Security Unlocked: CISO Series with Bret Arsenault 7.7.21
Ep 5 | 7.7.21

Building a Stronger Security Team: Geoff Belknap, LinkedIn


Bret Arsenault: Hi, I'm Bret Arsenault, Chief Information Security Officer at a little company called Microsoft. Recently I was approached by some customers: we're really struggling with the complexities of the security threat landscape, in particular just looking for practical advice. With the increase in threats, with the changing landscape in digital transformation that's going on, people are really trying to understand from experts what could they do practically that would actually help them in this new threat landscape we're living in today. And, I realized how fortunate I am to have met with some of the sharpest minds on this topic, whether it's competitors, vendors, internal Microsoft people, government people, who all share a vision for a mission on how to better protect ourselves. This created an opportunity to take some of those learnings and share them in this pod-cast series. Hopefully you'll find this interesting; I know I'll learn a lot from it.

Bret Arsenault: Today I'm joined by my fellow colleague, Geoff Belknap, the Chief Information Security Officer at LinkedIn. Geoff joined LinkedIn a little over two years ago, where he leads the organization's internal security teams in building a safe, trusted and professional platform. Geoff is dedicated to ensuring millions of LinkedIn members around the world have access to economic opportunity in a safe, private and secure way. Geoff has more than 22 years of experience in network architecture and security leadership. Prior to his role at LinkedIn he was the Chief Information Security Officer at Slack, where he built the security organization from the ground up, including laying the groundwork for Slack's production incident management process. Today, Geoff and I are going to talk about a big challenge every industry faces: recruiting cyber security talent, and how we can solve the skills gaps in the cyber security industry. Welcome to Security Unlocked, Geoff, it's great to have you on the show.

Geoff Belknap: Thanks for having me.

Bret Arsenault: It's an amazing background you bring into this, and I think as a luminary in this space, I'm privileged and honored to have you on the call, so I look forward to the conversation. Hey, I know, you know we're heavily recruiting on cyber talent and always looking for more talent; I know you are at LinkedIn, and we're sort of all fishing from the same pool, if you will. Currently there's a shortage of supply and only an increasing demand as risks grow around us. I'm really looking forward to having that conversation with you on the talk today.

Geoff Belknap: Should be good.

Bret Arsenault: Before we get started, maybe you could give a little bit about your path; I know you have a pretty interesting path of how you got into the security industry, and you've been doing it for a long time, but let's hear what's your path get you here.

Geoff Belknap: It's great, and I'm glad we're talking about this, because I think one of the things that's really important, especially now as information security or cyber security grows as a career path that you can aspire to, to realize that most of us, and especially me, landed here in this job in the most untraditional path possible. I had a good network engineering, telecommunications, architecture career, but I was a kid who, growing up, always wanted to be a cop or a fireman or something like that, have some connection to justice, and I got connected with a start-up and moved to California, and they said two months into the job, "you're an adult who makes good decisions," and then we paused for laughter, and then they didn't laugh.

Bret Arsenault: You've got to get the laugh.

Geoff Belknap: Yes, I said, "okay, I agree that I'm an adult." They said "we're going to build a security team; do you want to run the security team?" And I was like "yeah, that sounds really cool, I think I'd really enjoy that." And the rest is history. I started at Palantir, we built the security team there; I later moved on to Slack and started again, started from scratch and built the security team up, and have since moved on to LinkedIn. It's really been a fantastic journey of taking the things that you're passionate about and combining them with the things that you are somewhat good at, debate-ably, on a day to day basis, and bringing them to the executive leadership function, and really helping and enabling a team to move forward and be successful at the practice of security.

Bret Arsenault: In regard to that question, though, when they said you're an adult and you make smart decision, and you said I am an adult; does that mean you don't make smart decisions? [CROSS TALKING]

Geoff Belknap: They said good decisions. I don't know about smart decisions. The jury is still out on that.

Bret Arsenault: [LAUGHS] Fair enough, fair enough. But it is an interesting path. When you think about in this space, you're in a security company like Palantir, then you go into a collaboration company where security is the adjective, and then you go to LinkedIn. Again, big collaboration, big social perspective, but how do you make security work in an environment where you're trying to be both productive and secure? I think that's a great path, and I think it's important for people to take that into consideration. It's also interesting how many people who started with the desire to be in law enforcement are in this space; it's about 50-50 according to some of the folks we've talked to. I spent most of my time running from it so it's a little bit different, but I guess I had my own views on that.

Geoff Belknap: I think we all started with a misspent youth.

Bret Arsenault: [LAUGHS] Exactly, exactly.

Geoff Belknap: That's the common fact.

Bret Arsenault: Let's jump in on this: I was reading the other day on CNN, a quick article that talked about the US Bureau pointing out that information security analysts will be the tenth fastest growing occupation over the next decade; that today the cyber security professionals are still only 25 percent women, so we have work to do there, and so this gap just continues to grow on experience and talent and roles that need to be filled in this space. What's your initial reaction to that?

Geoff Belknap: I think that third bullet point is really important, that we need to invest more in growing cyber security talent. I think information security or cyber security, whichever word works for you, is, in the relativistic sense, new. This is a new space; it wasn't, certainly when I went to school, was not an option. Network engineering and telecommunications wasn't either, and certainly cyber security wasn't. So as you develop this new space, as happens traditionally in tech, it is not a diverse workforce, and one of the things we really have to focus on is building that workforce. Starting with people who have a passion for this problem set that is really hard, that is really important for your organization to solve, and invest in those people, build them up. Take the people that have the raw skills that are going to help them be successful in just about any tech job and give them what they need to build themselves up, to be a fully performing security engineer, in whatever discipline that might be.

Geoff Belknap: I think the more we invest in people and the more we invest in developing those people, the more we're going to start talking about the fallacious idea that there's a skills gap. There's a skills gap because nobody knows how to do this work, and there's no trade school you go to to learn this, so we have to fill that gap in with teaching people how companies like ours do this work.

Bret Arsenault: It's really interesting when you think about it; there's recruiting, there's developing, there's retaining talent, and obviously LinkedIn is an interesting one. You're trying to recruit talent but your platform also helps recruit talent as well-- I know we use it all the time-- so what do you think about, from a perspective on uniquely recruiting talent, given the competitive environment we're in, and in some of the skill sets we just talked about, about some of the people we're trying to get into the space?

Geoff Belknap: I think one of the most important things is if you're recruiting is to make sure that you're recruiting for the right level of skill, and to understand that people just don't have a lot of these skills yet. You cannot find a Cloud security engineer that has 20 years of experience, not really, and you're definitely not going to find ten of them and you're not going to find a diverse grouping of people that have this skill set. When you think about the things that make security really good at your organizations, you think about I want a diverse set of people with a diverse set of perspectives, from diverse backgrounds; I want people that maybe came from networking like I did, or maybe they came from security, maybe they came from the military, or maybe they came from academia.

Geoff Belknap: So you want this diversity of perspective, and to get that you have to stop thinking that what you really want is the person who's a principal level network security Cloud architect that knows all three Cloud platforms, that are majors in the industry. Instead you have to think about who are the kind of people that can process and analyze all the information, and understand the technology and that can build that understanding of what the organization is trying to accomplish, and the tools that are available to them to accomplish those objectives, and can build themselves into that engineer? Of course, we all need a senior person or two that can help guide them and mentor them, but I encourage people to really think about how to look for those people that are about to become the absolute best version of what they need, and think one step earlier in the career path as they're trying to hire these folks, because those folks are going to be excited and energized and responsive. They're going to throw themselves into that work and they're going to learn how to do that and they're going to develop themselves into the best version of the engineer you could possibly want.

Geoff Belknap: And, that is really what you want: you want those people. You don't want people that are bored or just interested in money, or maybe not completely interested in the mission of your organization. So I think a lot of that just comes down to thinking about how you should be really recruiting for those roles.

Bret Arsenault: That's a great perspective to your point when you're talking about the mission. I think people-- you are one-- I think I'm fortunate. When your vocation meets your advocation, it's a cool point in life, if you can be in that space. Since I know you are a lifelong learner, what are the lessons you learned in the last year? One, lesson you learned that's new and you want to keep doing; and lesson you learned that maybe isn't your strength and you don't want to do?

Geoff Belknap: Oh man, that's a good question.

Bret Arsenault: That's the beautiful about being podcasters, you get to ask really good questions.

Geoff Belknap: [LAUGHS] Great, and we can just cut out the part where I'm silent for three minutes and get stunned while I think about that. Well, I can start with the second part first, and tell you the thing I have learned that's been amazing is that seven-year-olds can operate video conferencing software, far exceeding the capacity of many adults that I work with, and I would really like to never do that again, to never have my children operating video conferencing technology day in and day out and be the home IT support. I think the thing I've learned about myself as a leader is, if you hire the right people-- and I think looking at this through the lens of the last year that we've been operating in, where we've been learning all kinds of new leadership lessons-- if you hire the right people and they're committed to the mission, there is no obstacle you can throw in front of them where they will not figure out a way to adapt and overcome to that obstacle.

Geoff Belknap: And, I think when we all started working remotely, we all wondered how are we going to do this job? It's going to be very, very challenging. And what we learned is people find a way, and certainly it's very hard for people and you adapt. I think one of things that was really interesting is we learned that using these tools that we had available to us, whether they be video conferencing or chat or email, when we're all working remotely, we adapted in a way that brought a lot of equity to the way that we worked. We were suddenly all on an equal playing field and we inevitably made time for our colleagues to share ideas or to be innovative or whatever it is, but suddenly we're on the same playing field, everyone's contributing, and I think-- well, productivity has never been higher. We learned that innovation can really happen in a lot of different ways, so I learned that I didn't have to necessarily be in an office five days a week to innovate and work with great people.

Geoff Belknap: I don't know that I want to do that again, and I definitely don't want to learn any lessons the way that we learned that again, but I'm always really impressed by the caliber of people I get to work with.

Bret Arsenault: I think your point about the adversity and this equanimity of people all working remotely, it's interesting when you've been part of these leadership meetings and other things, and everyone's on an equal footing, which is really cool, and how can you keep that? When you put people in the areas when they return to the workplace, how you keep that equivalency there, is going to be important because it's one of the most, I think, impactful parts of inclusion; everyone has an equal voice, and so that was one of the things that's pretty cool.

Geoff Belknap: I think the most important thing that I keep in mind is the thing that attracts people to an organization, and the thing that retains people in an organization is always culture; it's always going to be, what's it like working there? And so what I've learned is compassion and empathy really are not just good things, they're not just optional things to have, but if you really want to have a great culture, if you want to have that organization that's going to attract and retain the best talent, you have to authentically have an organization that cares for the people that work there. That understands people can't do the best work of their life if their life is a mess, and I think what we all learned this last year, is certainly there was a lot of overlap between life and work, and there was sort of a joke to think about separating those things. But, we also learned how to be compassionate, caring, thinking leaders, and I think a lot of that really doubled down on the kind of culture that I want to work in and that I want to help build.

Bret Arsenault: So I want to switch gears, because I like the way you're thinking about it, and this both on recruit and retain: when you have people there, to your point, there's not enough skills; you obviously have a unique position in the fact that we have what used to be Lynda, now LinkedIn Learning, which is an amazing tool to learn anything about everything, it's an amazing platform; how do you think about that in terms of really encouraging people, like you said, that don't have skills sets but to come in? In some ways there's too much learning, so how do you hone that down within LinkedIn to say here's the set of things that will really help you go build skills in communications or skills in Cloud or skills in encryption; I'd love to hear practically how you're using your own platform to help with your people.

Geoff Belknap: Well, the first thing I went on there and learned was how to light a video call so that you don't look like the Grim Reaper on every video call. That was important for me. And I think, because I'm relatively new to LinkedIn, that was a fantastic way to learn first hand that there really is learning for everything there on LinkedIn for lots of people. I think one of the things that we are experimenting with this coming fiscal year is we're trying to-- we have a ton of open roles by the way; come to LinkedIn dot com, look for a job for security at LinkenIn, we have lots of them, we would love to have you-- if we can take people that are in career transition or are early career folks, like they're just coming out of college or just transitioning out of the military, or maybe they were a mechanic and now they want to break into tech; whatever your path that brought you to the precipice of thinking of taking on a path of learning to be an engineer in security space, or an analyst in risk, or a program manager, or whatever the path might be, there is a learning path on LinkedIn.

Geoff Belknap: And, we're looking at how do we apply the knowledge that LinkedIn already has as learning paths, to engineers that are new or folks that are new security, and use that as part of a comprehensive package to build them up to be high performing security employees at LinkedIn or anywhere else, for that matter? And I think there's a lot of potential there for us to take people that have the, I'll say minimally competent set of skills that they need to know how to be a technical employee at an organization like LinkedIn, and then bring them the knowledge of both how LinkedIn does it and how our unique environment at the skill that we're at does it, but also all the learning that's available to you at LinkedIn to build yourself into that minimally competent engineer and then grow from there into somebody that's an expert. Somebody that can then be a mentor to other people and bring them along a path that was similar to theirs into security, and then hopefully into security at LinkedIn.

Bret Arsenault: That would be awesome, I think we all benefit from that. I think one of the things that super important, though, is we talk about developing talent. Like here we have meeting-free Friday mornings every Friday, and every other Friday a full Friday, which is really designed to let people catch up, spend time, spend time in learning and doing those kinds of things, like on LinkedIn Learning. What are you doing around that space and what do you suggest or recommend for other CISOs or professionals in the field to do?

Geoff Belknap: Yeah, we do something pretty similar. We have regular monthly no meeting days, where people are encouraged to learn and expand their skills or focus on things that are just focused work without meetings. And then, we also have something unique at LinkedIn called In Days, and these are days once a month where you can focus on yourself, developing yourself. There's also an opportunity to focus on community development and investing in your environment or your family. There's always a theme that goes with these, but the underlying idea is take this time and develop it, not necessarily to the direct benefit of LinkedIn but for you and the things that are important to you. Whether it be recharging or learning something new, or teaching something new to somebody else, but I think it's really important to take that structured time and just invest it in yourself. And as leaders I think it's really important for people like us to make sure that our people have that time and that it's not just nose to the grindstone, ten hours a day of work, whatever it might be. You have to have time to build yourself up.

Geoff Belknap: And while a lot of that development comes from the work that you're doing day in, day out sometimes we just need to take a break for ourselves.

Bret Arsenault: That's a great way, I think it's consistent with the theory we were just talking about, around productive, secure and healthy. I think it's that concept of smart people and healthy people, and to your point, teams are most effective when the overall organization is healthy. That's a great way, I like the In Days comment, that's a great way to think about it, Geoff.

Geoff Belknap: Yeah, I think healthy people, psychologically healthy people are going to be the best asset for your organization, and it's to all of our benefit to build those people.

Bret Arsenault: I think that's great, I think that's awesome. So I love the learning path stuff and I know you talked about the no meeting days and things like that. Is there a learning path specifically for how to do effective meetings?

Geoff Belknap: There is no such thing as an effective meeting, so I think you're going to have to build that learning path.

Bret Arsenault: Alright, I'm going to work on it. I think I have a new challenge in life. Switching gears a little bit, I know that you've been a big advocate for Zero Trust, we've talked a lot about it in the last few years; industry has terms for it. What do you think that role plays in helping LinkedIn folks and your security team really achieve the objectives there at LinkedIn?

Geoff Belknap: I mean, the thing I really love about Zero Trust as a concept is it really reinforces that there is no safe haven, right? So the easy way to do security is go, alright, as long as I wrap it in a hug of Firewall or VPN or something like that, I'm safe; as long as I make it back it to the secure part of my network, I'm safe. And, when you take away that concept that there is some castle keep or some place you can put your data that is automatically by default safe, it really makes you rethink how you build a production environment. It makes you rethink how you calculate and assess your risk, and putting aside the technology steps that you might associate with it, that is really powerful, because the thing that continuously causes problems in the world today are people sort of thinking that security is a state you can reach, that it is an end goal, and I know you know this as well as I do that that is not the case.

Geoff Belknap: Security is a process, it's a thought process, it's an approach, and when you approach it from a mindset of Zero Trust, that I can't trust the network, I might not be able to trust the peer services that I'm talking to at some point in the future, it makes you rethink how you would build and design these things. And, I think that puts us on a really strong path for how we dig out of the situation that we find ourselves in today, where things just are not as secure as they should be. It's not because we haven't built the tools people need to secure them, it's because there's this thinking of like, well, as long as I hire five more engineers, I'm done, or as long as I patch this one more time, I'm done. And, I think it's really important that we shift the mindset that we used ten years ago to reflect the threat as it exists today.

Bret Arsenault: Yeah, that's an amazing way to look at it. I think this issue-- I know we've had this conversation before about "get green stay green", and cholesterol's a perfect example, you know, it's like, "I'll just take this pill and I'm fine," and the reality is you have to change the way you eat and exercise and all the other things that go along with it, and it's a lifestyle change, and I think that's true for the security industry changes we have to go do. So it's actually a super good way to think about it. How does that help with talent? When you think about Zero Trust and recruiting talent or training and getting that mindset, there's the mindset of the people you're bringing in-- I think your communications comment was important-- good security people are amazing, but good security people need to make non-security people do and act and behave a certain way. And, hopefully get charged about doing that because that's an impact and influence play. How do you think about that?

Geoff Belknap: Yeah, I think two things: one, I think the really important thing is that they can influence behaviors; they can bring information to the table that influences behaviors, because as we all know, a security team by itself can do very little. You can execute on very little throughout the organization that really brings impact, so you need to bring your product and your business partners along with you, and if you can't communicate with them you can't do that. The thing that's great about Zero Trust, especially where we look at a highly competitive recruiting environment that we're in today, is that it means everybody's sort of starting from the same playing field, right? I don't need somebody that knows exactly what the problem has been for the last 10, 15, 20 years.

Geoff Belknap: I can bring people in, give them-- or bring them in with the fundamental skills that they need for whatever discipline they're in, whether it be applications security or Cloud security or network security, or just governance and risk and compliance, and we can say, "okay, let's think about this problem from the perspective of we don't trust anything that we're connected to or interacting with; we can't trust our networks. Let's just treat it like everything's running on a coffee shop network. What would we do differently? How would we approach this problem?" And I think, like I said, one of the benefits is, this is a relatively new way to think about this problem, and because of that, that means you bring fresh people to the problem. They're going to approach that, they're going to approach solutions in that problem space, in a brand new way. And the reality is those are going to be just as impactful, successful solutions as somebody that's got 20 years of experience.

Geoff Belknap: The difference is going to be the people with 20 years of experience are going to be a lot more skilled and adept at executing on that immediately. But, I think you partner people that have that new, fresh, diverse perspective with those mentors, and I get think you get a lot of win.

Bret Arsenault: I think that your point around the fresh, new perspective, it would be helpful maybe if you can reinforce or debunk the myth, because a lot of the things I see that scare people away from security is they see the hoodie in the dark shirt and they've see whatever random cyber show that Hollywood or any other film part of the world has put out, and there's this view that you've got to be ultra geeky, math co-psy person, and I mean, some of my best security people come from none of that background. They're just super inquisitive people who started really wanting to play in data. What's your view on that, as far as, again, debunking the myth about you have to be a math or engineering person to be in this space?

Geoff Belknap: I think first of all, I have a business degree. While I was an engineer I certainly didn't get an engineering degree, although I certainly would have liked to. I think, you know, that is just not true. Hoodies are super comfortable, and I encourage people to try them because they're relaxing and a great way to get some casual work done, but the reality is like, no, you don't have to have this deep, technical skill. But I think, at the same time, I have some respect for the people that do, because that's the thing that they're really passionate about. They want to know everything down to the op code of how this piece of equipment works; that's fantastic. But that's not useful in terms of having a holistic, big picture view of what's in security; that's super useful. If that's the thing you're really excited about, dive down that rabbit hole, that skill set is going to be valuable, but it's not the only skill set that's valuable.

Geoff Belknap: One of my favorite things about security is, it is inherently a multi-disciplinary and inter-disciplinary practice. We need people from lots of different specialties, all working together about how to work on this problem set, and the good news is, you can from from medicine or aeronautics or academia; maybe you were a librarian before; you're going to bring a perspective with you that's going to be useful to put together with other people that have other skills sets to solve the problem. I can't name off the top of my head another profession that's like that right now, where you can come into tech and have a completely non-tech background but be somebody who's an aggressive, passionate learner that wants to solve this problem, and you can be impactful; like you can directly impact good outcomes for millions of people and not have an engineering degree.

Bret Arsenault: Yeah, I like that perspective, I really do, and I think we've had other people on the podcast, and one of my favorite arguments is to stay up late with Russinovich and argue about String Theory and whether quantum will actually help us with credible time dimension issues. And honestly, as interesting as that is, the more interesting and more impactful conversations is working with my education and awareness team on how we can help people understand what we're doing with Zero Trust in the most simplified way, and so they're both opposite ends of the spectrum that both have impact, so I think ti's a great way to think about it, for sure.

Geoff Belknap: Yeah, absolutely. Also I feel like I need to get the call from you and Mark when we're arguing about String Theory. It's like you make far too much-- when you guys talk about deep Physics, it--

Bret Arsenault: [LAUGHS] Yeah, it's an interesting exercise in futility, but it is still fun to have the conversation. There are some interesting parts of it that become sort of interesting, but I do think it's overrated and I don't want people to shy away from the profession. The other thing I guess I'd push on a little bit, and you brought it up about it being multi-disciplinary. At least in this company and your company, security touches every part of everything you do, whether it's the consumer business, the enterprise business, the global business, the tech side of the business, the legal side of the business, and so I think for many people, even come into security just to get your MBA in Business at all, and you spend five years on a security team and you learn about every aspect of every business, and you can decide I want to be in this part, I like the legal aspect, I don't want to be in cyber any more, and I think it's a great training ground for a lot of those things. Here's the fun part of this show: this is a question I have: what are you currently reading? And what would you recommend people read these days?

Geoff Belknap: Oh, I think those are two very different things.

Bret Arsenault: They are, for sure.

Geoff Belknap: [LAUGHS] I think I'm currently reading-- this is a very nerdy book-- but a different kind of nerdy; I'm reading "Relentless Strike", which is a history of the Joint Special Operations Command, which is fascinating to me, but I don't recommend it for everybody. I think the book I would recommend for everybody is The Great Game of Business, and that's a book by a couple of guys who built an organization and learned how to run that organization with the books open and teaching people how to make decisions the way the CEO does, but looking at, you know, here's how to read a profit and loss sheet; here's how to read a balance sheet; here's how to read cash flows and understand how we're making margin on the products that we produce or the software that we ship. 

Geoff Belknap: Because that kind of thinking-- I don't think security leaders literally need to teach people how to read a P and L, although that turns out to be great if you're a front line manager also, but if we can teach people how to operate security the way that the CISO thinks about security, and to see the bigger picture about how people like Bret and Geoff are interacting with our CEOs and our Boards and our peers, I think many more people get a much better idea of what security's really all about.

Bret Arsenault: That's great, I love those two recommendations. I love the read and then I love the recommendation. Now the practical part: every guest has to answer the same set of three questions: what is meant to be practical advice you'd give to listeners around one, two and three, or A, B, C if you want. What leaders can do today to recruit cyber security talent, and help grow security skills? And then lastly, what is the one thing they should avoid, from practical experience, something you're recommending based on your own experience?

Geoff Belknap: What's the one thing they should avoid as far as hiring?

Bret Arsenault: Yep.

Geoff Belknap: Okay. So the number one thing that I tell people in terms of thinking about how they're hiring is to think differently, right? Expand their horizons. And to some extent, what that means is think about people that don't have 20 years experience, think about people that have the minimum sets of skills that you need, and what you can do to train them on the way that you do that thing there, and what mentors you can pair them with so that you're building them into those engineers that you need. I think everybody probably has enough senior talent at this point that hiring more senior people is the really, really the hardest, most competitive part out there about hiring in security. If you hire people that are earlier in their career and pair them with the senior talent that you have, you're much more likely to have a success.

Geoff Belknap: The other thing I say is, stay away from the traditional paths to hiring in security. You don't have to hire people that have the most Twitter followers or have the most blog followers. I mean, all those people can be really good, and certainly having the most number of Twitter followers, or LinkedIn followers, doesn't make you bad, but it also doesn't make you good. I think people that haven't spoken at every conference can be just as good as people that have spoken at every conference. At the same time, you just have to make sure that you're hiring people that are great, and that you know how to assess them. I think that's the third one, is look at how you're assessing people. Stop; if you're doing any trick questions, if you're asking people questions that you think are meant to assess how they think under stress, just punch yourself in the face and stop asking those question, and then go to questions, or go to ways, that assess people's actual capability to executive the role.

Geoff Belknap: So if this means giving them a written test, or if this means you have a standardized set of questions, or you have a practical thing that you want them to try to solve, look at those things-- and by the way, you can do all those things looking at them blind, where assessors cannot look at the resume or not look at the name-- you can really just assess their technical skills, do that. You're going to find so many people, so many more people that are capable of executing that role perfectly, than you would if you just looked at what conference they spoke at or how many Twitter followers they have, or their last LinkedIn post.

Geoff Belknap: I think finally I would say something to avoid is just don't go looking for that purple squirrel or that wonderful unicorn that has the exact number of years of experience that you're looking for, or that has done the exact job you're looking to hire. Most likely things have changed so much that people who have been-- I'll give you a great example-- in the Identity and Access Management space, for a long time, they know how to do Identity and Access Management, and it doesn't have to always use the same set of tools. So I think as long as you're looking for people that have the deep skills, that have the knowledge, that are lifelong learners and that are passionate about learning new things, you can find a whole world of new candidates that are available for that role that you want to fill.

Bret Arsenault: I think that everything you said will help me build a much more inclusive environment, which will build a more productive system, and the way you look at it, which I think is great. I also love the first comment around the org shape. I remember when we first started looking at org shape; is it a square box? Is it a pyramid? Is it a pear? Is it an apple? But I think certainly people have to get much, much more interested in early in career talent, having a much bigger pool to draw from because that's where you're building the skill sets you need, building for the future of the company, building for the future of the functions that you're doing. Well, I really appreciate your time, Geoff. Obviously I've learned a lot, as I always do in these conversations, and I look forward to the next conversation.

Geoff Belknap: Thanks for letting me ramble for another chunk of time, and I appreciate the time, Bret, thanks a lot.

Bret Arsenault: Ah, I appreciate it, Geoff, thanks so much.

Bret Arsenault: Thanks for listening. I look forward to our next episode, and remember, stay safe and stay secure.