Get IT Started Podcast

EP 5 – Chase Cunningham and Den Jones Talk Zero Trust

Hello and welcome to Get It Started, Get It Done, the Banyan Security podcast covering the security industry and beyond. In this episode, our host and Banyan’s Chief Security Officer Den Jones speaks with Chase Cunningham. Chase is a retired Navy Chief Cryptologist with more than 20 years experience in Cyber Forensic and Analytic Operations. He holds a PhD in Computer and Information Systems Security/Information Assurance, and is known in the industry as Dr. Zero Trust.

We hope you enjoy Den’s discussion with Chase Cunningham.

View Transcript

Speaker 1:

Hello and welcome to Get IT Started, Get IT Done, the Banyan Security podcast covering the security industry and beyond. In this episode, our host and Banyan’s Chief Security Officer, Den Jones, speaks with Chase Cunningham. Chase is a retired Navy Chief Cryptologist with more than 20 years experience in cyber forensic and analytic operations. He holds a PhD in computer and information systems security and information assurance, and is known in the industry as Dr. Zero Trust. We hope you enjoy Den’s discussion with Chase Cunningham.

Den Jones:

Hi, everyone. Welcome to Get It Started, Get It Done. I am your host, Den Jones, Banyan Security’s latest entrance into podcasting and hopefully we don’t screw it up each time. But, every session, episode, we’re gonna have a great guest. And this week I’m delighted to have Dr. Zero Trust himself, Chase Cunningham. So, hey, Chase, how are you doing? And welcome to the show.

Chase Cunningham:

Hey, thanks for having me on. You must be you know, you must be slow on guests if you’re dragging the bottom of the barrel already. (laughs)

Den Jones:

(laughs) Well, we, you know, we figured, you know, there’s people like yourself that are going right on the circuit, senior people, great careers, advising other people, you know. And, you know and you’ve seen, and done the whole zero trust game. So, love, I’d love a couple of things. So, you and I met, I guess you and I met after I joined Banyan, but you had some origin story of how you’d heard about me before I even joined Banyan. So, do you wanna share with everyone any recollection there?

Chase Cunningham:

Well, I mean, I think I ran across your story as far as one of the folks that had actually done the work at a big organization. When they told me that you were gonna be joining Banyan, I was like, “For real? ‘Cause,, I heard he actually knows what the fuck he’s doing.” Which is, you know, rare in this space.

Den Jones:

Yeah. And, yeah, so that I think goes back to my days in Adobe, right, where I was trying to, trying to get 40,000 people moved onto this platform and stuff. And to be fair, right, before we even went on that project, I, you know, my architect, he was convincing me that this was the right thing to do. And I was sitting there thinking, “Why do I wanna make my 2,000 application authentication experience, you know, more fragile or something?” I just wasn’t sure. So, yeah. And so, first off, could you just give a little background about yourself? How did, how did you get into security? You know, where did you kinda grow through the ranks?

Chase Cunningham:

Yeah. So, I’m incredibly lucky with my career. I could’ve just as easily wound up in Leavenworth, I think. ‘Cause I was military, I was doing stuff, that I wasn’t supposed to be doing on board ship. Somebody noticed that, you know, I had a bit of, I guess you’d say talent for technology for the network side of things, the programming and sorta computer side of things. Back before I was actually a trash programmer… Which I’ll say right now, you don’t want me developing code like, I’m a bad, bad code author. But, and then, I just sort of fell into cyber after that and the intel community, and was lucky enough to do a bunch of work in government agencies, follow onto that. And then, Forrester, following that.

Chase Cunningham:

So, I, and like I say like, I mean, that’s one reason why I try as hard as I can to help other people out because I 1000% am just lucky that other people have taken chances on me and I just happened to be at the right place at the right time. It’s not ’cause I’m smart or good at my job. It’s just because I’m lucky. (laughs)

Den Jones:

Yeah. I mean, yeah, it’s, so there’s a couple things. It’s like, one is, you know, you’ve been someone that’s devoted yourself to service and serving others, right, so whether it being in the forces, and even in your time in Forrester, right. You’re engaging with people and trying to take that knowledge, and share that knowledge, and stuff. So, now that gets me onto another thing. So books, so talking about sharing knowledge. So, you’ve got books and there’s… So, an interesting story between the number of books you have and the number of patents you have. So, what’s that about?

Chase Cunningham:

Let’s see, so I’ve got, three comic books, I’ve got one, two, three sort of grown-up books, I guess you’d say, and I’m working on another one. And I just found out this week that my Cyber Warfare book is now on the Cyber Canon Hall of Fame, so that’s kinda cool to be able to say I have a Hall of Fame book. (laughs) Not that anybody knows what the Cyber Canon Hall of Fame is, but hey, it matters to me. (laughing)

Den Jones:

(laughs) Yeah, that’s pretty slick. Now, and then, the parents. So, I thought I heard you’ve got equal number of patents to books.

Chase Cunningham:

I think I’ve got, yeah, the same, yeah, it’s, five and… Well, six and six, yeah.

Den Jones:

Awesome. And then, so out of all of the patents that you’ve got, which one is like, what’s your standout one that you kind of like to brag about?

Chase Cunningham:

The coolest one was working with some folks at the University of North Texas where we figured out, basically how to do… And this was, gosh, man, this was back in like, 2014 or ’15. I kind of wish I would’ve gone further with this as far as making it into a product, ’cause we could’ve made some money. But, it was being able to do snapshots of virtual instances on the fly and then anything that happened after the snapshot was an anomaly. And, depending on if it was outside of the bounds of the norm you set, you could basically revert to that known good state.

Chase Cunningham:

And I mean, like I said, we were doing this four or five people back in 2014-ish. Now, the very similar stuff that I’ve seen roll out there, like it’s a legit, you know, big time company thing. So, I guess cool on us for figuring it out, bad on us for not realizing we had a product that could’ve made us, you know, beach money.

Den Jones:

Yeah, could’ve made you millions. I think it’s hard sometimes because you’re just sitting there trying to solve problems and you’ll do something, and you’ll not think of, “Holy shit, that could be a product.” And, I’ve worked with a lot of great people in Adobe and even in Cisco where they leave the company because that idea that they figured out at the company, or some twisted version of it, you know, they go take that outside, and they turn that into a new start-up. And, that for me is pretty cool. I’ve never- [inaudible 00:06:46]

Chase Cunningham:

Yeah, it’s a-

Den Jones:

… I’ll say that. But, you know, it’s good when someone does it, right?

Chase Cunningham:

Yeah. I’ve never had enough vision I guess to go, “Okay, let’s make this a product.” I’ve just been like, “Oh, cool, we solved a problem. Let’s file a patent on it.” But, you know, maybe eventually start, you know, being more useful. I mean, but then again, you know, that whole thing of, I think if you’re chasing the dollar all the time, it just gets to be a grind, whereas if you’re just doing the work and kinda… And, I’m not like, that’s, you know, that friggin’ rainbow thing of every day is amazing, but just doing the work that you, you know, kind of get something out of, the money and stuff will eventually take care of itself I think.

Den Jones:

Yeah. I built up a reputation of getting shit done. And, for me, it was always a case of I just take pride in delivering results, and trying to deliver stuff that other people fail to deliver. I mean, and so, it was always, for me, I just always thought, “Well, good rewards come to people that deliver good shit.” And at the end of it, I’m like, “I don’t, I don’t care.” Like, I’m not thinking I’m gonna become mega rich. I think in this industry, we’re all financially, or most of us are all financially doing decent compared to a lot of other industries. So, don’t be greedy about it. But, you know, I then follow the “let’s get some excitement.”

Den Jones:

And, you know, me joining Banyan, right, I’ve never done, I’ve never done a start-up gig. So, for me to do that, I was like, “Yeah, let me try that.” You know, I’m in a position in my life where this makes sense and it’s a kind of fun role that I wanna take on, so.

Chase Cunningham:

Yeah. Yeah, I’m a farm kid, so anytime I’m not sitting on a tractor bailing hay, like I’ve done well, that’s how I look at it. (laughs)

Den Jones:

(laughs) Yeah, well you’re, hey, you’re talking to a guy who is a Scottish post man.

Chase Cunningham:

Yeah, you were a mailman, yeah.

Den Jones:

And yeah, I was walking this, the wet, windy, snowy streets in Scotland thinking, “Is this what life’s all about,” you know. (laughs)

Chase Cunningham:

Yeah.

Den Jones:

And then, as you, as you start to get like, into your kinda years where you’re out drinking and clubbing, and stuff, I was just like, “I can’t do the clubbing thing and then get up at 4:30 in the morning.” (laughs) It’s literally I’m getting in from the club, showered, changed, and then I’m gonna walk the streets. And, the other thing was, you know, a good way to walk off your drunken hangover, you know.

Chase Cunningham:

(laughs)

Den Jones:

That was, that was the only thing I could think of, uh, you know.

Chase Cunningham:

Yeah. Yeah, I did my, my hangover days when I was active duty. So, luckily it was, it was kind of par of the course, so. (laughs)

Den Jones:

Yeah, yeah, I can imagine. Hey, so, right, so the name Dr. Zero Trust. So-

Chase Cunningham:

(laughs)

Den Jones:

… is it a marketing thing or is it, I mean, like where did, where did, or-

Chase Cunningham:

I-

Den Jones:

… or- [inaudible 00:09:24]

Chase Cunningham:

You know, like I said earlier, like, again, like I’m just lucky and blessed, ’cause I was actually doing an advisory with somebody and I was talking about their ZT thing, and their strategy, and I was just rattling off the technology, and on and on. And the guy was like, he’s like, “Man, you’ve got a doctorate in computer science,” and I was like, “Yeah,” he goes, “You should have a doctorate in zero trust.” And I was like-

Den Jones:

(laughs)

Chase Cunningham:

… “Okay, cool. Why not?” (laughs) So, I just, I don’t know, I literally just started doing it as kind of a giggle on my own and it seems like it’s turned out to where at least folks recognize, you know, that name, which is fine by me. But yeah, I didn’t, there was no, there was no massive forethought on it, it was just more bumbling good luck.

Den Jones:

Well, it’s funny ’cause sometimes you stumble into those things, right. And even like, us naming the podcast, you know, when we were talking about that within Banyan, it’s like, “Okay, but what’s your, what’s your reputation then?” I’m like, “Well, I get shit done.”

Chase Cunningham:

(laughs)

Den Jones:

And they’re like, “Well, let’s not call it Getting Shit Done because one of the other things is sometimes people struggle to get it started, nevermind get it done, right?” And I’m like, “Okay,”-

Chase Cunningham:

Yeah.

Den Jones:

… “okay, I get shit started as well I guess ’cause otherwise how can you get shit done if you don’t get it started?” So,

Den Jones:

You kinda stumble into these things. So, in your journey, so you’ve done, in your advisory position and even like, A lot of the other circles you’re in, you meet a lot of CISOs, CISOs or CSOs, whatever term you wanna use, right.

Chase Cunningham:

CI- CISOs, whatever they call them, yeah.

Den Jones:

Yeah. Whatever, what do you think makes a good CISO? And then,what kinda CISOs have you bumped into that you’ve been like, “You’re just an idiot?”

Chase Cunningham:

(laughing)

Den Jones:

(laughs)

Chase Cunningham:

Well, so, I mean, I think the ones that seem to really get it are typically the people that have come from, you know, they did the work, right, where they were like, network engineers or programmers. Or, somebody where they’ve done the work and they saw a career opportunity or a business opportunity, and they kind of climbed up the ladder, and now they’re in a leadership executive position. And those folks, they’re like you’re saying, they’re more about figuring out the fix and then going off, and applying the fix, and then continually doing that. And they get it because they’re very pragmatic, they understand, you know, where they can and can’t kinda do things technically, and then all of the other stuff falls around it.

Chase Cunningham:

And, I think that those are the folks that you see that are doing well in this space. Not that they have to be technical, but at least the folks that understand from doing the work and how the technology fits. I mean, that, where I run into it that’s really been sideways is the straight up bureaucracy policy weenies that we get in this space where they’ve never sat on pause, they’ve never configured a firewall, they don’t know the reality of like, what tech does and can’t do. And, they’re the department of no because some checklist says that this shouldn’t happen. You know what I mean? And, I don’t like dealing with those people.

Chase Cunningham:

Matter of fact, like, if I’m feel like I’m in a place where I have to deal with those folks, I’ll just pop smoke and be like, “Look, I, you guys let me know when you wanna be real about this.” ‘Cause it’s not worth, it’s not worth everybody’s misery to try and… I can’t convince somebody if they’re not gonna be convinced because it’s not on a frickin’ checklist.

Den Jones:

Yeah. So, I’ve met a lot of them and the funny thing for me is, when I, years ago, I was leading the service management team at Adobe. And, I hated service management. I thought that was so much bullshit. I get, I get the processes and I get the stuff. And, I think, the reason I thought it was bullshit… And I ended up speaking in Vegas at a conference on this, and I was like, I don’t know why, I had never thought my career would be on stage at Vegas talking about IT service management. But, here I am, right? (laughs) And I’m like, I don’t know why I’m here. And again, it was because they wanted someone who could lead that program at Adobe and, you know, they wanted it done, right?

Den Jones:

And the, and the reality was though is, I was like, the reason I don’t like it is ’cause I met so many idiots along the way that were reading the book. And, all they’d done is if it’s not in the book, I’m not gonna do it. Or, if you’re doing it and it’s not in the book, then you’re doing it wrong. And I’m like, there’s not necessarily a right or wrong way to do this thing. We’re in business, we’re running a business, and these are tools in our toolkit to help us run the business. And if you apply a hammer when it really should be… Now, you and I were in a talk a while ago and so, I think someone said, was it like, a cake or some shit? I can’t remember-

Chase Cunningham:

(laughing)

Den Jones:

… hammer a cake or something, like I haven’t-

Chase Cunningham:

[inaudible 00:13:51] cake with a hammer, yeah.

Den Jones:

(laughs) And I’m like, yeah, that’s brilliant. Because, the problem is in the security game, the service management game, too many games with these people that just wanna like, always follow whatever’s in the book because they don’t have the ability to look at how the business is operating and being like, “Yeah, we’re running a business.” And I even look at that, the same thing with zero trust. You know, people are trying to go through this zero trust journey and they read all the pamphlets, and they’re very, they’re very literate, you know. But, they’re not really kind of realizing that with all the guidance and all the information out there, how you apply in your own company varies. It’s, and the one thing that’s right for one company isn’t necessarily right for another company, ’cause they get different challenges.

Den Jones:

The way Google had done BeyondCorp was brilliant, but it wasn’t gonna work for us in Adobe because we didn’t have, we had different constraints and we didn’t have the same requirements of the business. So, the reality was was, yeah, we could read the BeyondCorp ’til we’re blue in the face. (laughs) It didn’t, it didn’t translate, you know, so yeah. And, the good thing is, ’cause you and I are both going to RSA around the corner, so we are undoubtedly gonna bump into both camps-

Chase Cunningham:

Mm-hmm.

Den Jones:

… bump into the CISOs that we have trust and respect for, and we’re gonna bump into some clowns. So, I guess if you’re watching this podcast before RSA and you fall into the, you just wanna read the book and preach to the bible of the security gods, you probably don’t necessarily wanna talk to us (laughs) too much.

Chase Cunningham:

Yeah. I mean, it’s, you know… And like, I, my personal philosophy on anything is if you’re gonna come to me with a, with a, “No,” you have to have a reason why and then you have to have an alternative. That’s all I ask.

Den Jones:

Yeah.

Chase Cunningham:

Like, if you’re gonna say, “No,” don’t say, “It’s no because this thing says it’s no.” I, great, I can read just fine, but tell me to, give me a, give me a real reason and then tell me what’s the alternative to fix the problem, ’cause otherwise it’s just a thing, like you said, it’s just a tick mark in a book.

Den Jones:

Yeah. And, you know, I think the reality is is, you know, we are, we are paid basically to solve problems for businesses. So, if you’re saying, “No,” without an alternative suggestion, you’re not solving the problem. You’re actually creating a problem, so.

Chase Cunningham:

Yeah.

Den Jones:

No, that’s a, I’m so with you on that one. Now, I heard, it was a couple of things. So, I heard you’re a big deep fake kind of-

Chase Cunningham:

(laughs)

Den Jones:

… enthusi-, I’m gonna enthusiast, right? How would, how would you describe your experience or level of-

Chase Cunningham:

Aficionado maybe, I don’t know. That sounds very elegant. I don’t know, I like, I like messing with them. I think they’re dangerous. I briefed Congress on deep fakes and sort of that whole thing. It’s crazy how good they’re getting, how fast, and how commoditized it is. And, it scares the hell outta me what you can do with a, with a deep fake now. Although it is fun to be able to like, make myself Schwarzenegger or something.

Den Jones:

(laughs) I remember years ago in Adobe, we were, we were doing… I think, you know, there was a lot of show and tell where the engineering teams, especially the, you know, skunkworks projects, they’re showing you stuff. And I remember seeing at one of our engineering summits like, some deep fake type stuff. And there was two sides of this camp, right? One was, “I can help create the stuff,” and the other one is, “I can help detect that the stuff is deep fake,” like… So, it was really weird how we’re building capabilities that enable both, right? And then, you could also see the dilemma and the people kind of like, thinking socially and ethically whether what they’re doing is, you know, the right direction for the world, right?

Chase Cunningham:

Yeah.

Den Jones:

And that, for me, like, that was a really cool thing to be kind of on the sidelines to see in the background.

Chase Cunningham:

Yeah. It’s interesting stuff, but it does, like you said, it’s Pandora’s box in my opinion.

Den Jones:

Yeah. Now, hey, so, certifications. I kind of, you and I have been in a couple of talks where we’ve almost kinda made fun of sometimes or called bullshit on the value of certifications. We’re attending conferences where you get credits for certifications and I’ve got a CISSP. Don’t know how I got it. I can’t remember, actually that story’s a crazy one. But, what’s your, what’s your view there? Does that, does that make you a good security professional ’cause you got a CISSP or those kinda certifications?

Chase Cunningham:

I mean, I, so I think… Okay, so number one, if I step back from my soap box and I go, okay, it’s unfair for me to say certs are total horse shit, but because I’m lucky enough that I’ve got a little bit of history in the market, so I’m passed needing a cert for a job. However, I think that they’re gatekeepers. I think that they are created by a market where people know that this is a good way to, you know, keep the gates up, keep the barriers in front of folks. I don’t personally think that we need certifications for the roles that we have.

Chase Cunningham:

I think that they’re, I think they’re good for letting you know, okay, somebody’s at least put the time, I mean, a friggin’ PhD is right there on the wall. Like, that’s just a different type of cert and all it means is I’m willing to suffer and flog myself for years on end to produce some paper that nobody’s gonna read, right? But, the value is you know that that person will put the effort in to do that thing. Other than that, it’s just a piece of paper on the wall. It’s glorified TP.

Den Jones:

Yeah.

Chase Cunningham:

… which is-

Den Jones:

Yeah.

Chase Cunningham:

… which is certs. And like, I had CEH, I had CHFRI, I had CISM, I had five or six others. And like, over time I realized that I was just collecting alphabet soup and it didn’t really make me any better at my job, so why was I wasting time and money, and resources on it? It just, it skews the market, I think, and I don’t think it does a service that we’re actually trying to look for for people that should be doing the work.

Den Jones:

Yeah. It’s interesting for me ’cause someone described this a long time ago, they were like, “You wanna get it because it just shows to other people that you have the ability to start something and see something through,” and then like you say, you do the work. And, you know, and the, and maybe it’ll show there’s a basic level of knowledge or skill, but the reality is it still doesn’t mean that you’re gonna be a creative thinker when you get in the company. It doesn’t mean that you’re gonna really go to like, the ends of the earth to help deliver some project on the finish line.

Den Jones:

And, you know, I’ve managed people where they were doing like, their MBA and stuff, and I was like, “Let’s talk about why you’re doing that. I mean, are you doing that for personal growth or are you doing that for career growth? Because, it’s not gonna have the impact from a company perspective, you know. You’re not gonna get suddenly promoted ’cause you got an MBA.” And I think that’s the thing I kinda get worried about, when people of all those certifications… Or, the other one is, you know, when people are posting for jobs and they’re like, “The minimum requirement is,” and they start rattling off all that shit.

Den Jones:

And you’re like, “Well, wait a minute. I would rather not have that for someone who I know is going to be really technically gifted and creative, and just work their ass off, and learn.” Like, that for me is, you know, I’d trade one for the other. But, the hard thing comes then, well, how do you know that they’re able to learn and maybe that’s where those certificates are trying to be evidence of some learning shit, right?

Chase Cunningham:

Yeah. I think if you’re gonna, if, for me personally, like if I was still running stock stuff or whatever, I’d put people into a practical exercise and be like, “Look, here’s the objective. Here’s all the stuff in front of you. Go.” I would, they could stack their giant things of certs in front of me or whatever and I’d be like, “Cool, I’ll use them in the shitter later.” Like, I just, I mean, I just, you know, it is what it is. And I, when I took the ultimate hacking cert a long time ago. And, I went and did something for the, for the final hack that wasn’t supposed to happen. And I told him, “I’m done,” and the guy was like, “No, no, no, that’s not right. You gotta do it this way.”

Chase Cunningham:

And I was like, “Well, why is this ultimate friggin’ hacking if I can’t do… I found this easy way to do this, like that’s what a, that’s what a hacker would do.” And he was like, “Well, that’s not how this works.” And I was like, “Well, then I don’t want your god damn cert,” you know.

Den Jones:

Yeah. That’s awesome. Yeah, and it’s… Yeah. You know, so, I think, you know, the dilemma is the education systems, what are we churning out here? Are we churning out people that couldn’t follow and-

Chase Cunningham:

We’re churning out people that can take a test.

Den Jones:

… [inaudible 00:22:49] people that can be creative thinkers, you know.

Chase Cunningham:

Yeah. I mean, my, you know, my kids are in school and, it starts very, very young now. They teach them to take a test. Like, they’re, I think right now it’s the end of the school year… And, I mean, we’re talking bigger problems here. But, my like, they’re, my kids have got 10 days off of actual learning to learn how to take this friggin’ test so that they take the test. It’s not, they don’t, they don’t know the stuff, they know how to vomit it back and take the test. (laughs)

Den Jones:

Yeah, yeah, yeah. Yeah, yeah, yeah. Yeah, they know how to read, learn, repeat, right?

Chase Cunningham:

Yeah. Which is not, I mean, it’s not thinking until later on in life, I guess. I don’t know.

Den Jones:

Yeah, it’s not ideal. So, how do you explain your job to friends and family that aren’t in our industry?

Chase Cunningham:

I tell them that I work in security, cyber security advisory and I try and help organizations figure out how to, approach the sort of bad side of the internet a little more strategically than, you know, tactically. That’s really about the best I can put it. And, most of them roll their eyes and go, “Sounds really boring,” and then move on to something else.

Den Jones:

Yeah. (laughs) Well, you know, I think the thing, IT people, you know, we’re cooler than accountants, but we’re not much better really than that I don’t think.

Chase Cunningham:

Yeah.

Den Jones:

We’re not, okay, we’re not exactly the cool, the coolest kids in the room usually, right?

Chase Cunningham:

Yeah. And I’m, my family’s all, you know, like country, farm people, whatever. They’re like, “Yeah, I could care less.” (laughing)

Den Jones:

(laughs)

Chase Cunningham:

They just go on about their day.

Den Jones:

I, you, at some point, some points, in Scotland, I was getting hit up… So, this is late ’90s. And, you know, you’re building computers from scratch and all this shit. And at some point, you end up being the go-to person like, in the circle for fixing anything computer related. And I remember when I moved here, I’m like, “I don’t wanna be in that position again.” So, when people would ask me like, at these parties and these, they’d be like, “What do you do for a job?” And I’d be like, “I’m an igloo repair man.”

Chase Cunningham:

(laughing)

Den Jones:

And, you’re in California, San Jose, right? So, there’s no chance in hell there’s gonna be an igloo nearby. And I’m like, “Yeah, I’m an igloo repair man.” And they’re like, “Really?” And I’m like, “Yeah, my, but I’m struggling to find work right now. But, you know,”

Chase Cunningham:

(laughs)

Den Jones:

… “that’s- that’s- that’s the, that’s the trade I’m in.” And they’re like, “It’s a trade?” And I’m like, “Yeah.” So, (laughs) and I also used to tell people at one point in, when I was in Scotland, I was, we had a sea life center near where I lived and I was always like, “Yeah, you know, I’m a, I’m a trainer at the sea life center.” And they’re like, “It’s, what?” And I’m like, “Yeah, a dolphin trainer.” And they’re like, “Really?” And I’m like, “Oh, yeah, yeah, yeah. I went… But sometimes I get in the wrong pool and there was a shark in the pool, and it bit my leg.” And I’ve got this scar on my leg from a childhood accident years ago, and I used to go like, “Oh, look, see, there’s the scar.” (laughs)

Chase Cunningham:

I, yeah, I’ve, so that I didn’t have to be tech support for people, I told them literally that like, I strip for nickels, you know. I’m like, yeah. (laughs)

Den Jones:

Now, that was… Yeah, I, yeah, I’ve got an a X-rated one. I’ll share over beers when we see- [inaudible 00:25:57]

Chase Cunningham:

(laughing)

Den Jones:

Remind me what I told people I used to do at a New Year’s party one night. It was, my brother, lived at the border between Scotland and England. And, his ex-wife, wife at the time, she worked in Harrods. And, there was all these posh people that came up from London to Harrods, you know, workers and they’d partied. And they were asking me what I’d done for a job ’cause they always looked down on the Scottish people, right? So they were giving- giving me shit. And, I ended up deciding, you know, I’m gonna, I’m gonna tell them I’m blah… So yeah, I’ll, remind me, I’ll tell you.

Chase Cunningham:

(laughs)

Den Jones:

It’s a really, it’s a really funny story, but not one that we should document.

Chase Cunningham:

Sure.

Den Jones:

So yeah. Now, when you’re at these kinda parties like, I like, you know, I like to work hard and play hard, what’s your favorite drink?

Chase Cunningham:

Oh, I’m a whiskey, old-fashioned, rye type of person. Yeah. Plus, you know, one or two of those and you’re good.

Den Jones:

[inaudible 00:26:51] whiskey like, or Irish, or Scottish, or?

Chase Cunningham:

Oh, I like Kentucky. I mean, you know, I’m like, I gotta, if I’m gonna be the redneck I am, I gotta be full redneck all the time, so.

Den Jones:

You gotta, you gotta do that, yeah. I, being the Scottish guy I am, I stopped whiskey when I was about 18. I figured my personality type and the amount of alcohol I’d maybe consume at the age of 18 probably wasn’t my best move. So, you know-

Chase Cunningham:

Mm.

Den Jones:

… I try and stick to beer, which right now I’m now trying to make my own beer, which is a very interesting endeavor. ‘Cause I like to cook, so for me it’s like, you know, cooking, and when you make beer, it’s like a recipe as well. So-

Chase Cunningham:

Nice.

Den Jones:

… trying to go through that, yeah, and experiment there. So, first batch was okay, second batch was pretty decent. So, we’re working on the third batch now. So, maybe by the time we get to RSA, I’ll bring some along and you can, you can try some.

Chase Cunningham:

If nobody, if nobody goes blind then you’re doing it right.

Den Jones:

I’ve not gone blind yet, so yeah. So, if you had one, one takeaway for the audience today, Chase, what would it be? What do you want them to leave and think, “Man, those two idiots were having some shitty conversation, but I did remember one thing.”

Chase Cunningham:

I mean, I think, I think it’s really the thing I would say is the title of your session here, right? Get it started, get it done. I think the one that’s most important is like, what you were saying, get it started. I deal with so many people all the time that are floundering around and trying to figure out whatever. Don’t let, don’t let good be the burden, the enemy of, you know, outcomes. Just go start doing things and you know, you know, you know what’s up, so start applying the controls where the bad guys are living. Don’t go down checklists, whatever. But, just good lord, man, get started.

Den Jones:

Yeah, start somewhere. I mean, I think, I think that’s always the thing, right, is people… you know, there’s a couple of things. One is there’s a million vendors hitting you with, “We do Zero Trust,” and many of them do Zero Trust, depending on the lens you’re gonna apply. So, that’s true and all, but the reality is is then you’re looking inward and saying, “Well, what are the problems I need to solve?” And then, take the zero trust marketing term away. The solutions that are out there are the solutions I already have, actually, sometimes maybe get them good, right? But do they, do they help me solve the problems?

Den Jones:

And, if you wanna call that Zero Trust and if that falls into the Zero Trust bucket, or the many buckets of Zero Trust, brilliant, you know. So, yeah, no, that’s great, great advice. So Chase, thank you very much, been great chatting with you. I mean, you and I have been getting to work together quite a bit more recently over the months and stuff, so it’s been awesome. We’re both going to be at RSA, so I’m looking forward to that. You’re gonna be around the booths and stuff, but if people wanna catch up with you online or anything like that, how do, how do people get a hold of you?

Chase Cunningham:

I’m pretty active on LinkedIn, Twitter, easy to find there, at Cynja, C-Y-N-J-A, Chase, C-H-A-S-E-C, lots of Cs in there, is my Twitter handle. And then, pretty easy to catch me on social media. It’s, and if you’re looking for me at RSA, I’m a big dude, so you’ll find me.

Den Jones:

Awesome. Awesome. Well, thank you very much, Chase. And, everyone, thanks for paying attention, staying aware for what’s probably about 30 minutes. Appreciate it. We’ve got some more great guests coming up in, future episodes. We’re gonna actually invite some of our Banyan customers to come and talk to us, and talk about things close, and near and dear to them. So, stay tuned. Thank you everyone, be safe, and hopefully we’ll see you at RSA. Thank you.

Speaker 1:

Thanks for listening. To learn more about Banyan Security and find future episodes of the podcast, please visit us at BanyanSecurity.io. Special thanks to Urban Punks for providing the music for this episode. You can find their track Summer Silk and all their music at UrbanPunks.com.

Close Transcript

< Back to Resources

Book Office Hours with Den Jones

If you are interested in chatting with Den Jones in a more informal setting to talk about your challenges, he hosts office hours that you are welcome to schedule with him directly.

Den is a seasoned professional and loves talking about the best ways to get started, how to measure progress and finally how to get things done.

Make an Appointment