and sometimes she says just send me the cute animals and then you can follow that thread and just get nice cute animals for like a few hours it's pretty good you know and i do i do like all animals especially anything fluffy so like you know i definitely like dogs as well but like cats are me so i i think i'm sublimating i don't actually have a cat and that's why like i find lots of cat videos and just watch them so they can make me happy yeah you know i don't have i don't have a pet either and so yeah i really like to live vicariously through someone else's pets like one so i have like this three hour block with a client every week where we just like build pipelines and do super cool stuff and he just got a puppy and i have to say i've been living vicariously through my client with his cute and his puppy's so fluffy and it's so adorable ooh ubic securities like rabbits are also cute yes rabbits rule basically if you cut them in cuddling like i'm in but okay so but back to you sasha let's get serious sure let's get serious what is a day in the life like of someone that does people management but also someone that does you know like not customer success but like technical sales like helping students customers success too like you know what i mean it's like anything has multiple names and people feel strongly about what the names should be and i also feel strongly about what the names should be but sometimes it's useful to use multiple ones to gain context um but yeah so judging from my past three weeks experience is mostly meetings i just can't be honest with you right like there's lots of meetings um but like i think like normally you just so you will be and again if you are doing individual contributor customer success technical sales or whatever are you going to be interfacing with customers a lot right you're going to be on a lot of like doing a lot of presentations doing a lot of demos doing a lot of walkthroughs and things like that um sometimes again it kind of depends on how far you go sometimes you actually go and help someone implement something um you know put your hands on keyboards i love hands-on keywords that that's what gets things moving um and sometimes you can just tell stories though which is also awesome um and then like again as a people manager and this is why like i had a choice of being a people manager you know like 10 years ago and i was like yeah no i like writing code better than spreadsheets but um i i'm gonna find out how much i like spreadsheets right but i think eventually in your career um you kind of figure out that the only way to scale is through sort of building a team right and i think you can definitely speak to that but like i just figured out like there's only so many hours in a day that i can do stuff and then like if i want to do more i have to teach other people how to do stuff and then like we can scale together i personally feel like when you're when you're managing people or leading a team that what you're doing is investing in a person and so like let's so i for instance i have some students right now and one of them i'm teaching how to do all these fancy social media things and how to just like do various things to help but then before i know it he's going to be like get out of my way tanya i got this do you know what i mean and so then that's just off my plate and i just like trust this person right i i think the best thing is like when you delegate something to someone and they surprise you like in a good way you know and you're like oh i would have never done it this way but it's amazing that that's like the best thing in the world oh my god this just happened and this is fantastic and thank you so much and like you know and um i think the best managers i've ever had were always like the people who remembered more good stuff that i did than i did like that does that make sense like they come to you and they like six months later they're like writing your review and sasha did x and i'm like really i completely forgot i did x but thank you this is awesome you know because it's like our memory just like works only on what's next and kind of not what happened last week i'm like what did i do last week i don't know you know i take notes i love it when a manager says to me i trust you like i i remember i got a job and the manager had we had worked together previously and he brought me in and i found this huge design flaw in a project that they're about to start like they're halfway through and you know i wrote the other devs and was like oh no no no and they're like go away and i i was like no this isn't going to work and like here's why they would go away and so my boss had been on vacation he comes back and he holds a meeting with us and he's like okay so tell everyone your concern and i did and there was like a big problem trust me and um and then the guys were like well we can't just change this part way through the project and blah blah blah and my boss said did you effing hear her were you listening because she's the boss here yo i hired her because she knows what she's doing and she says it's not going to work you want to try to prove her wrong go for it but she has way more programming experience than you she's been doing this longer and like he didn't say it but it's like your previous job was personal trainer like he didn't have any previous programming experience before this job and like that's how we ended up in this problem with this giant technical issue is that like he didn't have any like background training or whatever and was just throwing stuff together and we're about to have like a huge disaster stack overflow developer oh my gosh yes but like when you are able to say that you trust your employees like that's this this beautiful thing where you're like i trust you to make this decision so sasha you are about to start learning about delegation and delegate the decisions to not just the work and so it's actually like there's a downside to that and that's like you know um when you don't trust the people and that happens too and and that like i i don't have a good solution for it so like i just my goal right now is that like i i just want to hire only people i can trust and i am in in a position where i get to hire people like you know what i mean but of course you can't know everything like you definitely can't know everything from interviews interviews are kind of a sucky way to try to learn about a person but um it's yes i like in the leading projects type of thing like you know that there are some people that you can just be like figure this out and like this magically happens and then you know that there's some people that are like i need to spend so much time explaining this to you that i probably could do it better myself and faster without explaining and then like the question is like am i explaining this like like am i holding someone's head because they're new because they're a student because they're like you know new to the job or something or am i like continuously holding someone's head because they just don't want to make an effort to actually do the thing and like i just hope i don't have to deal with stuff like that that's my honest hope i used to work for the federal government where there was the strongest union in canada and um yeah i had some people where you just didn't even want them to do their job because they were so dangerous but yeah i've i've learned how to handle difficult employees but this is not a show about me this is a show about you and okay but i i will i will ask you for notes after this okay i think just in case definitely we can have an online virtual coffee all right that sounds good so i mean in person coffee sounds better but i know i'm i'm up for that as soon as we both have vaccines i know i know it's like i i honestly can't wait like i first couple months i was actually like oh no travel this is kind of good yes and then yeah the other thing i will say about my job like is it usually involves quite a significant amount of travel um and again there's different like i have done technical sales where it was local but usually it does involve quite a bit of travel so that's another thing like if you want to travel this is a good job for you if you don't probably not so yes i learned just how much travel a human being is physically capable of in 2019 and in 2020 i set this personal goal that i wanted to travel significantly less but i didn't know i would overdo it to this level like when i set the goal to travel less i didn't realize i had travel zero but that's okay i feel like staying home has been a good uh thing for me so you want to hear an ironic story like when i came over to github like that was the first time that i took like a devrel deveral job like the explicitly your job is to speak a conference this kind of thing yeah and and then i was supposed to go to all these bunch of conferences and then if it happened because of it it was kind of upsetting yes i would say one of my friends actually just resigned from a devrel job and she said you know like i took it because i love speaking at conferences and i love traveling but because that's off off the books or like that's off the table right now she's like they just have me writing and she's like i don't mean to sound like a snob but i don't want to write all day i don't like you i'm an extrovert it's killing me and so yeah so she left and now she's like the vp of security somewhere she's like i want to see humans i need humans yeah and she's much happier i think i i think like and yes and i don't mean to like dance virtual virtual has its benefits like i mean we couldn't do this part package in in real life probably like it would be extremely hard to figure this out schedule-wise right but doing only virtual all the time does suck like there's only there's only so many things you can accomplish like you know what i mean uh with having a virtual audience and you know we talk about psychological safety like if i'm in a room with people i can get to a discussion where people ask me real questions and tell me real feedback and actually kind of getting somewhere whereas on a webinar like probably not gonna happen you know yeah i agree that people um are less forthcoming for sure virtually i actually had a situation i think in 2018 or 2019 where a person actually had recorded our phone call without telling me um and then had like edited it and played it for some people to try and make me sound really bad and it got back to me very quickly um but since then i've been like a little bit extra conscious of things that i say because like never would i have thought that a person that phoned me like spontaneously would then record it and then attempt to make me look really bad um and like being in cyber is interesting none of this happened to me when i was a deaf none of this stuff happened when i was a deaf but um i feel like there's that consideration constantly when you're having a virtual call like maybe someone's recording this as opposed to if you're physically like in a cafe with someone having coffee i don't know that would never occur to me that that was happening if that makes sense yeah yeah and it's just like you know we're humans we're like we it that this the the multi-dimensional thing actually matters because like um there was some i think research and i did like i i can't give you like a link or a reference but there was somebody sort of like we when we talk to people like this right we actually like we have to build out like what tiny actually looks like like it takes extra mental effort to do that and so being on video calls is extra tiring because of all this effort um you know so it it's like we're all getting a like boot camp in virtual stuff like you know for the majority of 2020 and i think this is amazing that technology is good enough for us to enable to enable us to do almost everything we normally do in a virtual world right and but also it's really like to uh for the for the pandemic to go away finally yes all of us are very much so looking forward to that um yeah my company was always planned to be remote like where we all work in separate locations so that i could hire anyone in canada that i wanted um but gosh i i didn't know it would be mandatory um but i have i have like a couple more questions we have some more time and i wanted to ask what types of personality traits that you think someone would need to be good at your job so obviously so one of the um most prominent fears like phobias in like the world is public speaking actually so it's not snakes it's not death is number two right public speaking is number one public speaking is scary um so you need to be comfortable with the idea of public speaking right you need to be good at public speaking but like you can't get good over time like i said growth mindset you can get good at almost anything um but you have to be like open to an idea and think that you will enjoy this um there's a story in a in a in a book uh on psychology actually like behavioral um whatever cbt iebc it's called whatever but integral therapy yeah i it's it's not so igbt is rational emotive behavioral something anyway uh the story was that like this uh psychologist guy like he was extremely scared of talking to women um extremely scared like he couldn't do it and so at one point he gave himself like a you know mandate and he would talk to one woman like every day or something like that and for 100 days and he asked him all for her phone number and his success rate was zero he he gave he got zero phone numbers but in a hundred days he was not afraid of talking to women anymore like that just wasn't a scary thing anymore uh which is like i said like you can get good at public speaking you can become kind of second nature and you can be completely comfortable doing it but you have to be willing to get there um and again before someone to hire you probably have to be halfway there at least right um i don't like the word extrovert i i personally think that everybody is an ambivert right so i have moods where i'm like oh my god give me 500 people and moods were like yeah please leave me alone and i don't i don't want to talk to humans um and i think pretty much everyone is like that i don't i don't think everyone is always in one mode um but like yes definitely not like you know misanthropic type of like i don't want to talk to human stuff i personally personally i believe that like an ability to get excited about what you're doing is um helpful because it's contagious right like it's far easier for me to get someone into like solutioning and deploying and doing stuff if i'm excited about it then if i'm like oh everything sucks you know like technology buy computers computers were a mistake[Laughter] yeah people say that like there's there's some types in tech that they're like oh you know like everything sucks all the time i would not want someone like that to intervene customer success they should be on the customer failure team right i i also like supremely don't believe in like developers don't like to talk to humans stuff like you know i mean we we like to classify people but but really like anybody can be good in anything they want to be again not everything everything but like you can you can improve as long as you want to yeah i totally agree would would you say that um you've gotten so that you enjoy presenting so i've always enjoyed presenting i i think as a kid like you know whenever you had an option of like can you present this thing on you know in front of a class like i would volunteer every single time right um which is actually a great strategy because then when you don't know anything they don't call on you because they're sick of you you know um but anyway like so so i kind of like really enjoyed it as a kid and then i think all the way through college i did none of that and i kind of missed that so like when i first had an opportunity like oh there's tech conferences and i can present something on stage and stuff like i started kind of doing it on my own time which then sort of morphed into um you know relish type of things and uh salesy type of things that's awesome when you started presenting at like meetups and conferences and other places were you really really nervous at first or were you just comfortable right from the beginning i was definitely nervous and it also like it takes a skill right like some things are hard to do like i i think demos for instance are extremely hard to do right to do a good demo it it doesn't just take that your technology works it also takes like how can you tell a story while also clicking buttons or like writing a script and like people who are really good at this they practice way more than i do like they they practice for days like and so it like is completely flawless and stuff like that um it's a lot easier for me to give a talk right like to just talk to a slide because like i can put one word on the side and i can tell you the whole story around it and you know um but but again like every i know people who practice talks for weeks and i know people who like write the talk the day before and they're excellent and it's kind of like people have different strategies and approaching things and different rates of like you know different ways to succeed that stuff um it definitely gets where like yeah like you less and less nervous the more you do it um i think it was uh donovan maybe that told me that like at one point he got to a point where he walked up on stage with build which build this is like build keynote so build build regular talk is fine right but build keynote is a like a really stressful situation and he was like and i was not nervous anymore and like i don't i don't think like i this would take 20 years of me like you know you know it's like there's a lot of pressure so he's pretty awesome though we're talking about donovan brown from microsoft who is a developer relations person who leads the devops the extraordinary league of devops um if you want to look him up all the people in the league are pretty awesome like they're pretty awesome if you want to learn about devops like abel wing and steve marowski and i used to get to work with these awesome humans so i'm pretty uh yeah yeah it's pretty cool when you're like oh my gosh that person's so amazing and like you're like fangirling over someone you're like yeah they work with me so i will i will say i i'm not the kind of person who like melt over celebrities and stuff but i had a fangirl moment uh with scott hanselman years ago like the first time i i just i i went to build ironically we're talking about build i went to build for the first time and i ran into him in the hallway and i was like your squad failed somebody like i just had a mini meltdown you know i mean and the funny thing was like he's an amazing human because like he remembered me like five years later and he was like we met in bubble in san francisco i'm like how i don't know but it's so nice right he's the nicest human being in the universe i like i am constantly surprised at how nice he is and i think some of the folks in devrel like totally deserve their like sort of fame i don't know just because they're just the nicest humans on the planet and and this is a hard job to do because like you said like people people come at you with all sorts of weirdness negative feedback that is unasked for and like unwarranted and stuff and it's kind of hard to it it's hard to filter it out um even if you know it's so my favorite thing is like you will never give a talk where everybody will be satisfied with the level right so whatever talk you give like some people will be like this is too basic and some people are like this is too advanced right and i was i was reading um oh my god uh the ceo of intel oh my god andy grove like his book his book is like it came out in 83 right and like i i was reading it and i came across the passage and he was talking about presenting and he was like on every talk you will get like 50 of people saying it's the right level and then 25 saying it's too basic and 25 saying it's too advanced i'm like okay this was true in 83.[Laughter] like you know presenting to people yes and if you give a workshop there will be 25 percent of people that said it went too fast and there will be 25 percent of people who said it went way too slow but if half of them are like yeah that was good then you're all right so i i will say so my former boss uh martin woodward who works at github now um so he's an amazing human being too and i i've seen his ratings once and it got me like really stressed out because like he had a 100 like satisfaction rate on one of his talks and like there was like 300 people in there it's not like you know 100 percent for like three people like no there was like a massive audience and everybody was 100 satisfied like this is not human like you could you can't do that what i don't know but apparently he's a superhuman and he just exists that is awesome so i have like a thousand other things i want to ask but we only have 10 minutes left so i'm gonna try to i'm going to try to talk a lot about debra so we can talk about other things what type of technical skills do you think that someone needs to be able to do a job like yours because if they have no technical skills i don't think that they could be good at technical sales i don't i don't think you can be and and this is not in a sense that like again you can learn anything i i keep repeating this because i truly believe that um and there's a lot of gatekeeping in tech uh but i think so for me to like want to hire someone like i want them to have like five years of technical experience now i don't necessarily care what this experience is on right you wrote things in python or you were in infosec or you did networking like i don't necessarily care which part of tech you were specialized in but i want you to have lived a hard life right because like there are scars that come from running things in production that you can't fake like it's empty for things that is unfakeable right um and then i want to be uh open to learning new things right because tech moves really fast and actually when you are in like customer success or sales like it moves faster because you are selling people things that don't exist yet or like just came out yesterday like literally like a day after something is announced a bunch of people will call you and be like how do i do this i'm like okay well let me read the white paper right or let me talk to engineering about this like and go explain it to you like um so so yes definitely like it never the learning never stops here i totally agree i totally agree where um so like you were saying there's some gatekeeping in infosec and in tech like especially in infosec um what is gatekeeping just like so i know that most the audience probably understands that but just so we could lay it out yeah so and again words have definitions that are sometimes blurry but like so preventing someone from getting access to something uh just based on like criteria that doesn't necessarily matter right so it's um an example would be you can't be a developer if you don't have a computer science degree now i have a computer science degree so i can tell you you don't need a computer science degree to be in technology to be a developer to be an infosec none of it right um now that that doesn't mean that anybody who did a course for three months can be as successful as someone who had been in tech for 10 years like i'm not saying that practice doesn't matter or anything like that right but but these are like sort of phony criteria that people use right like did you pass this certification or something or like are you like i mean a lot of women get gay keeping especially when they're just entry level or when they're in school like people tell them like oh it's not a girly profession and like this is funny because people like well you're not you don't have to listen it's like well imagine that people told you every day that you don't belong here like every single day like oh you know you should go do something else and i i mean it's hard not to internalize you know what i mean years ago um i was i was walking into the outside as a cso and i was walking into the elevator with my team and we just hired two students and one was a 20 year old woman and one was like a 30 year old man and they're students and this was both of their first infosec job and so me and the rest of the team but not the students so all the adults um we're getting into the elevator and um one of them was was joking about something and about star wars and i'd said i actually haven't seen star wars um and then he said we're going to take your he's like are you kidding i'm going to take your nerd card and then i was like oh yeah i run the oas chapter and i do this and i do that and i do this and i do that i'm like actually i'll accept all your nerd cards [ __ ] and then like put my hand out to accept their nerd cards and we're all laughing and i'm like but seriously don't ever say[ __ ] like that in front of katie and they're like what i'm like i don't want her thinking she doesn't belong she dyes her hair blue shaves part of her head and wears a leather jacket to work and she's amazing and i never want her to feel like she doesn't belong here because she's not a dude or she doesn't like some stupid tv show they're like it's a movie i'm like i don't care and yeah and they're like no but she doesn't have to listen and i said imagine if every day you came into work and everyone on the team but you were pink and every thursday we got our nails done together and every whatever day we did yoga together and we did all this stuff and all of our jokes were about that and we decorated our because they had their office decorated with like star wars which is totally fine and like and imagine if every where you looked that's all there was i'm like for 23 years because i'd worked in tech that long and they were like oh i'm like imagine being told literally constantly subliminally to your face directly over and over and over again why do you think women leave tech and all their jaws are just on the floor and i'm like never speak that way to katie i'm bulletproof but i don't want the next generation to have to be bulletproof to work in tech and they're just like we're sorry i'm like i'm sorry i made this very serious but seriously don't do it so is this this is 100 like i i agree with every single word and like i think the only way like i survived the first like i don't know 10 years including college right was like my mantra was i'm not like the other girls right whenever people would tell me like xyz i would be like i'm not the i'm not like the other girls and it took me like getting in my 30s to realize like i am exactly like other girls we're just told [ __ ] about what girls are supposed to be like guys constantly you know what i mean yes i can i can be adorable and wear so i'm wearing a pink she hacks purple t-shirt which obviously i have to show because i'm wearing my own swag yeah that's right and well and like we just um we have purple so shop.wehackpurple.com and so we just like released a hoodie that is specifically lady shaped and it comes in pink and bright lime green and purple and you know all these different we actually comes in multiple shades of pink because i freaking want a pink hoodie and i can still program just as well as someone else wearing a black hoodie or someone else that's a dude or etc and oh my gosh like i might have to go and buy the pink hoodie and i i'm selling it almost for cost because i was like i just want to have a really cute pink hoodie i don't care i love swag by the way i i love swag i run dough with say chicago which this shirt is from and like i do swag because i i love swag me too me too and i feel like um especially especially infosec because the so in in programming it's like you know between 27 ish to 35ish percent lady folk um and the rest are men or non-binary folk but in it security it is it is brutal it's like around 10 percent maybe 11 as low as 5 depending upon which country you're in is also very bad like yeah it's just it's also like so i i went to school in israel right and like in my first job was in israel and like we had significantly more women um around in i.t and uh like coming here it's actually interesting because like it when i meet women in i.t in america they're usually not american and it's kind of like it tells you a story oh yeah oh yeah a lot and a lot of the women in i.t aren't from north america that's true i am a lot of people say to me they're like oh it's so interesting that you that you chose it and i explained how both of my aunts have computer science degrees and then three of my five uncles have computer science degrees and then how my two older cousins like went as a computer science and the other one as we can and they're like okay we see yeah um but like the average little girl isn't necessarily told you know what you'd be such an amazing little software developer when you grow up my my mom was pissed when i went so i enrolled in biology and then i didn't like it and then i switched to computer science um and i loved it and my mom was pissed for like two years about me switched to computer science i'm just saying when i told my family i was like yeah so i thought about it and i want to take computer science and they're all like we know but i had considered drama like i applied to like i got all the i'm scholastically inclined so i got like all the words and all the stuff right and uh i and i even got like offered invites for various programs so i'm like i could i could do english but i already speak english there's like history there's this there's that and then i thought about the people in my classes and i thought about my computer science class and i was like i like them the best and if i'm gonna go work with these people all the time oh my gosh i would i i would just murder everyone in my drama class like they're so i just i was just like oh my gosh well you all just shut up like all day right and so the computer science people i was just like oh it's so great like i love working with them and so i was like yeah i think i think i'll try this and then you know the rest is history but i feel like well certainly people like you are setting an example for for all the people but especially the young ladies i i will say i would say that's part of it like why i'm on stage and why i'm visible and like why i'm willing to take the like you know the weird comments on twitter and whatever like um because i just i just want someone to be an example like you can do this this is like people can be successful people can you know you don't have to be look a certain way to be successful in technology um i think it's an important message sasha rosenbaum i am looking forward to this interview for so long this went by too fast right like i mean i feel like i feel like i could talk with you about the same like you know topics for another hour i know i know well maybe i'm gonna have to invite you on next year and i'm gonna have to think of a new topic because technically this is like season one so season one goes on as long as i feel like it because when you run your own podcast you can do that and then i'll have to think of a new topic and they'll be like oh this is a great excuse to have sasha back on that's good thank you so much i want to tell everyone verbally you should all follow sasha on twitter so if you go to twitter and type in divine ops so d-i-v-i-n-e-o-p-s like ops like operations or devops and she also has a website which is sasharosenbomb.com but let me spell that for you for the people listening so sasha s-a-s-h-a as you might have imagined but then the tricky part rosenbaum b a r-o-s-e-n-b-a m dot com go visit go check it out follow her there will be fluffy animals but also quite a lot of wisdom um the books we talked about today were the strengths finder and also mindset the new psychology of success thank you so basically like just so you know and your book you have oh and yes and allison application security available from wiley amazon and basically all the places that sell books and thank you so much for being on the show this was great thank you so much for inviting me and yeah when you come up with season two then i'm coming back okay let's do the wave goodbye thing that we do and bye everyone bye and that was the wee hack purple podcast episode 21 with sasha rosenbaum i know i've been talking about her a lot on twitter and stuff and also on the show and how she was coming on and i'm so excited that she was finally on and i am totally scheming a plan to have her back already thank you so much to ubic security for sponsoring this episode and sponsoring so many episodes before oh it is so amazing how you have had our back at we hack purple we hack purple is an academy a community we have a little swag shop on shopify and we sell cute t-shirts and hoodies but mostly we want to teach people about appsec and if you would like to learn some stuff for free you can join our mailing list and we will invite you to some free mini courses that are starting literally on monday so you want to sign up between now and then to get the invite so go to newsletter.wehackpurple.com and in the meantime i wish that all your applications are secure you