Mick Leach: Hello, and welcome to SOC Unlocked, Tales From the Cybersecurity Frontline. I'm Mick Leach, your host and guide on an exciting journey into the SOC universe. In each episode, I chat with various cybersecurity professionals about the latest in industry news, emerging threats, practical strategies to keep your organization safe, and more. And this week, I'm really excited to have a dear friend of mine, Steven Dumolt. Steven, welcome to the show.

Steven Dumolt: Thanks for having me, Mick.

Mick Leach: Absolutely. So our listeners, just for context's sake, Steven and I worked together for quite some time at a previous company. And then we picked up that show and moved it on the road and went to a different company together. So Steven and I have worked together a long time, dear friends, both at work and out of work. And so this is for me personally, I will just say a lot of fun and exciting to be able to interview one of my dear friends.

Steven Dumolt: You're the only person who will get me on-air.

Mick Leach: Well, I appreciate it. I know when I first started doing this podcast, Steven was like, Hey, listen, I like the podcast, but I'll never come on it. And I was like, come on, man. And, here we are, a year and a half later, with the podcast going along, and Steven kindly consented to coming on and being a part of what we're doing. So I told him you have tons to share, and I'm willing, I'm excited to share that with our listeners today.

Steven Dumolt: This is way out of my comfort zone, so I figured I'd try it once.

Mick Leach: Fair enough. Fair enough. But here's the thing, right? There are lots of security professionals where they're not the talky smurf in the room like I am. This might be out of their comfort zone. But I think this is what I love is that people are willing to put themselves out there and show folks that, you don't have to be, you me or any of the other people that I have on that might be more comfortable in front of a camera or in front of a podium and have conversations, you have every bit as much to offer, probably more than me. And so it's important that the community sees the vast array of personality types, types of people, types of roles that do cybersecurity jobs.

Steven Dumolt: You definitely have the talking skills that I do not. I think that's why we always worked well together.

Mick Leach: Yeah, yeah, because you're the technical guy. You actually know how to do stuff, and I know how to talk about it. At any rate, so Steven, as you well know, probably one of the few that have listened to literally every single episode, you know that we like to talk a little bit about the guest and introduce yourself, then kind of dive into things. So can you tell us about your current role and how it connects to security operations?

Steven Dumolt: Sure. So currently I am a security engineer at Veeva. Our team is kind of all over the place. So we do IR work, we do traditional SOC work, we do project work. We also manage our own platforms. the SIM, EDR, that falls under our management as well. We get to do a little bit of everything. And yeah. So, fun. Yeah.

Mick Leach: Very cool. So I think on the podcast last season, I had someone from Veeva, Michael Vetri. How do you know, do you know Michael and how do know him?

Steven Dumolt: Yeah, so he's my director, and I offered him up for sacrifice. He tried to get me to come on last season. Yeah, so I worked for Michael as my director. There's no management manager in between. So I report directly to Michael.

Mick Leach: All right, very good. Well, that was one of the best episodes we've done last season. So thank you for that. I appreciate it. And I'm glad to talk to you as well. So what's one recent shift or challenge that your security operations organization has seen in the last couple of years?

Steven Dumolt: So I think we have seen an uptake in just raw incidents that we handle. Part of it is because the attacks are getting faster, fishing attempts are getting better, and our infrastructure is growing by leaps and bounds, both technology-wise and just raw system-wise, which throws everything in whack because there's more logs to ingest, more logs to analyze different types of logs to review and also different types of systems we have to kind spin ourselves up when we're reviewing the logs. So just the number.

Mick Leach: Okay. So that makes sense. Yeah. Yeah, for sure. So I want to unpack that, but before we before I dive deeper into that, because I suspect I, I suspect I know how you're kind of trying to, to mitigate some of that in terms of volume is through, through automation. I do want to double-click into that, but not yet. First, AI is all the rage right now. I just got back from Black Hat last week, and literally every single vendor on the expo floor was saying, we have AI, we do AI, bad actors are using AI. I mean, it's literally everywhere. So in terms of like hype versus reality of AI, what is one of the biggest misconceptions that you hear about AI in cybersecurity specifically?

Steven Dumolt: I think the biggest thing that the biggest issue I see is that people state that AI is going to kind of kill the lower ranks of you know, the SOC analyst, and from just me playing around with AI. I don't think that we're anywhere close to that, yet I think AI from a soccer perspective is, you know, can help us be better at our jobs and help us understand things that we've not seen before. But I don't think it's 100% or not even 70 % perfect. I mean, I've been playing around with it on my personal lab, and it gets things wrong that it will like back itself into a corner, and then you'll keep trying to get it to.

So last night I was being a little lazy, and I asked it to write a script for my virtualization server that would take a cloud IT template, install software, and configure it to use LDAP authentication, and it kind of backed itself into a corner where the authentication wouldn't work. So then I'd say hey, this is the error I'm getting and then rewrite parts of the script and that still didn't work because then it caused another problem So and it kept going in circles and circles So I don't think AI is a hundred percent perfect and plus if it if we did get to that point if you get rid of the know, the analyst ranks you're kind of shooting yourself in the foot because you kind of need your senior people that you want later to kind of be at that lower, you know, lower level. So they kind of see and kind of build their skills up. I don't think AI will ever truly replace the, you know, SOC analyst. And I think that's something that people need to really think about. Is it even, you know, I think it's a great tool.

And especially, as you said, every tool now has an AI component in it. So I think you have to figure out which AI is going to be beneficial. Because AI and EDR is great, but that's all it's going to be able to help you with. So does it make sense to spend time leveraging the EDR in your, or AI and EDR, or does it make more sense to leverage AI in like your SIM or something like that where all of your lobes get collected and it can kind of look across the board. So I think it depends on kind of your technology stack and what you plan to get out of.

Mick Leach: Yeah, I agree. You know, we did, and I don't think we've even talked about this offline, but here at Abnormal, we did a study not long ago, had some friends at Omdia do, it's like a research company, perform a research study that we sponsored. And some of the results coming back where they interviewed hundreds and hundreds of security leaders, were very similar responses to what you're sharing here, which is that AI is a tool. It's the risk of oversimplification. It's like adding a, it's like a calculator. With kids leveraging calculators, I remember when we were in school, they were like, Oh, at first they said, don't, you can't use a calculator because then you don't learn the concepts. No. The calculators made the simple stuff easier, but you still had to have the logic and the understanding later to perform far more complex calculations. And I think AI is that way. I think it's a tool like any other. It's going to make some aspects of our lives easier. But I think human in the loop is always going to be an issue, right? It's important, I think.

We continue to this day to struggle with in terms of transparency and explainability in AI, and I think we need better from vendors from the vendor space in in that area. So, you know, it's for those reasons and many more, I don't see AI is like taking over everything. It will automate certain aspects so that your junior as to your point your junior SOC analysts can focus on more impactful work, absolutely. I do believe that. Will it replace them entirely? No, I don't think so.

Steven Dumolt: No, I agree. think, you it will allow us to focus what used to be just looking at alerts and triaging to allow them to have a little more engagement, you know, be engaged a little more, work on things that are a little higher than that so that they can eventually reach that, you know, tier two or tier three, whatever their next move is that they want.

Mick Leach: Yeah, OK, so let me shift gears then, right? So we talked about what. Misconceptions there are with AI today. What have you seen AI or ML provide some actual real value in your environment there at Veeva?

Steven Dumolt: So I think probably with code when it comes to coding. So from the SOC perspective, we're still trying to work through like all our tools and the AIs that's coming out and reviewing those, giving, you know, vendors to explain why we should, you know, leverage that because most of them they're not, it's not like a free add-on, right? For your tools. It's usually a different purchase that you're going to have to go and you know,

I'm going to have to talk to my director and say, hey, we should be leveraging this technology. But I think when it comes to coding and reviewing the code, I think those are probably some of the biggest hits that our company builds software. So I think that's the biggest chance we have with improving our code readability. And then, for when I do our automation, I'm now using AI to help annotate a lot of my code or kind of make it a little more fault-tolerant. So I'll write something, I'll test it, it works. Maybe I'll be like, hey, can you expand out this function and also add the correct documentation and stuff like that. And I think that has allowed me to write, to kind of complete some of our automation tasks much faster rate because I'm the only one on the team doing automation right now, or the majority of the automation from the team, also means, we have one guy who does stuff for the SIN.

Mick Leach: Love it. So I want to tease out something there because you talked about it. You're commenting on your code. You're actually putting what it is and what it does in there and everything. Finally.

Steven Dumolt: Yes, yes, yes. So I've learned from the past two companies I worked with who I wrote an application for and they kept it up and then they had still called me, which I don't mind. I don't mind helping anybody out. But yes, now it's full, I've gone the route of full CI-CD type work documentation and documents in the code. And I try to use it for Python. I try to use it to actually build out a doc, you know, like an actual documentation booklet that shows how the application works and how to use it. Yeah, I've gotten better make from the writing lots of code.

Mick Leach: All right. I love it. I love it. For listeners who don't know us, we worked together for a long time and I had to rib him about this because I used to try, know, if Steven, heaven forbid, would go on vacation, I would be trying like crazy to troubleshoot his code and I could not make heads or tails of it. It's brilliant. It's great. But back then he wouldn't comment it really well and I couldn't figure out what's going on. It was a disaster. I was, there's no way I was letting you buy with that without ribbing you on that.

Steven Dumolt: Yeah, I know. I know. It was also like the two-week thing, right? You can guarantee my code was going to be the SLA was going to be two weeks, and it was going to have any documentation in it. But it always ran. It always ran. So that was good.

Mick Leach: Reminds me of that movie Money Pit where the contractor would always say, it'll be done in two weeks, two weeks. Cause Steven used to tell me that all the time. Jumping back to our questions, though, what is your approach there at Veeva to reducing analyst burnout and alert fatigue? This is a major problem in SOCs all over, has been for decades. I think it's only gotten worse with the advent of generative AI as attacks start to leverage that and overwhelm some of our tooling. What are you guys doing over there to sort of combat this?

Steven Dumolt: Sure, we've got a couple different approaches, right? So first, with our team kind of dabbling in a little bit of everything, so IR projects, system administration, we allow team members to not just feel that they're stuck in, know, okay, I'm stuck managing EDR, and I can't ever touch any of the other tools, or, you know, learn how they operate. So we kind of give people freedom to kind of, you know, pick their poison, right? As far as the data that's collected, there are varying degrees of automation. Some things we automate all the way through. Usually, those aren't detections, yeah. And then constantly changing our playbooks to be more efficient and updating the SIM logic to try to reduce some of those false positives that we see. And Michael, Michael, and the lead for what we call the blue team, which is the team I'm on. They're really good at looking at, you know, the metrics, the false positive rates, and you know, responding in time and kind of doing two-week sprints and, you know, trying to make the process a little smoother.

So, yeah, I think that's how, and I think it, for the most part, it's been working. And then we also, you know, we'll set off time where all the engineers will get on a call, a Zoom call for a half hour and just talk, not even about work, just kind of talk, just kind of goof off. And that kind of helps blow off some steam. Some, you know, sometimes we end up talking about work, but most of time we try.

Mick Leach: I love that. You know, that throws me back to when we used to, Bain, an old manager, well, she's not old, but she was our manager. And she used to do that. That was a big technique of hers. You know, what else are you guys doing? Cause I love that approach. I think there's a lot of value in that, especially for a remote-only culture where people are scattered to the four winds. You don't know where everybody's even located anymore.

But keeping folks engaged and connected is really important. What else are you doing to keep your team engaged and motivated?

Steven Dumolt: So we have an ongoing chat all day long. Actually, we have several. So we got one for the Blue Team guys, and we got one for the whole team. Our team under Michael encompasses vulnerability management, cyber intel, and the Blue Team guys. So we've got one chat that covers everybody. And sometimes it's about a lot of the chats are about work. Sometimes it's not.

People were putting memes in there, making jokes, teasing Michael. I like to you know tease Michael like with Abnormal today. Like yeah got an interview today. I finally told him no, it's not an interview. I'm just gonna mix podcast but I like to make you sweat so, you know, we do try to have fun at work, but like you said. Yeah, our whole team is remote. We've got two people in Canada. We've got people spread across the whole United States. Usually once a year, we get together as a team for a week. last month, the team met in Pennsylvania at one of the offices there, and they had a good time. And then another time every year, our whole security department meets. And usually it's Ohio because that's kind of where most of the members of the security team are. So, yeah, so we end up having two week on-sites. One is just our team and then one is the whole security team. And we bring members in from our European team and our China team, that will come in for that. So it's kind of good to kind of, you know, chat with some of the people that you may not talk to that often.

Mick Leach: Love it. What a great approach. Okay, I want to pivot a little bit, though, here. I know being in security operations, you and I have done this for a long time. The threat techniques and tactics and procedures that bad guys are bringing to the table are constantly changing. What new or unexpected threat techniques have caught your eye in 2025 so far this year?

Steven Dumolt: Yeah, so we have seen an uptick in fake jobs. know, Veeva jobs put on LinkedIn and it's like, that's not us. And automated calls, like automated phishing calls, have seemed to increase like within the past month. And then, you know, just the phishing emails are getting really good. It's like, I don't know if this is bad or if this is, you know, legit. It looks really good. So really having to dig into the information from the header and say, well, I think it's pretty good. I think it's okay. It's just marketing. Yeah, I think they're just getting better and it's the pace that they can come in now with AI and just is amazing.

Mick Leach: Yeah, well, I want to pull on that thread though, too, right? So you mentioned AI. How are you seeing adversaries use it and what are you doing to stay ahead of it? It's pervasive everywhere.

Steven Dumolt: So yeah, it is. You know, when you're talking about, for fake jobs. My team really can't do anything, right? It's an external, you know, we can work with some of the other members in the business and the security team to kind of get those taken down. know, like LinkedIn has been, you know, good at, you know, kind of putting things in place to alert us. But, you know, we really rely on our users to report, you know, some of it because a lot of it still gets through. Yeah, I mean, we rely on them, and then we kind of, okay, based on this email, and we've got three of them that look very similar, what kind of logic can we put in, or what kind of alerting can we give the company? So when they see them, they're like, okay, this is bad, just full clicking.

Mick Leach: Gotcha, gotcha. Now, before you had talked about the volume of attacks coming in, and I had mentioned that we have an area around automation. This is that space where I want to kind of double-click into some of this, just to understand and dig into it a little bit deeper. What's a win that your team has had using SOAR or other automation tools? I know SOAR is near and dear to your heart. You've been a SOAR engineer basically as long as I've known you, which is quite some time. So what do you guys do in there and some wins that you've had in that space?

Steven Dumolt: Yeah, so I guess we'd have to go back to I think like almost four years ago when I joined the team. We have grown a lot. So when I came on there were three members of the security operation team and they were kind of doing VM work. They were doing the blue team, the SOC managing. So all this stuff we're doing now, there was three people and they had a SOAR and the person who was running the SOAR was kind of given the SOAR, kind of like the guy who was running the SIM was kind of just given the SIM. So we've kind of been rebuilding the engineering the stack and how it works. Because the SOAR, the only thing that we're using it for was fishing and taking the stuff from the cloud platform that they use for vulnerabilities. That was it. So everything else was going into, know, any incidents were being tracked through Jira. And, you know, not a big fan. But so we've kind of redone our stack. We looked at how things were organized and kind of changed a lot of different things.

We've also added a lot of team members in the past four years to kind of help break out some of those capabilities so they have more people to focus on. And yeah, now stuff goes from our SIEM to our SOAR, and then it will also get alerts from other platforms, and the SOAR is our central point for investigative notes and uploads, and stuff like that.

Mick Leach: Okay. Yeah, that's huge. I remember when you and I worked together, you know, that was one of the biggest things we were always, always trying to do, is find ways to automate the collection and enrichment of data for, you know, alerts that were coming in from the SIM. Don't just give me an IP address. Tell me who owns it. Tell me where it's registered. Don't give me a username. Tell me who that is, who their boss is. know, like give me some details.

Steven Dumolt: Yeah. I think, you know, being able to use the sword to extract those data points and then search across different Intel feeds, right, is a huge win because then, you know, I may be able to query one, you know, okay, virus total, but with bringing the Intel feeds in and then just having it check against it, it's much faster. It's already there when the analyst logs in; they can say, okay, that IP, that's bad. It's got an Intel hit. This is likely something that does warrant a further look.

Mick Leach: Yeah, I love that. So you were the lead for our tuning and automation team when we worked together, when I had this off, you tuning and automation on the engineering side of things. That's near and dear to your heart. I hope our listeners are picking up on that. How do you decide though? Because we used to go round and round about this. I remember. How do you decide what is in play, like what makes sense to automate and what doesn't, like what's safe and effective to automate and what probably still needs to be done manually.

Steven Dumolt: So right now, data collection is almost always an automate scenario. The animal should not have to jump from the SOAR to the EDR to pull logs or whatever. I think where it comes into, should I automate, comes around, do I let a machine make a decision or do I have a person make a decision?

They, you know, so I'm not, I don't put much faith in, you know, barring the whole new AI capability, right? I don't like automate, you know, writing a script that says if this then, you know, good, or if that, if that it's bad. So I would rather say, you know, if this show the analysts this and let them and then ask them is this normal or bad. It also depends on the environment. There's a lot of things we see that you would think would be bad, but it's actually the way the environment is created that causes that artifact. after a while, like, yeah, hey, we need to suppress this from the, know, the SIEM or whatever. So yeah, I think data collection is always an automate, you know, or a candidate for automation.

But when it comes to a decision, where I'm like, I don't really like automating this, you know, unless it's very like if is evil, you know, is evil flag is true than, you know, but there's you don't get, you know, you don't get too many of those scenarios.

Mick Leach: Yeah, I do wish that the hackers would set the evil flag to true. It sure makes jobs easier, wouldn't it? But I do appreciate that. I agree. think there are times when we automate the collection of data, but we can't really automate the analysis of that data, at least yet. Maybe a time comes when we get there. I agree. I'm still in that boat. Took me a little slower to come around, which is why we used to argue about it occasionally. But we got there in the end. Thanks to Steven's pervasive arguments.

Steven Dumolt: Yeah, I think with AI, though, I think how I see that we could use it is, you know, we automate the collection, we automate the, you know, the maybe changing the formats. And then we have AI give an analysis and then we give it to the analyst to say, you know, here's what the AI says, you know, would you have come to the same conclusion?

And then maybe, you know, based on a use case by use case basis, after, you know, however many, maybe 100 or 100, every time the analyst says, somebody came to that conclusion, maybe that use case could just be automated. And then there's just a quick review by the analyst, and they close the ticket. So I think, you know, that's how we may use AI in the future.

Mick Leach: Yeah, I like it. Cool, okay, so now jumping maybe more into about like modernization of the security operation space. Have you adopted any like cloud native or API first platforms and what was the result of that? Did things improve?

Steven Dumolt: Yeah, so our whole company is cloud-based. We use about every cloud vendor you can think of. So every platform. We've got a few areas that are traditional, have domains and stuff like that. But for the most part, our whole company has always been cloud, which is an interesting environment to be in when you're coming from a traditional network because they do not function anything like it, you know. Normally, they don't, so there's a steep learning curve.

Mick Leach: Yeah, I learned that here too. Obviously, Steven and I have worked at a couple of companies together, so we have similar backgrounds. But coming to abnormal, again, startup, young, plucky startup, it's all cloud all the time, and everything's SaaS, and there's no real prem to speak of. There's not a data center somewhere that you could just walk into and start messing with servers or anything. So it was a big shift for me too.

At the same time, and I want your opinion on this, once I, once I got over the, the like culture shock that it different and so very different, for me, it was this realization of, man, this is going to be so much easier to maintain so much easier to, to, I don't know if I want to say easier to protect, but at least more streamlined in terms of what you need to do to protect yourself and your company and all of your assets. For me, that's how it felt. What about you when you got to Veeva?

Steven Dumolt: Yeah, so I had never worked in the cloud environment, so I didn't know what to expect coming in. I think there are some areas where being cloud makes it easier. So it's easier to actually codify things like with Terraform to spin up devices and security groups and stuff like that, that is not as easy to do on-prem.

A script that you could say, go rack a server for me, format it, install the operating system and set it up. Whereas with the cloud, you have that. And plus that stuff can go into source code repositories and have more visibility on how they configure and ensure that the configuration is the same or similar for each deployment. So I think that's easier. I think you have to have a little more visibility of how pieces plug in and how the outside world can leverage those resources. Typically with the domain, have one or two entry points for the network to come in or traffic to come into your network. And you can tighten those down pretty good. With the cloud, it functions way different and if you have multiple teams, they have the chance of opening something up that's not expected. So I think there's some pros and cons to both types of deployments.

Mick Leach: Yeah, fair point. Fair point for sure. Now I want to move into like metrics in the security operations space in particular. This is always a challenge is identifying the right KPIs, the right metrics that actually measure the value of the work that you're doing and help you move the needle on security. What metrics do you rely on or show to show the impact of your SOC there at Veeva?

Steven Dumolt: Yeah, so, you know, traditional, you know, MTTRs, MTTs, stuff like that, that, you know, we use more internally. You know, we do track, you know, tracking like closure codes, right? So, you know, we have dropped down for closure reasons. And our SIEM, which is our SIEM administrator, is our team lead. He's really good at analyzing those and dictating, for this type of incident, we're getting a lot in this closure code. Maybe we need to reduce, you know, we need to do some analysis as to why, you know, we're getting false positives or why we're closing it a certain way. But there are more things in the company that are you know so he's producing those numbers of the type of incidents how long it takes for the incidents you know what they're actually tying those incidents back to product teams so they can determine well you know do we need to look at those metrics. And then another thing is AI, right? So we're dictating or we're reviewing every month. We generate a report of the AI systems that are being used by our product teams. And, you know, how many users are going out to which platforms and then also tying them back to the business unit and the C-levels. So we can say for this C-level,

Their teams are using these five AI or are visiting these five AI platform sites to make sure that we're kind of sticking with the standard our company chose as far as the AI stuff. So making sure that somebody's not using one that the company has not reviewed and said, okay, yeah, you can use that AI.

Mick Leach: Okay, now that makes a lot of sense. And I like the approach and the metrics that you're pulling in. I've always struggled personally with, like, you know, how we interpret the data. Maybe we've just our tools have improved and our writing of detections have improved. So maybe we're just able to find more and alert on more activity than, you know, maybe it's not necessarily happening more.

Steven Dumolt: Right. And I think that's, you know, that's something that Michael and the leadership team are aware of, right? And they can kind of talk to those that while, yes, we've got a lot more incidents today than we did in 2022. We're also, you know, we've also done this type, you know, this amount of work. We understand that we've got more incidents because we were better at, you know, analyzing the data and getting the data to us to analyze. So yeah, I definitely think that's a story that the security team leadership, you know, communicates with.

Mick Leach: I'm glad. I love that. I love that the approach is end-to-end on that and they're able to better frame the data to tell the right story. So that's useful. we're coming here kind of to the end of our time. So I want to shift gears one last time and just ask about, you know, career advice. We have lots of folks probably tuning in that are thinking, man, this sounds cool. I love.

You know, I love what they're doing. I love the work that Steven's able to do in terms of coding and automation. And that just sounds fun. You know, what, what advice would you give somebody that is eager to get into this, you know, this role, but doesn't know where to start? What would you recommend?

Steven Dumolt: Yes, I guess there's two different, you know, paths, you know, people that have previous IT experience and then people that are fresh out of college, right? Two different kind of requirements. Because if you look at a lot of the, you know, Reddit or LinkedIn conversations, a lot of them complaining that the job market is horrible. I probably would not be in this job market if I was trying to get a job today because I think the biggest thing that you have to rely on is kind of your connections, right? So getting out there, meeting people in the environment. For people coming out of college, I would suggest not trying to jump directly into security. It can be done. Our team lead actually was right out of college, super smart guy. So it can be done.

I think a lot of times coming in and taking a job at like a help desk or a data center or something like that and learning kind of how IT functions is a good, a better base than coming straight in as a SOC analyst never working in IT before. So now there's some of those people that are just, they're great at it, but for a good base from what I've seen, know, taking, having a job in IT before coming into security is super beneficial.

Mick Leach: Okay. I like that. I like that you're what I'm hearing you say and keep me honest here is that, you know, don't be afraid of the scenic route. You know, don't be afraid to take the, you know, something else, something adjacent to security initially get into the IT world, start making some money, start learning. And then, you know, you can make some friends with the folks on the security team, start to pivot into that space. But don't be afraid if you don't get the first gig you go for. Don't give up. Don't get discouraged.

Steven Dumolt: Exactly. That's kind of how, so I came out of the military and my first job as in the civilian world was at a data center on the operations team. So we monitored the distributed systems and I got to meet, I got to talk with people from like Linux administrators, Windows administrators and we dealt with the backup team a lot. So I got to develop a lot of points of contact. And then, you know, my manager also, I told her, you know, I was interested in security. She actually hooked me up with the director of the security team that I worked there. And she pointed me to two numbers to shadow. And I think job shadowing, especially if you're in a company already, job shadowing is one of the best things you could do that a lot of people don't take, they don't use that often. So, because once you job shadow that at least get your name to those people. Then if you apply in the future, they're aware of who you are. They've met you, they've kind of talked with you.

So I shadowed our network security team for a day and I shadowed our desktop security team for a day. And yeah, that's kind of the route I came in. I think especially with the job market today with so many people having cybersecurity degrees or people trying to move from IT to security, networking is gonna be your biggest skill. Even if you are an introvert like I am, that's something that you have to develop and there's a lot of you know, lot of communities that you can join. So there's ISSA there's you know, InfraGard a lot of you know, most of them I don't think they any of cost anything and they have meetings everywhere. You know, you can join those go to the meetings start talking with people and get your name out there and kind of get advice from them because they're gonna know what's more needed in the area that you're at. And then have a have a personal lab that you're kicking around something. It can be as small as a virtual machine on a workstation that you're learning how to administer Linux or Windows or you're testing something. Everybody should have a little lab that they can play around with.

Mick Leach: I love it. I love it. I'm in the same boat, right? So, Steven, this has been such a great talk. As we always do, it's been a wide-ranging conversation that's taken us all over the place. If you can only have our hearers walk away with one thing, what is that one thing you would have them leave hearing you say?

Steven Dumolt: If you're interested in security, be curious about all parts of it. And not just security, right? There are technologies learned that while you may not be focused on security, your company's more likely. So just be curious. And you're kind of a master of your own future. you know, network, you know, in your community, who are doing the job you want to do.

Mick Leach: I love that. Very cool. Well, Steven, listen, this has been such fun. I'm so grateful for the chance to sit down with you and have this conversation. I mean, we chat like this all the time, but it's really fun to be able to record it for posterity's sake and share it with others. know, Steven's still one of my go-to calls when I get stuck, you know, particularly with code, because as Steven knows, I'm not a great software development engineer.

So I need help a lot, but Steven's still one of the guys I go to all the time. So this has been a lot of fun for me. Thank you so much for coming on the show.

And so, folks, this has been SOC Unlocked, Tales from the Cybersecurity Frontline. I am your host, Mick Leach, reminding all you cyber defenders out there to keep fighting the good fight. You're the tip of the spear, so stay sharp. Thanks for tuning in. Don't forget to like and subscribe, and check out our other SOC Unlocked episodes. We'll see you all next time. Thank you.