Artwork for podcast Secured by Galah Cyber
Podcasting and Cybersecurity: Karissa Breen's Insights and Advice
Episode 1512th October 2023 • Secured by Galah Cyber • Day One
00:00:00 00:51:23

Share Episode

Shownotes

Karissa Breen is the founder of KBI, a marketing and communications agency that works with cybersecurity and deep tech companies. After working in technical roles early in her career, Karissa saw that the complexity of cybersecurity often made it challenging for companies to communicate clearly, especially to those outside of the cyber industry.

An entrepreneur at heart, Karissa took a leap of faith, quit her job, and has since focused on helping those with technical expertise tell their stories more effectively.

In this episode Cole Cornford chats with Karissa about her experiences with podcasting, producing a TV show, the ups and downs of entrepreneurship, and plenty more.

Secured by Galah Cyber website

Time Stamps

  • 4:20 - Karissa’s career background.
  • 6:30 - Moving away from a purely technical role.
  • 7:20 - Cole: is a uni degree important for a career in cyber?
  • 11:10 - Karissa being inquisitive in her early years.
  • 11:50 - Treating people the same regardless of their job/rank.
  • 13:00 - Cole: lots of students think a uni degree will be enough to get them a job.
  • 15:00 - Karissa’s decision to pursue entrepreneurship.
  • 16:40 - Cole: starting out in business, naivety can be valuable.
  • 18:40 - Karissa’s journey building her business and getting into media.
  • 23:30 - In the early days of Karissa’s podcasting, what worked well and what didn’t.
  • 26:40 - Cole gives a shoutout to W2D1.
  • 27:30 - Karissa: podcast hosts need to enjoy/care about hosting their podcast.
  • 31:30 - Karissa’s TV show.
  • 38:00 - The importance of preparation for a podcast.
  • 38:30 - Karissa’s entrepreneurship journey.
  • 39:20 - Karissa: Entrepreneurs are a different breed.
  • 43:00 - Entrepreneurship is constantly challenging.
  • 44:30 - The importance of a good support network.
  • 45:10 - rapid-fire questions.

Mentioned in this episode:

Call for Feedback



This podcast uses the following third-party services for analysis:

Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

Transcripts

Cole Cornford (:

Hi, I'm Cole Cornford and this is Secured, the podcast that dives deep into the world of application security.

Karissa Breen (:

I randomly, literally randomly woke up one day and I quit my job with no real plans to do anything other than I'm going to do some rudimentary reconnaissance in this space and I am going to find out what's missing and build a business around that.

Cole Cornford (:

Karissa Breen, also known as KB, is the founder of KBI Media, a marketing and communications agency that works with cybersecurity and deep tech companies. After working in technical roles early in her career, Karissa sorted the complexity of cybersecurity, made it quite challenging for companies to communicate clearly, especially to those outside of the cyber industry. An entrepreneur at heart, she saw an opportunity, took a leap of faith, quit a job, has since focused on helping notice of technical expertise tell her stories more effectively. I thoroughly enjoyed my chat with Karissa. She's heaps of fun to speak to. We chatted about her experiences as a podcasting, producing a TV show, which is super impressive, the ups and downs of entrepreneurship and plenty more. Let's jump right on in. Hello, Karissa Breen, how are you going?

Karissa Breen (:

Good. It's definitely interesting to be on the other side of the podcasting hot seat. So hopefully I can answer your questions today, but I give you full permission to keep drilling me if I don't give you the right answer, considering I do that to other people, so it's only fair.

Cole Cornford (:

That's all right. I'm not that savage. Unlike from somebody interviews I've heard on your podcasts.

Karissa Breen (:

Oh, my gosh.

Cole Cornford (:

So the first question I usually go ask all my guests is what kind of bird are you and why?

Karissa Breen (:

So before we jumped on here, I did say I'm not a bird expert, which is still true, but if I had to pick one, it would probably be a cassowarie or potentially an emu simply because they are a bit savage. I've actually been chased by an emu before. I used to own horses when I was younger, and the emu just kept following me and they can be quite dangerous. Not that I'm saying that I'm dangerous or anything like that, it's just more so that they follow what they want to do and they don't have to necessarily follow pack. They sort of just operate on their own. And I value that and I value people who are pariahs out there. So maybe an emu or cassowarie would fit the bill for me.

Cole Cornford (:

I'm going to say probably not a cassowarie because you're not going to terrify people by your visage because cassowarie are just intimidating birds. So I don't know if a lot of people on the podcast know what a cassowarie looks like, but it's basically a blue alien with a dinosaur head that is six foot tall and full of rage.

Karissa Breen (:

Well, you are the bird expert. I did say I am not a bird expert.

Cole Cornford (:

So, emus is pretty funny too, because do you know that I think it was about a hundred years ago we had a war with emus in Australia.

Karissa Breen (:

No, I did not. That sounds terrifying.

Cole Cornford (:

And we lost. The emus won the war.

Karissa Breen (:

I feel like the first answer to the question is not going well. I didn't want to just go for a standard kookaburra and yeah, I actually don't don't know much about birds, if I'm honest with you at all. So, appreciate the tough question.

Cole Cornford (:

That's all good. All right, we'll move away from bird questions and then we go on to more about you, things that you should know fairly well, probably better than me also because I'm not a KB expert. So let's talk about your history and how you got into cybersecurity. Where'd you start? What was your background?

Karissa Breen (:

So my background is I have no university degree qualification. So if I were to apply for a job with AI, I'd probably get rejected. So I don't have that. So I think on paper back in the day I wasn't strong, but I think getting in front of people and listening to me think about things, I think that's where my strength was. So my career started in IT in Commonwealth Bank of Australia. So I worked in the SAP side of things originally. I did that for a bit and then I started to find an interest in cybersecurity probably because I heard more about hackers, et cetera. And then I think security back then, I mean this is probably going back 2014 days, 2013, 2014, security had a little bit of media attention, but not much. Definitely not to the same level it has today. And I was interested in it.

(:

And so then I knew the CISO at the time and I just started asking him all these questions and he was like, "Well, you ask a lot of questions," which sort of makes sense with what I do today. But he said that's the type of characteristic we need in our team for people to question stuff, for people to not accept the status quo simply because if you look at a cyber criminal, they are curious, they always go about reverse engineering, getting into things being relentless, and that's the type of mentality and mindset that we need to adopt in our business. And we also need people of different backgrounds, so we can't have everyone that looks the same, because we all going to think the same. So that's how I broke into cybersecurity. I had a very unconventional way. I just was very bold knowing me, went and asked the questions and next minute I was a reporting analyst and I was reporting on all the different parts of security.

(:

And then I used to feed that up into the CISO, which probably gave me an appreciation for narrative communications, storytelling, et cetera, which probably formed the genesis of what I do today, which we'll get into. But I think back then I started to understand the dissonance between technical people and the business, what people didn't understand, how to marry the two, how to present things in ways that people cared about. And so then I did a number of other roles in that company. And then knowing me, I'm an entrepreneur I believe at heart. And so I set out, did a few other things in a consulting firm, system integrator. And then fast-forward to 2017, I randomly literally randomly woke up one day and I quit my job with no real plans to do anything other than I'm going to do some rudimentary reconnaissance in this space and I am going to find out what's missing and build a business around that.

Cole Cornford (:

Ooh, so there's a lot to unpack there. So we'll go back to your business in a bit, but for now, let's go back to the fact you had no university degree.

Karissa Breen (:

Yes.

Cole Cornford (:

Because I speak to a lot of people like aspiring candidates, and the pathway usually is that they need to get some kind of tertiary qualification or they need to go get certifications or to just do something to break into cybersecurity. And so it's interesting to hear that the way that you were able to get into it was to just show initiative and have curiosity and basically move laterally within an organization. Because I don't know, I know I've heard of a lot of stories of people starting in help desk or starting in software engineering or something like that and then saying, "Hey, yeah, cool, I'm interested in a cyber thing. I'm going to move across this way."

(:

But yeah, I do worry that moving forward that not having a university qualification is going to be a tremendous barrier for a lot of people because we are seeing that it's becoming the baseline need, or the expectation for a lot of HR filters for a lot of these bigger firms because there's so many entry level applicants. Right? So what do you think? Do we need to look at maybe changing how we do entry level hiring? Because I know 2013 was a very different time and I got into my career around 2014 and that was from having a university qualification myself.

Karissa Breen (:

Yeah, look, I think that's number one. That's a hard question to answer. I'm not a hiring manager. From my experience of working in a large enterprise and working with talent acquisition teams, I could definitely tell that they didn't know specifically what we were looking for and then we had to use the special agencies, which maybe weren't specialists in the space. Maybe they would just run a big run-of-the-mill recruitment company that maybe couldn't find the people that we were looking for. So I could definitely see that there was the gap. I think as well, I also want to caveat with not everyone is the same. So how I approach things is very audacious, very bold, very direct. I can't say that everyone is going to have the same mentality that I had, and I guess that's just one way of just breaking down the door.

(:

However, I will also say that I was already working in a tech related sort of field anyway, so I just sort of just transitioned across. I also do believe, which I still stand behind today, is building relationships with people. You can get further when you do know someone. I think that that helps. And I think I do sometimes find an entry level people, maybe they don't understand the importance of that as much, and it takes time. I've been doing this for coming up, what? A decade or so, and I've had to really work hard to build those relationships. But to answer your question, Cole, look, the answer is I don't really know.

(:

I think that that's hard, especially you've got 50,000 people applying for things. What I think may help is seeing beyond a CV, because again, going back to my example, I didn't think I was strong on paper at all. I probably looked really, really sad, but getting in front of me and talking to me, it's like, "Wow, it's completely a different person." How do you do that at scale? I don't know. I don't have all of the answers, but maybe I think that people need to look higher on talent and capability rather than certifications and qualifications.

Cole Cornford (:

Yeah. I guess when you've got so many, when a cyber entry level cyber all opens and there's just so many people applying for, it's really difficult to ever have the time to actually understand what are the capabilities of these 50,000 applicants. So that's why we use these filters to just get through and shortlist people really quickly. But I think that we're missing out on a lot of non-traditional pathways and people who are really good, who like yourself could be audacious, they could show curiosity, they could be really interested in a very particular niche, they could have attention to detail, they might be fantastic communicators. And unfortunately, if we're all valuing people off of is whether they have achieved a credential, then it's really hard to get those other requirements that we might be interested in hiring new people. Right? So I really liked the story of you just badgering the CISO. That's really fun.

Karissa Breen (:

I know if I badged, but I think I was inquisitive, but yes, I think I was bold enough. I was what, 21 years old?

Cole Cornford (:

Yeah.

Karissa Breen (:

Probably not what 21 year olds do. I just went up to the [inaudible 00:10:33]. What I see today as well. I just want to make a quick note on that when you're talking. I just see people as people, I don't treat people differently because they're super senior, treat people on how they treat me. If someone's junior to me, treat them the same. I treat people with respect. And I do often see in these corporates, it's like, "Oh, well, the big guys coming around, we've got to make sure that we act a certain way." But I think you just need to be yourself and treat people of all levels and disciplines with the same level of respect.

Cole Cornford (:

I think there's a lot of people have a mental block about that. They see chief executive CTO, head of InfoSec, and then they immediately create barriers within their minds that I'm not important enough to be speaking to someone so senior or whatever. The thing is in five, 10 years time, they might be a manager or the head of InfoSec or a CTO themselves, they don't know where their career is going. And there's going to be another group of 10 people, people who are 21, who are terrified of speaking to you, and you'll forget about that. Right?

Karissa Breen (:

Yeah. That's true. That is a good point. I guess I never thought of it like that, and people may see that as aggressive, but I see it as assertive. And so for me, I'm just like, "No one's going to come down off the sky and give you anything, whether it's a career or this a business, you have to go after it because no one cares. No one's thinking about you." So I'm just like, "Okay, I want to get into this field, I need to make it happen." And that's what I did.

Cole Cornford (:

Yeah, I guess you are your own worst enemy in a lot of cases. A lot of the people I speak with at the university, because I do a lot of work with a University of Newcastle. Tomorrow I'm doing a guest lecture again, I just keep getting invited to do them. I don't don't know why. So they just keep finding this big burden saying, "Yeah, just throw in front of students. He's really nice." But one of the things that keeps coming up recurring from my conversations with a lot of these students is what are you doing to try to help yourself get a role? And the answer is usually, "Oh, I just get a university degree and then I get a job." They just don't think about what they're doing post university. They just turn up, do their lectures, do their courses, and then when I ask them, "Well, how are you intending to get a role?"

(:

They've just think that the qualification is what entitles them to get a role afterwards. And I haven't thought about attending industry events and networking, going to conferences, writing blog articles, doing any of these online things like try hack me or whatever. It's just foreign to them. And I recognize that university is a lot of work to go get a qualification, but at the same time, if you have to separate yourself from other people that there are ways to do that. And I'm just not seeing a lot of people understand that they need to do that in this environment. Right?

Karissa Breen (:

Yeah, 100%. And look, I think university still helps, but yeah, it's not an automatic golden ticket and you're in. There's still some work you've got to do, right? If it was that easy, then I think that we wouldn't have a big of a skills gap that we have in this space.

Cole Cornford (:

So moving on from that, you mentioned that you've taken the entrepreneurship journey. So what inspired you to firstly just chuck everything in and say, "I am going to run a figure out where does a gap in the market and I'm going to go and take that on?" Right? Because something, a lot of people when they start businesses, usually it's a bit of a side hustle. It's quite rarely that they're just going to say, "Boom, I'm going to do it. Today's the day I'm starting from scratch. We're going to make it work." Why did you move down that route?

Karissa Breen (:

Yeah, I think that's a good question. So I'm definitely a hundred or nothing type of person. One thing that's interesting when I'm speaking to startups, it's very hard if you're working full-time, you're running a thing on the side. But also I understand if people got mortgages and things like that, they've got things financially that they need to pay for. So I get that and I respect that. I think fortunately I wasn't in that position in terms of I didn't have anything like that, but then I also thought, "Well, here's an opportunity that I can leverage this time of not having of these commitments to actually go really hard at this and give it a go." Maybe I would say naivety was definitely on my side, but I'm grateful for that now, looking back retrospectively, simply because I wasn't afraid. Well, I guess the answer is yes, I was afraid, but if I were to do this now with what I know, I don't think I'd do it again.

(:

But I guess for me, I don't know specifically what it was. I think I just had a few bad experiences. I wasn't happy where I was. I felt I was being overlooked for opportunities. I felt that I didn't play a corporate game really well. I was too direct, I was too honest. And I think sometimes that went against me, but I also thought I'm going to be true to who I am as a person. And I also feel that when you are true to yourself, you can never be sort of found out. So for me, I wanted to employ those characteristics in my own business. And again, I wanted to find something that people genuinely needed. I didn't want to just come up with something and then figure out a problem after there was a gap and there was a problem. And I believed what I built does service that need in the market. But it was a tough road.

Cole Cornford (:

Yeah. I know that naivety is really important for an entrepreneur. When I started my consultancy business, I actually had never done consulting previously. And so I had to learn all sorts of things on the job like, "Oh, what is sales? What is marketing? What is all of these different aspects of actually building and growing a business?" Because all I'd been doing up until that point was being an individual contributor who is really good at application security. And so since nowadays, I understand all of the effort that I had to go through to get there. I encourage people to firstly maybe dip their toes in the water with doing some consulting and figuring out a bit of sales and stuff before they start their businesses.

(:

But I guess unless you really take the plunge, you're just going to just stay where it feels safe. It's very easy to just keep, stay in a cruisey bank role. You're just doing what you need to do and maybe doing a little bit of extra work on the side. So I understand where people are coming from. But yeah, I agree about living values. I felt that I did okay in the corporate sphere, but I wouldn't have ever really made it up into senior leadership simply for a similar reason to you is that I put people first. And often if you put people first, then that means that ultimately that isn't always in line with the business's interests. And so when it comes to making tough calls, I'd have to be sacrificing my values and the interest of the business.

(:

And now, funnily enough, as a business owner, I've had to do that myself and understand full well what it means. But at the same time, I wanted to be able to live these values and feel that what I'm building is doing something meaningful. And a lot of the AppSec work in Australia, it was just like running tools or doing very pigeonholed specific tasks. There wasn't really a meaningful discussion on the stage about how do we address this as a nation. So I really wanted to start that. And I can see that you are doing the same thing with KB cast and getting executives to talk about their challenges.

Karissa Breen (:

Yeah. And I think it's evolved, and I think it's going to continue to evolve. I'm not a person who rests on their laurels like, "Oh, I've made it, now I'm just going to sit here and do nothing." No, I'm constantly thinking, how can I get better? How can I finesse my craft? How can I bring more value? And I think as an entrepreneur, if you're not thinking like that, it will be hard to succeed because now things move so rapidly, there are businesses starting, and then in six months they're overturning large enterprises. So I think there's a real opportunity now for startups to start making headway. But again, you've got to have the right mentality and you've got to be hungry for it because ISA said, no one's going to hand you anything. You've got to go out there, you've got to ask, and you've got to back yourself. Because if you don't, no one else will back you.

Cole Cornford (:

So how did you end up landing on media in particular?

Karissa Breen (:

Yeah. So it's probably been a natural progression. And I want to say I never planned out to do any of these things. So one of the things that you probably do, which was different to me, is you had a very clear sort of intention of I'm going to go out inside an application security consultancy. Admittedly, you hadn't done consulting before, but you had a very clear view. I didn't. So I spent a lot of time like asking questions and observing the market, and then I created KBI Digital, which is a marketing communications agency that specialize in cybersecurity. So bringing forward my knowledge and my pedigree in the space of working on a client side as well as on the consulting front to inject into the work we do for customers. And then we're like, "Okay, well, we've got to build brand. We've got to build some rep." And best way to do that back then was a podcast and there wasn't many podcasts.

(:

Maybe Patrick Gray's podcast that I'm a fan of was the only one that existed, but okay, let's build it out. No one was really doing that at all. It was a very foreign concept, wasn't doing it in the way in which it is today, but I'm grateful for that because I've learned and cut my teeth on a lot of the trials and tribulations. So I started interviewing people to again, backdoor into the marketing stuff, which worked. And then all of a sudden the podcast started to get traction, and then I got offered an opportunity to run two FATV, the production company we ran for one season. And I'm thinking, well, I think there's a real gap here to expand on what we're already doing in this media world in the convergence between cyber and media to do a multimedia cybersecurity media platform. So that's what we've built.

(:

We're about to go live the new version of our platform. And I think that because I haven't come from a traditional media background, I could see some of the gaps and where the market needed to evolve to. Again, podcasting is massive. I keep saying to everyone, you need to have a podcast because that does build trust in brand. Again, it's going to take time. It doesn't happen overnight. But for me, I wanted to bring a new approach to the media world. I wanted to be able to ask the hard questions that I felt people perhaps were not asking, and I wanted to probably inject some of the vision that I had around where this industry needs to go. So that's how I randomly got into it.

Cole Cornford (:

I liked how you spent a lot of time establishing product market fit really early on and effectively saying, this need isn't being served. I need to go and do something to solve this problem. I see lots of people starting cybersecurity companies where there's already a lot of competitors in the space, and my question for them all the time is you can't go into markets where there are a lot of competitors, but why not just go and establish your own category and then own it completely and have a monopoly as long as you can convince people that it's something valuable, which that's always the problem with category design, right?

Karissa Breen (:

Correct.

Cole Cornford (:

But yeah, there's more people are going out there and just starting more pen testing firms and it pains me every day that I see another shop pop up because someone wants to do pen testing contracting instead of meaningful cyber risk reduction, right?

Karissa Breen (:

Well, you are right. It does take time. And that's probably been one of the challenges is spending the time educating people for years. Okay. On this is where things need to go. So I can understand that people go, "I'm just going to do what I was doing before." So if you're working in consulting firm, pen testing firm, I'm just going to create my own. I kind of understand the logic behind it, but for me, a hundred percent, I want to do something different. I can see the gaps. I'm like, "Hey, I can plug here, here and here. Could bring this up, could do this." And there's complexity to this nuanced world. It's not just media, it's not just cyber, it's the convergence between the two, which I think does make it very, very unique.

Cole Cornford (:

So I guess a question then is with your podcasting, what went well early on and what went really badly?

Karissa Breen (:

So I think what went well was probably people just wanting to give it a go because I said it was pretty foreign back then. This is going back 2018 days.

Cole Cornford (:

Yeah.

Karissa Breen (:

What didn't go well was there was no one that we could really mirror off what we were doing because there's a lot of stuff as in the backend that has to take place. I Also like to do things really, really well. I don't like to just do things at a 20% and she'll be right type of attitude. I'm very OCD about having precision. So for me, I was like, "Okay, we've got to finesse what we're doing." So I guess maybe the process at the beginning wasn't the best. I would say now it's significantly better.

(:

I mean, we get compliments on it, but again, I'm not just stopping at that. How do we get better? How do we make it easier for people to understand how the process works? Process to me is very, very important and communicating that effectively because at the end of the day, a lot of comms breakdown is, "We didn't know the process, we weren't aware or we weren't informed." So for me, I think that's something I put a very big focus on and it'll continue to evolve. So if there's feedback that we get that maybe there is a gray area, quite happy to hear that and to improve it. I want the feedback.

Cole Cornford (:

I think it's really important to continue having that drive indefinitely. Like you said, you don't rest on your laurels and podcasting, like you said early on, it was kind of hard. We didn't have references to go compare your show against and see what they do. I guess nowadays there's a tremendous amount of competition. The competition isn't just from cybersecurity podcasts, it's from just everything. Because you've got news and current affairs, you have media podcasts, you have fun and entertainment ones about Dungeons and Dragons or whatever. So it all basically the attention economy, people only have so many car trips that they're doing nowadays, and I find that's where most people listen to podcasts is on their commutes. And would you say that people traveling to work less has impacted the amount of listeners that you have as well?

Karissa Breen (:

No, not for me personally. Probably because I started doing this a lot earlier. I also think because we're independent, we're not backed by anyone. So I think always being independent, you will always naturally get attract more listeners. I also think being consistent. A lot of people that I've spoken to in this game, "Hey, I'm going to do a podcast," disappears. A lot of work and it's a commitment and it doesn't matter, so if I've got to go on a holiday, which I did as you know last year in the US for a month, I made sure that those podcasts were ready to go well in advance. So this took planning. This wasn't me just freaking out at the last minute. So it takes planning, it takes dedication to keep showing up. We are doing two or three deployments a week, but again, this is my job.

(:

Whereas other people like yourself, this isn't all your job. You've got other things to do. So I can sort of understand at the same time why things stop after a while. People get burnt out, they got other things going on. But again, I'm very, very committed to when I set out to do something, I do it and I do it in totality. So for me, I'm someone that I go by my word and I don't go against that. So for me it's more about challenging myself than anyone else. But I would say as well, it does take a while before you get a solid listen [inaudible 00:25:46]. So when people come back to me and say, "Oh, I've done 20 podcasts and no one's listening to it," well do 200 and then come back and tell me how it's going.

Cole Cornford (:

For me, I've wanted two, but I've always wanted a few things. The reason I can run my podcast is I've got a really good company welcome to day one, who helped me with a lot of the stuff that's not so interesting, like scheduling, like doing post-production and shifting things around, speaking to guests to try to get them on. I get the focus on the part that I really like, which is on listening to people's stories and helping elevate their brands. And I know that if I didn't have that, I would probably be spending 20 hours a week or something on something I don't find terribly interesting. And I wouldn't make it to the 20 episode mark because that's probably where most podcasts fail as I reckon I don't even get to 20 episodes.

Karissa Breen (:

Not really.

Cole Cornford (:

For me, if you're not having fun, why would you be doing it? I love meeting all of these different people.

Karissa Breen (:

I think it's just I've got to do this thing, this marketing thing, I'm going to do it. But sometimes, and I'm not talking about cyber ones, it's talking about even outside podcasts that others to is you can tell that someone doesn't really want to be there. So if you don't want to be, don't, because it comes across in the interview, it sounds contrived, it sounds banal, sounds like you don't care. So I always say to people, "If you want to do it, actually be interested in it. Don't just do it because there's a thing you've got to do because your tone, how you come across questions you ask, are you listening or not listening? All of that your audience can pick up on. And then as a result would probably as a byproduct of that would mean that they don't listen to it anymore."

Cole Cornford (:

Yeah. You can always tell when people are engaged. It's the same with honestly public speaking with how people write. Just any kind of content or media in general. If you don't care about what you are saying or what you're doing, someone's volunteered you to go onto a stage and talk about risk and you just don't care about risk. You want to go play video games or spend time with your kids, then you're going to give a boring presentation. The audience aren't going to listen to you, take home any messages. You're just a body on a stage. And I can totally see that with podcasts as well because if you've just had your marketing person come up and say, we need to do four to five episodes with partners so that we can reference them as case studies, go speak to some partners and then we'll put it in the backlog.

(:

Yeah, it's not going to be into it because you just don't care about the outcome. And for me, that would be hurtful for me to do something like that because I care deeply about listening to people's stories and their experiences and helping them get a profile in Australia when otherwise it could be quite hard. For yourself, you've already got an amazing profile, you're great successful media company, but a lot of people I bring onto my podcast, this is the first time that they've actually had a chance to tell their stories. So I'm really happy to be able to enable that. And since I'm driven by both my mission and having a bit of fun on the side as well, I feel like I can just keep doing this forever because all of the rigmarole around the hard yakka, that's being managed by someone else who is paid to do that.

Karissa Breen (:

Yeah. And I can definitely relate to that. And I think that's why I keep showing up. Even if I've had a big event the day before and I've had to go to bed laid or whatever, I'm still up there the next day. I don't keep my guests waiting. So having that respect for people, I don't sit there and say, "Well, it's my show, I'm going to be late." No, I'm there. And if there is any reason like that, I've got back to backs. I always let these people know to say that because I think respect is really important for me both ways.

Cole Cornford (:

Yeah. I try to make sure I understand people's backgrounds before they come onto the cast because there's nothing worse than having an interview host who's just not prepared. I'm planning on having people who've written books. I want to read those books in advance so I can reference the material that they've written and make them feel happy about the fact that someone is taken the time to invest in understanding what they really care about enough to put on paper because man, a book, that's an investment. It's a huge investment. And there's plenty of other people who've done conference presentations or they've found some specific vulnerability class or they just have a really interesting story based on their LinkedIn background. You've got to prepare for these kind of things.

Karissa Breen (:

Most definitely. Couldn't agree more.

Cole Cornford (:

Cool. So let's move on to something a little bit different. So you said that risky business is one of your competitors, and I also know that they're moving into alternative forms of media as well because you have them writing up blog posts now as well as doing the main podcast and doing multiple. So it feels like some of these major podcast providers and now bridging into other forms of media as well. So it's good to see that you've gone a step further and moved into television. So could you tell me about [inaudible 00:30:24] TV and what was the premise of the show? What were you trying to do and how did it all evolve for you? Because outside of, I think there's a cyber CX sponsored TV show called Hunted or something. I haven't really heard of many other TV productions.

Karissa Breen (:

So I would say Risky Biz and I are probably not necessarily competitive, I mean from a podcasting point of view, but I don't see it like that. I think he definitely covers more of the technical stuff and I do more of the exec stuff. So I think it's more so there is complimentary. I saw Patrick this year at the Journalism Awards, so we'd love to get him on the show. I think he said he was open to it. So yeah, it would be a bit of ideal to have him as a guest and hear his thoughts over the years. But to answer your question, that came around through, again, I knew someone that came to me and said, "Here's an opportunity. You're already doing all these podcasts, you've already done this and this. You're an independent person. Hey, how about we commissioned something?" Which we did, and I guess the premise was for it was we want to do short snappier.

(:

It's different for a podcast because when you're listening to it, you can listen to it and you're walking, as you said, commuting. When you are watching something, it's very hard to watch something at length on a platform like YouTube for example. We learned through trial and tribulation by getting feedback, assessing it critically on how we can improve. And so towards the end of the season, we sort of did more 15 minute rapid fire interview. So I was the host that I produced as well. Two guests came on to hear their perspective, again, not from a slamming point of view, more like, "Well, what are your thoughts? How can you contribute to making our industry better?" The way in which we produced it was very, very different. So you'd have things, we run news packs which you'd be familiar with Channel seven when here's a story, and then they do the context on that story usually showing other images and video that they had, I don't know, gotten from the internet or they've filmed earlier that they do the voiceover for, that's what they would call a news pack.

(:

And then of course, bringing experts on in my network to answer the questions and to have a conversation. And so it's definitely different to my podcast simply because that's more of a deep dive and I focus on one topic and I go very deep into it and I ask those hard questions. But this year this was a little bit different. The production company actually got acquired. So we are probably looking to commission another season of that. But again, it was something that was very unusual and we built this from scratch. Again, there was nothing that we could say we're going to do it exactly like that. I'm not familiar with the hunted one to be honest, but for us, the creative director is X Today show. So he had a lot of influence in how this should be produced, which gave me a lot of knowledge and understanding on how to run something of this scale in the future.

Cole Cornford (:

One thing I really appreciate about you, KB, is you just have such an intense focus and desire on making sure that you think through the entire customer journey, the customer experience. How are people using my podcast? How are they participating with written media? How are they using engaging with television programs? And you just think, how do we do this better and better and better? And I just love that attitude because it's such a strong reason that you're a successful entrepreneur. Because I know that so many people just don't do that. For myself, I did two different types of media fairly well, which is written blog posts and presentations.

(:

I'm one of the circuit speaker kind of people. I go around presenting everywhere. And for every single presentation, I always think about who are the target personas in my audience that I'm try to communicate a message to? What is the narrative? How am I going to be able to cover three main themes that they can take home? How do I bring them on this journey? How do I cut all of the content that doesn't make it down to 18 minutes? How do I inject humor into parts that can be a little bit boring, right? Really think about what is it that makes someone a fun person to listen to and that I can walk away feeling that not only did I enjoy hearing from that person, I also have some practical security knowledge to take back with me.

(:

But most presentations I see are so focused on the technical weeds, so they're incredibly dry, or it's a PowerPoint deck that's just a thousand words. They just don't think about these kinds of things. So it's refreshing to me to hear that you are doing the same thing with your emphasis on television, because I wouldn't have considered that yeah, you consume podcasts passively while you're doing something else a lot of the time, like if you're programming or you're driving or whatever, but YouTube and TV, it's an active hobby. You have to watch it. You can't just be mowing the lawn and listening to your executives speak, right?

Karissa Breen (:

No, exactly. And I think that it comes from a behavioral analysis. So now people are consuming content on what platforms as well as aesthetically. So for example, when people are like, "Oh, you should record a podcast," and then you and I are doing this remote, but it's like, "Yeah, but the background isn't the best," so aesthetically it's not going to look as good when you're doing video stuff. I don't know that I have experience in producing documentaries and TV type programs, et cetera. So I think understanding, if you wouldn't watch it, why would anyone else watch it? So that's where my mind goes. But with podcasts, a hundred percent, I listen to podcasts every day, multiple podcasts a day, but I'm listening to it in my ear, so it doesn't really matter about can we see each other or not. And if you are going to go down that route, then you need to think about how you're going to produce it, how it's going to look aesthetically, because that's what's going to attract people into watching it on YouTube, for example. Those are the things I don't think people consider.

Cole Cornford (:

Well, my podcast hosts ask me to move to video because generally on LinkedIn, video gets more engagement. And I always say to them that I'm not so keen on doing that. I enjoy my snippets on the marketing snippets you probably come across from where to get extracts, and it's just like pictures the person's face and you can hear them listening with some transcripts. And the reason I don't like video is that it means that both the guest and the host need to prepare or be in a physical location together. It just makes logistics tremendously hard. And because of that, I figure that if I want to not make things hard so I can continue doing the podcast, then I'm not going to do that, right? Because if it's a challenge, people give up. So I know when I heard video, I was a bit skeptical at first. I know the amount of effort that goes into that.

Karissa Breen (:

Well, I thank you really appreciate your understanding that yes, it is, it is a big effort, but again, I enjoy it and I love it, but it is a hard skill and I think, again, being prepared, the amount of people that I've interviewed me that are not prepared to the point where people got my name wrong, those are the types of things that would illuminate to me that this person is not prepared.

Cole Cornford (:

So a question then I guess for you is let's move away from podcasting and just the media and marketing in general and back to your entrepreneurship journey. So we have, I'd say in Australia it's fairly nascent. A lot of people I think are quite reluctant to take the risk to start their own businesses. Do you have any advice for people who may be wanting to do that but are a bit risk-adverse?

Karissa Breen (:

Yeah, look, I totally understand. It is scary. I can relate to that. There's been times in my journey I'm like, "Why do I bother doing this? It's very, very hard." I think going back to why I started this, and sometimes when you're dealing with something difficult, it's very hard to remember that having good people around you, but people who get it, right? That is going to become hard when you go out on your own and you're an entrepreneur because there's more people who are working for other people than there are entrepreneurs. So that is hard. I've found being around the right caliber of people has helped me in my journey. So I know a number of entrepreneurs that are doing their own thing. I think entrepreneurs are a different breed and they think differently, and it's not better or worse, it's just that you have a similarity with someone else that you can relate to and that you can talk to about difficult things.

(:

The chances are you talk about something, "Oh, I've been through that before." You're always going to get a bit of that. I think that took me some time though, to find those people. But if you really want to do something, you're going to do it. Whereas I have seen people go out on their own and then they're like, "Oh, no, no, no, no, no, I'm going to go back and work for someone." You are not going to sit there from day one and earn a million dollars. It could take years. Depends. Even people with funding, I've seen them fail as well. It's not about having the money in the bank. It could be a number of reasons, like you said before, are you just going out and doing what everyone else is doing? Are you finding a unique gap? Think about it. And I know it sounds really rudimentary to say, "Oh, we'll do your research and all of that," but have a calculated approach.

(:

Again, I was definitely not like that. I'm trying to explain this from my own failures and the lessons that I've learned, but one thing I did do well is understand the market inherently. Look at how all the pieces connect, the media, the PR, the consultancy, how big businesses procuring security products. Think about all that. You've got to think about the ecosystem. I don't see enough people going along those lines holistically. But also at the end of the day, if this is your drive and this is what you really want to do, you'll make it happen and you'll leave heaven and earth to do that. I don't know if everyone out there has it in them to do this type of work, because I've been doing this for six years and I've seen people come and go and there's absolutely nothing wrong with it. But when you see a serious entrepreneur that's not going to give it up, that's where I see serious amounts of temerity, but tenacity really kick in.

Cole Cornford (:

Yeah, I think that that's some really, really good advice there. Find your peers. For me, I have a network of other people who've started businesses, exited from a few of them successfully, some exited from them badly and regret the outcome after putting many years into it. You can learn from both experiences. People are quite happy and generally want to see you succeed. I have not met another business owner, even as competitors who don't want to see other business owners succeed. So find your peer network and just I agree with that. Learning business is challenging for people who've always stayed inside the cybersecurity holes. So that's a really good point to be bringing up because if you can't talk to a CTO about the budget cycles or what kind of risks are they managing or just like headcount, cashflow, MDF, these kinds of things, then you're going to have a challenge.

(:

So learning business really helps you understand in a whole ecosystem how everything is connected. And yeah, I think in my salient point though, it's hard yakka this entire interview. I've just been getting a sense that you're driven by purpose and that you just really want to get things done. And I think that people who feel like they can just basically get themselves a contracting gig, yeah, that's all well and good, but that's not a business that's just swapping from having permanent benefits to having a little bit more money, but ultimately you're not running a business then. So it's putting in the effort and expecting 80-hour weeks or more for the first couple of years operation. I know I've been through there, I've got two young girls and I'm still out traveling for BD and picking up the phone and calling people for sales every day.

Karissa Breen (:

Yeah. But I think as you grow, you get different challenges. And like I said, if someone just says, I don't want to work for someone, I'm happy to do contracting gig, that's absolutely fine. It goes back to what you're driven by, what your purpose is. I like building stuff. I also like challenging myself that I've developed this thing from nothing. And again, going back to I found a gap and I filled the gap and I wasn't replicating anything that I do of anything specific. And I've generated this and I've invented this thing that I'm doing. And that to me is what is cool about it. But at the same time, it is hard work. There's been a lot of sacrifices along the way, having the right spouse or husband, wife, all those things that people probably don't consider as well that need to go into this.

(:

I'd really supportive parents. At no point when I said I'm gone at my own at 25 years old, did they say, "We don't believe you." They're like, "Not, we back you. How can we help you?" And they have continued to help me by supporting me, and that is really important. And I know for a fact that other people don't have that. So I'm internally grateful that I've had that and that I don't think I would be where I am today with the people that around me that have genuinely been there through really hard times and have said, you'll get through this. And you know what? Things pass. Things happen, things move on. And I know that not every day is going to be great, but I know that I've got the resiliency now to just keep fighting.

Cole Cornford (:

It's absolutely a rollercoaster and you need that supportive network of both friends and family to support you. I'm lucky that I have my wife. My wife is really, really kind and just helps. I know it's a very manchild of me to say, but lets me focus on my business a bit so she can take care of the kids. And I still spend a lot of time taking my daughter to art club and doing little athletics on Friday nights with her and stuff. But at the same time, I do have to travel for work and I do need to stay up late sometimes writing up statements to work or doing code reviews or whatever. And if I didn't have a supportive family, I don't think I'd be able to do this because it gives you meaning and purpose to be able to continue as an entrepreneur. So I'm really happy to hear that your parents are super supportive of you, KB. All right, let's move on to the fast questions.

Karissa Breen (:

Okay.

Cole Cornford (:

Yes, the fast questions. All right. These are the very quick ones, so whatever comes straight into your head.

Karissa Breen (:

Oh my gosh, I didn't answer the third one great. So now I'm nervous.

Cole Cornford (:

I know. This is very intimidating for people. All right, so first question is favorite book or a couple of books to give to a friend for Christmas?

Karissa Breen (:

Art of War?

Cole Cornford (:

Art of War? So Sun Tzu?

Karissa Breen (:

Yes.

Cole Cornford (:

Yes. Why? Tell us more. Tell us more.

Karissa Breen (:

Well, look, it's a short book, so people who aren't big readers, it's not going to take up too much of your time. But also I think that there's some underlying lessons in there which I employ that I remind myself of. And also you were trying to win a battle with least demands and turbulence, right? You don't have to go in there and blow everything up. So there are ways tactically that you can approach your business or your day-to-day life without creating a big scene. So I think that there's some hidden gems in there. And again, it's not a large book, so I would encourage anyone to read it.

Cole Cornford (:

Yeah, I like those short salient ones. One, I recommend every now and then is Make Your Bed, which is just a list, like 10 different lessons from Admiral William McCraven. I think about things he learned in the seals, and they're just short little stories, like a free pages long about some kind of life lesson you learned. And they're really nice too. So I think, yeah, those digestible small little books, you're not handing someone like, here is a CISM guidebook, go learn everything cyber.

Karissa Breen (:

Oh my gosh, sure CIS. But I've got the CIS book, I still haven't opened it yet. It's so overwhelming.

Cole Cornford (:

It's a good weapon. You can just pick it up and then donk someone on the head, and then you know that's how you can be physical security. That's what CIS has taught me.

Karissa Breen (:

Oh my gosh, fair enough.

Cole Cornford (:

So second question, who's your hero and why?

Karissa Breen (:

Look, I think there are multiple heroes. I think that, again, I'm just going to say my parents. I think that I probably wouldn't do this without them. That's who you remember when you're growing up. And I think that they've engendered a lot of the characteristics and the traits that I have. So I would say that as cheesy as that sounds, is definitely them. I have a lot of respect for them, and equally they have the same respect back. Definitely they'd never seen me as you are the child and I'm the parent. It's more like, "No, I respect you as a human being and what you want to do." And for me, that's definitely made an impact on my life.

Cole Cornford (:

I'm happy with my parents as well. So my mother passed away quite early in 2015.

Karissa Breen (:

Oh no, sorry to hear that

Cole Cornford (:

Year into my first cyber role pretty much, right? And it was a challenging period, but throughout my upbringing, she was always supportive of me, even if all I was doing was playing computer games and just going and learning university. I think having that independence and autonomy was really helpful in knowing that they were going to support me regardless of what I did. And I'm trying to live those values for my daughter Sydney at the moment, and helping her explore different activities, even if she doesn't like them, and just listening to what her feelings are. So we've got to do what we can to emulate the values that our parents instill in us too. Right?

Karissa Breen (:

Most definitely.

Cole Cornford (:

All right. And last question for you, favorite fellow podcasts?

Karissa Breen (:

Okay, so I'll be honest, by the time I do my podcast, I don't listen to too many security ones. I'm probably secured out, but favorite podcast, Lewis Howells, love him. Tom Bilyeu, he's an operator. The other one is Diary of a CEO. They've got some great episodes. I think anything for me, I'm very big on personal development. Ed Mylett is another really good one. Personal development, confidence, all those types of things are really important for me and really challenging myself. Those would be the main ones that I would sort of oscillate between.

Cole Cornford (:

For myself, there's a period of time where I really listened to, I think Jordan Harbinger was his name, if you've heard of him, and Scott Galloway, so Prof G. And Jordan's very much about respecting people and just dealing with interpersonal conflicts and stuff. And Scott was always a bit of markets, but also how to be a good dad. And those are things that I listening to nowadays. But yeah, I think it's good to get our heads out of just pure InfoSec because we spend it every single day inside of it. So listening to podcasts outside of our streams really important.

Karissa Breen (:

Absolutely. And like I said, I probably need a break from it because consumed in it all day.

Cole Cornford (:

All right, well, speaking of breaks. So I think that this is where we're going to call it. So thank you so much, KB, for coming on. It's been an absolute pleasure. Do you have anything you'd like to say before we wrap up?

Karissa Breen (:

Oh, well, first and foremost, thank you for having me. It's been an honor. Again, it's definitely very weird being on the other end of being interviewed. I think that people want to check out my podcast that can, and if you have any other questions about being an entrepreneur or anything along those lines, I'm quite happy to help because again, I do believe in the law of reciprocity. I've helped a lot of people, but equally they've come and helped me back. So if there's anything you need, I'm definitely more than happy to point you in the right direction.

Cole Cornford (:

All right. And I think that's on kbi.media and the podcast is called KB Cast with a K, right?

Karissa Breen (:

That's it.

Cole Cornford (:

All right. Thanks KB, and I'll speak to you soon.

(:

Thank you for listening to this episode of Secured. We hope you enjoyed today's conversation. Don't forget to follow the podcast on your favorite platform and leave us a review. Want some more content like the above? Why not subscribe to our newsletter a galahcyber.com.au/newsletter and get high quality apps. Say content straight to your mailbox. Stay safe, stay secure. I'll see you next episode.

Links

Chapters

Video

More from YouTube