Cybersecurity's future: Preparing the next gen of professionals | Guest Tia Hopkins

Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/ 

In this episode of Cyber Work Podcast, Tia Hopkins, Chief Cybersecurity Resilience Officer at eSentire, returns to discuss her journey into tech and cybersecurity. She reflects on her early fascination with technology her impactful externship experiences, and the importance of cyber resilience. Tia discusses her roles in making the cybersecurity industry more equitable and her passion for integrating real-world scenarios into education. We also discuss bridging communication gaps between security leaders and business executives, her work with non-profits — aimed at empowering women of color in cybersecurity — advice for hiring diverse talent, and her latest books designed to inspire and guide future cybersecurity professionals. Don't miss this insightful conversation about building a more inclusive and resilient cybersecurity landscape.

View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/

00:00 Welcome back Tia Hopkins!
00:41 Cybersecurity salary ebook
01:35
Introducing Tia Hopkins
03:45
Tia's early tech fascination
06:04
Navigating setbacks and finding passion
12:43
The importance of higher education in cybersecurity
15:39
The role of cybersecurity leadership
18:44
From solutions engineer to chief cyber resilience officer
22:46
Understanding cyber resilience
30:59
The importance of treat intelligence
31:13
Cyber resilience: Testing and maturity
31:35
Operational integration and prioritization
33:03 Leadership and organizational structure
35:01
Diversity and inclusion in cybersecurity
37:08 Lowering barriers to entry
44:48
Career mapping strategies for 2024
48:08
Insights from "Hack the Cybersecurity Interview" 
49:25 Securing our future: Embracing diversity
50:56
The joy of problem solving in cybersecurity
52:16
Best career advice and leadership transition
56:36
About eSentire and final thoughts

About Infosec Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

[00:00:00] Chris Sienko: Today on Cybwork, I'm happy to bring back Tia Hopkins, chief cybersecurity resilience officer, field CISO and field CTO of eSentire to the podcast. 

You see, I spoke with Tia back in about 2019 and Well, let's just say I've learned a lot about podcasting in that time since that episode. Uh, so Tia is back to discuss her earliest memories as a tech fanatic.

She talks about a formative externship with Kaplan University and when she was given a simulation of the school's network to secure her own relationship to higher education and her tireless work making the cyber security industry more equitable and inclusive. This is a goldmine of an episode. So don't miss your chance to hear Tia's insights an amazing story today on cyber work. 

The IT and cybersecurity job market is thriving. The Bureau of Labor Statistics predicts 377, 500 new IT jobs annually. You need skill and hustle to obtain these jobs, of course, but the good news is that cybersecurity professionals can look forward to extremely competitive salaries. That's why InfoSec has leveraged 20 years of industry experience Drawing from multiple sources to give you, cyber work listeners, an analysis of the most popular and top paying industry certifications.

You can use it to navigate your way to a good paying cyber security career. So to get your free copy of our cyber security salary guide ebook, just click the link in the description below. It's right there near the top, just below me. You can't miss it. click the link in the description and download our free cyber security salary guide ebook.

Your cyber security journey starts here. Now let's get the show started 

 

[00:01:35] Chris Sienko: Hello and welcome to this week's episode of the Cyber Work Podcast. My guests are a cross section of cybersecurity industry thought leaders, and our goal is to help you learn about cybersecurity trends and how those trends affect the work of infosec professionals, as well as leave you with some tips and advice for breaking in or moving up the ladder in the cybersecurity industry.

Um, my guest today, Tia Hopkins, is actually a returning guest. I'm really excited to have her on again. She is the Chief Technology Officer Cyber resilience officer and field CTO at East state East entire, uh, with over two decades in it and cybersecurity. She's in the jumped professor, a woman's tackle football coach, a keynote speaker, a published author, and LinkedIn learning instructor.

Uh, Tia holds multiple certifications. The ISSP. CISM, GSLC, and degrees, uh, Bachelor, Master's, MBA, and is pursuing a PhD in Cybersecurity Leadership. Uh, recognized for her contributions, she has earned numerous awards, including SC Media's Outstanding Educator, and the SANS Difference Makers People's Choice Award for Team Leader of the Year.

Tia is also a member of the Forbes Technology Council and has been featured in well known publications such as the Wall Street Journal, Dark Reading, and Information Week. She contributed a chapter to the book, The Rise of Cyberwomen, Volume 2, and is co author of two best selling books, um, Heck, The Cybersecurity Interview, and And securing our future, embracing the resilience and brilliance of black women in cyber.

Tia is also the founder of Empower Cyber Security, a non profit organization aimed at inspiring and empowering women of color to pursue cyber security careers. And she sits on the board of Cyversity, which is a non profit association dedicated to diversifying, educating, and empowering women, traditionally underrepresented minorities, and veterans in their pursuit and growth of knowledge.

Within the cybersecurity industry. So I want to have a Tia back on the show because, uh, frankly, last time I was not a very good interviewer and I don't feel like I, uh, allowed her to, uh, tell her full story. And I'm really looking forward to hearing, uh, more about, uh, uh, Tia and your, your, uh, entire, um, um, career journey, your cyber journey.

So, uh, thank you so much for joining me today and welcome back to cyber

[00:03:39] Tia Hopkins: Yeah, absolutely. Thanks for having me. Glad to be here.

[00:03:43] Chris Sienko: Absolutely. I'm glad to have you have you back. So, um, do you, I want to start with your, your educational and career history, which obviously speaks to a massive love of it and cybersecurity and information assurance going back as far as my reading about my guests on LinkedIn can document. So, uh, can you tell our listeners how you first got interested in tech computers and specifically the security of these machines?

What was the initial spark of interest?

[00:04:06] Tia Hopkins: Yeah, I mean, I think, uh, the initial spark of interest kind of became, you know, that was tech, but it became more of an evolution to the, the securing of the, the technology. I always had a thing for tech. I probably shared this with you last time we chatted, but I got my 1st computer when I was 12 and, uh, instead of.

You know, doing what all of my peers were doing, connecting it to my, my dial up connection and going on America online. Well, to to date myself. Um, I took it apart because I wanted to see the components. I wanted to see how it works. Um, of course my mom wasn't very happy about that. So I also built my first computer at 12 because I had to put the thing back together and, um, help me, help me, help me if it didn't work.

Um, but that sort of followed me, you know, all the way through high school and into college. I really didn't know what it meant. I just knew I liked technology. People were like, you're good with computers. You should do computers. Um, and it's funny because as you're reading through my bio, I was getting a little embarrassed, uh, as you were, you know, reading my certifications degrees, I do have four degrees, but I was a four time college dropout first.

So I got it wrong, um, a lot, but when I got it together and, you know, got a job, uh, in I. T. and became an I. T. director, the security component came of it because at the time I didn't have a degree and I didn't have any certification. I was like, you know, I got to figure out what I want to be when I grow up.

And when I did the market research at the time, the options that came back were like cloud. Um, DevOps and cybersecurity and cloud, I felt was too new. I didn't feel good about it. Uh, I was not interested in coding, tried it. I was pretty good at it, but didn't love it. Uh, but cybersecurity really spoke to me.

And it turns out I was doing elements of it in my day to day anyway. So, uh, the way I like to, to categorize it is I chose it. Uh, it chose me back and, uh, we've been choosing each other ever since.

[00:06:02] Chris Sienko: That's, that's awesome. I love that story. Um, If you don't mind, I mean, feel free to say no or whatever, but could you tell me a bit about some of the, uh, the setbacks in terms of, you know, you said you were a four time college dropout, but like, were those, Also in sort of tech situations. I knew it just wasn't, didn't feel like the right thing.

Cause I think we, you know, we learn a lot from, from people's, you know, trying something and it doesn't work and so forth. Was, was there anything particular that, um, that sort of, um, influenced you to sort of go in the direction that you did go?

[00:06:31] Tia Hopkins: I think it's a, it's a number of things, uh, and I'm glad you asked this question because something that I say to, to my mentees when I mentor them trying to figure out how to break into this industry and be successful. Is go back to step 0 and define your why, like, why are you here? Why are you interested in this industry?

What is it that you want to do? Um, because that keeps you grounded, right? Because that's where your passion and your fuel is going to come from versus just doing it because someone else told you it's a good idea. Like, it's hard enough to get up in the morning and be an adult without having to get up and do something that you don't love to do.

Right? So, so make sure you're trying to do something you love to do. But, um, to directly answer your question, I think that was my problem with education. I was going to school pursuing a college degree because, you know, I was a straight A student and that's what you do. You graduate, you go to college, you get a job.

But I was not choosing my, my college, you know, degrees and paths out of passion. It was just, you go with computers or computers. So my very first attempt was for a computer engineering degree. And what I know today about that, which I didn't know then is I'm not a computer engineer. I have an engineer's mentality.

I am an engineer at heart, but my passion is being a technologist. I prefer to. Solve problems with technology rather than build a technology that solves the problems, but that was the that was a main one that ties to the know your why the rest of them were for a number of reasons finances timing things like that.

Um, but at the core of it, had I been doing those things out of passion and knowing why I was doing them at the time, you know, when you're doing something, you're loving, you're passionate about it. You find a way. But because I didn't have that why it was very easy for me to say, well, because of this circumstance or because of that circumstance, this is not the right approach.

This is not the right time, but once I found my why and what I loved and what I wanted to achieve and do for myself in this industry, it was, I mean, I finished one degree and then another and then another and the search came and you know, I was unstoppable at that point.

[00:08:32] Chris Sienko: Snowball effect. Yeah, once you get to that point, you're, uh, you can tell, you know, that this is, you're on the right

[00:08:38] Tia Hopkins: Yeah,

[00:08:39] Chris Sienko: I think that's just so important because, uh, you know, I think especially with regards to getting into cybersecurity, it's real easy to just sort of look at the top two or three common roles and say, well, I have to be either this or this or this.

And, you know, I think you can, I was talking to a previous guest and we were talking about like, Treating your career mapping the way you would treat like a pen test, like, you know, just look at all of the different places you can

[00:09:04] Tia Hopkins: yeah.

[00:09:04] Chris Sienko: and, and make sure that you look at all your options. I mean, if I had followed my, uh, my, my grade school passion, I would be in chemical engineering right now, but, uh,

[00:09:12] Tia Hopkins: Yeah.

[00:09:12] Chris Sienko: some things just don't work out. But in your case, it's, it's, it's much better because you, you found your why and I just found out I'm not any good at physics. So,

[00:09:20] Tia Hopkins: Physics is tough, man. That's actually what ran me away from engineering that physics course. I was that was tough man.

[00:09:26] Chris Sienko: there was a calculus based physics class that I, it's the, I was this close to failing before I took it past fail and it was scary. Woof. Bad news. Uh, so, okay. Sorry. A little tangent there, but going back to your, your career history, um, yeah, we, you talked about, you have, uh, you know, bachelor's, master's information, technology, information security, and information assurance.

And, uh, you know, also you became a VP of technology. Around that time as an externship for the school you were attending at the time, Kaplan university. So, um, I just want to make sure I'm understanding this. Can you tell us about this experience and this, this close work collaborating with the university where you were studying at the time?

[00:10:03] Tia Hopkins: Yeah, this is a this is a really cool experience like something that I'd not had exposure to before So it was it was a real business It was an extension of the university, but the business was run by Students so, you know the group of students that I was with We're responsible for the infrastructure, so that's everything from storage and backups to to the website to security.

So, we had a bunch of different students from different disciplines. Uh, in different roles, uh, and and we had to solve whatever the business problem was at the time, you know, so coming into the program, there are students that handoffs and transitions. Um, you're meeting people for the 1st time. So, in my role, uh, as a leader, I had to get to know my team quickly understand what their strengths were combine that with the problems that needed to be solved.

So it was, um, an incredibly immersive and accelerated, uh, experience. Of course, the stakes. We're lower than they would be in a regular business, right? Because it's it it is it was designed to to enable students to gain the experience. So, it's not like we were going to, like, impact market value or something like that.

If we, if we didn't do the right things. Yeah,

[00:11:20] Chris Sienko: so there is sort of an, an element of, of sort of like a, like a parameters around it in terms of like what, what aspect,

[00:11:27] Tia Hopkins: yes.

[00:11:27] Chris Sienko: I could use sort of explain that a

[00:11:28] Tia Hopkins: Yeah, so there were, there are aspects of it, like, you know, things that were directly tied to the university, like, we were walled off from that. Um, and we were guided by faculty, uh, and so faculty would check in on us and have meetings with us. And, you know, faculty would lay out. What needed to be done, we would have to report back on progress and things like that.

Um, but we did not have access to, you know, we, we weren't running the university's infrastructure for, for example. So this was staged. Uh, but like I said, it was staged as if it was running a real business, but staged for students to, to gain the experience.

[00:12:04] Chris Sienko: Amazing. That sounds really cool. I mean, is, do you know, is that a sort of, is that sort of a common thing in higher ed or did you really have kind of like a privileged situation there that was like extra exciting

[00:12:15] Tia Hopkins: I think I really got lucky. I mean, I think I can say, you know, I, I went to 4 other schools before that. That was not an opportunity at those. Um, I didn't experience it again after that. So I, I, I really think I got, I got lucky to have that.

[00:12:29] Chris Sienko: I love that. That sounds like so much fun and, and just like such a great way to, uh, again, really sort of solidify, uh, like what you, what you are, are good at, what you really like doing and what you're, what you're, you're ready to do next. And I think that's a, that would be a awesome thing. So I want to stay in, in higher ed for just a moment, if you don't mind, because, uh, you know, you have this incredible set of higher education credentials, including a PhD in cybersecurity leadership.

So I hadn't heard that necessarily as a, as a, you know, a discipline before, but alongside your studies, you've also been. A professor at several higher learning institutions, including your current ongoing role at Yeshiva university. So clearly education's an enormous part of your security passion. Uh, Tia, could you talk about the role of graduate level learning and teaching around cybersecurity and also specifically cybersecurity leadership and management?

[00:13:16] Tia Hopkins: Yeah, for sure. 1st, I want to say I'm pursuing my PhD. I don't want to, uh, yeah, like, click claim that I get that. Yes, we're on the path that's hard work. So I don't I don't want to claim it till I've done it. But, um, yeah, I think, um. Education is important to me, and the reason that I got involved, I would say, um, at the collegiate level, separate from my own pursuit of a doctorate level degree is there's, there's, there's a side of education that is understanding the history and the theory.

And then there's a side of education as it relates to cyber security specifically that needs to be applied and when I decided to get into higher education, what really pushed me toward it was. Witnessing too many academic programs. Telling students that they were being prepared for the cyber security industry when in reality.

They were only being prepared with cyber security knowledge in theory. So, I, I would have countless conversations with individuals that had gone through these programs and gotten this training and thought that they were ready. But couldn't solve a cyber security problem if their lives depended on it.

So. My passion and education is really making sure that that those real world scenarios and the real world experiences and what the world is really talking about. Comes through in addition to the theory in the education, right? Because it is under it is important to understand how networks work and what kind of cable does this and that and the other thing.

But you also need to understand what that means. Within an enterprise architecture, right? Like, if I'm talking about an network, for example, well, what does that mean? And where would I use that? And what are the security implications of that? Not just being able to define it, right? Don't just tell me what ransomware is.

What are the implications of ransomware and how do I protect an organization against it? so that's why it's my passion and I think it's really important to the industry because You know, every day someone mentioned cyber security, you probably also hear skills gap somewhere, uh, in that conversation.

Right? And if we don't start to close that gap and close it in a meaningful way, we're going to be in a lot of trouble.

[00:15:37] Chris Sienko: Yeah, I agree. Now. I can I ask a little bit about how Cybersecurity leadership is being conceptualized and on the sort of graduate level like that. What is what what is that? Well, I guess I guess what what's the sort of scope of that?

[00:15:51] Tia Hopkins: So the leadership pieces is my own research and that's my, my, my personal passion. Uh, and also kind of what I try to bring through in my work with, with these entire as a chief cyber resilience officer, because in addition to. This gap we have around cyber security skills, we also have a pretty significant gap in communication abilities between security leaders and non technical business leaders.

And if we don't bridge that gap, you know, that that poses economic challenges, right? You think about the SEC cyber rules. And the implications of that on publicly traded companies having to disclose and potentially impacting, you know, their market value before we even had that we had this challenge of 1, like, see, so, and a number of organizations, not even having a seat at the executive table.

Uh, but two, you have CISOs that struggle to communicate with their business leaders in a way that they understand to get buy in to really have awareness of what the true risks are that opposed to the organization and what could happen if those risks are realized. And so, on the cybersecurity leadership side of things, my research is focused on bridging that communication gap.

And I do feel like cyber resilience as a focus, um, is a core piece. Of bridging that gap, because we think about the pandemic and, you know, the macro economic conditions and the pressure that we've all been under. I don't think there's a business out there that's not thinking about being resilient. So, if you think about running a resilient cyber security program.

Then it should be easier to snap that into a conversation around overall business resilience. And you can talk about not only how you're protecting the business, but also how you're enabling the business, which is also important, if not more important when you're trying to get buy in from from the business leaders that care about the business moving forward.

[00:17:47] Chris Sienko: that is, that is definitely a recurring topic on the show is that when you get to a certain point in the, uh, in the, um, you know, the, the, the hierarchy, the, the org chart, uh, you're, you're going to have to talk to people who don't talk tech

[00:18:00] Tia Hopkins: Yeah,

[00:18:01] Chris Sienko: and you're gonna have to help them understand, uh, exactly why we're, uh, why we're doing this this way in a, in a way that's going to slow down or maybe, you know, have some troubles, you know, before it gets up and running.

And, and yeah, so that's interesting. So I imagine your, your doctoral. Work is sort of, is it's, it's mostly focused around the sort of communication of that

[00:18:20] Tia Hopkins: yeah, and how the communication right as the communication challenge itself, where that comes from why it exists. Um, but also. Cyber resilience as a solution, uh, at least a start. To bridge in that gap.

[00:18:34] Chris Sienko: Excellent. Uh, okay. So yeah, like I said, since we last spoke, um, you've made several job role changes within eSentire, which, uh, is your primary place of employment. Uh, in 2019, you were working in solutions engineering. Now, um, can you talk about. That year of your time at eSentire, what were some of the types of challenges that you were helping your client solve as a solution engineer?

[00:18:56] Tia Hopkins: Yeah, so I guess I'll, I'll describe what the role is and then talk about what he's entire does and how those 2 come together. So, um, a solutions engineer is often referred to also as a sales engineer solution architect, or, or just pre sales. Um, and what that role is, is a technical resource aligned with a sales rep account manager, territory manager, et cetera.

Um, that is responsible for. Um, getting the technical win in in a deal, right? So I work for a security vendor and I'm partnered with a sales rep and my job is to have conversations. With prospective buyers to ensure that they understand if and how my solution can solve their, their, their challenges. And so he sent tire, um, being a leader and manage detection and response.

What we do is provide 24, 7, um, uh, security operations, hunting for threats and responding to them on behalf of our customers. And so, and 2019, I was having conversations with organizations to understand their challenges with doing it themselves. Their infrastructure, how we would integrate both technology and teams from an operational perspective, and then just driving those outcomes to, to, to help make sure they understand with a high degree of confidence that we can solve the problem and that we're able to do a better than our than our competitors.

[00:20:15] Chris Sienko: Yeah, and and I I guess I wanted to sort of focus on that specifically because I again talking about Um, not all of the sort of roles being uh as well known as other ones I feel like i've only really started hearing people talk about Excitedly about solutions engineer in the last couple of years, even though it's been around

[00:20:33] Tia Hopkins: Yeah,

[00:20:34] Chris Sienko: think people think, oh, you're just, you're just a salesperson or whatever, but it's, it requires a fairly high level of, of. You know, security and technical knowledge to know, uh, your, your, your product inside and out. And to know exactly all the different things, I suppose, that could, could go wrong with your client and saying, okay, this, this maps to this, this maps to this and so forth.

And I think, you know, so I, I, I just want to sort of, again, sort of on behalf of our listeners, uh, point that out as another very, uh, exciting and viable, um, way to get into cybersecurity is, is through sort of solutions engineering like

[00:21:05] Tia Hopkins: oh, yeah, absolutely and there's a degree of business acumen that comes along with that as well. Right? Because if I know I'm talking to someone that has a limited budget, I can't position my entire portfolio to them. Um, I have to understand, like, if they're, uh, worried about certain regulatory compliance, are, are there ways they will integrate that will violate those things?

So that it is, um, it is a good way to really understand the technical aspects of things and the business side of things. And in that role, you just kind of have to slide the lever, uh, depending on the audience that you're speaking with. Right. Yep. Yep. Yep.

[00:21:40] Chris Sienko: Yeah, now from later on in 2019 Solutions engineer became VP global solutions architecture now. I'm a little less familiar with that job role Can you tell our listeners what the sort of like the the level up was in in that particular?

[00:21:53] Tia Hopkins: So, um, basically to. To simplify it, I went from being an individual contributor on the team to leading the global team. Um, and it's, it's confusing because when I began leading the team, I also changed the name of the team. So I changed the name from sales and solutions engineering. To solutions architecture, because I, I, I really felt passionate about the fact that we were architecting solutions.

For our customers versus like engineering, you know, the technologies that they were, we're going to be working with because we're a service provider, right? We're not a technology provider.

[00:22:30] Chris Sienko: Yeah. Yeah. And it, it sort of takes out some of the sort of tada nature of it, where you're like, I, I sprinkled some fairy dust on it and now it works or whatever. You're like, okay, here's, here's our, you know, here's our, our plan of attack, I

[00:22:41] Tia Hopkins: yeah,

[00:22:42] Chris Sienko: like that. Yeah. So from here, we come to 2021 through your present day.

Uh, and you work more specifically in the fields of cyber risk and to use the term you used before cyber resilience. Um, so can you talk about what changed in the scope of your work and, and the challenges of it with this new position?

[00:22:57] Tia Hopkins: oh, man, uh, a lot changed in the, the scope of my work. I think, especially from, you know, VP of global solutions, architecture into chief cyber resilience officer. Um, the biggest change is that, um, when I led the solutions architecture team, I was part of the sales team. Um, even though I was still doing, you know, a lot of evangelism, educating, um, speaking at conferences and things like that, I was still involved in helping us, um, you know, close deals and things like that. Then I became, um, there was a, um, a role between a VP of global solutions architecture and a chief cyber resilience officer, which was feel CTO, which I still carry that, that title with chief cyber resilience officer today. So, um, feel CTO. I was still on the sales team. But it was I had, I had no, I was not not leading teams anymore.

Uh, it was 100 percent evangelism speaking, running workshops, um, doing market research, working with our product teams and our, our partners to ensure. We were developing meaningful products to take to market, um, and driving the outcomes that the market. Was looking for, and so that led me down this path of, you know, getting all hopped up on cyber risk.

So, uh, a few years ago, my soapbox was. We need to quantify cyber risk. We need to stop chasing maturity. We need to understand where our biggest problems are. We need to address those. And then I got to the point where I said, you know, risk is important and it is what we focus on, but it's not the end. All be all.

And I got to resilience because just because you do a great job, reducing risk does not necessarily mean that if something happens. You have the ability to prevent business disruption, which is what cyber resilience is, is all about. Right? So, with risk, it's like, you're identifying where your risk are you're assessing what that impact might be to the business and you're making your priorities prioritization decisions around, um, you know, your mitigation efforts.

And then some of those risk, you just, you don't want to mitigate you avoid them, or you transfer them with, like, cyber insurance or something like that. Um, but when it comes to resilience, and I'll give you the, the definition of it. So, um, for the listeners in, uh, December of 2021. This release special publication, 800 dash 160.

Um, volume 2 revision 1, I'm, I'm pretty sure I got that right. Um, and it was all about, um, developing cyber resilient systems. And in that publication, they define cyber resilience as the ability to anticipate withstand. Recover from, um, yeah, recover from and adapt to it. There's, there's a lot of words in it, but it's basically an adverse event or, or a cyber event.

So, I'd like that, right, because it breaks it into these 4 pillars of your environment that you can focus on. And if, you know, someone's really listening, they're probably like, hey, that kind of sounds like the cyber security framework where it's identified, protect, detect, spawn, recover and now govern, um, with 2.

0 and it is. But it's an, it's an, it's an outcome based mindset, right? Cause the cybersecurity framework just kind of gets you to a place where you can measure how you're doing risk is. I know I have these problems that might go wrong in my environment. I want to do something about it. Resilience is I need to be prepared for the worst, no matter what happens, I need to ensure that even if there is a degradation in productivity, that we don't, we're not completely disrupted.

Right, so from an anticipate perspective, that's where my risk management happens. What what do I need to be worried about with stand is because everyone says it's not a matter of if now, it's a matter of when. So, when something happens, how quickly do I know how fast can I respond? And then recover, I need to get the business back to normal as quickly as possible.

And then when it comes to adapt, how do we get better based on what we learned? So, I just think that that is just core to how security leaders should be thinking about and, and leading their cybersecurity programs today. Yes, reduce your risk, but your core mission should be keeping the lights on for the business.

[00:27:15] Chris Sienko: Yeah, absolutely, it might just be that I'm, you know, out of the loop, or I haven't been talking to the cool kids for a long time, but I feel like cyber resilience is really important. Becoming kind of like a bigger deal within the last couple of years like because you're right I'd cyber risk was certainly something, you know that you heard about for years and I think it always did have that kind of Implication of like, yeah, we know there's some there's some holes in the in the backyard there and we sure hope nothing happens back there But like I don't feel like i've heard as much Maybe it's just that the term has been sort of solidified but like can you talk about like the the sort of industry wide, uh mindset shift that has caused like cyber resilience to be You Is it, is it because of the whole, if it's not, if, but when thing is that, is that really what, what changed

[00:27:58] Tia Hopkins: I mean, that's part of it. Uh, another element is we are becoming more and more reliant on technology. Uh, we are an extremely hyper connected world. Our users are everywhere. Data is everywhere. Um, you think about gen AI, there's always something new to worry about and every advanced technology that we have the ability to use.

So do attackers, right? So, as we scale and grow and automate and get faster. So do they and so organizations are just having a harder and harder time keeping up and we just need to accept that We have to assume breach because there's no way we're gonna know all of the risks that exist in our environment now I'm not saying take on a cyber resilience mindset and Forget about risk because that's just bad hygiene, right?

You still have anticipate, right? You have to control the controllables and, and know, um, what's coming, but there's no way now with, with businesses changing every day and infrastructure changing every day. Um, you just can't know every risk that you need to tend to in your business. So there does need to be a focus on, Hey, what, what do we do when something blows up that we didn't think about?

What do we do when something blows up that we thought we were handling the right way, but something changed and we actually weren't so I think that the, the industry is becoming more and more aware of that. I wouldn't say cyber resilience is a new. Concepts, I think maybe it's new as as a stated outcome and, like, the, the goal and the mission.

Um, and now, you know, a lot of vendors are taking the approach of resilience. Here's how we help you build resilience, how we help you drive resilience, um, as an outcome for the organization. Cause you know, we say there's no silver bullet and there's not, and there's also no way to know where all your risks are and be able to address them.

[00:29:47] Chris Sienko: hmm. Um, can you talk a little bit about like what, uh, kind of boilerplate cyber resilience plan would look like for an organization that hasn't started like thinking in these terms?

[00:29:56] Tia Hopkins: Yeah. I mean, that's, um, gosh, we could probably talk for two hours about that. But the way I like to categorize it is, is a security leader's job is to Fully understand the current state of the business, the ideal state of the business and bridge that gap every day because you're never going to get to ideal.

It's a moving target. And so, if someone's looking to pivot to cyber resilience as a stated outcome. More than likely, what they're going to find is that they have a lot of activities that they're already performing a lot of focus that they already have. That's probably going to fit into the anticipate categories.

Because, you know, if you're practicing good hygiene, you're doing vulnerability management, you know, you're doing your risk management, you're doing your user security awareness training, things like that. Um, more and more organizations are getting into the withstand category, paying attention to detection and paying attention to response.

Where we really and, you know, there's a little drop off there between anticipate and withstand, um, because it's hard, right? It's a lot of work. You need threat intelligence. You need a lot of people. A lot of organizations can't do a 24 7 and then we really see a drop off. When it comes to recover, um, because recover is the time where you, the place where you spend the least amount of time.

And so that comes down to making sure you're regularly updating and testing your incident response plan. That's where I would start, like, if you want to say, Hey, where am I on this scale of cyber resilience? Look at all you're doing today, put them in the proper categories. Look at how mature you think you are, the areas that you need to mature in, but don't try to boil the ocean, right?

You don't want to look at these pillars in silo, even though you're siloing them as an approach to prioritization. Operationally, they have to work together, because if you do a poor job of anticipating what you need to be worried about, Then you're going to have to do more work when you get breached and try to hang in there and try to prevent business disruption and then the more energy that takes, then the longer it's going to take you to recover.

Right? So it's like a domino effect. So I would say, choose your own adventure, but, but, but choose wisely, but, but it is likely that a lot of organizations already have a lot of initiatives on the go that fit within the pillars of cyber resilience. It's really just a matter of shifting that mindset. So everyone understands that.

Hey, yeah. We're reducing risk around here, guys, but ultimately what we're trying to do is make sure we keep the business up and running.

[00:32:24] Chris Sienko: I imagine the resilience, I mean, use the, the, the choose your own adventure metaphor. It's almost like, kind of like reading a choose your own adventure cover to cover. Like you're looking at every conceivable, terrible thing that could happen and, and just sort of looking at them end to end and saying, okay, now this is not the path to go.

[00:32:39] Tia Hopkins: Yeah, and it's tough. Right? You know, when you, when you ask for kind of the boiler plate baseline, then it's, it's literally the challenge we have with trying to standardize anything in this industry. Right? Every company is a different size or infrastructure is different different resources. So it's just, it's just challenging to say.

What's more important because then you have the element of executive buy in and what's important to them and sometimes that's different from what's important to us as practitioners.

[00:33:03] Chris Sienko: Is this, uh, largely on kind of a leadership level? Do you, do you see, um, a move, you know, towards maybe sort of like a twin pillar of, of risk versus resilience, you know, coming in the future, uh, changing the size or the nature of, of security teams or, uh, you know, like how many people like an organization is sort of hiring to handle all of these different things.

[00:33:26] Tia Hopkins: I mean, I, I mean, today, I think you have a version of that, right? You have. See, so those that are responsible for both risk and security, I'll say security instead of resilience and then you have. Risk teams that report into, like, a chief privacy officer, and then the see, so is just on the side of. Um, security, so I don't think much will change in terms of, of how organizations approach that because it does come down to the needs of the business.

I will say though, that if resilience is a corporate focus, cause right now I'm talking about it as a focus within the security team. So it's going to fall within wherever security falls. Um, but as a corporate initiative, you know, there are corporations that have, they're larger, uh, but have a chief resilience officer, but that's overall business resilience.

And so cyber resilience would tuck into that, um, but then risk would have different lanes as well. There's enterprise risk. There's cyber risk, you know, all the different types of risk with that as well. So, in my mind, if we're limiting it to. Uh, security risk becomes part of resilience. Resilience is the umbrella and outcome around all of it, but a CISO could lead it all.

Uh, resilience officer could lead it all, um, a privacy officer. I'm not so sure because, you know, there's a lot of, uh, technical things, uh, involved, but I do think even if the privacy officer didn't lead it all a very strong partnership. With the see, so, or with the resilience officer would would be required to to drive meaningful outcomes.

[00:34:56] Chris Sienko: Excellent. Thank you. I appreciate the sort of insights on that. So, um, so, so I want to talk about, um, the job force and the, you know, career advice and so forth. I'm always happy to talk to people who are actively involved in, as you say, in your mission statement, creating the next generation of cybersecurity professionals.

Uh, that is as diverse and inclusive as possible. And as you insightfully put it, our adversaries come from all backgrounds and perspectives. And so should we. So, uh, can you tell our listeners about some of the work that you do in attracting and retaining diverse and inclusive cybersecurity talent? What are some ways that you've been able to move the needle forward in an industry that hasn't been very good at choosing to do so of its own volition?

[00:35:36] Tia Hopkins: Yeah, I mean, I think, um, most of what I do is, uh, through, through volunteer work. So, uh, you mentioned that, uh, I founded empower cyber security. So, um, what I do in that organization is really kind of lower the perceived barrier to entry into, uh, cyber security, because it can become a confidence thing, you know, so the, you know, debunk the myths to, you know, tell folks what they should really be paying attention to, uh, et cetera.

Yeah. Um, to basically widen the pool that's out there and then outside that having conversations with, with organizations about how to open themselves up more to new talent, because, you know, a lot of times when we talk about diversity, it's age, it's, it's ethnicity, um, it's, it's gender and things like that.

But entry level is, is a diverse lens, uh, as well, right? Because someone that has been in this industry, like myself, 2025 years. I'm going to have a different view on what's really going on in the world versus someone that is just getting educated on it, just kind of seeing what the market looks like, et cetera.

And so those are the things I do externally. I'm involved with, uh, diversity as well. So I do a lot of work with nonprofits that are looking to diversify the talent pool. And then on the other side of that, every time I have the opportunity to talk to an organization about, The cyber security skills gap, and how we can do a better job of that diversity is a large part of the answer, um, to, to, to how we get there.

[00:37:08] Chris Sienko: Lowering the barrier to entry is a term I use all the time as, as well, because I think they're really, uh, you know, again, for people who, who, you know, are steeped in this their entire life and love it and you, you know, know their why, so to speak from very early on, uh, you know, it's, it's, it's worth remembering that a lot of people would be very good in this role, but.

You know, I'll use it to have confidence issues or accessibility issues or, or any number of things. Can you talk about some of the, uh, uh, specific things that you do with, um, your organization to, uh, lower the barrier to entry,

[00:37:41] Tia Hopkins: Yeah, I mean, so I can just talk you through the, the program. So we run a program called differentiate you, uh, and it's a 6 month program. That really focuses on the, the individual because there are a lot of great organizations out there that focus on women of color, um, from a technical skills perspective, like, you know, black girls hack or, um, women's society of, uh, cyber Jitsu focuses on all women.

My organization focuses on the, the individual because there's no shortage of resources and training and books and stuff that someone can go out and get and learn everything about cyber security. But what does it mean to them personally? And so, um, my program is intended to, to boost confidence by providing visibility, I would say so when they 1st come into the program.

We call it the discovery phase and they learn about themselves. We put them through a workforce disc assessment, so they understand how they show up in the workplace, how that might impact them, then take them through an exercise called icky guy. I'm not sure if you're familiar with icky guy, um, but it's a, it's a Japanese term, it means purpose.

So, you know, what are you passionate about? What can you make money, money doing? What does the world need? Um, and, and you answer these questions and at the center of all where this intersects. That's your purpose, your, your passion. So, now you've got all the discovery about yourself, we then go off and we do research on careers.

Because now you know who you are, why you're here, what you want your 9 to 5, or your, you know, 8pm to 2am to look like, or whatever that is, let's go see what jobs are out there. And we are, um, very deliberate about ensuring that cohort members know that there is a technical path that you can go down, but there's also a non technical path that That you can go down, so lowering that barrier to entry for me is know who you are know what you bring to the table, but also know that someone else's path and doesn't have to be your path in and you don't have to be this awesome programmer or this technical wizard, um, to get into the industry.

Um, but, uh, after that, uh, we go through goal setting, um, how to look, how to read job descriptions and and prepare for job interviews. Um, we talk about mental health. Um, and then as a compliment to that, we do provide access to a technical training platform.

[00:40:00] Chris Sienko: that's, that's, that's super inspiring. And I love that it's a, it's a cohort based thing and that you have six months to really sort of, uh, drill into that. So I'm, I'm thrilled that you're, you're, you're involved in doing that. Thank you for clarifying that. And we'll have a link in the description to get people if they're interested in, in learning more.

Um, so I want to talk, um, more macro now. So for hiring managers and team leaders and HR professionals listening, can you recommend, uh, methods for being more deliberate and attracting and Uh, encouraging diverse cybersecurity professionals as well as creating the kind of transformational culture needed to not only welcome in younger diverse cybersecurity professionals, but setting them on a path to advancement and C suite leadership.

[00:40:40] Tia Hopkins: this is a, this is another 1 of those questions I could talk to you for 2 hours about. So I'll try to be be brief, but I think from a, I'll approach it from a recruitment perspective and then a retention perspective and then a growth perspective. So, you know, hiring managers or, um, human resource leaders.

We really need to pay attention to a bias that may exist in our, in our job descriptions. Right? I mean, something as simple as requiring a college degree. Could cause a large pool of, you know, underrepresented minorities to self select out of the process, right? Because that's maybe just something that they don't have.

Access to, like I said, I'm a 4 time college dropout and if I'd read a job description for the job that I had, and it required a degree, I would have said, well, I don't have 1 and, you know, who knows what my career trajectory would have been. So, just really looking at those job descriptions and paying attention to anything that might just cause someone to self select out, you know, I've.

I don't have specific examples of this, but I talked to. You know, people that do this for for a living, they pay attention to these things, like, you know, diversity, equity and inclusion leaders. And they say there are job postings that. A woman would read, and it would make her feel like the company is a boys club.

So she would self select out. Right? So just paying attention to any language or requirements. Um, that that would generate a bias that that maybe we're not aware of also, uh, realistic requirements, you know, there there is a running joke of requiring a number of years and experience of a technology that hasn't been around as long as as the required experience is asking for.

Or, you know, requiring a C. I. S. S. P. for an entry level role, um, things like that. Um, so let's just make sure the roles are realistic. Um, from from a retention perspective, you know, when you bring diverse talent in, you have to make sure your company is ready for. Diverse talent, um, you can't say your company is diverse.

Because you've hired diverse talent, it just means you have diverse employees working at your company, right? Just because I have. Diverse individuals living in my neighborhood doesn't mean I have a diverse neighborhood. If those people don't feel like they belong. Um, in that neighborhood, right? So really understanding where the company is on the spectrum of.

Are we inclusive, you know, do we have a culture where diverse individuals will join this company and feel like there's a place for them? And I mean, we can get off the topic of topic of age, gender, ethnicity, race, and get into neurodiversity. For example, you know, if you hire a neuro diverse individual, will they have the opportunity 1 to what would they feel comfortable sharing with you any accommodations that they need?

Right to perform the job well, um, will they be provided with those things? Right? If, if, if they have those, those conversations. So those are all things to think about. And then lastly, from a growth perspective, if I join a company. Whether, you know, the company is 50 percent diverse or 10 percent diverse.

If that entire concentration of diversity is in lower level roles. I am not going to have a belief that I am able to move up in the company. And so the path, yeah, it's going to be perceived as a barrier. No one looks like me in those roles. So it's one thing to create a path and say, you know, we've got mentorship programs and we've got stretch opportunities and special projects and things like that.

But those are all kind of going through the motions unless there's. True opportunity there and representation of, of what's possible. So that that's something that all things that I think organizations should be thinking about

[00:44:26] Chris Sienko: Yeah, no, absolutely. And yeah, that's that's something that I'm hearing a lot more since I started doing this five years ago. And it seems like people are at least asking the right questions and hopefully are are willing to act on them a little more than they have been to this point. So, um, so speaking to, uh, I guess the sort of complexity of getting into cyber security.

Now, many of our guests started working in security at a time when Maybe we can say the needed knowledge base was still being written in a lot less complex than it is now if you were Starting in cyber security today. Yeah, what career mapping strategies would you adopt in 2024?

[00:45:03] Tia Hopkins: career mapping strategies. Um, I'm.

[00:45:07] Chris Sienko: just our learning strategy, you know Just it feels like there's a lot more of like you have to kind of like get your arms around a lot of possibilities You know, I mean

[00:45:15] Tia Hopkins: Yeah, no, there are a lot of possibilities. I mean, there's, you know, 50 plus domains and security. There's there's subdomains under those domains So, what do you do? Where do you go? And that's why I really think it's important to understand yourself and what you're passionate about Like if you know, you're a pattern seeker and you'd like to find not just a needle in a haystack But you're you'd like to find a needle in a stack of needles then hey stock analyst might be the role for you Um, but if, if you don't like staring at a screen, or if you don't like late hours, or potentially having to work, you know, 3rd shift, because you're new to the industry, then, you know, rule that out.

So, I think step 1 is figure out who you are, what you like, and then what roles align to that. And there's plenty of tools out there. I know CyberSeek is 1. Um, the, the nice framework is another one where you can like, look at skills that align with, um, with roles. Like, there's plenty of tools out there that show.

Kind of high level what the roles are, um, what the day to day looks like the skills that are required and some of them even map the map out to the most relevant certifications. That you might want to go after, but in addition to that, because that's, you know, you take a bunch of data, you got to distill it down, simplify it, you know, come up with some themes.

You still want to have informational conversations with people that are doing the job, right? Make sure if you read something that said cyber security analyst. And you like the description, talk to someone that's a cyber security analyst and make sure they're actually doing what you think that that role is before you go down a path investing in certifications and education and get a job like, oh, my goodness.

This is. Not at all what I thought it was. So, um, long winded way of saying I would do a ton of research. I would use myself to filter the roles that I target. And then I would further filter based on additional research and conversations of, um, with people doing the job in real world examples. Yeah,

[00:47:08] Chris Sienko: that's, that's fabulous. Fabulous advice. That's, uh, uh, exactly what I was going to say in terms of, um, you know, again, we said at the top of the show, but, you know, there are a lot more than two or three or five cyber security roles now and a lot more ways that you can really, you know, Uh, get excited about something, you know, um, you know, recent guest, uh, um, you know, Made identity and access management sound like the most fun thing i've ever heard in my life, you know, and uh, and you know Maybe you're the next iam, you know, um Fanatic, you know, or you're the next uh, you know You know, whatever it is.

I think it's, I think it's really, um, you know, important not to sort of narrow yourself down to it's, it's either this thing that I'm not sure if I can do or nothing at all, you know, or I'll, I'll move on. And yeah, I think that's a really good point to like, If you're going to ask us a security analyst, what they do, make sure you ask them what they don't like, because you have to make sure that it's not something you can't stand

[00:48:04] Tia Hopkins: exactly.

[00:48:05] Chris Sienko: would never be able to figure out.

So, um, all right. Well, uh, I want to ask you about your book, hack the cybersecurity interview. I want to ask about both your books. Now I didn't put that into the questions there, but can you talk, talk first about hack the cyber, uh, cybersecurity interview, uh, and then after that, we want to talk about securing our future.

[00:48:21] Tia Hopkins: Yeah, sure. cybersecurity interview is a book I coauthored, uh, with Chris Boulon and Ken Underhill, both awesome guys. Uh, the book is basically, um, a compilation of a number of cybersecurity roles, um, a definition around what the role is, what you can expect salary wise, functionally, um, and then a bunch of tips around interview questions and approach to interviews, uh, to help you prepare, uh, for, for when you get those roles.

And I thought it was a cool book to write when we, when we wrote it. I'm not a person that's like, oh, my gosh, I wrote a book. Look at me and we're selling all these books. But I got really excited when we started to get feedback from people saying they bought the book. They read the book. They use some of the tips.

They landed a job or they felt so much better in the interview. So that's the type of impact that I was hoping to have. Um, when I said yes to, to helping write the book and, and we're definitely doing that. So I'm really excited about it. 1,

[00:49:16] Chris Sienko: I love that. Um, and also I saw it had a forward by the amazing Mary Galloway, which I'm always happy to, uh, talk about Mary as well. But, um, yeah. So can you tell me also about securing our future, embracing the resilience and brilliance of black women in

[00:49:30] Tia Hopkins: 000%. And yeah, Mary Galloway is a good friend of mine and she's actually, uh, in this book with me as well. So this book, uh, yeah, it's a, it's an anthology. So 16, um, black women came together and told their stories, uh, in this book. Um, but for the purpose of like. Kind of providing like a Bible to someone that's interested, you know, not necessarily have to be a woman of color, uh, but anyone interested in getting into industry, like, our stories show pretty much that anyone can get into this industry.

We all had things that we had to overcome. We all had things that scared us. Um, we all had, you know, different paths. I mean, you've got everything from executives to privacy attorneys to, to analysts, to, you know, GRC, uh, folks. So it is a, it's a widespread of, of it's, it's a, it's diversity within diversity, uh, which is, uh, which is interesting.

So another book that's having a tremendous impact. My goal for this one was for anyone interested in getting to this field to be able to see themselves in cybersecurity through relating to someone, uh, in this book. And that is the feedback that we're getting about this one, um, as well. So, you know, another, another impactful success.

[00:50:45] Chris Sienko: Heck yeah. Um, obviously you've, you've, you have so many passions for all the things that you do, but what's, what's your favorite part of the work that you do? What's the thing that excites you? Uh, and as you said, get, uh, get you out of bed in the morning.

[00:50:56] Tia Hopkins: I'm a problem solver. I think the thing that drives me nuts and fuels me with cybersecurity is that it's never the same problem every day. Even if it looks like the same problem, something has changed and you have to solve it a different way. So I really enjoy. Uh, what I like to say is turning chaos into music.

So put me in a room where nothing makes sense and I will thrive. Um, put me in a room where it's not very challenging and I'll, I'll probably get bored. Um, I could, I could build a skyscraper, um, but I would struggle, uh, to build a sandcastle. That's how I am. I can do the hard things, but the less complex things, not, not so much, but that's definitely what, what feels me about it.

I'm, I'm a problem solver and these are important problems to solve. Folks are under a lot of pressure trying to solve them. And so I'm just doing my part to, to have some sort of scale and share my knowledge and bring more people in with that knowledge. So we can just continue to take this industry forward.

[00:51:54] Chris Sienko: Amazing. I, yeah, when you, when you use the, you know, the, the metaphor of finding a needle in a needle stack, I was like, okay, I feel like that had to have at least partially come from, uh, your excitement for, like you said, like tackling big

[00:52:09] Tia Hopkins: Yeah.

[00:52:09] Chris Sienko: because I, I, I've never heard that before in that rules.

Um, okay. So before we go to here, uh, I just want to ask one more question here. What's the best career advice you ever received, whether it was from a parent or a mentor or a teacher or colleague or something you read in a book, wherever you get, wherever you want. Um,

[00:52:23] Tia Hopkins: Yeah. This is, this is a really good question. I'm glad you asked it, especially on a podcast like this. Yeah. I don't even know if this individual really knew they were giving me advice at the time. But it was a game changer for me, um, it was around the time that I was transitioning from individual contributor into executive leadership, um, and, you know, as an individual contributor where we've been talking about it.

We take we're chasing degrees. We're getting certifications. We just keep building up our knowledge and our skills and our capabilities. Um, but this individual is having a conversation with him 1 day and he said, you know, there's a big difference between working in the business versus working on the business.

Right and so, as individual contributors, we're working in the business, right? We're keeping the business running. We're doing our part to make sure that, you know, whatever our company produces that it continues to produce those things. But as an executive leader, not to say you don't continue to work in the business, but now you also have to focus working on the business, which means that now you're looking at financials and making hard decisions around what keeps the business successful in that light.

Right. And so the reason that I hang on to this as really great advice is because one, it changed my life. Cause I was like, Oh yeah, I don't need. I don't need another cybersecurity certification. I don't need another degree. What I need to do is go out and understand finance. And that led to me getting my MBA and really understanding how money works in a business and what CEOs care about, which is not something.

The average technical resource thinks about, right? So it was a game changer for me. And I share that with individuals that I mentor that are struggling with making that move right from maybe being a team lead or a people manager on the technical side, wanting to get more into technical leadership. And my guidance to them is you got to stop working on you.

You stop working on building yourself up as an SME. You have to become a business expert. Now, right you have to understand, like, what what top line revenue is what gross margin is and, you know, what customer retention is and things like that. And I think those are the conversations that technical.

Individual contributors and technical leaders. Not on the business side, aren't exposed to that make it challenging for them to make that transition. So I'm really happy that you asked that question. So I could share that here.

[00:54:51] Chris Sienko: Yeah, I appreciate that because yeah, that is, uh, it's been a recurring motif on the podcast as well as on the podcast itself. Is that there's that particularly, uh, sort of friction, uh, filled, uh, barrier of I don't want to stop doing the fun stuff that I do so that I can, you know, oversee other people or the company doing that fun stuff.

And there's that feeling of like, you know, all my fun is receding into the distance. But I think that's such a really interesting, uh, Uh, mindset change of, of you're not working on yourself. You're working on the industry. You're working on your

[00:55:22] Tia Hopkins: Yeah.

[00:55:22] Chris Sienko: and things like that. And I think that that might help to sort of ease that, that mental transition along the way

[00:55:28] Tia Hopkins: Look, I ran from leadership for a long time. I was like, I, I don't want to do it. I used to say it's not for me, but then I had to stop saying that because the opportunities continue to come, including that role that you mentioned, the VP of, of it, a Kaplan for an externship. I'm like, I'm just a student. I like VP, I don't want to lead people, but it kept happening.

And I just, at some point I felt like I'd be irresponsible if I just didn't lean into the opportunity. And it was because I was afraid of. If I do less, then I'll be able to do less, but I'm still solving really hard and really important problems and it, but still fighting to, to like, hold on to, to what I know, because you can't, you still can't fall behind, you know, I, I am a, an executive in the cyber security industry.

So while I have to understand business, I do still need to understand what's happening. In the cyber security industry, so I think I have, I've gotten lucky in that. I have the perfect role where I get to marry the 2.

[00:56:21] Chris Sienko: Yeah, if, if, you know, if you want to take another cyber security certification or do a little,

[00:56:27] Tia Hopkins: yeah,

[00:56:27] Chris Sienko: nothing wrong with that. You can do that too. That's fun. You gotta, you gotta keep your joy in there. So, um, it's about time to wrap up here and I could, like you said, we could talk for hours. This has been so much fun.

But before we do Tia Hopkins, could you tell our listeners about eSentire as well as, I mean, you talked a little bit about them, but tell, tell our listeners what, what they are, what they do. Um, just give, give us the whole, uh, the whole, the whole, the whole deal.

[00:56:49] Tia Hopkins: yeah, sure. Um, so he's entire is, uh, the leader in managed detection and response. Um, you may have heard the term sock as a service. Uh, but essentially we monitor our customers environments for threats 24 7, um, but the more important part is that we respond to them on our customers that have. So, you think about the difference between getting a notification on a Friday night when you're not in the office that 1 of your machines is ransomed and then you come in Monday morning and 300 of your machines are ransom.

If you're working with the entire, we actually take action. So if we see a machine is ransom, then we isolate it from the network. And when you come in on Monday, we're going to call you, of course, but if we don't get you when you come in on Monday, it's still going to be. 1 machine that's ransom so that response piece is really important and we do that by looking at different sources of telemetry across the environment network and point telemetry cloud.

Vulnerabilities and things like that, but, um, overall, just trying to help our customers drive more resilient outcomes. Um, we also have, um, and exposure management services. So we do vulnerability management, virtual CSO services, um, dark web monitoring, things like that. And then we have digital forensics and incident response as well.

[00:58:00] Chris Sienko: Fantastic. Yeah, no, that's, uh, Well, you just, you just sort of laid out a nightmare

[00:58:06] Tia Hopkins: Yeah,

[00:58:07] Chris Sienko: there of a ransom to machine at, I'm just imagining that like Friday at like 6. 59 or

[00:58:12] Tia Hopkins: that's when it happens right on a holiday weekend.

[00:58:15] Chris Sienko: Yeah, of course. Yeah, exactly. Yeah. Nice, nice long weekend. So they can really, uh, stomp around in the, uh, in the network there.

So, all right. Well, before we go, one last question, if our listeners want to learn more about UT Hopkins or ESSENTIRE, where should they look online?

[00:58:28] Tia Hopkins: Yeah, so he sent tires, he sent tire dot com. Um, I have a website to hopkins dot com. I think I'm most active on LinkedIn probably. And I didn't mention this and it ties into 2 of your questions. I have I'm a LinkedIn learning instructor, which you may have mentioned, but. I do have a course, um, on making room for entry cybersecurity programs for security leaders.

And then my most recent course. Is, um, breaking down cyber resilience, helping organizations understand what that is and the impact they can have and how to implement that, uh, in their organizations.

[00:58:59] Chris Sienko: Great. So if, if they follow you on, on LinkedIn, they'll be able to find your

[00:59:04] Tia Hopkins: Absolutely. Yep.

[00:59:05] Chris Sienko: I assume. Absolutely. Okay, great. Well, uh, thank you so much for coming back on the show to you. It's been such a pleasure reconnecting with you I really appreciate

[00:59:12] Tia Hopkins: Yeah. Thanks for having me. It's a fun.

Subscribe to podcast

How does your salary stack up?

Ever wonder how much a career in cybersecurity pays? We crunched the numbers for the most popular roles and certifications. Download the 2024 Cybersecurity Salary Guide to learn more.

placeholder

Weekly career advice

Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.

placeholder

Q&As with industry pros

Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.

placeholder

Level up your skills

Hack your way to success with career tips from cybersecurity experts. Get concise, actionable advice in each episode — from acing your first certification exam to building a world-class enterprise cybersecurity culture.