47. Clea Ostendorf, CISO of Code42, Securing the Unseen: on the Frontlines of Data Protection
Hello, everyone, and welcome to another episode of the Security Podcast in Silicon Valley. I'm here today with a very special guest, Claire Ostendorf. Welcome to the show. Thank you.
So good to have you. Where are you calling in from? Calling in from Minneapolis, Minnesota. Oh, I hear the accent.
Oh, yeah. We'll break it out for the call. You are the field CISO for Code 42. I am a field CISO for Code 42.
A CISO. Yes, I am more externally facing. And then I have a fantastic peer who does more internal customer work supporting existing programs. Amazing.
And you bring a lot of great experience to the table. I'm looking at your LinkedIn. It looks like you actually came up through the law side of the house and maybe some international relations in your background. Would you like to share with our audience just a snippet summary?
Once upon a time, I wanted to be a diplomat and an actress. And then somehow I found myself in security. So my path into security started, yes, doing a little law internship, lived abroad. And then I needed a job to pay the bills.
And so somebody gave me an opportunity in sales and recruiting. And I thought it was the best job ever because I just sat at a desk and I called people and I spoke to people and I heard about what they wanted in the job. And then I would find them a match. But that business became very transactional and less focused on doing what's right for the person and more about margins and dollars, which I found hard to grapple with.
And so I started looking for things that were interesting to me and a little different. And I stumbled into security and I said, what is security? Oh, it's hackers. Oh, it's yeah.
What is this? Yeah. Cool stuff. And it really felt like the ability to hack into somebody's bank account and just have that power was like sort of a superpower.
So I started going to all these meetup groups and OS groups locally in Minnesota. And then when I would travel, I would seek them out as well. And I realized that that hacker aspect is only one part of it. We don't really talk that much about that.
Now I know it's called red teaming. We don't talk that much about that side of it. We talk more about the defense and protection and the human element. And it just got me hooked.
And 15 years ago, here I am. Oh, 15 years ago. So once you got that hook, there's no turning back. I loved it.
Yeah. I just, I mean, I thought it was the smartest people I've ever been with. The most clever, creative, and frankly, people I want on my side. I was fully aware that when I started working for a security consulting company, like you probably have seen everything.
And you know what? You're still talking to me. So we're cool. We'll move on.
Nice. And so now at Code42 as a field CISO, what do you do as a field CISO? We are all figuring that out. All of us field CISOs.
In fact, there is a group that gotten together. And frankly, we asked like, how are you being measured? What are you doing? How are you on the market?
So I think there's different flavors of a field CISO role. My role with Code42 is to work with customers or prospective customers to help them feel comfortable with the product and the way we are securing it and our perspective. And frankly, challenge the status quo of what they're doing around data protection. Because we have a traditional way that we want to approach things.
And then we have the reality of what data protection looks like today and have to bridge that gap. And I think that's where I live today. Amazing. It's good to live on a bridge.
Good to see two different worlds. Is that the security group that Cain facilitates? Yes, exactly. Cain.
So Cain introduced us and that's who was helping. And I loved that discussion because all of us were like, so how are you doing this? What are you doing? And to have an audience of very smart people and a group of all these people who have done amazing things in their careers and still trying to figure it out together.
I love that community aspect. So at Code42, for our listeners who may be a little bit less familiar, could you help us understand what Code42 does better than anyone else in the world? Sure. So Code42 is a data protection platform.
We fall into the realm of insider risk or insider threat, as well as DLP, if you kind of want to classify us. And the way we approach things is we have visibility into all data movement across endpoints, cloud, email, et cetera. And then we provide risk indicators and highlight where you should focus your efforts. So rather than saying, hey, I'm classifying this data and this data is not static like it used to be, we're thinking about what are the behaviors that would put data at risk?
So that could be something like a departing employee or new hires, or maybe there's an incident or something happening within your organization like a reorg or layoff. I mean, those are realistic use cases that then we can have visibility around where that data is moving, how people are interacting with it. And do we want to take some action? And then we have a series of responses, some of which are the traditional you're going to block that behavior, and some of which are much more nuanced like training.
Hey, you're putting data at risk. You're syncing to iCloud. We don't recommend that. Here's a 30-second video on how to reshape that behavior.
And we've seen some really effective changes with reshaping behavior of how users interact with data versus here's the hammer. I'm telling you, no, it's just a different approach. It sounds like a long-term strategic investment in people. Always.
You have to. I mean, you can tell people not to do something, but unless they think there's consequences or what affects them, it's not really going to register. Do you, can that software detect, oh no, you just uploaded half of the file from our private GitHub repo into chat GPT4. Our chat GPT4 turbo just came out this week, and that's not aligned with our policies.
Yes, yes. We can see large data uploads. Exactly. Source code is one of the strong use cases that we have because we know source code is valuable intrinsically and then financially, and we have a lot of visibility and ways to kind of control that movement.
So what's a typical day look like for you at Code42? It depends if we're in the office or not that day. So we are a hybrid workforce, and I go to the office twice a week, which does change how I function, right? Oh, I'm sure it does, yeah.
Getting ready to go to the office is a process. It's not just rolling out of bed. But I like to wake up. I'm a morning person, so I like to wake up really early.
I have a little me time that may be doing a little yoga or meditation or just scrolling through my phone in silence. Then the day kicks off, and the day is either customer or prospect meetings, creating content. I love to do a lot of community events, and those seem to always come across like they're flawless, and no one put any work into it, and everyone just shows up. But if you've ever created an event or hosted an event, there is like the image of a duck gliding smoothly across the lake, but underneath they're paddling like mad.
So that's me. Smooth on the surface and then paddling like mad. Super hard and committed like underneath the hood and making all of the good stuff happen. Make sure that duck gets across that beautiful pond early in the morning.
Fed and happy, and it was worthwhile. I've never met an unhappy duck. They do just float through life. Don't they?
That's awesome. What are some misconceptions about working in security that you think people have? Oh, that's a good question. Misconceptions about working in security.
That everyone is highly technical or that everyone, like traditional security to me has always been we don't want to share what we're doing, and we don't want to collaborate because the more information we give you, the more vulnerable we become. You can use that information against us. And I think there's been a pretty seismic shift in how both organization to organization people are sharing information. You're seeing things like trust centers, right, where you really lay out, this is how we're secure.
This is what we're doing. This is our process to even like groups who are saying, hey, we got CISO to CISO. We got breached or we're dealing with this. What are you doing?
And people are collaborating, which just makes us all stronger, right? It does. It does. I love the collaboration.
I love the sense of community and the security community. I couldn't imagine being so clammed up and secretive and hidden that you can't even share like what's going on or learn and grow. Like where's the growth mindset if you're just a lone wolf, right? And I think it would be really isolating, too.
I mean, you would feel like you're alone battling these threat actors and you're doing it in a silo. I think that would be really hard. Yeah, I think that's spot on. So a lot of what happens in security could be perceived as, oh, no, put out the fire and high stress, high risk, high vulnerability, high impact to the business.
It sounds really stressful, especially maybe from the outside. How do you find a healthy balance between your work and your professional life and your personal time and motherhood? Yes, I am the mother of two little boys who are super intense as maybe all children are just mine. I don't know.
Nature versus nurture. I don't know. Yeah. Maybe because they have they're both brothers for each other.
That energy just ricochets right off of I have a brother. I don't know. I mean, it is they are they are Poco Locos. That's what I call them.
Poco Loco. That's Poco Locos. Yep. Poco Locos.
Every day I'm like, how am I going to burn your energy? Are we jumping? Are we wrestling? Let it go.
I think in in in this job, I mean, most jobs, if you're passionate about something, it's really easy to get pulled in and want to do something 24 seven, whether that is responding to internal requests or trying to just improve. I think setting boundaries is important, but so putting the damn phone down. And I mean that I have my I have an iWatch. Right.
So, of course, it's I'm always getting pinged anyway, but it's really good to use that do not disturb mode, even for a few hours in the evening or in the morning or night, whatever. Just shut off as much as you can when you can so that you're able to recharge, because otherwise it's both from a work perspective. You're getting pinged nonstop about issues or things or people are asking for things and you have to solve them. You're human.
At least for me, human nature, I want to solve it right away. And if you're not able to shut down at some point, you're going to burn out. You're going to just feel like that constant cortisol pumping through your body. And that's not the state you want to be in.
You're going to make mistakes. Right. You can't run that engine at red line. Like you can hit it, maybe touch it and then back off very quickly.
But you can't finish the race in red line. No. And I think it's both personally, but also with relationships. If your device and answering whatever machine is the most important thing and people see that, your relationships, your children, whoever, that's going to affect you outside of just work and just your personal.
Yeah, definitely. So how do you recharge? I am a huge fan of movement in whatever form. I mean, I see a medicine ball behind you, so I, oh, yeah, yeah.
Right. Yeah. Yeah. I have to do something physical and I just started lifting weights.
That's been really fun because it's incremental, maybe a little yoga, walking, running. I don't care. I just have to move my body to burn off that energy. And once I kind of realize how important that is to my mental health and physical health, I work it in wherever it is.
Oh, that's amazing. I am exactly the same way. So what do you do? Exactly.
So I'm a runner, a perpetually injured runner. And when I'm so injured that I can't run, I switch to biking. Also study. Yes.
Yes. You have a Peloton. I opted not for the Peloton because I'm hooked on the Garmin ecosystem. And so I have one of those snapper kickers that's connected to an actual pedal bike.
And so I just jump on that. And Zwift, I think it's the app that I'm always using. So it's a great way to just sort of flush out all of that pent-up energy and put it into something that's productive and healthy and hit that reset button. Maybe over a lunch and just go on with it.
Yeah. Yeah. For me, whatever it is, whenever I can fit it in, it's just you've done one thing for yourself in the day. And then I'm able to give in every capacity.
But if I had just one selfish 30 minutes to an hour, I'm not asking for hours. I wish. I think I'd probably get bored if it was more than an hour. But I'm just asking for a little time to reset myself and feel like, and now you can give and do what you do.
Exactly. That's so healthy. You should be very proud of that. I think Minnesotans in general are just very healthy people as well.
I don't know. Do you consider yourself Minnesotan or a transplant? I don't think I'll ever consider myself Minnesotan. I am from the East Coast.
I still have East Coast tendencies. Ask anyone you talk to. They're like, oh, no, Cleo will tell you how it is. But I love Minnesota.
And so I'm happy I'm here. Okay, excellent. It sounds like you fit very well. I have tempered myself.
Being from Minnesota myself, like you sound, you basically have that Minnesota twang. Oh, thanks. So when things are going down and stuff ends up in the news, like what's your favorite news source? Or how do you get information?
How do you get cute into all of that juicy, the juicy happenings in the security world? I love podcasts. I mean, podcasts are sort of long-term plays, right? You're listening for an hour.
You're understanding somebody's thoughts and perspective on how they would approach things. So it's sort of like a learning experience. For straight news, Dark Trace is great. Love the CISO series.
David Spark does a podcast, and one of them is Top Headlines. That's a five-minute fast little snippet. And then you can absorb into it. And then I track everything on Google, any major incidents, and just kind of dig into that, if it affects us or customers and so on.
Nice. Nice. Also a huge fan of podcasts. No surprise there.
So if you fast forward into the future, could you share with us what your vision looks like for success at Code40 just for yourself and also your team? Yeah. So we have been on a journey. I've been with Code42 about five years.
And we've gone on a journey to kind of transform how people are thinking about data protection. So anyone who is changing a status quo knows that it is not easy. It takes longer than anyone expects. There's tons of things that come up and bumps you have to endure.
But I think we have reached the point where people are saying, okay, no, I can't just block and tackle my data. That is not realistic in our given world. That is not realistic in how people work together. Right?
Our motto, Code42, is securing the collaboration culture. That is how we work today. I am, even us, we're sharing a Google document back and forth. Right?
You're not trusted in my network, but we're still sharing data back and forth. Right? So you realistically secure that landscape. So we have now convinced most of the market that you need a different way.
Now we need to actually show people how it's possible, which we are doing with several, many big customers. But it's a work in progress. I think we all are, every security tool out there is trying to figure out how do you cut the noise to value ratio. Right?
That the amount of alerts that everyone is getting is just intangible. Oh, I'm going to die underneath all of these false positives. I mean, and seriously, and I go back and forth with people where people say, those who are using all the tools, we'll say the security engineers or analysts are like, no, but I still need to see everything. But if you're not going to act on it and it adds no value, why do you need to see it?
Can't you just store it in a log and look back if there's an incident and you need to dig into it? Exactly. Exactly. Historical.
Yeah. That's what we're working on. The materiality of what you're seeing. Will you actually act on it?
What do you find is like the main objective for not moving forward into this more progressive space that you're trying, that you and your team are trying to help folks see and understand and connect with? I mean, the first thing we're going to say is who are your external stakeholders outside of security. So what does that mean? That means have you talked to legal?
Are you engaging with HR? Because the only way you're going to get better and more proactive at protecting your data is if you have indication from the business on what data matters. Right. You can't focus on everything.
Right. Getting proactive around events that would put data at risk. For example, is there going to be a reorg? So what team is going to be affected?
Let's have more additional monitoring around there. Initially, there's pushback. I just want to own this little castle, this little piece. I don't want to involve other people.
So that's one. And then two, change is hard. Why do I want to rip and replace something when I think I'm doing well enough with the controls that I have? And every time we go into a POV, we prove it wrong.
Oh, you have removal media blocked? I'm sorry. Somebody just took your roadmap out the door. Does that matter?
Look, it's in the news. Oh, look, it's in the news. Oh, my gosh. Look, they just started a company with that data that they took.
Oh, no. Was that an issue? Oh, did that matter? Do you want to do something about that?
And now you're in a legal battle. Oh, what a mess. Yeah. I guess one of the ways to look at risk is to either actively mitigate it with controls and with mechanisms like DLP and other systems and processes to mitigate that.
Or if the business does not want to mitigate the risk, you buy, you cover it some other way. You buy insurance. You get someone else to sign off on it or another business owner to own it. Yeah.
Yeah. We I'm working with, I might not make them guilty and clear who they are. Working with a large organization with lots of customers. They share data back and forth.
And they've had multiple insider incidents where a managing consultant has taken project plans and customer information and they've had to pay pretty big fines, almost lost a customer. And they still have not invested in the in code 42 or any really product. And it doesn't have to have to just be us because they don't want to upset the culture and seem like they're too much. There's too much monitoring as to what the consultants are doing.
Yeah. So you're using data, you're losing money. Yeah. But you're going to take that business risk.
And that's, there's only so much. Right. There's only so much you can do. If a founder or a CEO or a leader of any kind has their heart set on swallowing risk and they understand like what that risk means and the costs associated with it.
There's always going to be a cost associated with it. The idea is that not only is doing the right thing and protecting your data cheaper for your business, it's also, it's cheaper compared to the things that might happen if you don't do those things. Right. And I've noticed without a business driver behind security initiatives, there is no security initiatives.
It's just, yeah, we want to do all of these things and we can recommend that folks focus on all of these things. But unless a business leader has seen and felt with, felt the problem and felt the pain point and has decided to protect, in this case, data or processes or IP or whatever it is, it's really going to be quite challenging. And just to tell the line, it's the security team. I mean, it's an increased level of stress where you're not getting support from the business.
You know it's a problem. And if something goes wrong, it's your fault. When you're not, it's hard. It's a hard.
You don't have the tools to solve it. Yeah. Yeah. It could be a very challenging position to be in.
Speaking of challenging and challenges, what's the most challenging day that you've had so far at Code40? Most challenging day at Code42. I would say when I started, it was the most challenging. And that's not just because it was a new job.
It was really shifting a mindset of an organization who has been very successful in what they were doing. And we came from backup, but he loved Code42 for backup and trying to shift in security. And it's a very different mindset and a way to approach working with a product, right? Like backup is you set in, forget it, and you move on.
You don't want to touch it again. Where at security, you constantly have to be tuning and looking into things and setting up alerts and removing things and communicating about what matters because it's not straightforward. So that was challenging. It was winning over the hearts and minds of a very smart engineering team, a very smart sales team.
A bunch of people are saying like, what do you know about this? Right? It was an overhaul. What the hell am I doing?
And then COVID hit and we all went home and that had its own challenges. Yeah. Yeah. I could imagine.
I could only imagine. It sounds like Code42 is really lucky to have you and to help. Have you helped them navigate all of that complex space and that shift from backups? But we already did it.
There are other people involved. I'm sure it was a team effort. On a bar here. But it was a journey with a really smart team.
And good leadership. Wink, wink, nudge, nudge. Good leadership is really important. People who listen and will fight your battles.
Yeah. Fight with you. Towards doing the right thing. It's always interesting finding that internal alignment.
A lot of people get very political inside different companies, especially larger companies. There's a lot of bureaucracy sometimes with processes. I always find that a revisiting of the basics, reminding everyone that we're all on the same boat together, pointing out that we're actually all on the same team. It's a really nice way to just fall to seize and bring people back to the table.
And we can take off our personal hats or our little fiefdom or whatever that we've got building and put on the company hat. Think about what's right for the company. What's right for the customer together. Oh, remove the ego.
I mean, I would echo that with your statement. Oh, yeah, definitely. Yeah. Check egos at the door.
I imagine it's especially difficult in a male dominated field being a woman, too. I mean, it's certainly. It's another dynamic. I call myself the diversity hire sometimes.
The diversity hire. Mostly hire. Is that a panel? They're like, oh, we're so happy that we have a female on this panel.
And I'm like, I guess I'm glad I qualified that way. You know what? I think diversity matters so much and is so important and is so overlooked sometimes on teams. And it's the differences that we all bring to the table that makes teams stronger than the sum of their individual hearts.
And that's why diversity is so important and it matters so much. And if you just get a giant echo chamber filled with copies of different organisms inside that same echo chamber, you're going to miss really critical gaps. And the only way that you get that diversity on a team is you hire different types of people. You don't.
I know that when we hire folks, we look for very specific qualities and rates and experiences. But I also feel like complementing the skills of the team and complementing the experiences that those teams bring to the table is just as important. Yeah. I mean, I agree 100%.
I think there's two factors. I mean, many factors, but these two things come out to me when we talk about this. First is, if you're bringing somebody who is so different into your team, how are you going to make them feel like they are part of the team? And I think that's something that's overlooked, right?
Are you going to include them in the same way? Are they going to be comfortable? I've worked in male-dominated industries my whole life. There are things that guys like to do that I'm not interested in.
And so how are you going to kind of compensate that difference to make this all? I want to go get my I want to go get a pedicure. I don't want to go to a baseball game. I'll go with you to go get a pedicure.
Everyone loves a pedicure. There we go. Many studies. After work.
Here we go. I think everyone's a pedicure. There's that aspect. And then there's we.
And maybe I can toss this back to you. Sure. We're talking about wanting to hire diversity. When do you hire diversity?
Or when do you hire somebody with a different point of view? When you really need to just ramp up the team, right? Because there's a constant benefit to both. Like we can ramp.
I've talked to our recruiters. And I asked her this question. She's a manager. Do we need to just have a developer who can hit the ground running and scale our product?
Or do we hire somebody we can train and help shape the direction in a different way? So what do you do? What do you do? You do both.
Do both. I don't know. Maybe that's a cop-out answer. But I used to.
I've interviewed so many people in my lifetime. And I used to be very specific in the things that I look for. And you have to be. You have to be.
Make sure that they're going to be a good fit in terms of the skills that they bring to the table. And that they'll be able to be successful. And maybe not 100% in their comfort zone. If they're learning and growing, that's actually a good thing.
I see that as a good thing. And the thing that I look for now in interviews is the passion. It's the drive. That's the one thing that you can't GPT.
You can't read it in wiki. You can't learn it. You can't go to school for that. You can't get a degree.
If you have the drive and that fire, you can accomplish anything. And when you believe in people. And as a leader, I think like people can feel that. If you show them that you're going to be, that you'll take a risk with them.
For them to take that next step for themselves. And you got their back. And you make them feel like they're part of the team 100%. And maybe that means going to get manis and pennies after work.
Or maybe that means doing a long run on the weekend together. Or maybe that means I don't even know what that means. It's different for different cultures. And it's different for different people.
But it's different. And you have to listen to what matters to people in order to figure that stuff out. And that's why being a leader is both like super challenging, but also like very rewarding. I find because it's about connecting with people.
And moving through uncomfortable spaces. Because I don't know anyone that you can just get to a point in your career and stop learning. Stuff and technology is constantly changing. You have to change with it.
You have to learn. You have to grow. You have to move with it. Otherwise, it slowly becomes a little bit inch by inch less relevant.
So I don't know. I don't know about you. But that's kind of what I optimized for. And at some point, I had an epiphany that I thought at the end of the day, like the tech was what mattered 100%.
And I really dropped that for actually people matter at the end of the day. And people that can see other people or people that bring something that complements the team to the table. You should definitely optimize for that. And trust people to be able to learn like the technologies.
And if you have an emergency, a tactical need, I don't know. Maybe don't hire someone. Maybe just get a contractor to fill that tactical gap. Maybe.
I don't know. Like just thinking out loud here. But every situation is different. And I could see cases being made for both sides.
I don't know. What's your, what are your thoughts on a little bit? I mean, I totally agree. There's something called, there's sort of like a TikTok trend going on right now called the personality hire.
Where you don't hire necessarily on the skill that somebody is bringing to the organization. You hire more on the way that they're going to complement the team and energize people and build culture and excitement around the company. And I think that's a hard thing to say as a hiring manager. Hey, this is what I want to hire.
Recruiter, go find me. Somebody charismatic and fun who's going to, you know, make everyone want to work harder. But you can look for that in the people who are interviewing who maybe aren't your traditional background. Yeah, for sure.
I mean, you can't put that in the job description, right? Yeah, it would be a hard one. That's a soft, those are all soft skills. Yeah.
I mean, I guess when you, when a recruiter or someone will put, oh, good cultural fit, that's maybe what they're talking about. Yeah, yeah, maybe. But, you know, it's important to bring skills to the table as well. So you can contribute in a meaningful way towards like the mission of the company and help drive the business to be successful.
And a business really, what is a business? A business is an entity that exists to make money. It's so simple. It exists to make money.
And you join a company. It's just an idea, right? It's just a group of people getting together to accomplish a mission, to solve a pain point, to make people's lives better. Usually those people are called customers.
Hopefully they're called customers. If you have a good business, you have people that are paying you money. And you show up and you solve their problems. And everyone goes home happy because everyone contributing to that mission feels better about being able to make people's lives better.
And the people are actually paying you money to help make their life better. Like you are making a real impact in the world. This makes me happy because I want to live in a better world. So this is all of these are good things.
But in security, we deal with such hot button topics. Would you like to discuss any current or potential future cybersecurity threats that are like top of mind with you? Okay. We'll go really broad and then we'll go.
We'll funnel it. Yeah. We'll funnel. We're trying to funnel.
Yeah. What I am scared about is our critical infrastructure. And I don't know enough about securing it. I know there's plenty of vulnerabilities.
I work for a pen testing company. We did a bunch of pen tests on water treatment facilities. And it's like, where do you want us to begin, right, to help you fix this? But I think we are really vulnerable.
And I don't think, first of all, I don't think many Americans are able to manage hardship, right? Look at how we all endured during COVID, right? There was not, it doesn't, crisis does not bring out the best in many people. And so when these things that we are so used to being around, we'll say electricity, internet, water are gone.
What is society going to turn into? And how quickly are we going to devolve? So that's my I'm scared moment. Top of the funnel.
Top of the funnel. I bought a five gallon freeze dried thing from Amazon this weekend. Just in case. Just in case.
I mean, what is a five gallon freeze dried food going to do? I don't really know, but it helps me feel a little more prepared. The more realistic thing that I think we're all dealing with is our personal data privacy versus security. Right.
Like we have given out all of our information across the internet because now we can choose if cookies are tracking us. Two years ago, we didn't choose. And our data is still funneling and being collected and manipulated. And so how do you reconcile that?
And how do you start to take control over what information, personal information about you is out there? And I'm starting to see more products targeted for the actual user, like general population versus the consumers. Us consumers. Yes.
I'm starting to see that. And I like that because it to me, it gives a little more sense of control. It's not going to fix everything, but at least you can clean up the data spread that's out there about your personal information. Yeah, I will love that.
I look forward to living in a future that has better privacy now for all of us. Yeah. What do you think the role of cyber espionage is going to evolve into over the coming years? Oh.
Or its impact on international relations? I don't know. We, I mean, I assume everybody has access to everything already. All of the nation states who want to see what we're doing.
What would be interesting is how it's weaponized, right? There's a 23andMe attack or data breach. And what they looked, what they went for was Asian Americans. They wanted all the data on Asian Americans and Ashkenazi Jews.
So that was the demographic of the data that they took. They took everything, but they specifically called out that they were really targeting those two groups. And to me, why? How is that going to be weaponized?
Are we going to have, we can go down the spiral, right? Are you going to create like some super bug that only affects these groups who have this type of gene set, right? Or what are you going to do with that? So that to me is interesting.
Here we are going to get more complex on how this data is used outside of just general money laundering. And that's nasty. Given the history, the human history that we all share and have in common, the history unlearned is a history repeated for sure. And people think, oh, modern world is not so bad.
I mean, I don't know. If you look around to see what Putin is doing with Ukraine, look to see what's happening in Belarus. Belarus is in Europe. I don't know if people understand that.
They're the tyrant dictator over there who rigs elections very openly. Yeah. People just fear all the time. The amount of proxy wars that are going on.
I mean, I have this debate with friends all the time. Are we, is the world a worse place or are we just more aware of it? I think generally humans want to do good. And do we, and does the news only report on the bad?
I mean, it's hard. I have to tune it out because it doesn't. Yeah. The news is unfortunately a business.
It's designed to make money. And it does that through the same mechanisms that TikTok and Twitter and anything else is trying to grab our attention. Modern day is like it works to have a little bit more credibility. And oftentimes it does.
But oftentimes you, we have to remind ourselves that it is also a business. One of the best 99 cents I've ever spent in my life was a little app called the Hourly News. And all it does is you open it up. This is my morning routine.
You open it up. It'll play short news clippings of everything that has happened. Like just the headlines in the news, the top like world headlines. And it'll go through NPR, Fox News, CBC in Canada, Deutsche Welle in Germany, Hong Kong News in Hong Kong.
And you hear like from all of these different perspectives what's happening in the world. And you know what? Like when a big event happens in the world, they all report on it. And I hear such different content.
And it's not that anyone is lying. None of these news stations lie or deceive. It's just sometimes you don't hear all those. You don't hear everything that happens.
And depending on what is reported, you can hear the slant. You can hear like the bias in all of these different styles. I would say of how it's delivered. And then you realize how it's being curated.
And so it's just fascinating to hear the different perspectives through what's being reported. What's not being reported as much as it is what is being reported. How it's being reported. You need some analytical insight.
You need to use your brain when you're consuming information. That's what's being reported. It's like logic. Yeah.
Let's do our own thinking every once in a while. It's healthy. So, hey, do you have a favorite interview question? Like a job interview question?
A job interview question? Or I guess. It's open-ended. So you could.
I'm going to say job interview question. And I love to ask people their genesis. Like, how did you get into what you're doing today? Because I think you can learn a lot about somebody's just general approach to life.
You had a really hard job. You didn't like it. So what did you do to improve your situation? I am all about not staying static.
Right? Always moving. Literally and physically. I mean, literally.
That's good. No, that's good. I like it. Mental sense.
But, you know, where were you then? And how did you get to where you were? And what sacrifices or what paths did you take? Because I think you can understand how somebody is motivated.
And what they're going to do to learn or improve their situation. Or fit into your general team if you're hiring. Yeah, definitely. No, that's awesome.
I love that. It's just double-clicking on life experiences. Getting to know the person, really. Would you say that there was a book or a movie that you watched or read that really changed the way that you see the world?
That you would like to share with the audience? I am a voracious reader. For everyone who doesn't see, there are many books behind the clay. I love to read.
I either read or I listen to books. So I can't say that I have one. But I like to listen to books or read that. Tell a story that we all maybe know from a different perspective.
So I just finished Covenant of Water, which is about, I don't know, a foot big. Wow. It's a huge book. It's a huge book.
So it's like undertaking, but well worth it. And it tells, in one part of it, tells the story of World War II through what was happening in India. And that's just a perspective that you would never traditionally get from the Western history books that we see. And it just shapes another aspect of humanity that we don't traditionally get to experience.
I love it. So you're looking for those different perspectives. Yeah, absolutely. Amazing.
It's exactly what I look for in the news. Change. See it from all different sides to make your own conclusion. If you had an opportunity to meet your younger self, would you?
And would you have any advice? Your younger self? Yeah, lots of advice. When I was younger, I spread myself very thin.
And I think maybe that benefited me because I had lots of experiences. But I think as I have gotten older and time is more valuable than it used to be, when it seemed like you had endless time and endless energy. And no money. And no money, right?
And no money. You had all the time in the world and absolutely no money. Didn't matter, right? Because you'll figure it out.
And you don't really need to eat three meals a day. And vegetables are optional. Because again, you're like functioning as your optimal self at 20. Yes.
I didn't focus on investing in relationships. I was like happy floating around and sort of being superficial. And to me, I don't have time to that anymore. I really value one-on-one conversation and understanding how somebody ticks and getting to know them.
And that's where I would say younger self. Think about that. And also don't drink so much because it's not good for you. Yeah.
It's hard on the body. Alcohol is hard. But it's amazing to build friendships and deep, meaningful connections with other human beings. Full disclosure, I was in the same way.
It was not something that I invested in my earlier years. And then at one point, it just clicked. And I was like, you know what? At the end of the day, like this is all this tech stuff is great, but people are what matter.
Definitely. Absolutely. So we have a lot of entrepreneurs that listen to the show. And so this is a little bit of a leading question, but could you imagine one tool or service that it doesn't exist in the world today?
And you just wish that someone would notice these pain points and solve it for you. Anything comes to mind in that space? Privacy. Figure out a way to do that.
Personal privacy. It's my hot button right now because I just feel very exposed on the internet. What's amazing is what is about to happen, what is already happening. It's like all that stuff that we've been uploading to the internet for the past like 15, 20, 30 years, whatever, how long the internet has been around, is now going to receive like all this swoop from AI.
Yeah. And even if you didn't tag yourself in a photo, people are going to know that was you. Yeah. I'm like terrified, right?
Yes. I was an early adopter of Facebook, right? I put my life out there. Live journal.
Like I had that. I don't, I mean, I want it all. Act what I want. Someone invent that.
Please wipe it all. There we go. A giant red button. How much would you pay to wipe your history on the internet?
I need to know what's the first. Okay. All right. All right.
So there's a little, little line items, like early Facebook photos, like live journals. And then I'll let you know how much I get blackmailed for. They're an interesting service. Analyze my exposure to risk on the internet.
Give me a number for how much I mic loose. This gets into the wrong. Yes. How could my data be weaponized against me?
Oh, that's an interesting question. The ownership of what they've put out there. Yeah. Yeah.
When we were building Peacemaker, there was a, it was all B2B stuff. But at the very last minute, there was an attempt to think through what could be a B2C product and go after that problem in particular. And we got very excited about a lot of stuff. But you know what?
It's hard to find that adoption for things like that. People. I feel like there's a lot of people that just have accepted that they are not private or maybe that they believe, I don't know, they're not important enough to matter. Like for those ending up disappeared or something like that, if you visit the wrong country or you come from the wrong place and you have the wrong different, the different set of ideas.
But I think it's much more than that. I think that these companies are positioning themselves to monetize our data. And when you don't pay for a product, you are the product. You are the product.
And you're being monetized. Our behaviors change. Even though we don't like to admit that, like advertising, we see it because it works sort of thing. Absolutely.
Absolutely. One of the best ideas that somebody had in regards to just the general data that's out there is that companies who use our general data, our browsing history or what we're clicking on or whatever they're collecting, you can opt in that they'll collect that information and they'll pay you a universal basic income. Right. That's how you set up.
Hey, I am a product. I will click. I will do my thing. And you can use this data.
Or you opt out of that and they can't touch anything you engage with. Yeah, I love that. Right. For most people to be like, I don't care.
I'm going to do it anyway. Send me a Google ad. It helps me. And then they can get paid for that.
And then you can elevate the standard of living. And these companies can still make all their money because they're advertising the right way or to the right people. Yeah, there you go. And you share a profile of yourself with you and what matters and the history of all your button clicking and all of that stuff.
Yep. So, John, maybe you should invent that one. Oh, my goodness. If I have the spare time, like I'll squeeze that in.
I don't know. Oh, maybe you've got the entrepreneurial spirit yourself. Ah, perhaps. Maybe that's a phase two of my life.
We could team up and be co-founders, maybe. You guys heard it here first. All right. There we go.
Would you like to leave our listeners with any pearls of wisdom? Pearls of wisdom. Always, always try and approach things from the other side. See both sides.
See both sides. I love it. Both sides. Amazing.
Amazing. So enriching to step outside of our comfort zone and be a little and just appreciate that the world is colored through these lenses that we're looking through it. We can try on different lenses. Whoa.
Surprise. Mind blown. Spectacular. This has been an amazing discussion.
Thank you so much, Clea. It's been an awesome chat. Yeah. Likewise.
Thank you for having me and thank you for the opportunity. It was really fun. I think there's been a lot of laughing, which is always a good way to have a happier day start. Yeah, that's a good sign.
And thank you to all of our listeners for tuning in for another episode of the Security Podcast of Silicon Valley, a YSecurity production. I'm your host, John McLaughlin, and stay tuned for more episodes in the future. Thank you, everyone. Thank you.
Thank you.