Hello and welcome to Get it Started Get it Done, the Banyan Security podcast covering the security industry and beyond. In this episode, our host and Banyan’s Chief Security Officer Den Jones speaks with Theresa Payton, a luminary of secured digital transformation and founder of Fortalice Solutions. We hope you enjoy Den’s discussion with Theresa Payton.
View Transcript
Den Jones:
Welcome everyone, to Get It Started, Get It Done. I am your host, Den Jones, uh, Banyan’s offering into the podcasting world to try and educate and, uh, a little bit of wit and wisdom. So, let’s see. Um, real excited this, uh, this week. Uh, we’ve got a great guest, Theresa Payton. I’ll allow her to introduce herself ’cause otherwise I’ll just butcher the shit out of it. So Theresa, why don’t you introduce yourself?
Theresa Payton:
Sure. Now, you didn’t tell me this was wit and wisdom, so I’m trying to think which one you brought me on for. Maybe it was the wit. We’ll see. (laughs) Hopefully I don’t disappoint too much, Den. But, uh, hi everybody, I’m Theresa Payton. Uh, it’s great to be with you Den, uh, and to, uh, be talking to people today.
Um, a little bit about me. I spent 16 years in the financial services industry, working for some of the world’s largest banks, working… Actually, I started off as a technologist, not a, a security person. And, uh, as I worked on cutting and leading edge technologies that were customer-facing, I ended up being on the leading edge of fraud and cyber crime. And so I always asked for the responsibility to be directly responsible for security and fraud while we were delivering customer-facing applications.
Got the opportunity to work for President George W. Bush, second half of his second term, so that’s 2006 to 2008. And I was the first female Chief Information Officer there. And as I was leaving the White House, uh, at the end of 2008 and pregnant with my little girl, Mave, um, she’s my third and, uh, third kid, was really trying to figure out where I was gonna work next.
And I kept going home to my husband and saying, “You know, I went on these interviews today and I’m just not hearing people talk about cybersecurity the way I think it needs to be talked about, which is, we always need to design for the human instead of telling the human, you know, 50 things of dos and don’ts and making it super hard for them to actually get their job done.
And so he encouraged me to think about starting my own business. I launched Fortalice, uh, the initial sort of iteration of Fortalice in 2009. And it was really just me and some fun 1,099, uh, people and we worked on some really cool projects together. And then I thought, “You know what? I’m gonna go for it. I’m gonna stand up my own company and, uh, really go all in on offering, uh, boutique, bespoke, uh, cyber security solutions.”
So I made that pivot by about 2014 and, uh, have an incredible, uh, team of very talented people. Um, we focus primarily on three areas, and we do those three areas very well. Uh, so we do, um, you know, what I like to refer to as the CSO+ services. So all of the things that a CISO has to worry about and maybe short staffed on red teaming, uh, security engineering, uh, we offer those services.
And then, uh, the next area is really what I like to call the DPOC, you know, good data privacy operations, compliance, risk, regulatory. Again, all of those things that organizations have to worry about and aren’t always staffed to do. And sometimes you just need to hear like, you know, not the names of the companies, but how’s everybody else dealing with this roll out of GDPR or CCPA or the latest alphabet soup, um, of, uh, regulation.
And then the last area, um, that we focus on is what I like to refer to as business intelligence. So this is our open source intelligence, our intel cell. We really track down sort of the digital footprint of companies, uh, the CEO, the C-suite, the boards, and really, um, make sure that the consumer side, you know, the personal side, account compromise isn’t the reason why there is a business platform or business account compromise.
So those are three areas. Um, I’ve got three kids. I’ve got two rescue Great Pyrenees, a husband. I’ve got three books. Two I wrote with a, a privacy lawyer and one book, Manipulated. Uh, I’ve got a patent in, um… I’m a co-inventor on a patent for anonymized threat intel detection and had the opportunity to work on a really cool, um, TV show called Hunted, a reality TV show.
And right now I’m working on, um, in my spare time, a documentary on, um, solving cold case murders from decades ago using today’s technology techniques to track down witnesses who were never talked to before, living members, records, and just try to piece together pieces of the puzzle to get justice for the dead and the living family members of these unsolved cases.
Den Jones:
Wow. So the, the part-time job is the documentary to solve unsolved murders.
Theresa Payton:
Yep. It’s been, uh… And it’s interesting, Den. I mean, you and I have known each other for a while, so you know, l- like that consumes me. So like if the family’s like, “Hey, you know, let’s watch, uh, you know, this movie or that movie,” I’m like, “Sure. You don’t mind if I’m also doing some research for the documentary?” And, uh-
Den Jones:
(laughs)
Theresa Payton:
… you know, and then I, next thing I know I’m like, “What’s going on in this movie?” (laughs)
Den Jones:
[inaudible 00:06:02].
Theresa Payton:
‘Cause I gotta keep in my research.
Den Jones:
Yeah. You start asking all the movie questions at that point, it’s like, “Okay, come on mom. You were meant to be watching the movie with us.
Theresa Payton:
(laughs)
Den Jones:
Family time. So, um, okay. So, so you’ve got a fancy nickname. So, could you explain-
Theresa Payton:
Uh, um-
Den Jones:
… the origin of The Velvet Hammer?
Theresa Payton:
Uh, yes. So, um, you know, Secret Service is famous for creating handles for the principles that they need to protect, and, and I’m certainly not one of those principles that needed to be protected, but I worked very closely with Secret Service. In fact, they actually run a 24-hour gym that was like my lifeline.
Uh, so it was always open, no excuse not to work out. And, uh, got really friendly with a lot of ’em. And so they actually, uh, came up with a nickname for me, and the nickname is The Velvet Hammer.
Den Jones:
Awesome, awesome. I can only imagine them trying to, you know, some, some emergencies coming around and then they’re all shouting they’ve got to get Velvet Hammer in the safe room, you know? (laughs)
Theresa Payton:
(laughs)
Den Jones:
Can never, So now, now that, now that we’re, we’re kind of on the Secret Service business, so the real, the real question, you know, the, probably the most academic question is, so do aliens exist, Theresa? I mean, you were in the White House. I mean, you had to have bumped into at least one alien on your, your travels.
Theresa Payton:
You know, they’re so good at their covert cover. I don’t know.
Den Jones:
(laughs)
Theresa Payton:
I’m not sure. (laughs)
Den Jones:
Well, [inaudible 00:07:37] honestly, I’ve bumped into some aliens in nightclubs in San Francisco a couple of times.
Theresa Payton:
(laughs)
Den Jones:
Um, at least that, that’s, that’s what I seem to remember about that story.
Theresa Payton:
(laughs)
Den Jones:
Um, so, okay, so i- it was kind of cool ’cause I was going to come back to this. So you explained a little bit about the, the emphasis to start, uh, the company, right? So Fortalice and, and you know, you and I met through working together at the cyber security, uh, Microsoft Cyber Security Council.
Um, there’s a, a couple of sessions there and then we met again, um, because when I was running enterprise security at Cisco, you were already doing a lot of work with the, the Cisco team and stuff. So I, I, I recall, um, doing a really good tabletop exercise and, and there’s some of those kind of services that I think a lot of companies don’t really think about.
Like, first of all, they, they think they’ll never be breached, right? So you go in there with the oh, it’ll-never-happen-to-me-syndrome, but then when it does happen to you, you’re, you’re, if you haven’t done any form of planning or preparation, then you’re to- totally screwed and caught off guard. So the tabletop exercise is, if, if you were gonna give one word of advice on why they’re important, what would, what would that be?
Theresa Payton:
This is so unfair, Den. You know I’m not a one-word person. But, uh, I would say, um, performance, you know, if you’re in the middle of a crisis, you are going to execute your performance the way you practiced. So if you wanna have elite performance, you gotta prepare.
Den Jones:
Yeah. And I, I, I think, I think also, I mean, every company I’ve worked in has been under attack. I mean, I was, I was fortunate in Adobe and Cisco, two great companies. Um, but, but they’re also two great companies that, that there’s certain elements that want to attack them, either gather technology or gather their customer data or, or, or all of the above, right?
Um, so for me that meant, you know, good investment in a lot of the right areas. Um, and we’re doing some great projects and stuff, so to kind of sit in there and watch the tabletop exercise go down and the scenarios that the team came up with, I, I thought was, was brilliant.
Because the other thing is, if, if you let the employees come up with the scenarios as opposed to like an external, like you guys, then you know, we’re gonna pick with bias and we’re gonna pick maybe the easier one, right? So, um, I really, really enjoyed it for, for that purpose.
Now, so where do you see like Fortalice going in the future? Like what’s the, what’s the big thing, um, from a business perspective? Are you gonna stick with the, the three angles or are you gonna introduce some more stuff?
Theresa Payton:
Yeah, we were gonna actually kind of reimagine some of the services that we offer in those three angles. So for example, you know, all of our clients and us included, um, you know, the, we keep talking about this gap in talent and gap in skills. And so I decided that, um, I was gonna literally put my money where everybody’s mouth is, so to speak. (laughs)
And so some of our R&D that we reinvest in the company, we actually invested in creating training curriculum that’s accessible, affordable, and practical. Uh, so it’s not just book smarts and book learning for the sake of book smarts and book learning. Uh, so we’ve launched a class and we could have done it on our own.
It’s an offensive cybersecurity course. It’s really, um, meant… If you have to sit for the OSCP, this will help you pass. The failure rate is really high right now, and the courses that you have to take to get ready for it are incredibly expensive. And I just wanted to disrupt things and stop talking about, “Oh, it’s such a shame we can’t get more people,” and say, “How do we make it accessible, affordable, practical, and have people ready to work when they finish one course.”
And so our OCO course is offered through a partnership with Immaculata University for those people who need CPE credits, for those people who want college credits, but also to give it legitimacy of, this isn’t just, you know, some bootcamp run by a company, you know, trying to make money off of training. This is really the, the real deal.
So we spent a lot of our R&D time, uh, over the last 12 months developing that course to help and the skills gap. We’ve always offered an intelligence course and, uh, we spent some time working on that.
Uh, the other thing we’ve been doing, which has been really, um, satisfying for me, Den, because I started off my career as a developer, uh, and my focus was on, you know, kind of cutting-edge technologies, big data analytics, building algorithms for financial services, mobile banking, um, you know, anything that was like the leading edge at the time, uh, that’s where I start off, was being a developer and then managing developers and then making kind of the shift into management.
And so one of the things we’ve been working on too in the back office is, how can we actually automate, um, not to sell a tool or a product, but how can we actually automate some of the best work that our engineers do so we can give them greater wing span, um, help our clients get to the advice in a, in a better, faster accessible way.
So we’ve been automating a lot of our engineers steps and I, I look forward to working on that some more in the future. Uh, a lot of our engineers, both on the red team and the blue team and the risk assessor side have really enjoyed kind of having this creative outlet, um, to work on development versus just, you know, doing wash, rinse repeat, you know?
Not, not that every consulting services is the same, but sometimes there’s pieces of it, you know, the setup, then the red team or the setup and then the threat hunting that feels the same. And so this kind of helps them automate and scale that and then really focus on the really cool, unique, you know, sort of master craftsman type, um, tasks.
Den Jones:
Yeah, Yeah. It, it is funny because in, in a lot of that there is, I mean, you don’t think of it as repeatable because it’s different customers, but the reality is an incident, an incident and how you respond to an incident is pretty structured, right? Um, and, and it’s funny ’cause I, I totally get it.
Like after a while, I’m sure they can become JD-d if, if the team aren’t doing something else to occupy their mind over and above the, “Yeah. We, we hit another incident.” Um, no, I was, I was gonna ask it earlier. So the first CIO at the White House, um, I, you know, I’d captured that from your bio earlier, right?
Um, but then, then, then my notes went down a little, a little path of, you know, you’re, you’re big into, um, women in tech, you know? How do you inspire? How do you promote that? Um, so the, the Help a Girl Up, I think it is, right? Is it Help a Girl Up, Raise a Girl Up? Something like that.
Theresa Payton:
Oh, Help a Sister Up. Yeah. We have a, a group and it’s for men and women, um, called Help a Sister Up on LinkedIn. And it’s been kind of cool to watch that group just sort of organically help each other grow, find a job posting, post a open job. Um, so that’s been kind of fun and cool to see that grow over time.
Den Jones:
Awesome. And then in, so in your, in your, uh, male-dominated industry, um, what, what would you say, as you’re trying to aspire in your leadership career, what do you say was probably the hardest challenge that you faced, um, be- being a woman in tech?
Theresa Payton:
And, uh, I’m not gonna say that, um, I, I’m gonna walk into it and, and focus on myself because I always say, you know, what people think of you and how they treat you, um, maybe you can’t control that, but you can control your own response and you bring your own biases to a situation.
So I’m gonna focus on myself, and what I will say is, is I oftentimes going into situations knowing I would be the only female, and, um, knowing perhaps, uh, especially early on in my career that maybe my teammates actually hadn’t worked with a female before, so not the only female on the team, but like, (laughing) there hadn’t been a female on the team before.
Den Jones:
Okay.
Theresa Payton:
And so I always felt like I had to show up and I had to be flawless in everything. And so I, I over-prepared, I over-agonized, I over… You know, everything was over, over, over, over, over the top. And I look back and a lot of that was key to being successful and being accepted. Uh, but it also was a lot of extra stress. I, I’m not sure I had to put on myself-
Den Jones:
Mm-hmm.
Theresa Payton:
Um, but I, but I did. And so I, I would say one of the greatest things for me to overcome, uh… You know, I would t-, uh, from time to time have somebody say, “Are you even technical?” Or, “Do you know what you’re doing?” (laughs) Or, you know, things like that. Or just assume, because I came into the room, I was gonna take notes.
Den Jones:
(laughs)
Theresa Payton:
But I, you know, and I actually had, it’s interesting, I had a female manager, um, at one point, it was in a meeting with me and they’re like, “Hey Theresa, um, you’re gonna take notes?” And I was like, “Sure.” And she… So after the meeting was over, she pulled me aside, she goes, “Never volunteer to take notes again,” and if you’re in that spot, what you do next time is say, “Oh, I took notes last time. This should be a rotational assignment.”
And I was… I hadn’t even thought about that. I was like, “I’m just trying to be a good teammate.” She goes, “No, you’re allowing yourself to be taken advantage of. There’s a difference.” So, you know, I, I look back on kind of the way I approach things and now what I try to do is both, for men and women, just kind of give them advice on how to be the best teammate that you can and not to sweat the small stuff.
I mean, certainly, being prepared is really important. Did I have to prepare at the level that I did? I, I don’t know. Um, and maybe, maybe nothing would be different if… You know, if the workforce was 50/50, maybe I would still have been the same way, Den. I’m a little kind of like over-the-top A-plus personality. (laughs) So, um…
But yeah, that was the biggest thing to overcome, is just sort of that I’m not sure I belong here and I don’t wanna give anybody a reason to say I don’t, so I’ve gotta over-prepare and be, be flawless.
Den Jones:
Yeah. Would that, would that be the advice you’d give young aspiring women as as they’re trying to grow in their career?
Theresa Payton:
Yeah, I would give it to both men and women, because you know what? We don’t just need more women. We need more everybody. (laughs) We are not going to win against cyber criminal syndicates and nation states insider threat. We are not gonna win if we don’t recruit as many people as possible.
This has to be the tallest pole and the biggest tent and all are welcome. If you’re quirky, guess what? So am I. Get over it. We need you. Like if you, if you’re creative, we need you. If you’re mathematical, we need you. If you’re, um, more of like a you love drama, guess what? Cyber is a lot of drama. We need you.
Den Jones:
(laughs)
Theresa Payton:
(laughing) Uh, and so I would just say, um, all are welcome and we need everybody. And so my advice would be, yeah, prepare. Do you have to over-prepare and be flawless? No, because we’re all flawed individuals (laughs) and, and every cybersecurity strategy is the best you can do in the moment you have and the resources you have. And even the best and the brightest, there’s flaws in the security strategy because there’s just gonna be things that just aren’t gonna get done.
Den Jones:
Yeah. And it’s, it… I like, I like how you say, you know, anticipate kind of what you’re going into. I mean, the fact that you, you mentioned that you anticipated that you’d be the only female there and most of the people may not have even worked with a female before, I, I think that’s great in life actually.
You know, as you say, you know, apply it to not just being a female in tech, but if, if you have the ability to anticipate the next move, I mean, it’s, it kind of is like a chess game really.
I mean, even if I’m preparing for an executive meeting or the board or something, you still have to anticipate what their questions will be. You still have to anticipate what their stance or perspective might be or any of their biases. So the more, the more that you can do before you go in, obviously the better, you know? Um, that’s awesome.
Now, um, so the books, so you mentioned, you mentioned that you’re an author. Um, I, I was thinking of your, your most recent book and as, as you were doing a lot of research for the book, what do you think you learned most during the journey of, of the actual, the research and the creation of the book? Because I know just writing the book doesn’t come easy, so could you share a little bit of that and what you learned in that journey?
Theresa Payton:
Sure. Um, so one of the things I learned just this is even with like the first book is, you know, if it’s your first book and you’re a little nervous, find a coauthor that you know will also do the work so that you hold each other accountable. It’s like any kind of like fitness program or diet program or, you know, whatever it is. Like accountability is really huge or you’ll never get over the finish line.
Um, I wrote these books myself. I didn’t do ghost writers. Um, but people that use ghost writers highly recommend it. I wanted to write the book ’cause I really wanted to make sure it was my voice, my content. But having said that, get yourself a great editor. If this is not your full-time job to be an author-
Den Jones:
Mm-hmm.
Theresa Payton:
… you need an editor that reads what you think is a beautiful piece of information and have them tell you, “Honestly, I think this is a boring load of crap.”
Den Jones:
Yeah.
Theresa Payton:
Um, and so, uh, get yourself a good editor who is gonna… You know, I mean, I’ll tell you one of my best editors, uh, Nancy, is amazing. And she’ll write in the comments section like, “You lost me here. I know you’re really smart, but this doesn’t make any sense.” I mean, honestly, (laughing) she’ll be like, “This is really boring,” or, “Okay, I g-… We get it, we get it. You said it 15 times. Could you say something else.” (laughs)
Den Jones:
[inaudible 00:22:42].
Theresa Payton:
And it’s really important to get that good editor. Now, what I will say really surprised me with Manipulated because I was working as you know, ’cause I, I actually, you and I talked about the book before I had it finished, and I was really surprised at the pushback that I received. So I, you know, I s-, I was working on the concept for four years before my book agent was like, “I think we’ve got a winner here.”
Den Jones:
Mm-hmm.
Theresa Payton:
Um, because when I first went to her, she said, “Uh, misinformation, disinformation, deep fakes, getting people to get vaccinated, not get vaccinated, hate fracking, love fracking, influencing elections with no fix. That’s like scary and nobody wants to read nonfiction that has no fix, right? And she’s not wrong (laughs) about that, but…
So we had to keep working and working on the concept. And I was like, “Okay, what if, what if I, what if I do things in like a fictional vignette and then do the supporting research to go with like the fictional story?” Um, and so like a little bit of a spoiler alert for people who haven’t read the book, in my fictional vignette, um, I predicted a contested 2020 election while writing this book in 2018 and 2019.
Uh, the thing that surprised me in doing the research and interviewing people was how many people told me things like, “Well, there really aren’t any manipulation campaigns that influence people on how to vote.”
Den Jones:
Mm-hmm.
Theresa Payton:
Nobody changed their vote or didn’t vote or voted a certain way because of a manipulation campaign, okay? Um, people who would say to me, “There’s no disinformation on healthcare.” And again, my book came out… So it finally hit the shelves when all the bookstores closed in April, 2020. So a really lousy timing (laughing) for a book launch.
Um, but if you think about it, right, um? So what I… COVID-19 was not on my radar when I had to turn in the book for the final edits, but I did write in the book about, uh, Russian operatives pretending to be Americans, pretending to be American parents, um, arguing for and against vaccinations with all kinds of information and bullying and harassment of healthcare officials.
Den Jones:
Mm-hmm.
Theresa Payton:
And that just further got amplified during COVID-19. And, and, you know, Den, my take on something like that is, hey, your decision, your healthcare decisions, my hope for everybody is, you do research, you talk to your doctor and you make the best decision for you and your family. I’m not, I’m not gonna judge that.
But what I do get upset about is, if you are influenced by a disinformation campaign and your lives are impacted because you believed something that wasn’t true. And, and so that was kind of the biggest shocker to me in doing the research for the book, was people really pushing back on me in 2018 and 2019 saying, “It’s, it’s not that bad and people should learn to think for themselves.”
Den Jones:
Yeah. And it’s, it’s funny though because, you know, we’re in this industry and we recognize there’s been disinformation campaigns for decades. I mean, I’d, I’d kind of go back to like the CIA having, you know, employees embedded in, in newspapers, right? But the reality is, is every government (laughs) in the world, um, and, and also non-government entities, you know, they want to control narratives.
Um, so it’s surprising to me when I hear someone say, but I read it on the internet and it’s like, “Holy shit.” You know, like I, I might go to the Little Doc app on the internet and hope that that might be kind of accurate, you know? Like, and WebMD or some shit, but I’m, I’m not sitting there like deciding the future of my family, um, based on what I read.
So yeah, I mean it’s, it’s, it’s interesting and, you know, from a… So once the book was launched, um, during COVID, uh, ’cause it’s the, uh, it’s the best time to launch any book, I guess. Um, and you did all the book signings virtually and (laughs) you did the tour from your room.
Um, so what kind of, what kind of reception has it had since COVID and since everything’s came out about elections fraud and things like that. Has, has people been really receptive to the book?
Theresa Payton:
Yeah, I mean I’m, I’m really very blessed and fortunate on this. Um, so we, we worked really hard to make sure that word got out that it was gonna launch and that, you know, needed support because bookstores were closed and we ended up, uh, my book ended up being the number one hottest new launch of a book on Amazon. So that was great. So we were trending, uh, there for a while.
I say we, because, you know, I have an editor and a book agent and, you know, the publisher. Everybody chee-… And my team, my whole team was cheering me on. And, um, and then just recently I found out that, uh, The Guardian put out the 10 must-read cyber crime books and Manipulated me the list.
Den Jones:
[inaudible 00:28:15].
Theresa Payton:
And so that was really, really cool. I thanked, I thanked The Guardian for, uh, putting the book on the list and I’m in the process of doing a second edition and getting it updated to reflect. It’s like there’s so much to cover. It almost feels like it could be a fully new book, but, uh, I’m gonna do my best, um, to kinda update it and say where are things headed next?
Den Jones:
Oh, and do you think… I mean, is that just revisions of each section within the book when you do the second edition? ‘Cause it’s not a separate book in its own right then at that point, right?
Theresa Payton:
Yeah, on this one, right now the publisher’s leaning towards leaving the book fairly intact, but adding brand new chapters so that you could sort of see the progression, it’s almost like a history book, like a time capsule-
Den Jones:
Mm-hmm.
Theresa Payton:
… and then adding new chapters of like what’s happened. So that way for people who didn’t read it the first time around, they’ve got a foundation to start with.
Den Jones:
Awesome. Awesome. Now, the other, the other thing that… I, I don’t know if everybody knows about you, but it, and as women in Cyber goes, you’re probably the most popular women on the internet and on television. Now, I, I don’t know, ’cause when I Googled and I was searching and searching, there, there were many videos and recordings of you online.
Um, and, and then I, I remember back, I think it was last year maybe, and I texted you and I’m like, “Okay, holy shit.” I don’t care whose show you’ve been on, but now you’re famous because you were on John Oliver’s show. And, and for me, I’m a big fan of John Oliver, right? So I, I, I remember texting you and I was like, “Holy shit.” So can you explain a little bit about what was going on back in those? I mean, I think it was all ransomware, ransomware probably, I’m guessing.
Theresa Payton:
It, it was. I mean, i-… I mean first of all, it was really hard to top being on John Stewart’s show, The Daily Show, when he was running that. And I, I got to be on that show and talk to him about, uh, the second book that Ted and I did, which was Privacy in the Age of Big Data.
And, and John Stewart is just wicked smart and so funny and just such a great guy. So I thought, “You know, it’s gonna be hard to top that.” And so that I get this phone call ’cause I love John Oliver, and, from his staff. And they said, “Theresa, John Oliver wants to use a clip of you talking about ransomware and if you were a ransomware, uh, syndicate, what would you do?” And I said…
So I have a feeling it’s gonna look like I’m promoting being a ransomware syndicate. And she said, “Yeah, are you okay with that?” I said, “Tell John Oliver I’m a really good sport and I can’t wait to see what he does with it.” And so funny enough, so he lets the clip play of me being interviewed and I think it was a Today Show interview or something.
He goes, “Theresa, what are you doing?” And then he was like, “But seriously though, she’s right.” And… But it was funny because people who didn’t know the piece was coming out, they were mad at him because he-
Den Jones:
Yeah.
Theresa Payton:
… they felt like… And I was like, “No, no, no, no.” They asked my permission and I said, “Look, to me, entertainment and humor for a topic so dark is the only way we’re gonna get through to people.” And so I told, I told his team, “I’m all in and I appreciate…” Uh, I mean, I think that’s pretty classy they called me. They could’ve just done it.
Den Jones:
Yeah.
Theresa Payton:
Um, but I was like, I said, “Just try not to make me look too foolish.” She goes, “No, no, no.” She said, “Really, we, we really appreciate this clip. It’s gonna make his point.” And I said, “Please thank him for covering ransomware. (laughing) It’s about time a comedian cover like what a crisis this is. And it’s a crisis of our own making, sadly.”
Den Jones:
Yeah. And it’s, it… Yeah. So it’s funny for me. So I, I do remember the clip, I remember texting you like, “WTF, look at this.” And then you’re like, “Oh yeah, yeah, yeah.” And you, you shared that with me. I was like, “Holy shit.” But that for me was like, that was the tipping point of the fame, Theresa, right?
All the other stuff. All the other stuff, you know, brilliant and all but the tipping point was John Oliver. It’s almost like you’ve never been to the gym unless you posted on Facebook at the same time, you know? Like now you’re famous. John Oliver confirmed it. We’re probably good. Um, (laughs), yeah, you could probably just write a book just about TV interviews that you’ve done. It’d be like-
Theresa Payton:
That’s, uh, I mean that’s true. I mean it’s definitely never a dull moment. Some of the behind-the-scenes stuff, you know, I’m working on… I think I told you about this cold case murder. Um, I can’t talk too much about it ’cause I don’t wanna-
Den Jones:
Give it away.
Theresa Payton:
… kinda get Sideways with the executive producers, but they did say I could talk about, I’m working on, uh, just solving really old cold cases, um, like the Elizabeth Short case, the Hollywood case of 1947, and there’s a few other ones in the hopper. And, and just the behind the scenes and I’ll say, you know, kinda lack of glamor is, is fascinating. Um, same thing. Like even with Hunted, um, just some of the behind the scenes grind. And so, you know, you guys get to see like the best of everything-
Den Jones:
[inaudible 00:33:34].
Theresa Payton:
… when a lot of it is like, you know, people throwing temper tantrums. Not me. Even though I, I always say to people, I’m like, “Look, God let you know what you’re getting into with me with the color of my hair.” So (laughs) you’ve been-
Den Jones:
(laughs)
Theresa Payton:
… forewarned. (laughs)
Den Jones:
[inaudible 00:33:51].
Theresa Payton:
But um, you know, people throwing, uh, not being happy or they don’t like their assignment and all of that is like being recorded and you’re, because people forget the cameras are there and then they just become tired, grumpy people sometimes and… But then people, I would say on the other side, the camaraderie and the laughs and the joking, that was also fun too, so-
Den Jones:
Yeah. I mean they’re-
Theresa Payton:
[inaudible 00:34:13].
Den Jones:
… they’re long days, right? Yeah, I was gonna say long days, long weeks probably. So, yeah, after a while it’s… I, I, I think it’s funny because it, it kind of, it’s almost like you would never watch a fishing show if you’re watching eight hours of someone with a line in the water. You’re only gonna watch the, the five minutes that you actually got something and wounded in. So it, it is kinda like that, right?
Theresa Payton:
Yeah, yeah. I mean there, it was some long days, and Lenny and I, we’d have to be on set before everybody else. And because it was reality TV, they made us do our own like hair and makeup for the day.
Den Jones:
(laughs)
Theresa Payton:
That’s also very stressful ’cause you’re, you know, you’re, you don’t know like, “Do I have stuff smeared all over my face, or how… yeah. Am I… Do I look shiny?” Or all those things. Um, and so it would be really long days and very serious conversation. And so, you know, people would just kind of do funny things to just try to get you to laugh at yourself, you know?
I’d, I’d… They’d be like, you know… (laughs) So when people would sort of be getting outta line a little bit, like a little temperamental or things like that, I’d be like, “Hey, I’ve got a big lead for you I want you to follow up on, ’cause we… Everything was recorded and I never wanted to like coach people on camera.
Den Jones:
Mm-hmm.
Theresa Payton:
So I would write it down on a post-it note. So there’s… If you look at Hunters, you’ll see me handing people post-it notes. It’s not a lead, it’s, it’s um, it’s coaching. It’s like you need to smile more-
Den Jones:
[inaudible 00:35:41]. (laughs)
Theresa Payton:
… you need to lighten up. Stop, stop being aggressive. Yeah. (laughs) Be a better teammate. (laughs) Things like that.
Den Jones:
No, it’s awesome. Yeah, it’s, it’s, it’s, um, you know, it’s… I, I think it’s cool when like you’re professional. So you, you’ve got this kinda cyber tech upbringing in your life and then obviously it’s now deviating. You’ve got like TV, you’ve got books, you, you’ve got your own company and stuff. So, so the, the Theresa brand, where do you see five years from now? What, what do you… How do you see you splitting your time? Because that’s a lot of, that’s a lot of, um, investment of time there.
Theresa Payton:
Yeah, so what’s great about having the company this long is I’ve got an incredible leadership team and so they’re doing a lot more running the day to day operations. Um, they called me The Advance, so I meet with the clients. Um, I really go deep into the relationship and really understand like, “What are your greatest tech challenges? How are you re-imagining the business?
You know, what role does technology play in that?” What’s going on? How are things? What’s the board requiring of you? And really getting down to a true needs assessment. Uh, and then just making sure that I bridge that gap with the team on execution, on the things that the clients need, but also just getting out in the marketplace. Um-
Den Jones:
Yeah.
Theresa Payton:
What’s great about TV and the books is it gives me an opportunity to reach people where cybersecurity feels very inaccessible to them. Um, it’s a lot of technical terms. It’s not something you can touch. Uh, oftentimes the media has a hacker in a hoodie hunched in the dark and I’m like, “That could be a gamer.” Like, I don’t know why… Why is that the imagery of somebody that’s doing cyber crime? Like, that could be anybody.
Den Jones:
Yeah.
Theresa Payton:
Um, so that to me is a way I really wanna make… Being safer and more secure and enjoying all the benefits that our digital age has to offer, I really wanna make that accessible or, you know, kind of snackable of like, “Here’s how you do this. So if you wanna bank online, here’s a way to be safer and more secure and not worry about it.” “Oh, okay,” you know? And, and to really make it super easy design-wise and for people to really understand. So five years from now, I don’t know, Den. I-
Den Jones:
Mm-hmm.
Theresa Payton:
When I think sort of… I think a year out is a little easier for me to think about and, you know, I’m, I’m really looking forward to seeing the R&D work that we’re doing right now and seeing how that makes an impact. I wanna, you know, be part of the solution, you know, solving for better skill sets.
Um, people being upskilled and retained. People being retrained, um, career changes and uh, you know, making a difference in our, our clients’ lives, by really anticipating what they’re gonna need next before they know it.
Den Jones:
Yeah. No, that, that’s awesome. And then I was gonna say like, you, you focus a lot, um, of attention on family security, like how to protect your family and stuff. So what’s, what’s your biggest l-, um, piece of guidance for families that are listening and, you know, they’re not necessarily as tech savvy as you and I?
Theresa Payton:
Well, I mean, for starters for the parents, um, your consumer accounts are the weak link into your family finances and into your company. And so le- let’s just start with, you know, kind of the parents, the adults in the room first. Um, think about every opportunity you get to use multifactor authentication, do it.
Don’t hand out your real cell phone number, uh, to organizations. You can get a Google Voice number and have it forward, and it’ll forward. People can text you on Google Voice and it’ll go right to your cell phone ’cause that cell phone is now what’s used a lot of times for two-factor authentication. And until everybody starts to adopt better, more secure methods for getting you those codes, that’s really important.
And then, you know, if I could just talk to the K-12 and the younger generation, really set limits on yourself on your consumption of social media. Uh, I… It is really, really hard to watch young people, uh, go through, you know, the fear of missing out or to think everybody else is cool and I’m the only one that’s not cool.
Den Jones:
Yeah.
Theresa Payton:
Um, the body image issues, the, um, everybody else is having more fun or more cool or more smart or more creative than I am. And there is so much more to life than what you’re seeing in, you know, TikTok or Snapchat or Facebook or Instagram. I mean pick… I hate to say pick your poison.
There’s so many great things about social media and big tech, but there’s so many unintended consequences that are really hitting our young people today. So I always… Den, I do this with my kids. I’ll say, “Put a timer on and, you know, put it on for 15 minutes and if you find the timer goes off and you’re still on social media, that’s too long.”
The other thing I worry about too, Den, is, you know, f- for you and I and others, uh, when you were in between things and there was nothing to do, like literally nothing to do, you could just be in your head, sort things through, think things through, doodle, you know, something other than, “Well, let me see what’s going on on social media.” And I worry that we don’t have enough, quote, downtime, unplugged time.
Den Jones:
Yeah.
Theresa Payton:
Quiet mind time and I don’t think that’s healthy for any of us.
Den Jones:
Yeah. Yeah. It’s, it’s funny ’cause even all the social media stuff, I think of it like, it’s the same thing we just mentioned about TV shows. No one’s recording their crap average minutes, you know, so you watch something on TikTok or and insta-thing or whatever, it was…
The person that they, they said they went snowboarding, you know, they, they might have went up the lift once, fell and came back down (laughs), but they take that one picture that makes it looks like they had a great day snowboarding and in reality they, they, their day was shit and they hurt their leg and whatever. But that’s not what you take away from it.
And I think for, for me, it’d be, it’d be great if social media reflected somewhat reality a little bit more. Um, but if everybody just realized that all the bullshit you see up there is pretty much the best parts of everyone’s thing, and that’s less than probably 1% of their thing, you know?
So I, I’m kind of like you, you know. I, I don’t, I’m not a big fan of them. I, I like them if they’re used well, but that tends not to happen, you know. Um, now, as we wrap up, I’ve, I’ve got maybe one closing question for you, um, and a chance for you to also ask me a question, so I’ll give you the closer one. Um, what would be your bit of advice for new CSOs? One piece of advice.
Theresa Payton:
Really understand what the board and your CEO are worried about and find a way to tie your metrics and your KPIs to their biggest worries.
Den Jones:
Awesome. Awesome. Now, any questions for me to wrap up?
Theresa Payton:
Yes. So I’ve got two. So my first one is rock and roll or country?
Den Jones:
Rock and roll.
Theresa Payton:
Okay. And then my second one is, well, where do you see yourself in five years, Den?
Den Jones:
Well, um, as, as you probably recall from our, our initial meetings early on, you know, I had this aspiration to be a CSO, um, and, and now that I am one, then my aspiration is, is to stay here long enough, um, to protect the company, you know, try and make the right decisions with the board and our CEO and stuff and, and as, as you mentioned, you know, look at what they worry about and try and see how I can help the business.
And, and, you know, so for five years from now, if, if I’m still at Banyan because we’re still being challenged, we’re still growing and brilliant, um, but, but my longer term is actually I want to be growing as a, growing the craft continually as both a leader and a technology, technologist.
But then also at some point I wanna move into paid board memberships. So do like paid board gigs as opposed to free board gigs. Um, (laughs) the free ones are good to get the experience, but at some point, you know, you kind of wanna be compensated.
And so as I go into my retirement plan, it’s really a case of, how do I align myself up for still being, um, somewhat in the game as I go through retirement, but not necessarily full time, you know, busting of my ass and trying to like find time for me, you know. As, as you mentioned, you know, it’d be good to maybe take some down time and meditate sometime.
Theresa Payton:
That sounds like a good plan.
Den Jones:
It does-
Theresa Payton:
I like it.
Den Jones:
It doesn’t sound like a bad plan, right?
Theresa Payton:
(laughs) Hey, uh, having a plan at least gives you sort of your compass and your map. You can always decide to take a detour on your own terms along the way, right?
Den Jones:
Yeah, yeah, yeah. So suddenly I won the lotto tomorrow, um, and I could buy more music gear, then, then I would probably detour the plan just slightly for a few months and then ponder, ponder on something else while I build a bigger studio. (laughs) It’d be music related.
So, Theresa, thank you very much. It’s been a while to, uh, schedule to get you on to be a guest. I know we’re both busy cats and stuff. Um, I wish you all the success in your business, your books, your TV shows, your drawing, all of it, appearances and you know, anything else in the future. And yeah, looking forward to catching up soon in person. So that will be-
Theresa Payton:
Yes, that would be ideal. Well, thanks for having me on, Den. Um, it was really great to be with you and appreciate it. And you should have your own show like John Oliver.
Den Jones:
Well, at some point, you know? But they’ve got enough British people having their own shows in the US right now, you know, (laughs), but they, they don-, they, they don’t have, uh, Craig Ferguson any longer doing his stuff. So maybe there’s room for the Scottish guy. You never know.
Theresa Payton:
Perfect.
Den Jones:
Thanks Theresa. Take care, Izzy.
Theresa Payton:
All right. Take care.
Den Jones:
Cheers, Bye.
Speaker 1:
Thanks for listening. To learn more about Banyan Security and find future episodes of the podcast, please visit us at banyansecurity.io. Special thanks to UrbanPunks for providing the music for this episode. You can find their track, Summer Silk, and all their music at urbanpunks.com.
Close Transcript
Free for up to 50 Users
Simple, secure, & free!
Quickly provide your workforce secure access to corporate resources and infrastructure.