Just like getting a job, advancing your career requires more than just technical skills. It requires you building relationships within your organizations, particularly with your boss. So how can you consciously build these relationship with an eye to leveling up your career?
Check out this post Monte Pedersen of The CDA Group for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerry Davis, division director for cyber defense at Truist Bank.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, OffSec
Full Transcript
Intro
0:00.000
[David Spark] Advancing your cyber career requires both technical and soft skills. But you know, you need those soft skills most importantly when you are managing your career and your relationship with your boss. So, how do you balance both doing your job and working with your boss to, well, move your career ahead?
[Voiceover] You’re listening to Defense in Depth.
[David Spark] Welcome to Defense in Depth. My name is David Spark, I’m the producer of the CISO Series. And joining me for this very episode is Geoff Belknap. You may also know him as the CISO of LinkedIn. Geoff, say hello to the audience.
[Geoff Belknap] Hey, everybody. It’s me, Geoff.
[David Spark] Yes. Now, have you ever gone by a nickname, Geoff?
[Geoff Belknap] Mr. Geoff.
[David Spark] No, nobody calls you that.
[Geoff Belknap] Or Geoff if you’re nasty.
[David Spark] Oh, right out of Janet Jackson’s playbook. Excellent.
[Geoff Belknap] Me and Janet.
[David Spark] I used to do that joke on stage. I used to say, “My name is David. Well, it’s actually Miss Jackson if you’re nasty.”
[Geoff Belknap] And did it bomb as much as it is right now or…?
[David Spark] No, well, we don’t, not in front of an aud… I used to also have a joke where I say, “My name is David Spark, but…” Oh, no, excuse me. I would just say, “My name is David, but that’s a stage name. My real name is Firestar.” [Laughter]
[Crosstalk 00:01:20]
[Geoff Belknap] My favorite part about this segment is none of this is going to make the final edit.
[David Spark] It will make the final edit. Editor, keep it in. Our sponsor for today’s episode is OffSec, elevating cyber workforce and professional development. We talk about this all the time, quoting the great Jesse Whaley, CISO over at Amtrak, “Don’t try to hire unicorns, grow your own.” And you know what?
Getting the right training, that’s how you can do it. More about OffSec a little bit later in the show. Geoff, let me read you a quote, “Success in the workplace hinges on more than your skills and abilities. It also wholly depends on developing a solid relationship with your boss, effectively managing your boss, and strategically advancing your career.
It takes more than most believe or are willing to commit to,” said Monte Pedersen of The CDA Group on LinkedIn.
Now, I should note that this was a discussion that wasn’t specific to cybersecurity, but it was totally relevant for our audience. And Monte shared some ways to do that, including understanding your boss’s working style, maintaining open communications, and taking the initiative to solve problems. And when I say do that, is building relationship with your boss.
Now, all of this on top of continuing to develop your own skill set. Geoff, here’s what I’d like to say. This sounds great in theory, I can write this, but does anyone consciously do this systematically in practice, like building their technical skills while also building their soft skills and building their relationship with their boss?
Like, how much reality is that?
[Geoff Belknap] I think the reality is a lot of us do this intuitively and maybe unintentionally, and I think a lot of us that are working on our careers need to do some of this intentionally, right? I think the most important thing to keep in mind is if you’re going to be a world-class quarterback in the NFL, it is not sufficient just to be able to throw the ball in a tight spiral at varying distances.
You have to be able to communicate, you got to be able to read the line and call plays, you got to be able to interact with the various different coaches, you have to do all of these things, other than just throw the ball. Those are the things that make you a great quarterback.
If you’re going to be a great security leader, you cannot just be good at understanding security technology. You have to understand risk, you have to understand how the business works, you have to understand the stakeholders, how to communicate with them, how to make a compelling narrative for the value that security brings to that organization.
Those are the things that make you a well-rounded leader in security. And any of those things that are not working for you today are an opportunity for you to improve.
[David Spark] Very good point. And I love the analogy to football. Let me ask you… Or metaphor. Let me ask you, how good is your spiral?
[Geoff Belknap] Well, let’s put it this way. I do this for a living.
[David Spark] You are not an NFL quarterback.
[Geoff Belknap] I am not, nor have I ever been, nor has anyone mistaken me for a professional athlete of any ilk whatsoever.
[David Spark] All right. Well, that’s a good problem to not have, is to be mistaken for an athlete. I must say that I have the equal problem that you have of not being mistaken for an athlete. Let’s jump in and join our guest who may have been mistaken for an athlete. Who knows? He’ll let us know. He is the division director for cyber defense over at Truist Bank, none other than Jerry Davis.
Jerry, thank you so much for joining us.
[Jerry Davis] Thank you, gentlemen. It is a pleasure to be here.
What’s the best way to grow your staff?
4:49.533
[David Spark] Linda Goodman of LG Associates said, “I think the best managers are three-way managers. They know how to manage down and motivate and support their teams. They know how to manage sideways and build collaborative relationships with their peers. And they know how to manage up and develop an open and honest relationship with their boss by demonstrating support and providing honest feedback.” And Vinita Bansal of techtello.com said, “Treat your relationship with your manager as a partnership, not a one-way street.
When you manage up as well, your boss has to do less managing down, which frees up their time to do other parts of their job well.” So, this is a really interesting topic that both Linda and Vinita came up, is about that the getting what you want requires a two-way street and managing in multiple directions as well.
Again, I come back to this. Do you do this naturally or do you have to work at this sort of systematically?
[Geoff Belknap] I think this is one of those things where there are definitely people who are talented and gifted and do this naturally and effortlessly, and then there’s the rest of us. Some people are really good at managing relationships, but they have to work on the technology. Some people are really good at the technology, but they have to understand how the business works.
But I can confirm that Linda and Vinita are absolutely on the right path. Relationships really matter, especially when you’re a leader or a manager in an org of any size and you’re trying to get something done that is not the priority of one of your partners. The way that you’re going to get that done is not through a transactional, “I tell you, you have to do this, so you should drop everything and get it done.” It’s going to be by understanding each other and what your stakeholders value and how you can relate what you need to get done in terms that they can understand and appreciate and respect.
When you have that ability to build relationships, it makes your job much, much easier. If you don’t have that ability today, it’s time to work on that, and it’s a skill you can learn.
[David Spark] Jerry, did you have to develop this skill yourself or did it somewhat come naturally? What was your experience? And do you feel that you were doing this effectively?
[Jerry Davis] Yeah, so myself, it kind of came naturally because I’m very people oriented. I think when you look at my personality and my skill sets, I’m strong on the soft skill sides in particular. So, it came pretty naturally for me in building relationships and understanding my management and how they operate.
Like I said, I’ve always been very people centric. I think it also helped… Spent a lot of times in the intelligence community as a counterintelligence officer. So, we study people all the time, their likes, dislikes, and things like that. So, it kind of naturally came to me. And so when I interact with any of my leadership, I learn about them.
But at the same time, one of the things I think that individuals need to do that I did was I was very introspective about myself. I always self-audited myself, weed out my own biases and that sort of thing in favor of learning how I should best interact with my bosses. But for the most part, it was pretty natural for me.
[David Spark] Can you give an example of sort of a relationship engagement, and it could be in any direction, boss, peers, or downward, or someone maybe up to you as well, that benefited both parties. Any idea? And give us an example of how that worked.
[Jerry Davis] Yeah. I would say that during my time, I’ve had a lot of different roles in a lot of different industries. But my time when I was at NASA and I was the chief information security officer globally, I had to build relationships. I wouldn’t say not necessarily an individual, but an entire organization.
So, I’m coming from the IT organization into a mission space, folks who are engineers and scientists and build rockets, right? So, the thing that became most beneficial for both of us was them understanding the risk that cyber introduced into mission. I had to learn their language and learn what they did.
And once I learned that language, I call it being bilingual in the environment. Then it became beneficial, and they understood the need and why they should build in, let’s say, security into their engineering discipline for mission assurance.
[Geoff Belknap] So, lesson learned, Jerry speaks English, engineer, security, and rocket scientist.
[David Spark] Wow, I’m impressed.
What’s the issue here?
9:27.438
[David Spark] Zachary Davis, consultant, said, “If your direct boss does not see your value, nobody else will without your direct intervention. This isn’t to say we need to suck up to your boss, but that you need to understand how they work so you can be successful in the environment they live in.” And David Edward, who is a consultant, said, “Not many people take enough responsibility when it comes to managing their boss.
They think it’s just one way.” I would love to hear – I’m going to start with you, Jerry – your take on managing your boss. Do you tell your employees that they need to manage you?
[Jerry Davis] [Laughter] In a roundabout way, actually, I do. So, in my time at Truist One, and I do this in every organization I go into, on day one, I send out an email organization-wide. And basically, it’s sort of guidance instructions on how to work with Jerry. It literally kind of says that. And I list a number of the things, how to work with me, and I put my personality in it, what I’m all about, what are my hot buttons, how to really get me interested in things, how to approach me, how I do work.
So, when I put that out, it gives people context and gives them kind of a head start on how best to manage me. I kind of tell them how I like to be managed, right? So, it’s always kind of worked really, really well in that regard, and I’ve done it everywhere I’ve been.
[David Spark] That’s a good tip. Don’t make them start to guess you and try to figure it out. Just tell them up front. Geoff, have you talked to [Inaudible 00:11:12] or when you were working your way up, did you try to manage your boss? Either way, explain.
[Geoff Belknap] I have certainly tried to manage my boss/manipulate or inform them selectively, and I found that not to be a great strategy. I think everybody sort of experiments with what does that really mean, and what I’ve come to believe is, and this is how I talk to my team, “I need you to manage me, I need you to manage my expectations.”
[David Spark] That’s the big one right there. Expectations.
[Geoff Belknap] Exactly, right. So, inform me about what’s going on but manage my expectations and manage to my expectations that you’ve set. So, if we’re building something, don’t wait for me to tell you when it needs to be done or when it needs to be delivered. I’m expecting that from you. And then I think something I talk to my boss a lot about because we think very similarly here is when you feel really supported by a leader, I think one of the key elements there is you believe that that leader or anybody that you feel supported by, whether they be a leader or partner or colleague, you believe that that person is advocating for your success when you are not in the room.
And managing your boss, informing them, managing their expectations, empowers them to go advocate for your success when they’re in the room with their boss, or they’re in the room with the board of directors, or they’re meeting with whoever they’re meeting with. And I think this is an essential part of that.
It’s not managing your boss to the extent that you’re trying to be sneaky or underhanded or convince them to give you a high performance rating. It’s managing them to be the most effective ally that you can have to the extent that they’re going to be able to support you, even when you’re not involved in the conversation.
[David Spark] And I want to double down on that right there because I love that response. Because there are some times where there’s some technology advance or lack of advance that you don’t literally know, does this take an hour or three days to do? I don’t know. And you need your team to explain that to you.
And if you have the trust of your team, they will tell you the truth. And if they give you the ammunition on how to argue this, so when you are in these meetings, which they’re not, you can come and go, “No, you can’t expect that from me. It actually takes three days to do that. This is what we have to do.
I know it because of this, this, and this,” because your team’s told you. And when you are successful in your meeting, I mean, it makes you look good as well. So, it’s a total win-win. You appreciate your team essentially armed you appropriately. Yes? Am I saying this right?
[Geoff Belknap] Absolutely. I think it’s also sort of, I don’t know if maybe I’m dating myself, there used to be that commercial, I forget who it was for, where the guy was like, “We saved a nickel.” And the guy’s kind of like, “We saved a nickel, who cares?” But the context was we saved a nickel per transaction of, like, we do a billion transactions a year.
And I think that’s the level of management you need to do. You need your boss to understand, did you save a nickel period, or did you save a nickel per the trillion transactions that we do a year? One of those is really impactful. The other one, maybe it doesn’t matter. And I think people miss that context.
Sponsor – OffSec
14:15.730
[David Spark] Before I go on any further, I do want to tell you about our awesome sponsor, and that is OffSec. Now, formerly known as Offensive Security, discover the power of OffSec. The force behind the renowned OSCP certification and Kali Linux distro. Trusted by big hitters such as Cisco, Google, and Salesforce, OffSec is your partner in upskilling cyber talent with extensive training and resources.
Their regularly updated learning library includes over 1,500 videos, 2,000 practical exercises, and more than 800 hands-on labs. Their programs cover a variety of domains, including pen testing, cloud security, instant response, security operations, and a lot more. Their content spans all levels from entry level to advanced.
You can even tailor your team’s learning by exploring various learning paths designed to meet your team’s unique needs and job roles. They’ve also got a cyber range that includes simulations for red and blue teams, and tournaments that develop offensive and defensive skills in preparation for real world attacks.
So, you ready to elevate your team’s skills? Start to make your own unicorns? Request a free trial today to get a sneak peek at OffSec’s learning library and cyber range. Just visit, here’s the web address, pay attention. It’s offsec.com/trial. Check it out. You will thank me later.
Does anyone understand what’s going on?
15:55.298
[David Spark] Kate Sotsenko, founder over at thegoodbusy.com, said, “One, our most natural way to learn is by observation. We watch others, we copy, we imitate.” Heck, it’s why YouTube so darn good. “If we want our teams,” by the way, that’s my editorializing, but she goes on to say, “If we want our teams to keep growing, we must lead the way.
If they observe us learning, they will be investing in learning too.” Jenny Miller of New Zealand Ministry of Foreign Affairs & Trade said, “We need to help our leaders be successful. To do this requires lots of observing and building a trusted relationship. Being willing to be open and work closely with your boss is a great way to help them be successful and role model productive working relationships.” All right, Jerry, I’m going to start with you.
Observation with your boss, your team observing you, you observing your team. I’ve actually seen examples. Once you start asking questions and observing, you learn things you didn’t know before. And maybe you can throw out an example.
[Jerry Davis] That’s very, very true. We started off with the sports, I love sports analogies, and I tend to look at this from a perspective of being a coach, right? So, as a coach or player coach, even, so as a coach, I’m looking at individuals. My goal is to get the team to the championship, right?
And hopefully win the championship. So, I’m looking at everyone on the teams and I’m identifying their strengths and their weaknesses and who are my utility players. And me myself as a player coach, I have to understand and know that when I’m on the court, there are times when I’m not going to be the team captain.
There are other folks on the team who have skill sets, ball handling skills much better than I do. And I have to point out and let them step up and become the team captain.
Sometimes folks have to be prodded. Sometimes I think when you’re on a team in an organization, the staff will defer to the boss on 100% of the time. And you have to cultivate the organization to let folks be, again, sort of teach them to understand themselves and know there are points in time when, hey, they need to be the team captain out on the court and run the plays, and I have to know as a boss when to take the back seat on certain instances.
So, I like to kind of use that analogy and all that comes through observation. As the coach, you’re kind of watching everyone and likewise for the team, they should be doing the same thing. They’re watching everyone on the court and they’re also watching themselves and being introspective with themselves and taking a self-audit of their tool sets and their strengths and weaknesses.
[David Spark] What’s been your success in observation, Geoff?
[Geoff Belknap] I’ve developed this habit, and I forget who taught me this, might have been a early executive I worked with at one of my first startups in the Valley. But they coined the phrase to me, taste the soup, right? And I think the way a chef typically runs a high-end kitchen is they’re not in there making all of the things that the kitchen makes, right?
They’re there to make sure it is made to a high level of quality. It’s made consistently. It’s made the way that they want it made. But the way they do that is they don’t go over to the soup station and start telling you exactly what to do and micromanaging you. They teach you how to do it. And then when the soup is ready, they’re going to taste it, and they’re going to taste it with you, and they’re going to make adjustments and like, “Oh, it needs more salt,” or “It’s too much butter,” or whatever the thing might be.
I like to think about that as an essential part of security leadership in that I expect the leaders that work for me to understand it’s your responsibility to make the soup, right? You own making the soup. I own the product when it comes out of this kitchen or of this organization. So, I got to make sure that that soup meets my standards.
But that doesn’t change the fact that the soup is your responsibility, I’m accountable for it, and we’re going to work together on that. And I think when people sort of understand that that is a partnership and that that is the expected way it should work, I think it helps both the people that feel responsible for producing that thing to understand how you communicate with the leader, what the leader’s expectations are, what they’re actually doing, and it frames it in a very productive way.
[David Spark] My dad was a doctor and I saw him teach once. And I guess I’d refer to this, I guess, as the Socratic method, but he would never outright answer his students’ questions. He would make them come up with the answers. And so they would say, “Dr. Spark, what do you think about in this case?” Because they would do these case study type things.
And he would just ask them back the question, he goes, “What do you believe??
[Geoff Belknap] “What do you think?”
[David Spark] “What do you think?” And he’d force them to make some kind of an answer. And then when they’re kind of veering off, he goes, “Well, do you think it would be that because of this, this, and this?” this symptom or whatever. So, a little bit of what I’m hearing from you is they’re forcing the student to start learning on their own.
Because how much do you learn when you just say to someone, “Do A, B and C and just do it,” without them learning on their own? Right, Jerry?
[Jerry Davis] Oh, yeah, absolutely. hands-on sort of kind of what I like to say, like, OJT, people learn when they’re hands-on doing the things and obviously it sticks more, it becomes sticky.
What’s most important?
21:26.819
[David Spark] Lisa Martin, the Coach-Like Leaderâ„¢ said, “Strive for alignment between what the employee sees as their career vision and how the boss sees that vision aligning with the needs of the organization. This comes down to the employee having clarity and then transparent conversations on a regular basis with their leader.” So, Jerry, I’ll start with you on this.
This seems like a great model. As much alignment you can get between the employee’s career goal and the business goals, I mean, that’s win-win all the way around. Can you tell me how that would manifest, assuming you agree?
[Jerry Davis] No, I agree 100%, and it’s something that I say often. What I’ve learned in my career is that when things generally go wrong in an organization where there’s deployment of technology or any kind of process, something goes wrong, it’s almost always from a lack of clarity. People don’t have clarity around goals, visions, and that sort of thing.
And I always put that on…that’s on the leader’s fault. When there’s a lack of clarity, folks will fill in that void, whatever they think should be in there, right? And that’s when you get misalignments and that’s when things go wrong. So, I tend to focus a lot on clarity and when I put out a message, we put out a goal, I ask the question over multiple communication streams over time, just keep checking in with people that they understand, are they clear on where we’re trying to go, where we’re trying to get to at the end of the day.
So, again, it’s incumbent on the boss to be clear, give clarity, and constantly checking in with folks to understand that, hey, they’re still in alignment with where we’re going, they fully understand what we’re trying to do.
[David Spark] Geoff, the employee business alignment, their goals, the business’s goals, can you give me an example of where there’s synergy?
[Geoff Belknap] The most important thing to keep in mind, especially like this quote because it talks about career vision and alignment to your boss, I think the most important thing to keep in mind is your boss’s job is not to make you successful in your career. The chances that you have a job right now where your boss has the ability or the likelihood that they’re going to make you CISO or some sort of executive leader is probably next to zero.
But the reality is you own your own career, you need to understand what you’re trying to get out of this role from a growth perspective. And then I think it’s on you and your boss to have that conversation and to make sure that you are aligned either in your work or the opportunities that are coming your way in a way that’s most advantageous to you and to the organization.
But I think it’s also realistic to make sure that you’re meeting regularly, just like they talk about here, that you understand tactically and strategically what your leader wants from you and whether you’re delivering that. And then I think you can open up that conversation to have about what you want out of this in terms of your career goals.
[David Spark] And you must have had conversations with employees, an employee comes to you and goes, “Look, I really want to move to this position, I really want this.” And I mean, obviously you don’t say no, but you talk about how to get there. Are you able to create a path for them, for them to sort of understand and agree and walk out and say, “Yeah, yeah, this can be done, and this is the path you have to take.” But you can’t promise anything at the same time.
So, what do you say, Geoff?
[Geoff Belknap] I like to have really direct conversations with people. I think, I tell them, there are some times we have opportunities where your career goals align with what’s within my power to grant. If you’re an associate engineer now and someday you want to be a senior or staff or senior staff engineer, yeah, that’s all possible.
If you’re working, you’re leading a department right now, and your objective is to be CISO, the chances that you’re going to succeed me within a timeline that’s going to be exciting for you and your career goals is pretty limited. And so I have a lot of conversations with people where we talk about the next step in your career might not be here, it might be somewhere else.
And the next way to get to the goal that you have in mind might not even be the next job, it might be two or three jobs. We talk about the value of working in different places and understanding that. And I think when you can have a transparent conversation to that degree, people find it really… It’s a really important step.
And then I think people really open up about what they want to get out of this career, or at least this stage in their career.
Closing
26:07.545
[David Spark] Excellent. Well, thank you very much, Geoff. Thank you very much, Jerry. Jerry, we’ve come to the point of the conversation where I ask you, which quote was your favorite and why? So, could you tell me?
[Jerry Davis] Yeah, it was actually the quote by Dave Edwards. He’s talking about not many people take enough responsibility when it comes to managing their boss. They just think it’s one way. And I like that because of really what Geoff just said. Whether it’s managing your boss, it all falls into the construct around, for me, it all falls into construct around you have to manage your own career, at the end of the day.
I’m not there to manage anyone’s career that’s on my staff level. But folks have to take it within themselves too. You have to manage your own career. So, that’s why I love that quote so much.
[David Spark] Very, very good point. Geoff, your favorite quote and why?
[Geoff Belknap] I’m going to go with the first half of this quote from Vinita, Vinita Bansal from techtello.com. “Treat your relationship with your manager as a partnership, not a one-way street.” You have to take responsibility for this relationship with your manager. It’s not their job to make sure you have a great relationship.
It’s also sort of table stakes. When you get hired or when you’re working with or for somebody, the expectation is that you’re going to be easy to work with, that you are going to build some sort of basic relationship upon which you can build trust with. And if you can’t do that, you’re really not going to get much further than that with your boss, with your coworkers, with the people who work for you.
So, I think this is a really important thing to keep in mind.
[David Spark] Excellent. Huge thanks to our sponsor OffSec. Remember, their web address is offsec.com/trial. Go check it out. Get that free trial. Take advantage of their learning library and their cyber range. Up-level your staff starting today. And thank you very much, Geoff, as always, CISO over at LinkedIn.
If you’re looking for a job, guess what? LinkedIn has tons of jobs listed on its site, lots of wonderful jobs listed. Also, Jerry is over at Truist Bank and to handle all your wonderful banking needs, whatever they may be. He can’t personally help you with them, but I’m sure there’s other people who can as well.
Jerry, thank you so much for coming. Geoff as well. And I want to thank our audience as well. We greatly appreciate your contributions and listening to Defense in Depth.
[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site CISOseries.com where you’ll also see plenty of ways to participate, including recording a question or a comment for the show.
If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOseries.com. Thank you for listening to Defense in Depth.