Afternoon Cyber Tea with Ann Johnson 11.15.22
Ep 63 | 11.15.22

Building Personal Resilience in Cyber

Transcript

Ann Johnson: Welcome to "Afternoon Cyber Tea," where we talk with some of the biggest security influencers about what is shaping the cyber landscape and what is top of mind for the C-suite and other key security decision makers. I'm Ann Johnson, and today, we are covering an important topic that I know is top-of-mind for many in cyber - the health and well-being of our teams and our people.

Ann Johnson: Joining me today is Kirsten Davies, who is the chief information security officer at Unilever. Kirsten is a hands-on, vibrant leader of enterprise risk, cybersecurity transformation, technology innovation and culture. She brings multi-industry and multicontinent experience with previous security leadership roles at Estee Lauder, Barclays Africa, HPE and Siemens. Kirsten is an accomplished and recognized thought leader. She currently serves on the board of governors for the New York Academy of Sciences, and she is an advocate and mentor for several nonprofits and women's initiatives. She speaks near-fluent German and has a long history of rescuing adorable dogs. Welcome to "Afternoon Cyber Tea," Kirsten. 

Kirsten Davies: Thanks for having me, Ann. It's great to be here. 

Ann Johnson: As you know, I have three rescue dogs, and I'm on the board of Seattle Humane, and it's just one of my passions. I love talking to anybody else who's so passionate about pups. 

Kirsten Davies: Absolutely. They bring such joy to our lives, don't they? And I think animals, in general, are just such a blessing to have around us, so - we may hear him snoring at some point during our podcast session today. 

Ann Johnson: That's quite all right. I have my pup, who's at least Twitter famous - MariahPup is here with me, and hopefully, she doesn't bark during our podcast, but, you know, she might just be saying hello to the audience. 

Kirsten Davies: Could be. Could be. 

Ann Johnson: And it's interesting 'cause, you know, we're talking about health and well-being and how important those are. I think everyone knows that, and I think people also understand how much animals help us, by the way, in that topic. And studies have shown that well-being is a driver of productivity. It's a driver of employee engagement, morale, and it also helps reduce absenteeism and health care costs. So as we think about this in cyber, though, well-being is trending in a not-very-good direction. 

Ann Johnson: CISOs are experiencing huge levels of stress, as you know, and our cyberdefenders are burning out. So for our listeners who are practitioners, this is going to be a really timely and a really familiar conversation. And for those who aren't practitioners, Kirsten, I would love if you could give us a sense of the day to day and starting from the perspective of the folks that are actually on the front line, defending organizations. 

Kirsten Davies: Absolutely. You know, it might end up feeling like a little bit of a therapy session. We actually - there's a group I'm involved in called the Tinker Tribe, and we do a Friday afternoon session that we call Tinker Therapy for this very reason, that we can just talk and chat with one another and, I think, support each other. You know, the day to day has become day to night to day to night to day to night for defenders. I think this was exacerbated enormously, extraordinarily during COVID and when we all had to suddenly rapidly and holistically go to working from home at all times. 

Kirsten Davies: And we were really - I think defenders were really on the tip of the point of the spear with that, having to really, you know, rapidly account for massive Wi-Fi bandwidth that was needed - right? - and the ability to access data and files and have our colleagues working from home. And, globally speaking, like, it was just - this phenomenon was extraordinary, as we all know - from the human impacts, of course, yes. But also, I'm just talking specifically work from day to night to day to night, and I think that we haven't backed off of that yet, unfortunately. We still, obviously, have some colleagues that are still working from home, forcibly so, or mandatorily so, in certain countries around the world. 

Kirsten Davies: We also have the ability to have the access from home, so hybrid work environments and things like this. I think that what we haven't backed off of though, Ann, is the level of output that's needed, the level of effort that's been required. And we've not found - in my observation, we've not found a cadence or an operational execution that allows for the spaces - as Miles Davis used to say, the space between the notes, right? - the space between the meetings, the space between the work effort, the breathing time that's there. 

Kirsten Davies: So we have teams, you know, obviously, at major corporates like yours and mine, who are around the clock, so kind of 24/7. We need follow the sun. Sometimes that follow the sun is done from one location, so it's following the clock while following the sun from one location, right? We have access everywhere, data everywhere. Perimeter has disappeared with the cloud, with people everywhere. We have new ways of working and new demands of time and speed and rapidness with which to respond to things, and we've not found the space between the notes, the space between the meetings - right? - the space where it says, hey, my day is done. 

Kirsten Davies: I work from home, I'm remote, and my hours are - I work U.K. hours, as close to it as I can, anyway - 5 a.m., 6 a.m., sometimes 4 a.m. for me. It's really difficult to find that. The demands are more than they were before, in my observation, and we've not found that cadence to respond to that. 

Ann Johnson: Yeah. And I think you said something that is incredibly important. You said a lot of things that are really important. And I love the space-between-the-notes analogy. But one of the things we've talked about in cyber is burnout, but what you just pointed out is part of the reason there is burnout is because there's this cadence and always-on rhythm and the fact that even if our first-line defenders and our front-line, you know, practitioners aren't actually working an event, they're in a meeting, and we're not giving them downtime at all because there's operational rigor around the organizations we're in that keeps them busy even when they're not actively working an event, and that's something that also helps contribute to the burnout. 

Kirsten Davies: A hundred percent. I think also, you know - I used to lead with the perspective of this balcony time and taking balcony time every morning - pre-COVID - taking balcony time to be literally - think about it kind of like an orchestra hall - right? - or you're watching a play or watching a performance. And being up in the balcony means you can survey the whole setup. You can see the stage. You can see the curtains. You can see the orchestra pit. You can see the audience. 

Kirsten Davies: And as leaders, we desperately need to take that time every day - at the very minimum, at the beginning of every week - to really think through, what is the big picture I need to take here? What are the things I really need to accomplish and help my team accomplish? What do I need to do for the business? Looking at all these different components that you can see from the balcony. My balcony time has disappeared. It's just not even there. I go from bed to toothbrush to coffee to upstairs office with a stand-up desk, and sometimes I'm on my treadmill just so I can get a little bit of exercise while I'm in some of these meetings. We're not doing this for ourselves, let alone for our teams. It's so, so important that we get back to that. 

Ann Johnson: Yeah, the little things you can do, right? I mean, I work at a standing desk as I work, like you - a lot of hours and a lot of off hours for my time zone. So the fact that I can stand, at least, for some of that time - it helps with energy. But it's also the little thing that you can do, making sure people get time to have a cup of coffee without being interrupted or they can go to lunch with their peers or that you're rotating folks through, so that it's not always the same front-line people working incidents. 

Ann Johnson: You know, Bret Arsenault likes to talk about the SOC, and he has this really interesting analogy - our CISO - where he talks about, the SOC is either in, you know, full-on fire mode, or they're bored. And one of the things you have to do during that downtime is give them interesting projects to work on so they're not bored. All of these things contribute to having a healthier environment. 

Kirsten Davies: Agree fully. I would love for my guys to have more downtime. 

Ann Johnson: Yeah. I think we all would. 

Kirsten Davies: I love Bret plenty. We love you, Bret. Yeah. We would all love to have our teams have a little bit more downtime for sure. 

Ann Johnson: Exactly. So when you think, then, about your peers - right? - I know you're really well connected, and you talk to a lot of CISOs throughout the world about their environments - what's been your experience of maybe what's the lesser-known challenges that CISOs and their teams are facing today, what aren't we talking about? 

Kirsten Davies: Well, it's interesting. I think, as CISOs, we're talking about a lot of things that aren't necessarily being telegraphed, if you will, within our organizations probably at the volume that we would like them to be heard or telephoned or megaphoned, as the case may be. I think some of the things that we're talking about - volume of work, obviously. We've been chatting about that right now, Ann. We're also talking about third- and fourth- and nth-party risk. Massive, massive disruptors across the global environment is the volume of risk we're seeing in our not just IT supply chain, like, you know, software build materials. It's in manufacturing. It's our value chain. It's ingredients providers. It's logistics companies. It's payroll companies. It's all of the nth-party risk that's there. 

Kirsten Davies: We're seeing more and more attacks against environments that we have zero control over, and that is one of those lurking, sleepless CISO nights - right? - that seems to be coming up on a regular basis. Another thing that we've been - I just came back from a really great conference on physical cybersecurity in Florida, Nexus 2022, and the next thing we're really talking through is - look, we've been chatting about the convergence of the physical to the cyberspace for a long time. We've been talking about that for a long time. I think the reality is that's knocking on everyone's door now. 

Kirsten Davies: There were some great health care providers there, some oil and gas there - yes - industrial control systems companies, critical infrastructure companies. Wow, is this hitting a square between the eyes, though, in so many different industries, where we really need to be thinking about, how do we holistically look at this risk, the cyber-to-physical convergence? How do we partner super closely with our corporate security officer colleagues that may not even be a part of the CISO world at all - part of the CSO world, but in a lot of places that's not converged, and understandably so. I just think that, you know - with people everywhere, with supply chain issues like logistics, everywhere, with geopolitics that we've seen, there's a real case for change that's coming across the cyber-physical convergence and our need to really have a holistic point of view around that. 

Ann Johnson: Yeah. And I think that your jobs are becoming more complex. You just said you just came back from a physical security conference. You're being asked to do so much as the CISO that you weren't necessarily asked to do, let's just say, when there was a perimeter. I actually don't think that that's the - that's the point in time. It's actually not the reason, but it's certainly the point in time that the CISO job has completely evolved from someone who is just securing in-house assets to someone who now has a ton of shadow IT and cloud applications and nation-state actors and cybercriminals and ransomware, and I could go on and on, as you well know. 

Kirsten Davies: Yeah. 

Ann Johnson: Plus, you have to report to the board, and you need to be a risk expert, and you need to think about physical security. It's a completely different job than the job was, say, 20 years ago. When you think about that and you think about your peers, what advice would you give them about preparing to be, you know, the CISO of the present and the CISO of the future? 

Kirsten Davies: I'll add to that list too, Ann. The legal implications of being a CISO now, as we've seen in the press lately - that's another pressure that's coming our way. We had really great talks about this offline, Chatham House Rules, at this last conference, and without going into detail there, obviously, as the nature of Chatham House Rules is, I think with the CISOs of today and the CISOs of tomorrow, there are, to your point - I was listening to you rattle off the list going, oh, I'm tired; I'm tired already. 

Kirsten Davies: There are so many things for us to think through, and a couple of them just top of mind for me - the topic of our talk today, personal resilience. Where does that actually even come from? We are physical, emotional, spiritual beings. Let's just be real about this. And all three of those areas of us in our human experience need attention. And I think, as CISOs, we have been so focused on the job and so focused on risk reduction and corporate strategies and influencing and stakeholder engagement, we've forgotten the fact that we're human, and that might actually be the most important thing that we can do, can address, need to address, which is our physical well-being, our emotional well-being and our spiritual well-being as human beings. 

Kirsten Davies: I think the other thing for CISOs of today and tomorrow to be thinking through are understanding that we're actually executives at the organization. We are seen as executives. We are to be executives. And even if we're not seen as executives, we really are. We are there to help the organization make really well-informed decisions or, to the best of our ability, provide transparency for our business colleagues to be making the decisions that you need to make. We can't do that by being timid. We can't do that by phoning in our performance or shirking back on our duties. We need to be bold. We need to be courageous, right? We need to say the things that need to be said. And I think, historically, that can have been perceived as being career limiting. 

Kirsten Davies: I think that is our career, Ann. We need to be risk evangelists. We need to be executives in the business and behaving and operating in a way that enables and empowers the business to make the decisions that they need to make. They can't do it without the information that we have without our risk hat being on, our threat intelligence hat being on, our stakeholder engagement hat being on, all of those types of things. So I think there's a human side to this, very much so, and then there's that bridge over into the professional side, which is that - having the courage of a lion. We have to have the courage of a lion to do what we do today. It's not for the faint of heart. 

Kirsten Davies: And as a result of that, kind of the final thing I would say around this, although I could keep talking all about this for a long time, is having a group of people cultivating a group of people around you that helps you be bold, that helps you take the decisions that need to be taken. That's a sanity board - right? - like, a sounding board and a sanity board to run ideas off of - people you can trust, people who've sat in the chair that you're sitting in, people who can help you learn from victories and challenges and mistakes that they've had in their career. That is so, so critical. I cannot underscore that enough because we need help doing what we do. And if we think we can do this on our own, we are sorely mistaken, and we are headed for a massive burnout. 

Ann Johnson: Yeah. And I agree with everything you said, and I think the burnout has already started, right? And I wonder. I do wonder if because of everything we're talking about and because of the expectation on the CISO another cyber practitioners, do you think it's turning off people from coming into cyber? Look, we have a lot of issues in cyber already, that people don't understand what we do, and they don't like the language they speak, and they're - they find it a little scary and maybe a little off-putting. But this burnout and this stress and these expectations - is that going to lead to even further talent shortages because people are saying, hey, it's not worth it for the risk? 

Kirsten Davies: That's an interesting question. I think it's a great question. Some of the conversations that are happening offline and in, you know, groups that you're a part of, as well, have been, do we see people leaving the cyber workforce because of this? Do we see current No. 2s - deputies or, like, ready next successors - stepping away from the boldness that it takes to be in the first seat chair, in that CISO chair? Do we see them doing that? I think some people are seeing that. I think some people - just from kind of offline conversations, I've heard people saying that they're seeing this. And it's a real shame because now, more than ever, we need more people coming into the business, coming into the practice of security - it is a practice - coming into the field of security. We need more people. We need different people. We need different ways of thinking. We need all kinds of people to be involved in this. 

Kirsten Davies: And I wonder sometimes, Ann, what we could do as practitioners and as leaders to help to carve the path a little bit more, to open the path a little bit more. I don't know. Is there more that I can do? I'm tired. (Laughter). But I want to help people. And many hands make light work, right? We need more people doing this. And we - it's an exciting job. Man, it's an exciting field. My days are never the same. And I like that. I think some of it is just really trying to figure out, how do we make this appealing for people? And how do we model the behavior we want to see? Yes, absolutely. But how do we also help our companies help new people come in? - meaning, there's things that organizations could be doing differently to make this more appealing. Does that make sense, what I'm saying? 

Ann Johnson: It does. And I wonder what those things are, right? What are the things that you think organizations could be doing, given the current climate, to make coming into a cyber role or being a CISO just more interesting to folks? 

Kirsten Davies: Yeah. Many different levels. I'm super opinionated on this matter... 

Ann Johnson: Good. 

Kirsten Davies: ...At many different levels. First of all, please stop requiring a college degree. Just stop. When we have threat actors that are 13 and 14 years old breaking into systems, why do we continue to require a college degree for this work? It's just - it doesn't make any sense anymore. It just doesn't make any sense, right? - number one. Number two - as leaders, we need to have leadership teams and extended leadership teams that reflect what we're trying to attract. I need young people. I need older people. I need people from different national origins. I need people from different thinking patterns, people of different abilities. I need to reflect on my extended leadership team what I want to see. The organization - we need the organization to have dual career paths - right? - in every company because some of our people in cyber are going to want to be individual contributors. And they rock at that. And yet we continue to have career paths that only promote people who are leaders of people. We've got to change stuff like that. 

Kirsten Davies: We need to open up bands of pay so that we can meet the global market and the global cost of attracting awesome people, rock stars, to come to our team. It costs money. And, sometimes, it doesn't actually cost money. How about we have the ability for people to work from anywhere, right? How about we have different opportunities for working environments or mobility around the world if you're a global company, if you're from a global company? There's so many ways that we can attract, retain, develop, curate talent. Bring people in from noncyber fields, teach them basic cyber stuff. And then cross-skill your team in what they're great in. I'm doing this right now with our supply chain colleagues that are moving in. They're great. They're scientists - my goodness - engineers. They are so phenomenally skilled. We're responsible for teaching them cyber. Great. Let's do it. We can do this. We have to think outside the box. We need to, as corporates, as small companies and as practitioners and industry leaders - we need to be thinking very differently about this. 

Ann Johnson: I do think we need to be thinking very differently about it. And I do love the fact that you talk about just, what are the baseline qualifications, right? Do people need college degrees? No. For a lot of roles, they actually do not need college degrees. Do they need every cert on the planet? Probably not. 

Kirsten Davies: Right. 

Ann Johnson: I actually did an episode, Kirsten - at the time we're recording this, it's the last one we actually went live with - with AJ Yawn, who talked about how to get into cyber and what certs are really needed. And I thought it was just incredibly helpful. So I love the way you're thinking about this broader strategy for bringing people into cyber. 

Kirsten Davies: Yeah, I'd also like to just make mention, too - if you're looking to embed and foster and cultivate diversity and inclusion inside of your team, you need to make sure that that is there at every step of the process. You need to have women and diverse candidates reviewing your job profiles because there's inherent biases that can be built in even in the job profiles that would have people, like, not even apply for something, right? - number one. Number two, when you're interviewing, make sure there's a woman on the panel. Make sure there's diversity in the people who are conducting the interviews, as well. And then, you know, a requirement that I have across my team, I will have a woman - that's my primary consideration right now - I will have a woman in the final slate of the candidates for my open roles. And that's a requirement in my team because we need to focus on that. Does that mean I will only hire women? No, of course not. That's not what I mean. I just need my team to think differently about inclusion, and diversity and equity from the very get go. And then to actually be proactively thinking about why am I hiring this particular person for this particular role? Have I thought of every possible angle I need to in the job description, to the interviewing, to the final slating to the appointment? Have I thought about everything I need to before I hire a person? And that's how we're going to start to embed this and foster it and cultivate it in the team. 

Ann Johnson: Yeah, I think that you have to be intentional and deliberate every day - with... 

Kirsten Davies: Yeah. 

Ann Johnson: ...Every hire and every day, right? You just have to be intentional and deliberate about what you're looking for. So let's - well, let's not really pivot, right? Let's talk, though, about the working conditions for and the well-being of your folks, right? Is there, you know, things like people taking a mental health day off or things like people getting a sabbatical? Are there tactics you've used or you've seen your peers use that stand out to you as getting it right for helping people with their mental health and well-being? 

Kirsten Davies: Yeah, I think there's been some really great things that I've seen through the years - and especially, I think it's been highlighted during COVID when the world was still in lockdown - flexible Fridays, the ability for people to be off or on camera - right? - for meetings. We are now defaulting to meetings that are 25 minutes long and 45 minutes long rather than 30 and an hour. So those are things in that day-to-day-to-day work environment that we're working through. I - personally, I've worked through giving people the flexibility around their hours, which we - I think we didn't really have that so much pre-COVID. We've had that now. I don't monitor the clock. I have people get the work done regardless of how long it takes them to get the work done. Just get done what you need to get done on the hours that you want to get it done on. Of course, there's certain core hours - right? - we need to do meetings, through. But the ability for some people just to say I'm not a morning person - by the way, I'm not a morning person - or to say, hey, I want to spend, you know, these three hours every night with my family. And it starts at X time, and it goes till Y time. And then I'll be back online. That's great. 

Kirsten Davies: I think, also, having an open-door policy and really reinforcing that and fostering that with your team gives the team members individual time to come to you and say, look, I'm struggling here, and I need some time off - giving people four-day weekends. You know, things like that are really, really helpful. I do have to say that I love Unilever's policies around some of the employment that we have. We have shared roles in some cases where you have two people doing one role. And it gives them the ability to have shorter workweeks. And that is something that has just been - I've never seen that in another organization. I'm sure there's other organizations that probably do that. When I saw that at Unilever, I was like, oh, wow, now this is taking care of your people. Instead of losing someone - for example, a father wants to go out on paternity leave. A mother wants to go out on maternity leave and coming back and having to immediately go to a full - back to a full time, they can do a shorter workweek. They can do a shared role, things like that. And, of course, sabbaticals that are planned as well. 

Kirsten Davies: Siemens did that really well, too, when I was there. I know that there were some people who had some just really, really well supported time off after certain years in company, right? They were able to go and take the break and not have any fear at all that they would be not coming back to their role, right? So I think that's something, honestly, American companies could be better at - hint, hint. But I think Europeans do that really, really well - something that we can grow in the American corporate environment, I believe. 

Ann Johnson: So - I do. And Microsoft, by the way, offers sabbaticals. And I see people come back, and they're just so incredibly refreshed. We also offer paid time off for family leave, and caregivers and all those benefits that really help people manage their personal life and their well-being. And I do think that companies - I think tech is better than a lot of industries. And I do think a lot of industries have some catch up to do there. 

Kirsten Davies: I think you're right, yeah. We have a lot of that also at Unilever. I don't want to short-change that at all. I think it does go back, Ann, just briefly to the conversation around we're humans first and workers second. So I love it when companies like Microsoft, like Unilever, really are mindful about the human experience. It's great. It's great to see. 

Ann Johnson: Absolutely. So we could talk all day, but we're running short on time. So I'm going to pivot to close us out. First question, I know you always have a lot going on. Can you share with our listeners what you're working on right now, what's top of mind? 

Kirsten Davies: Work wise or passion project wise? (Laughter). 

Ann Johnson: Either one. 

Kirsten Davies: Yeah. Look. I think the work stuff's out there. Everybody's knows what I'm working on. We as CISOs always have a whole bunch of stuff going on. I'm very passionate about some crossover initiatives. I'm working with CyberSafe Foundation out of Nigeria. Confidence Staveley is a wonderful woman in Africa who's built a program for women ages, I believe - don't quote me. I think it's ages 17 to 28 - teaching them cyber skills. We're going to be building a relationship with her as Unilever in order to, yes, address some of the cyber talent shortage, but also, work on one of my passion projects - which is just bringing more women into the field, empowering and enabling women to have great career futures and different opportunities - right? - than perhaps what we had when you and I entered this field - right? - entered the workforce. That's number one. Number two, I am very involved in anti-cancer initiatives, everything from the Breast Cancer Research Foundation - wonderful, phenomenal organization that started the Pink Ribbon Campaign - to Nashville Wine Auction here, where I live in Nashville, where we do regular fundraisers. Yes, revolving around wine, which is not a bad thing. 

Ann Johnson: Not at all. 

Kirsten Davies: But yeah, we raise millions of dollars every year for cancer research at Vanderbilt University, at St. Jude Children's Hospital - all of these different places here - the Sarah Cannon Breast Cancer Research Foundation here in Nashville. So there's a lot of those things. And then finally, too, there's two organizations, not the least of which - you know, in all my free time - I really am passionate about, Nuru International - N-U-R-U - in Africa. They're working on microfunding of loans for locals in various countries in Africa to create financial independence for people who wouldn't otherwise have opportunities. And then Nomi Network - N-O-M-I - which is adopting entire villages of women and girls in India to give them tech skills, and to also give them the ability to, again, have other opportunities for careers for monetary gain where they may not otherwise have opportunities. I'm very passionate about these things. I've been privileged, even with a bit of a different upbringing - being a missionary kid and a pastor's kid. I - people find that ironic about me. I don't know why. I'm perfectly stable, right, Ann? 

Ann Johnson: Yes, we all are. 

Kirsten Davies: But, you know, we all are. You know, I'm very passionate about people having opportunities that they would not otherwise gain access to. And I feel like we have such a unique opportunity in the cybersecurity industry because we don't have to physically be in any given location. We need to invest in these companies, in these startups, in these 501(c)(3)s, in these small, small businesses that are looking to provide opportunity for people that would not otherwise have it. Very passionate about that. 

Ann Johnson: There's a great song that you know - "Son of a Preacher Man" - that I have a very good friend who's also the son of a pastor, and I would tease him about it regularly, so... 

Kirsten Davies: That's great. 

Ann Johnson: So last thing, we always try to send our audience away with two takeaways, two insights, two things that are actionable. Since this conversation has been around what I call cyber wellness, can you just talk to the audience? What two things could they do today to make a difference for their team? 

Kirsten Davies: Only two things. Number one, listen and observe and then speak. Your team will tell you if they are tired. Your team will signal to you their burnout levels before they say anything. And I think it's so important as leaders that we listen proactively for that. We observe proactively for that, and then we talk proactively about it. That, for me, is number one - primarily. Number two, model the behavior you want to see in your team. Take time off, take care of your own mental health, your emotional health, your spiritual health. Model the behavior you give your team permission to exhibit because that's exactly what it is. You will give them permission to take care of themselves when you take care of yourself. 

Ann Johnson: I think that's wonderful. And I actually think that modeling and empathy - we talk about model, coach, care for our leaders here at Microsoft. And modeling empathy is one of the most important things you can do for your team. Thank you for sharing that. 

Kirsten Davies: Yeah. 

Ann Johnson: And thank you for taking the time. I know you're incredibly busy. So, Kirsten, thanks for taking the time to join me today. 

Kirsten Davies: Ann, such a pleasure, always a pleasure to be with you. Thank you for having me. It's just really been an honor to be a part of this. 

Ann Johnson: And many thanks to our audience for listening. Join us next time on "Afternoon Cyber Tea." 

Ann Johnson: So I asked Kirsten Davies to join me on "Afternoon Cyber Tea" because she has such a breadth of experience across being a CISO around a lot of different global companies. She's a wonderful human being. She's involved in a lot of efforts outside even of the cyber community - things related to rescue dogs and breast cancer. And her insights into the impact of the cyber environment and the current climate on front-line line defenders and CISOs were extraordinary. I know you'll find this to be an incredible listen.