Hacker Valley Studio

Marrelle Bailey, Community Manager, Content Curator, and DEI Advocate, brings her multifaceted career experiences down to Hacker Valley Studio this week. Tapping into her past lives in yoga, bodybuilding, community managing, and cybersecurity, Marrelle explains the silo her career has taken into helping others find ease and peace of mind in their work. Marrelle also walks Chris and Ron through an exercise designed to help anyone feel more worthy, valuable, and like they belong.

 

Timecoded Guide:

[00:00] Taking on career pivots with excitement & curiosity

[06:23] Bodybuilding & yoga’s surprising presence in her cyber career

[09:28] Finding black women in predominantly white tech communities

[14:07] Being a jack of all trades, but a master of self worth & reflection

[20:54] One key practice for feeling worthy, valuable, & like you belong

 

Sponsor Links:

Thank you to our sponsor Axonius for bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

What from your past in yoga and bodybuilding has stuck with you today?

As someone who grew up feeling traumatized and uncertain, Marrelle believes that yoga genuinely saved her life. Yoga helped Marrelle feel confident and empowered, and also taught her the importance of self-reflection. Additionally, Marrelle’s continued health and wellness journey inspired her to take up bodybuilding, which has motivated Marrelle to work hard, to motivate others to engage in their health, and to recognize when she’s holding herself back.

“My clients know I'm fixated on pushing them as much as I push myself, because I know we have greatness. I know for myself, I can be the best self-sabotager in the world when it comes to pushing myself professionally. I know what it feels like sometimes to hold yourself back.”

 

What has it been like doing all these different roles and how do they stack together?

Marrelle is a true example of a jack of all trades, with experience in personal training, cybersecurity, content creation, and community management. Despite the differences, each role Marrelle has taken on has ultimately focused on compassion, authenticity, and perseverance. Marrelle never saw black women succeed in the areas she wanted to succeed, but now, she can set an example and show that she belongs in each opportunity she takes.

“I feel like each job taught me, even though they were all so different, they all taught me about gaining compassion for people. Am I being authentic to the people around me? Am I giving people the ability to be themselves and for me to be myself, to grow, to persevere, to push?”

 

How would you describe yourself, being so multifaceted and dimensioned?

Marrelle believes she is someone that just wants to help other people and support other people in their healing process and in knowing their importance. Many people, regardless of their profession, struggle with difficult feelings of unworthiness and exclusion, fearing that they won’t be taken seriously for who they are. Marrelle has struggled with these same feelings, and wants to create safe spaces for people to grow and nurture their confidence.

“I just want to bring people's lives ease and peace and remind them how valuable they are, because I think all of us at some point struggle to know our worthiness and our value, and that we belong in the spaces that we're in, because sometimes we can really feel left out.”

 

What would you recommend for anyone who wanted to start feeling worthy, valuable, and like they belong a little bit more today?

While anyone can struggle with feeling a lack of worth, value, and belonging, Marrelle wants to reassure listeners that these exist in abundance and can be built up with mindfulness exercises. An easy way to start practicing a better and more positive mindset is through inhaling the good and exhaling the bad. As you inhale deeply, think positively about who you are and who you want to be. As you exhale, get rid of negative and unfair thoughts about what makes you “not good enough” to feel worthy, valuable, and like you belong.

“You are worthy, you are valuable, and you belong where you are. No one can question it, you are where you are because you got there. No one knows your backstory, no one knows your journey, no one can walk in your shoes, but you deserve to be where you are.”

---------------

Links:

Keep up with our guest Marrelle Bailey on LinkedIn, Twitter, and website

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Sheryl Anjanette, Author, Speaker, and CEO & Founder of Anjanette Wellness Academy, comes down to Hacker Valley to discuss and promote her new book. The Imposter Lies Within covers Sheryl’s work with the intersection between business and mindset, and invites professionals to reconsider and reprogram their brains away from imposter syndrome. Using her findings personally and professionally, Sheryl walks through the origins, explanations, and potential remedies for imposter syndrome in this episode.

 

Timecoded Guide:

[00:00] Discovering imposter syndrome’s origin story 

[05:04] External triggers vs the inner critic

[13:59] Imposter syndrome & Neuro Linguistic Programming (NLP)

[21:11] Reprogramming your brain to heal from the imposter phenomenon

[27:34] Fearing firing as an unrealistic response to the inner critic

 

Sponsor Links:

Thank you to our sponsors Axonius and Uptycs for bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Uptycs, analytics for the modern attack surface, observability for the modern defender. Check out Uptycs by visiting them at uptycs.com

 

What is the origin of imposter syndrome? 

Defined and named in the early 1970s, imposter syndrome impacts each person in different ways depending on a variety of personal experiences, including gender, upbringing, and income status. Despite the experience varying from person to person, Sheryl explains the set of symptoms still remains strikingly similar, no matter who is suffering from imposter syndrome. This has made the phenomenon relatively easy to identify with, as many struggle with a lack of belonging, self worth, and self confidence.

“In the early ‘70s…researchers called it the imposter phenomenon, but they had only studied women. For quite a long time, people thought only women experienced feeling like an imposter, but recent studies have shown that men and women experience this almost equally, just differently.”

 

Do you see imposter syndrome as a negative construct of Neuro Linguistic Programming (NLP)?

Outside of the office, Sheryl incorporates Integrated Hypnotherapy in a large majority of her coaching work and explains that a large majority of that has involved delving into NLP, or Neuro Linguistic Programming. NLP emphasizes the importance of what people tell themselves. What someone actively lets themselves think has the power to become true to their brain. When someone thinks they are an imposter at work, they end up accidentally using aspects of NLP, which causes their brain to believe they are an imposter. 

“Our conscious mind is only 10% of our reality, 90% is below the surface. When we can start to make the unconscious conscious, when we can do the deep dive and go back in and look at our programming, we can see where the code went bad and change that.”

 

What are the steps of reprogramming your mind away from these imposter thoughts?

Reprogramming someone to actively deny and work against imposter syndrome thoughts requires a deep dive into emotions and an understanding of an internalized past. Sheryl explains that being present, taking deep breaths, and allowing your perspective to shift out of your head and into your body are all steps that need to be taken in this reprogramming process. This process is powerful and new, but Sheryl promises it doesn’t have to be difficult or uncomfortable. 

“Get very, very present in the moment and then, just feel yourself drop into your heart. Feel yourself drop into your heart, it's only an 18-inch journey, but it's something we generally don't do very often. Get out of our head and into your heart.”

 

For anyone that's dealing with imposter syndrome, is there anything that you would want to tell them to help them understand the power within?

Sheryl sees a large majority of professionals struggle specifically around the idea of not being good enough at work and being an imposter at risk of being fired. Imposter syndrome can convince anyone of this idea because it doesn’t rely on experience as evidence, according to Sheryl. Instead, someone suffering from imposter syndrome has to acknowledge that the idea of not being good enough and being fired is just an idea, not reality. 

“As you go into your heart and into your observer role, ask yourself: Is this real? Where's this coming from? And then, tell yourself a different story. ‘I'm good. Everything will work out. I think that's just a pattern that I've had for a long time. I'm going to assume the best.’”

---------------

Links:

Keep up with our guest Sheryl Anjanette on her website, LinkedIn, or via email: hello@sherylanjanette.com

Purchase Sheryl Anjanette’s book, The Imposter Lies Within, on Amazon and Barnes & Noble

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

In this special episode, Hacker Valley community members and hosts of the Breaking Through in Cybersecurity Marketing podcast, Gianna Whitver and Maria Velasquez, tell all about the ups and downs of cyber marketing. As podcast hosts and founders of the Cybersecurity Marketing Society, Gianna and Maria eat, sleep, and breathe cybersecurity marketing. This week, Gianna and Maria share the history behind the Society and explain why they decided to host their CyberMarketingCon2022 conference in person.

 

Timecoded Guide:

[02:41] Creating the Cybersecurity Marketing Society

[06:29] Transitioning CyberMarketingCon2022 from virtual to in-person

[10:50] Combating the difficulty of growth marketing to cybersecurity practitioners

[18:34] Examining ROIs for attendees of conferences like Black Hat and RSA

[28:15] Finding the one thing they would instantly change about cyber marketing

 

Sponsor Links:

Thank you to our sponsors Axonius and Uptycs for bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Uptycs, analytics for the modern attack surface, observability for the modern defender. Check out Uptycs by visiting them at uptycs.com

How did the Cybersecurity Marketing Society come to exist?

Gianna and Maria initially met and bonded over how the cybersecurity marketing world is constantly changing and evolving, for better or worse. They would get together to chat, as well as share strategies and insights. They quickly realized, through their friendship, that there was potential for a solid community in cybersecurity marketing. They started a Slack channel, just to put something out there. The channel grew from 10 participants into a bustling community of over 1500 people. Now, the Society is growing every day and hosting online events.

“It's always really nice to look back at the start, and it humbles you, right? As you continue this hustle of just growth and ongoing things happening, it's nice to take a step back and say, ‘Wow, look at where it all started.’ It seemed like just a crazy idea then.” –Maria Velasquez

What inspired the leap to host an in-person conference for CyberMarketingCon?

Back in 2020, while everyone was experiencing the height of the pandemic, members of the Cybersecurity Marketing Society were still interested in making connections with other professionals in the industry. Gianna and Maria decided the best option available was hosting virtual conferences in 2020 and 2021. Later, they branched into in-person chapter meetups in cities around the world. An in-person CyberMarketingCon2022 seemed like the next natural step in the process to cement those community connections.

“We started planning on a spreadsheet, basically. What's the theme? What do we want to cover in terms of topics? We looked to our members within the Society to hear what they'd like to learn at the conference and the speakers they'd like to see.” –Maria Velasquez

 

What makes it so difficult to market to cybersecurity practitioners?

Cybersecurity practitioners are notoriously skeptical. Their purview is full of phishing links and threat actors, and their guards are always up. Practitioners also often have a revolving door of folks wanting them to try demos, which makes it harder for someone to stand out. Maria and Gianna explain that you have to create a different kind of connection to build a relationship with practitioners, and advise marketers to avoid the cringeworthy commercial buzzwords.

“We're here to make sure that together, as an industry, cybersecurity marketers default to the best practices in marketing to practitioners, and that we're not bothering our target audience. We're doing great marketing, so that we can help everyone be more safe.” –Gianna Whitver

 

What did the ROIs look like for attendees of Black Hat and RSA?

In general, according to Gianna and Maria, the return on investment seemed higher for attendees at Black Hat, rather than at RSA. For marketers, RSA is less about selling and more about brand awareness and meeting with investors. In contrast, those who attended Black Hat reported that, even though the quantity of traffic at their booths was lower, the quality of the connections was higher, and there is a lot of optimism about opportunities to connect next year becoming more frequent.

“We're going to keep doing this every year. We're going to keep expanding the survey, we're going to have better data. I'm really looking forward to next year's debrief on Black Hat and RSA, seeing how things changed and how companies perceive their ROI.” –Gianna Whitver

---------- 

Links: 

Grab your ticket to the CyberMarketingCon2022

Follow Gianna on LinkedIn

Catch up with Maria on LinkedIn

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Dani Woolf, Director of Demand Generation at Cybersixgill and Host of the Audience First podcast, brings her marketing expertise to Hacker Valley to talk about what’s broken in the marketer-buyer relationship. Dani’s tried and true methods of cybersecurity marketing involve clear messaging, authentic communication, and building trust in an industry where not trusting anyone is the norm. How can cyber marketers break through the negative stereotypes and show cybersecurity buyers that they’re authentic?

 

Timecoded Guide:

[00:00] Fixing the broken relationship between cyber marketers, sellers, & buyers

[04:58] Unrealistic marketing goals vs incorrect marketer perspectives

[10:23] Better conversations between marketers & practitioners with Audience First

[15:12] Connecting with curious cyber practitioners instead of dismissing them

[23:37] Advice for cyber marketers looking to start fresh with content

 

Sponsor Links:

Thank you to our sponsors Axonius and Uptycs for bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Uptycs, analytics for the modern attack surface, observability for the modern defender. Check out Uptycs by visiting them at uptycs.com

 

What messages are practitioners receiving (or not receiving) from cybersecurity marketers? 

One of the domains Dani actively uses is hilariously titled, “WTF Did I Just Read?” This project, inspired by the contextless and confusing messaging cyber practitioners receive everyday, aims to show marketers how to adopt better tactics and more authentic communication with potential buyers. Truth be told, Dani has seen the worst of cyber marketing, and she understands why many marketing teams get a bad rap in the industry.

“Frankly, [marketers] are just sending messages that have absolutely no context or need to the buyer, which is just lazy. You have to identify the problem, do a little bit of legwork to see what the buyer is interested in. Who are they really? What are they trying to solve?”

 

Where do you think we all went wrong, from a cyber marketing perspective?

Two factors have contributed to incorrect and inauthentic marketing tactics in cybersecurity, according to Dani. The first is pressure to achieve stressful goals and unrealistic KPIs on marketing teams that should be focusing on quality of communication over quantity of calls or outreach methods. The second is marketers coming into the cyber industry with the false mindset that cyber marketing is just like any other marketing, when in reality, the methods of communication and the relationship with buyers is completely different. 

“A lot of professionals coming into cybersecurity think that what they've done in other verticals works in cybersecurity, when in fact it doesn't. I know for a fact it doesn't, because that's how I made mistakes in the security space and that's how [my podcast] Audience First was born.”

 

Is there a lot of conversation and communication happening between marketers and cybersecurity practitioners?

Marketers and practitioners are not communicating in a trustworthy and authentic way, in Dani’s opinion. Many marketers fall into the mindset trap of letting the “smart people” in the room talk during meetings and calls, instead of engaging in the conversation. Dani explains that when cyber marketers shut themselves out, they don’t learn anything about cybersecurity or about their clients. Not knowing creates a lack of trust and confidence for both sides. 

“If we continue to just click on buttons and look at numbers, we're not going to do our jobs any better. I urge anybody listening to foster that bidirectional relationship, to be open to marketers speaking to you, and to be open to speaking to practitioners and asking for feedback.”

 

How would you compare the average cybersecurity buyer to, for example, other buyers in the technology space? 

Despite the stereotypes of cybersecurity buyers being tough or unapproachable, Dani admits that many of her cybersecurity clients are kinder and more empathetic than in other tech industries. However, this kindness and empathy has to be earned, and security professionals aren’t always the easiest people to gain the trust of. Dani explains that credibility and authenticity reign supreme in messaging to cyber buyers, because that is the only way to break through the caution many practitioners are trained to have.

“Why would I scratch your back? Or, why would you scratch mine if I don't even know who you are? Like, the whole point of security is not to trust everything that you see. So, trust and credibility is a huge part of that, and establishing authentic relationships is a huge part, too.”

---------------

Links:

Keep up with our guest Dani Woolf on LinkedIn and Twitter

Listen to Dani’s podcast, Audience First, and learn more about “WTF Did I Just Read?”

Check out the Cybersixgill website

Learn more about Dani’s work on her other Hacker Valley podcast appearances: Breaking Through in Cybersecurity Marketing, Breaking Into Cyber 

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Ben Opel, Senior Director of Professional Services at Attack IQ and former Marine, joins Chris and Ron to talk about the essentials of purple teaming. Combining the essentials of the red team and the blue team, a purple team offers cybersecurity companies a unique opportunity to create a threat informed security process. Using his time in the Marines and his experience at Attack IQ, Ben walks through purple team philosophy, breach and attack simulations, and shifting from a reactive to a proactive mindset.

 

Timecoded Guide:

[00:00] Past experiences with cybersecurity in the Marine Corp

[04:28] Exposure to purple teaming in defensive cyber ops

[10:26] Implementing breach and attack simulations in defense strategy

[14:38] Threat informed defense and the aftermath of breach simulations

[23:36] Communicating and approaching risk-related decisions 

 

Sponsor Links:

Thank you to our sponsor AttackIQ for bringing this episode to life! 

AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com

 

How did you first get exposed to purple teaming and what are some of the tenants that you hold today?

Ben’s experience in cybersecurity and his journey into purple teaming occurred during his time with the Marine Corps, performing defensive cyber ops. Originally, Ben didn’t even know the term purple team existed when he first encountered it, but his team was already approaching their work that way. Ben explains a core tenant of purple teaming is getting people in the same room and showing them the value their work brings to one another.

“We started building our teams around this multifunctional purple concept of having threat hunters, threat intelligence, red cell, support and mitigation, and forensic cell all in one. All of these capabilities in one team, where they could work synergistically.” 

 

What are the shortcomings and advantages of the purple team philosophy?

Like any philosophy, Ben explains that the hardest part of incorporating a purple team mindset is including it in everything your team does. To aid in this shortcoming, Ben keeps one question in mind: “What can someone do for me, and what can I do for them?” When involved in a purple team, everyone is putting their heads together. Ben explains there’s much less confusion between offensive and defensive professionals in that purple collaborative setting.

“Pure red team ops can be super fun, but you leave every job not sure they're going to actually make something with what you did. I've worked with blue teams who are like, ‘Hey, this was a great report, red, but we made some fixes, but we don't know if these are good.’”

 

How do we get more people into being proactive and adopting the purple team perspective?

A large majority of cybersecurity teams and processes involve reacting to potential threats and incidents. In contrast, purple teaming and threat informed defense strategies emphasize a more proactive mindset. Ben explains that working with a capability like Attack IQ helps teams build confidence in what they can prepare for and prevent. Building confidence in infrastructure and resilience in your team helps a proactive mindset thrive. 

“It’s about giving folks the ability to parse out and understand what's important to them, and to boil that down into, ‘Okay, now, what does that mean when hands on keyboard?’ Making that available, making that easily digestible. It's an education problem in this realm.”

 

What would be your first piece of advice for the person about to embark on discovering or explaining breaches and attacks in relation to their organization?

Ben explains that explaining breaches and helping others in your organization understand attack risks starts with showing. He explains that revealing how easily these things can happen and in what situation certain events could be particularly harmful opens the eyes of members of your team to what their threats look like. Instead of catering to doom and gloom, analyze your cyber threat risk with practicality and literal examples. 

“If I had to say that I had a specialty forced upon me by the Marine Corps, it was that. It was going over to peers and telling them that this is something that's good, bringing my red team in and letting them poke around, letting my blue team plug in to their network from some strange IP that they've never seen before.”

---------------

Links:

Keep up with our guest Ben Opel on LinkedIn

Learn more about Attack IQ on LinkedIn and the Attack IQ website

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio