Today on CyberWork, Paige Hanson of SecureLabs joins me to talk about identity theft risk management and her work as a security communicator. Now Paige speaks to law enforcement classes, senior centers, and everything between and helps people make sure that they know the best cyber security practices for all of their day to day activities. Now if this sounds like the type of work that you might want to do, Paige has some great advice for getting started right away.
This is the type of job that you can pretty much do the work for free until someone hires you. Uh, which is not always the case with every security rule, but this is, uh, one of the ones you can, and you'll find out how to do so today on CyberWork. The IT and cybersecurity job market is thriving. The Bureau of Labor Statistics predicts 377, 500 new IT jobs annually.
You need skill and hustle to obtain these jobs, of course, but the good news is that cybersecurity professionals can look forward to extremely competitive salaries. That's why InfoSec has leveraged 20 years of industry experience Drawing from multiple sources to give you, cyber work listeners, an analysis of the most popular and top paying industry certifications. You can use it to navigate your way to a good paying cyber security career.
So to get your free copy of our cyber security salary guide ebook, just click the link in the description below. It's right there near the top, just below me. You can't miss it. click the link in the description and download our free cyber security salary guide ebook. Your cyber security journey starts here. Now let's get the show started Welcome to this week's episode of the cyber work podcast. My guests are a cross section of cybersecurity industry thought leaders.
And our goal is to help you learn about cybersecurity trends. And how those trends affect the work of InfoSec professionals, while leaving you with some tips and advice for breaking in or moving up the ladder in the cybersecurity industry. My guest today, Paige Hanson, is a renowned authority in consumer and digital safety, with nearly 20 years of experience in identity management.
As co founder of SecureLabs, Page has dedicated her career to protecting consumers and businesses from identity theft and cyber threats. She is a certified identity theft risk management specialist and holds certificate in identity leadership from the University of Texas at Austin's Center for Identity. Page also serves as an advisory board member to ROSE, R O S E, Resources Outreach to Safeguard the Elderly.
Uh, her dedication to public safety has led her to design a national identity theft training program for law enforcement in collaboration with FBI, L E D A. I don't know. Uh, this program has, has been taught in all 50 states, uh, reaching nearly 20 K law enforcement officials. And in addition, Paige has served as a liaison for the National Organization for Victim Advocacy or NOVA, where she played an instrumental role in training thousands of victim advocates and military personnel.
Page is a frequent speaker at nationwide events, raising awareness about identity theft and related issues, and her expertise has been featured in numerous media outlets. Uh, now in cyber work, uh, solidifying her reputation as a leading voice in the field of digital safety. On a personal note, Page resides in Arizona with her husband, Uh, daughter and their boxer dog Tyson off. And for the record, Tyson's name is not her password. Good to know.
Also, uh, it's about a hundred degrees here in Chicago, but I realized if you're in Arizona, I am not going to get any sympathy from you. So, uh, Paige, uh, thanks for joining me today and welcome to cyber work.
Thank you so much for having me.
My pleasure. Great to talk to you. So, um, so Paige, to give our listeners a chance to get to know you and, and sort of where you started, could you tell us about your first interests in computers and tech? What was the, what was the first thing that got you excited about it?
Yeah, well, you know, early on it was, uh, the exposure of, you know, the games of Oregon trail.
Sure. Yeah.
mean, it's just like that, you know, I remember those fondly and then there's all these, you know, computer games that you could explore your creative side, you know, making cards for people and art and, you know, all of these things. But really, um, I was really fascinated with those, but my real interest in technology developed later. So that
Okay.
So I, I attended a university in Iowa that every student was issued a laptop and with that you had a shared network. So that was really my first deep dive into how files and information were shared digitally. And I was really interested in how we were doing that and saving that. And of course, you know, your first coding classes. So here I am, you know, creating the flashing banner and the,
of course.
that move all over. And, you know, that was super exciting back then. And
Oh, yeah. Yeah.
anymore.
that now, you're like, this thing is 25 years old. Yeah.
But I mean, that just really gave me the, the glimpse into the power of technology and how it can be used to create and communicate in new ways. And that's something that was really interesting to me,
Yeah, absolutely. Now, um, I, I want to, uh, sort of jump a little forward from there because, uh, you know, I, I looked through your, your, your LinkedIn profile and looked at your career and, uh, you know, we got a good example of some, some career forensics from you here. So I want to talk first of all, I mean, a bunch of interesting things there, but I want to talk about your 15 years.
Uh, at the world famous identity protection entity known as Norton LifeLock, because this, I feel like it tells kind of its own story in terms of the way you said that you started sort of interested in tech, but it came later because like when you started in 2006, you were there in your capacity as a marketing manager and you were working in their public affairs department and managing educational programs.
Uh, but as the years progress, your title see you becoming more and more deeply entrenched in the work of identity education. From senior manager, educational programs to identity education, lead to principal education instructor, and then chief of cybersecurity education, uh, until 2022. So can you talk about that journey? Like what were some of the pivotal moments? And am I reading that correctly?
Like you, you started in kind of one place and something, it seems like something kind of got you excited and you, and you did like a strong pivot. So what was that like?
right? Well, one, I was thankful to join a startup. It was just this little tiny startup
Okay.
employee at LifeLock. You know, it doesn't get that protection. We don't know if it's, it'll take off.
Right.
you know, super grateful for that opportunity. I found it a week. Into moving from Iowa to Arizona.
Okay.
that was pretty incredible. I, you know, to be quite transparent, I was thankful I had a job, you
Sure. Yeah. Yeah.
go any, any role and, um, but it was, it quickly evolved, you know, as the company grew, um, then I transitioned more into this public affairs role. And we had a big presence from just a marketing presence in, in identity, that protection and kind of. Um, a new, creating a new category almost.
Yes.
that, I mean, you probably remember, uh, the, the bold marketing campaigns and, and things like that
Yeah.
but as far as, as my role, it. It transitioned to be more of a spokesperson in education because we were getting as an identity theft protection company, we were getting a number of identity theft victims
Mm hmm.
Well, the story was very similar in a lot of these victims. And they were saying, I went to law enforcement and I wasn't able to report my issue because. With law enforcement, you just don't likely don't have the resources to say if it didn't happen in that city, they were likely not going to be able to, uh, even look into it.
Especially at that time, there was not the interconnectivity that there is now, I suppose.
right, right. So, um, instead of just taking that and saying, oh, you know, oh, okay.
So, sorry.
you know, under that direction of our CEO at the time, Todd Davis, he said, you know, let's do something about it. Let's. Let's change it for law enforcement. Let's educate them and go out and educate them on not only the crime, but how to investigate it. So we have less, you know, not as many victims that come to us and say, I was turned away because you need that police report to identify yourself as a victim.
And so I was really fortunate to be part of that program, this initial effort of educating law enforcement. So we went to all 50 States and things like that, but that's really the, the role was to go out and educate. Educate because consumers need to know what they're doing to reduce their vulnerability, what they can do in law enforcement on the other side need education as well.
So those in hand in hand, um, led to my career and kind of deepened the, the, not only the message that we would, would do out there, but then just my interest in taking technical, technical, um, kind of thoughts around cybersecurity and then And then making it so it was easy for understand Sunday standing for just the average consumer,
Yeah, I wanted to ask you about that because, yeah, as you mentioned, uh, you, you know, your work involved training law enforcement in tech that, uh, you know, was not especially well known to them, as you said, in our introductory meeting. So, like, can you talk, like, yeah, can you talk about, like, how you taught them what, like, what a card skimmer looks like or how to identify fake documents and things like that?
Yeah, actually, one of the most rewarding aspects of this training was the fact that we did these hands on demonstration. Yes, there was. There was technical instruction and instruction, but the hands on demo, right? was the interactive part that I really thought this class came to life. So for example, we would do a check washing demonstration. So yes, check washing. It's still a thing. It's still around to this
Sure.
do a
Oh, yeah. Yeah.
writing checks, but it was really cool because Um, you take something like nail polish remover, which is acetone that lifts the ink of a, of a pen. And so whether you're signing an important document, whether you, um, you know, are signing a check, whatever it may be, you can actually lift that. So I love the fact that we could do these hands on demonstrations. And to your point, one of them was skimming.
So we would guess pass around the skimmers, but I would, I would get on the laptop and actually show them how you modify the track data on a credit card. So when they had. people in their community being victimized of credit card skimming or duplication of their, their credit card, they could say, actually, I know how that works. You can easily modify this track data. It's easier than to investigate and then communicate to the victim what is happening.
And then the next steps that the fact that they're a victim.
Okay, yeah, that's, that's really interesting. Uh, now our discussion started when you told me about a presentation you gave to a college class on white collar crime, uh, where you discussed the breadth of career opportunities that cyber security offers beyond the usual analyst, risk manager, pen tester, engineer, which is, you know, a big part of what our podcast is about is getting people.
Interested not just in, uh, the more common cyber security roles, but also things that might appeal to people who, uh, aren't, you know, natural hackers or aren't natural, uh, tech whizzes, but still want to get involved. So can you talk, start by telling us more about the topic of your presentation in that class and, and who it was aimed at, what the, who, who were like the students and so forth. Mm hmm.
was invited by the instructor of this white collar client class. It was for the university of Arizona. So that was based in Tucson. So, um, I was a guest speaker and in this class, it was a diverse group. So you had people with the aspirations of becoming law enforcement, law, corporate security, and you know, others that, you know, like me, when I was younger, still trying to figure out their career path, you know, that's fine too, but really the goal was twofold.
So I wanted to want to educate them. On the best practices to keep their digital life safe. I mean, they're, they're all online. They're all, they had their devices right there. Some of them were on their devices during class. You know,
Of course,
it's just distracting,
what they do. Yep. Yep.
that's beside the point,
That's where it is now. Yeah.
but then also just to show and broaden their perspective on career opportunities within cybersecurity. So. I wanted to show them that they didn't have to go down the traditional paths of law enforcement or even the legal profession to even make a significant impact on people's lives when it came to cyber safety. They really wanted to help. There are other things that you could do. You can work for a corporate company.
You, there are roles within nonprofits or various industries that really make a critical impact on prevention in cybersecurity.
Yeah, no, absolutely. I mean, uh, one of the, um, the roles you discussed was, uh, with me before was identity theft or risk management. Can you talk a little bit about that?
Yeah. So what a certification that you can get. And a lot of our phone agents had this as well, which is identity theft risk management specialist. So
Okay.
through a course, take a test and it's all around the best practices in protecting one's identity and being a subject matter expert in that field. if you call an identity theft protection company, you want the person that you're talking to, to have gone through additional training around. Protecting your identity. You want to be a, a good advocate for not only just the product you're selling, but just in general best practices.
And so that's one of the first certifications that I took, um, years ago, uh, and it still continues to be a very popular certification class is to get your feet wet and to understanding, okay, these are the things that you not only can. Do to best protect someone's identity. But then this is also, um, how you should talk about it to others as well, which I think is, is the important piece to
Yeah. Yeah. What, what are, what are some of the components of, of this, this certification? What are, what are some of the things that you're learning? Like, what are, what are the, the, the sort of the most challenging parts of it? I guess.
Oh, gosh, you know, Chris, I took this certification probably 15 years ago. So I've showed the best of my knowledge. I remember it being, uh, the common, simple as what is personal identifying information and,
Okay. Mm hmm. Mm hmm. Mm hmm.
a lot of people think, Oh, name, social security number, date of birth, that's it. But it's, it's beyond that. It's. your pet's name. You know, recently it was national pet day.
Yeah.
it. And I use that in my bio that my dog's name is not my password,
Mm-Hmm.
the important things to them. So they, they live where they shop. Like all of this can be considered In that kind of the ecosystem of identifying information. And so it's just really bringing that to life. So you have a better understanding. So when you're talking to people, you're not in this narrow scope of, Oh, nope. It's, it's only your name, social security number, date of birth, but it actually can be your driver's license number and your, uh,
Mm-Hmm.
address and, and your spouse's name, your kid's name, all of
Yeah. Yeah. And I mean, I think that, I guess that that goes towards the, the, you know, I, I feel like I, some of my guests are talking about trying to move past that, but, uh, I, I suppose a lot of that connects to the, uh, the quote unquote security questions. And you know that, you know, if you're, you forget your password, they say, okay, what was the, the street you were born on? What's your pet's name? Blah, blah, blah. Uh, and you know.
People can, will harvest large swaths of this and then they can just play puzzle pieces and put passwords against these things and see what,
right.
what fits, right?
Yeah. And, and, you know, one of the perfect place to Harvard's such information is to check someone's social media. Do you know how many surveys people take that are just these fun surveys
Yes.
let's play this. And, you know, you have your, your high school, your mascot, the
Uh huh.
first car, your first boyfriend or your girlfriend. And it's like of that information you just gave because it was a fun little exercise to do. It's like, no,
Yeah. Yeah. Yeah. Yeah. Yeah. Yeah. That's something I try to impart here too, is that like a lot of times stealing identity is a long game. Like they might just get those pieces and then they get another bunch of passwords and like another breach or something. And then like you say, I mean, it can take.
You know, and I've heard other, other guests have said that they might even just wait a year because it looks, it's, you know, there's a, uh, you know, plausible deniability or, you know, it's just like, you know, it's a long game. So, yeah, not only not sharing those things, but also keeping an eye on, on things for a long, long time afterwards, I suppose.
no. And I, I agree with your guests because what do you get once there's a big data breach year of some sort of protection. So
Yep. Yep.
same calendar invite that reminded me or reminder that reminded me of our, our conversation is the same sort of calendar invite and reminder that they can. They can also set up and that is to
A hundred percent.
that it's been a year since this breach certification went out.
Uh huh. It's
using that personal information.
time to go. Yeah, exactly. So, um, so let's, let's talk about some of these, uh, these paths and stuff. I, you know, I think your Norton lifelong journey, I mean, sort of clarifies the path of some of these unconventional security roles. And again, a lot of our listeners are coming to this podcast from other industries, whether it's a law or industry or manufacturing or education or what have you.
And, and, uh, you know, These are, you know, these all have these deep knowledges of, of communication skills and, and certain things that you can do well that can very easily sort of transition over to, uh, cybersecurity roles. So, I mean, I know we talk a lot about soft skills, uh, over here. Um, but can we. Talk about sort of like dedicated strategic communications, both inside and especially outside of security.
Cause I know that, you know, obviously, uh, your, a lot of your role is around, uh, making these ideas more communicable. And so, so tell me a little bit about that and how that, how you took that from your sort of marketing time and are able to apply it here.
yeah, well, when I think of skills, I think of just one, the ability to communicate effectively is essential. And it might seem obvious, but depending on the level of your, that you're talking to in the organization, you probably know that when you're, when you're communicating to the C suite. You've got one message and when you're communicating or upstream and then you're communicating downstream, that's a, is a, maybe another message.
So the same would apply if you're talking internally, externally. So, you know, it is really important for you to just, uh, you know, whether you're dealing with complex technical topics, even easy topics is that, um, communication skills. Um, but when I, I think of strategic communications, um, I think about. For years, I was on the road communicating externally. Every training I was doing, it was to law enforcement, victim advocates, businesses, consumers.
But then when I take a look at it, our internal, I noticed that we didn't have that same sort of training opportunity internally, here we are. Yes, you had the. Citrums, they call it certified identity theft risk management specialist,
Okay,
for short,
nice.
that everything I was doing externally that wasn't being taught internally. So what I did is I took the initiative and delivered my presentation internally. It was an elective course. Anybody could take it. I named it and branded it the Centurion program.
Hmm.
um, When I started to receive more technical questions, I recruited internally, a technical, more technical person, people, they wanted to see the dark web. I knew a little bit about the dark web, but I didn't have necessarily the skill set to log onto the dark web,
Yeah.
show them, you know, typing. Uh, it's similar to a Google search engine, but typing in, uh, on the dark web and showing that, and that was incredibly value to valuable. Uh, and it also helped that technical person work on their public speaking skills
Mm hmm.
to do.
Yes.
this really just applies to just about anyone. So if you have a skill or a topic that you're really passionate about, bring it to your leader. offer to host a lunch and learn, offer
Mm
a small group. And, um, as long as you can demonstrate that it aligns to your company's goals, you'll really start developing a reputation internally that you're the subject matter expert on that. And that could leave you to external opportunities.
So maybe you become, uh, opportunities like a media interview that they want to do, pitch you for a media interview, or even, you know, serving as a company spokesperson, maybe you could help the sales team sometime and show them kind of the shock and awe of what your product does, because
Yeah.
they know you're interested in that. And so think, um, if it doesn't exist in your company, that's okay. Just. There might be an opportunity for it to exist by you just raising your hand and bring it to your leadership.
Yeah. Yeah. I suppose so. Now, that's, that's a, that's good advice for upstream. Now going. Downstream, we're even going into sort of, um, the realm of the, you know, the, the people that you're, you're, you're helping, you know, their identity, the, the, you know, lowering the risk of their identities, like for people, senior citizens or folks that you're speaking to, like, what, what do you do to sort of change your message there? Like how.
You know, cause sometimes I know, you know, when I'm talking to my parents about technical issues, they have, like, you take for granted, you know, certain technical things that you assume they know. And they're, they just give you this done look or whatever. And you have to really like, okay, I got to go one level lower. Like, what, what is, what has your experience been with like explaining this to, to folks in these presentations?
Probably just what you described.
Yeah.
look and you go, okay, let's
All right.
up a
Yeah.
And that's a lot of it is trial and error. And
Yes. Mm hmm.
I mean, I promise you I'm a fun person to talk to, but like, I'll use a lot of my things I'm testing out on a, uh, within my friend group, or just talking, it out to kind of see what questions even My age or my peers have, and it's
Mm hmm.
know I'm testing it. They'll be like, I'll say, Oh, did you guys see that USPS text message? Did you guys get that? You know,
Mm hmm. Mm hmm.
listen to this and be like, Oh, Paige, I know what you're doing now.
Yeah. Yeah.
I almost, uh, test that out or I'll talk to my parents. Uh, I had a family vacation, uh, it was with my entire dad's side this summer. And we were talking about, uh, scams and things like that with my whole bigger family. And we're asking the younger kids what they thought. And, um, and so just kind of testing out that message.
I know that maybe you don't have the opportunity to talk to a bunch of people, but I think that If you have a technical skillset, you really maybe use chat GPT, how do I scale this back? You
Yeah. Yeah. That's a good point.
personally, I like to just have the conversations. If I noticed that there's kind of a glazed look, I just, I don't, I feel like maybe just a natural ability to just, Bring it one step back, but you have to recognize that you can't just
Yeah.
in your way and just, and saying that no, no, no, but it's the home screen, the home screen. I don't know. You know what I
Yeah. Yeah. Right. Yeah.
settings button is. So it's here, go to the gear, you know, or whatever scenario you're looking at. So it's, it's really just also being just aware that who you're talking to. If you see those glazed eyes that you just got to take it a step back
Do you, do you get feedback from, from like people like that in terms of like, Oh, you really helped me understand this in a way that I hadn't before. Like, do you, I mean, are you able to sort of incorporate feedback of like, Oh, you're, you know, you're talking a little over this group or whatever like that, or what's it like?
Absolutely. Feedback. I mean, early on, I think you see, I don't mean, I don't know. This is for everybody, but you've somebody gives you feedback and you're like, talking about, I'm perfect. No, no.
Yeah. Right. Right.
you get over that real quick? You realize feedback is a gift and it's really how I've approached my career. And I think that that's one of the reasons why I've been so successful in communicating with others about helping to protect their identity is just because Feedback is a gift. If they say, I don't understand this page, or if they say, yeah, I do like that. Let's do more of that. Then I'll go down that rabbit hole and start developing more content that way.
So it's, in my opinion, very important to seek and feedback, take that feedback and do something with it.
Can you give us maybe sort of a, I mean, not, not a full presentation, but like what, what is the kind of advice that you're currently giving to seniors or to people in, in these types of classes? Like what is, what's your sort of like, you know, quickity quick checklist or whatever, of, of things that most people you're amazed they're still not doing.
I would, um, I like to approach my presentations depending, asterisk, how much time I have, but
Yes. Yeah.
landscape. So the old school, so I talked about, uh, check washing, just old school mail theft. Putting a pot, like just really, but easy touches. Cause it's likely in these senior communities, they're going to be the things that they're doing. Um, and then in our law enforcement training classes, a number of, most of the officers are working cases that involve mail theft, people breaking into their mailbox, check washing, and kind of these lower level old school things.
So I like to touch on those, but then I think it's also important that we talk about their connected device. Um, most of them are going to have some sort of a phone, an iPad or tablet that's connected. And just the best practices on the settings that you should do. And then the key is the why. Why does it matter? Because at the end of the day, a lot of times convenience wins. Convenience will likely always win.
Right.
really getting through, uh, the why of convenience. is why you don't connect to public wifi and
Yeah.
your bank account.
Yep.
is why, and you show them why might take a little bit, depending on the group. Um, it might take a little bit extra time because you're showing screenshots of why. Um, I personally can relate to seeing the screenshots,
for sure.
I'm better. It just resonates more with me. And I remember things better that way. So I like to approach my presentations that way too.
Do you, do you sort of push people towards MFA or especially like facial recognition, things like that? Is that, I mean, is that making it harder, easier? Like where, where, where, where is, you know, uh, people of this sort of level of, of challenge? Where, where do things like MFA stand in terms of adoption or their ability to do so?
I would say MFA is probably about 50
Okay.
Um, VPN, forget about it.
Yeah, sure.
um, not for everybody,
Yep. Yep.
that would be the next, because we do talk about the good, better, and best ways to connect
Okay.
safely. Um, so, uh, good would be like that safe, that, uh, public wifi, the better would be using your, um, data instead of connecting to the public wifi. And then the best would be the VPN. And so, um, when you get to the VPN, it's like. Do I have to buy something extra? Is that a
Mm hmm. Mm hmm.
is good? You know, because there's going to be
Of course.
better companies than not.
Yeah.
where the, a lot of the, the questions happen. And so that's, you know, just breaking it down in answering those questions before they're, they're asked is, is, um, I found to be helpful.
Yeah. Now, um, what, what is the job market like for the type of role that you do? Are, are, are there, is this a freelance kind of thing? You said that it seems like organizations sometimes have this kind of in house communication person, but in, in your experience, like, uh, where, where should people be looking for these types of jobs?
Yeah. So. Um, I, now that I am on my own, I've started my own own business. I do go into organizations and I'm that they're outside And the majority of the people I work with are in a role. They have a cybersecurity awareness department. So that is, is a department I've worked with, uh, security analysts and a lot of times the security analysts or that team is tasked with internally, they're the ones that are host, be educating. Um, and then I've also worked with, you know, privacy teams.
So that's, that,
Right.
roles in, in their, um, and so those are probably the three main groups or buckets that these roles exist. but I, I found the larger the company, and of course it depends on the industry. than likely, there is a department and or person in charge of educating that whether it's an event person or an internal comms person, but their, their is to bring an outside speakers. so, whether it's always security related, or if it's just.
That happens to be, you know, October, they bring in the cyber security awareness month and they bring in the cyber security specialist. Um, it, it seems like that, but it seems like it's almost larger companies that those exist versus smaller companies.
Yeah. Well, it's, it's interesting because as we go through each of the job roles, and you know, we have, we've gone through quite a few of them on, on our hundreds of episodes now, but, uh, you know, I'm always thinking in terms of someone who's just trying to enter the industry and, you know, the, the inevitable. How do you get your first job without experience? How do you get experience without a job?
Uh, this feels like something that you could almost do the way that you would do, like, you know, if you're young enough, like a summer job or something like that. Is this something that you think like, like, uh, you know, someone just out of college or just out of high school could sort of move in this direction, do it in their community and then be able to sort of demonstrate that to you, like a potential company that you want to work for.
100%. And that is where, what I did in, um, you know, volunteering my services is I would speak to computer clubs and churches and civic, you know, other civic groups pro bono, because, because it was a message one, I wanted to enhance my communication skills and effectiveness and communicating that, but those were the groups and kind of that. the population that needed it the most.
So, Yeah. Maybe you don't go to that, that extreme, but if you're involved, you know, maybe if you do have a church or if you do have a group that you're involved with, or your kid's school or your sister or brother's school or whatever it is, that's a really good place to start. Absolutely.
Can you talk about the way that you would sort of document doing the, you know, because again, it's always like, you, you know, you, you have to really sort of like catch, you know, the hiring manager with your resume or whatever, like, how would, how would you sort of show that you've been doing this? Do you recommend like having like a blog or like video channel or just explaining it in a certain way on your resume or your cover letter?
Do you, do you see any way that like seems to sort of get attention better?
I, it's a, an a noisy space to break through. I
Yeah. Mm-Hmm?
and just even getting a job in general, and I know that's a topic you, cover a lot, but,
Yeah.
just being able to show something. Is it, you already use social media to showcase your accomplishments? When that's gonna be a great spot for you?
Mm-Hmm.
Are you working on building up your LinkedIn profile? Then start post posting on, on LinkedIn, so then
There you go.
Have that in the features that allow you to showcase. certain things within your profile, you know, uh, if you're a volunteer, then you can showcase the things that you've done while you volunteered.
Yes.
I think you, you use the, the avenue that you're wanting to build up because it's, I'd hate to say, you know, only use social media when, you know, it, you could be very effective by, you know, including a document of your presentation and, um, the. A list of all the places you've spoke at and then your, you know, top comments, you know, I've gotten, you know, nine out of 10 and
Yeah,
25 speaking events, you know, or something like that, you know, that could
I love it.
helpful as well.
Yeah. Now you mentioned some of the other sort of departments that you work with as a security communicator, like security analysts and, and you're, you're definitely working with sort of hard tech folks. And so, you know, there needs to be, in addition to an ability to communicate, you know, obviously you need to have. Uh, sort of a core of sort of technical knowledge.
I imagine you have to sort of know in and out how VPN works and stuff like that, but like, what are, what's the sort of baseline technical skills and specifications of the industry that you think are, are essential to someone who wants to do this kind of work?
Well, well, from a technical aspect, you have to be wanting to learn about it. So, I mean, aside from my coding experience, I had.
Mm hmm.
college and maybe a dabble or two after that, you don't have to know how to code a website and
Right.
don't need all of the, the certifications that come along with the technical expertise that, um, are, come with, come with it. I think you have to have the, the one you really need to be wanting to help. Others. I think that's a really
Mm hmm.
is to help others. You have to be doing it for a reason. And that reason, I mean, at least for me, and this drives me is to help others. I truly believe that, you know, that has helped because otherwise, I mean, cause you're giving and you're giving and you're giving and you're giving. So you have to
Mm hmm. Mm hmm.
to help others. And so, um, I think that's, that's super helpful is, is that, but as far as getting started, I mean, You just need to find your you like how you want to do it, you
Yeah, I guess I'm saying like, like, bare minimum, I imagine you have to kind of know how, like, a man in the middle attack works. Like, you can explain that.
Yes.
Things like that. So, I'm like, like, there is some degree of technology. You can't just say, like, MFA, you know, or whatever, like.
I 100, you know, no, you know, let's say a hundred security cybersecurity terms. And I probably know the ins and outs of probably 75 of them, but the, for the super, super technical ones, I know enough in the surface. Okay.
Yeah.
In reality, that's all the consumers need to know is enough on the surface. Nobody's asking you to come, um,
You're not.
attack
Yeah. Yeah.
maybe set up a fake access wifi point and, um, start having people connect to it and show you that, you know, everything that goes along with that. Um, it's a great, it makes a great demo. You
For sure.
um, and, and that's where I think your technical skills will, um, enhance over every time you start talking, because the more you follow creators, follow the speakers that you like, follow the
Yeah.
follow those things. Your interest naturally is going to go come into these newer technologies and these, uh, and you're going to want to know about them because people are going to want to ask about them.
Yeah. Totally. Yeah. I think that, I think that's what I was kind of getting to is that you're able to do, you really need to just have enough sort of skills, targeted skills, you know, uh, that you're able to understand these things. You don't necessarily have to. Like be studying for the security plus and a, being able to set up a home network and all that kind of thing to do this kind of work, but you also don't need nothing, this is not just like grant writing or something like that.
You need to, yeah, you need to still understand the things like the exploitation methods need to make sense to you as well, I suppose.
But a word of caution, just like anybody in the tech industry or cyber security industry, you will be asked to set up the home network. You
Oh yeah. Oh yeah.
these things. You are now going to be the advisor for all your family's devices
Yep.
all of that.
Oh, yeah. Yeah. I was gonna say it's, uh, about about 90 days until, uh, national Parental Tech Amnesty Day, which is Thanksgiving, where we all come back to our homes and, and, and, and flick off all the, uh, switches and turn off motion smoothing on the TV and every other thing. And yeah, we're gonna make it work. Uh, so yeah. And, and, um.
Uh, yeah, so I guess before we go, um, uh, page, this has been really, uh, fascinating and I appreciate all of the, uh, career insights you've given me, but I, I want to ask you what I ask all our guests, which is what's, what's the best piece of career advice you've ever received? Is there something that someone told you once that's like been like influential, influential in your life, whether it was like a colleague or a parent or a teacher?
I think, um, collectively, I would say that I've learned the value of a strong support system.
Mm-Hmm.
you gotta have it, you know, so whether it's family mentors, they all go in this bucket colleagues that now are friends. They have believed in me and they've also pushed me to take risk
Yes.
You know, there were some kind of fork in the road moments in my career at Norton LifeLock, I could go either way and I, and I pushed myself to take the risk and I'm, I'm so glad I did it. Or now that I've started my own business. Taking the risk and, um, having that support system has has made it doable. Um, but it also, you also have to be able to embrace the challenges and step outside your comfort zone. So that is 1 of the pieces of advice. With that.
Um, I've had a number of people we're pushing you, you know, but you're, when it's outside your comfort zone, of course, um, you, it feels funny, but that doesn't mean it's bad,
Yeah. Right, right. Yes. I was gonna, I was gonna ask about that. Do you have any sort of thoughts on, on sort of ex exercising that muscle for people who, uh, don't necessarily, aren't, aren't gregarious, you know, inclined to just start networking with people? Like what, what did you do to sort of break the ice in that regard?
well, you, you go and start a business, you're gonna have to be thrown in that
Sure.
real, real
Uh, yeah. Yeah. Yeah.
it or not, but I would start small. So if it is, um, let's say you want to start educating or you wanna start. Showcasing something internally. Let's
Mm-Hmm?
with in your organization. We'll start public speaking. So what does that mean? That doesn't mean sign up for a 200 person amphitheater. No, that starts your small group. Maybe for your, your, your team, you
Mm-Hmm.
something, and then that evolves into something Um, I also think it's a really important that to, if public speaking is your thing, or if you want to present is it's really important to record yourself.
Mm-Hmm.
there are things that are going to come across where you're, you're talking and you, you might be waving your hand a lot or something. I don't, I don't know if it's
Oh yeah.
comes off letting them, I'll tell you this and I'll, um, I have this post it. So I listened to one, this was, um, I don't know, six months back. And I said, so almost every single they'll the question and I would say, so, you know, blah, blah, blah. So, and I noticed it. And so I created a post it and I said. We got to cut that we
Mm-Hmm mm-Hmm mm-Hmm.
my, I've caught myself a couple of times here that so, so, so, and it's just. That's okay. Just that's almost the feedback that I'm, you know, I'm giving myself because I will rewatch it and I'm very critical, but I want to be able to not have those distractions that come across that. And, um, and that's okay. And so that was the feedback is that, sorry, the, um, The advice was treat feedback as a gift when I
Yeah. Yeah.
was not treating feedback as a gift. I wasn't
Mm-Hmm.
so now I am, you know, that I evolved as a, as a human, just like we all do. Um, and I, and I take it as feedback as a gift. And I, I am forever grateful for that person that just sat me down and it was like feedback as a gift. You, you know, you, they're going to take it. You're going to do what you want. But if you want to succeed here, then, um, feedback is going to be a gift. And so I really appreciate that.
Yeah, yeah, it takes a sort of flipping the intention of what you're doing from this is going to make me look really good to I want to make this as the very best thing that it can be and if it once you get yourself firmly in the, you know, opinion of I want this to be the very best thing it can be, then you are practically begging for feedback. You're like, I don't know how to make this better unless you tell me what I'm not doing correctly.
that say, oh yeah, it's good. It's like, what was good about it?
Yeah, yeah. Yeah. Are you just telling me that to make me stop asking you questions or do you actually think it was good? Yeah.
I know,
Right. So as, as, as we wrap up today, uh, Paige, can you tell our listeners about SecureLabs? That's your, your company's work you do with your, your clients here. Tell us, tell us about it.
Yes, yes. So I started a company alongside two of my co founders and it's called Secure Labs. what we do is we are dedicated to helping small to medium sized businesses strengthen their cybersecurity posture. does that mean? You know, um, we're looking at the kind of the regulatory landscape. They're very complex. And so many businesses find themselves struggling with trying to navigate all of that. So that's really where we come in. So we help them build their compliance and security programs.
So whether they're preparing for maybe like a SOC two ISO 27, 001 audit, um, will help them do that. Or if they just want a gap assessment to say, you know, where our policies are all across the board, you know, we need assessments. So, um, alongside then, um, providing virtual CISO work and testing. So all of that goes just hand in hand. So we end up being an extension of their team and it's, it's really rewarding. I'm really proud of the work that our team is doing.
That's awesome. So one last question then, if our listeners want to learn more about you, Paige Hanson or about secure labs or any other things you're excited about or involved with, uh, where should they look online?
Yeah, I'd love that. I'm always open to connecting with new people. I am very active on LinkedIn. And so connect with me there on LinkedIn. And then my company's website is secure labs. ai.
Beautiful. All right. Well, thank you for your time and insight today, Paige. This was a lot of fun talking.
Yeah, same. Thank you so much, Chris.
My pleasure. And thank you to everyone who watches and listens and writing to the podcast with, oh, there's the word again, feedback. Uh, if you have any topics you'd like us to cover or guests you'd like to see on the show, drop them in the comments below. I always read them and I do what I can to, uh, do, uh, all of them that you guys want. So, uh, before we go, of course, don't forget InfoSecInstitute. com slash free.
Uh, that's the page where you can get a whole bunch of free and exclusive stuff for Cyborg listeners. Uh, you can learn more about our security awareness training series, which is called WorkBytes, a smartly scripted and hilariously acted set of videos in which a very strange office is staffed by a pirate.
A zombie, an alien, a fairy princess, a vampire, and others, and navigate their way through age old struggles of yore, whether it's not clicking on the treasure map someone just emailed you, making sure your nocturnal vampiric accounting work at the hotel is VPN secured, or realizing that even if you have a face as recognizable as the office's terrifying IT guy, Boneslicer, Boneslicer, Boneslicer. We still can't buzz you in without your key card. Anyway, go to the site, check out the trailer.
It's I love it. It's it's, it makes my day. So, uh, also don't forget to go over there and download our free cybersecurity talent development ebook. You'll find our in depth training plans and strategies for the 12 most common security roles, including SOC analyst, pen tester, cloud security engineer, information, risk analyst, privacy manager, and more. One more time, infosecinstitute. com slash free. And yes, the link is in the description below one more time.
Thank you so much to Paige Hanson and thank you all for watching and listening. This is Chris Senko signing off until next time. Keep learning, keep developing, and don't forget to have a little fun along the way. Bye for now.