In This Episode

Rob “Bowtie Security Guy” Whetstine joins me for Voices of the Vigilant Season 2, Episode 2!

You can learn more about the conversation and the guest below.

Tune into the audio version of this episode by clicking the player below:

Tune into the video version of this episode by clicking the YouTube player below:

About the Guest

What if the fastest way to break into cybersecurity isn’t another cert, but a soldering iron, a home lab, and the courage to say “I don’t know”? We sit down with Rob “Bowtie Security Guy” Whetstine—prop builder, mentor, and former Disney security leader—who built his career from other people’s discarded tech and turned a bow tie into a personal brand that helped him conquer social anxiety and stand out in rooms that matter.

Rob takes us from dumpster diving to Fortune 500 leadership and lays out a practical roadmap for anyone trying to enter or advance in cyber. We talk about why tinkering beats test prep, how to build troubleshooting instincts, and what it really takes to succeed in high-pressure interviews at places like Disney, Google, and Amazon. Rob makes a compelling case for servant leadership: define success clearly, protect vacations, build redundancy, and bring calm to incident chaos with a simple check—“Is anyone dying?” The result is strong, sustainable teams that deliver consistently without burning out.

We also tackle the uncomfortable truth behind the “cyber talent shortage.” Many of those roles are unfunded headcount, which is why entry-level postings get thousands of applications and interviews flow through referrals. Rob shares how he social-engineered LinkedIn, sent targeted video intros, and turned weak ties into opportunities. If you’re neurodivergent, you’ll hear concrete ways companies can interview better—advance questions, work samples, real accommodations—and why honesty about gaps earns trust. The through line is simple: passion and proof beat pedigree when paired with clear communication and relentless curiosity.

Full Episode Transcript

Jess Vachon: 00:34

Hey, welcome back to Voices of the Vigilant, where we explore the minds of those who stand vigilant on the digital wall. Today we have a guest whose style is as sharp as his security skills. He has spent two decades in the trenches from securing the happiest place on earth to leading vulnerability management for Fortune 500s. He's a prop builder, a mentor, and a man who literally built his career out of other people's trash. Please welcome Robert Weststein, better known as the Bowtie Security Guy. Rob, welcome to the Awesome. Thank you so much for having me. I'm excited to be here. Excited to have you. I was talking to you just before we went live about the shirt. Tell everyone about the shirt that you have on. For the listeners, you're just going to have to go visually, I guess.

Rob Whetstine: 01:15

Oh yeah. Well, I mean, it's a haunted mansion shirt. I one of my one of my favorite rides at Disney, one of my favorite experiences was like kind of exploring the Haunted Mansion. And I got to do a lot of stuff like after hours and kind of wandering around. So, it was really cool. And Haunted Mansion has a special place in my heart. Like I showed you, I've got you know a nerdy haunted mansion tattoo. I got it when I hit my 15 years at Disney. I wanted to get something that was kind of that would celebrate kind of being there as long as I had. That was my uh my original plan. But yeah, no, I love I love all things kind of Disney, so it was a very interesting kind of career path to even end up there.

Jess Vachon: 01:56

Nice. Well, we're talking a little bit about style, let's talk about how you came to be the bow tie security guy. As you know, in our industry, it's really known for hoodies or the perception of wearing hoodies. So, was that a strategic choice to go to bow ties to disarm people and you know, or what were you called for sartorial elegance?

Rob Whetstine: 02:18

It was kind of so there's an event at Disney called Dapper Day where everybody dresses up super fancy and goes to the park. So, like my wife wears like a ball gown, and like I wore like a full tux, and she made me a bowtie. And I was like, I kind of like the way I look on it. I have severe social anxiety, and what it did was a lot of people commented on it and talked to me, which made me really, really uncomfortable. And I live by the motto of embrace the uncomfortable. So, like, if I'm if I'm not comfortable, that means that's probably a place I should be going. So, when I got to work the next day, I wore it to work, knew knowing that I was going to get like messed with like all day. And it was really funny because my friends were like, damn it, I want to make fun of you, but you pull it off and it really pisses me off more than anything. So, I started wearing them. My wife started making them for me. I did a lot, lots of talks around Disney, and I got known, I got known as the Bowtie Security Guy. When I when I got laid off, I actually went to a recruiter friend of mine, and I'm like, I'm thinking about going by this moniker. Do you think it's going to cost me jobs? And she's like, not the right jobs, Rob. Like, you're not looking for a place that that would if they would if it would cost you the jobs, probably not a place you're going to want to be, anyways. And I was like, you know what, that's valid. So yeah, that it started as kind of uh just a fashion thing that my wife did that, I thought was kind of cool, and then it blossomed into a way to help my social anxiety and forced me to talk to strangers, and I continued wearing them. And I normally wear them, but my beard's so long, like you can't even tell if I was. So, I don't I don't stress it too much, primarily because they're very hot, you know, if you especially in in Florida, like it can get very hot.

Jess Vachon: 04:04

Yeah, I was going to suggest maybe a bow tie in the in the nice long beard. Well, great. Thank you for explaining that to us. And I love it. I mean, it just “bow tie security guy” just rolls off the tongue, and it's such a great way to remember you and also tie back to your podcast. I want to go back to the beginning. Your bio mentions you started your journey by tinkering with computers you found in the trash. Um that's a really vivid image. Take us back to that time. What were you looking for in those discarded machines? And um, what did you learn by bringing them back to life?

Rob Whetstine: 04:38

Yeah, I mean, I was a poor kid, so like affording a computer was not an option. Affording any real technology was not an option. Like to get my first Nintendo was like a year of mowing lawns before I could pay for it. It's not something my parents really could afford. We were lower middle class. We had enough to survive and we had enough food, but that was pretty much it. There weren’t many luxuries. My birthday being so close to Christmas, Christmas birthdays were relatively common, and you know, it was something you just get used to. But for me, I always loved, especially after the holidays, going dumpster diving and going and grabbing the stuff that people threw away because I would get my new TV that way, I would get my new computers that way. I learned how to solder. I can't tell you how many TVs I fixed with like a 50-cent capacitor, right? Uh, people would throw them away. And back then, they didn't really have a computer or like a geek place you could go to get a computer fixed. Like I would go behind Best Buy or Circuit City, and I will pull brand new laptops out of the trash that just needed the memory reseeded or just needed that, and then I would sell those, and then I would I would buy more stuff, and then I would sell that. And it was just it became a little side hustle. Now a lot of people do it, but in the 90s, like I was one of the only kids in the trash cans, like kind of pulling stuff out. And I've always had that innate curiosity since I was younger to kind of tear things apart, like whatever I got, it wouldn't stay that way, it would be modified at some point, you know. Whether it was a radio I would take apart just to see how it worked, or just tinkering in general was kind of my modus operandi as a child.

Jess Vachon: 06:21

Yeah, tinkering is an interesting aspect. And I think 10-15 years ago, I used to come across people who did more tinkering than I do now. You know, yeah. I want to qualify that when I'm talking in terms of people new to the to the industry. Oh, that is a huge problem. Yeah, I look back and I think of everything that I had in front of me as a kid, and like you, I didn't grow up with a lot. I would take apart lawnmowers. Um I came across a TV, I think my grandfather gave me an old cast-off black and white TV. The first thing I did was take the back off the TV. I don't know why. I guess I wanted to see how it worked inside, but it's always been kind of that same tinkering mentality. Like, I need to know how it works, or if it's broken, can I fix it? And I just carry that through my life. And when I started getting into computers, it was the same thing. I'd find people's cast-offs, see if I could fix it, connect them together, see how I could make a network, and that's how I started learning.

Rob Whetstine: 07:26

So, but there's so much now with young people, they don't tinker, right? They like they're used to ChatGPT giving them an answer or figuring it, but they don't understand how it works or what it does. I opened an entry-level role recently, which is really hard to do in general at a Fortune 500 company. I interviewed 15 people for it, and 10 of them couldn't even answer basic troubleshooting because they've never done it. They've never broken a home lab and had to fix it. They've never played. And a lot of the people that I mentor, and anyone listening, if you need a mentor, like and you're struggling and you're looking to get into cyber or you're trying to move into cyber, reach out to me. I will make time for you. Don't be, you know, surprised if I send you a video because I've already answered the question you're asking. But it there's so much that I tell people, get back to the basics. Like, if you can't troubleshoot and tell me how you did something, that's a serious problem. And it's going to make things a lot more difficult for your job because they'll go into this huge technical explanation, and I'll be like, is it on? Oh, I didn't think about testing that, you know, and that's something that's really wild to me.

Jess Vachon: 08:38

Yeah, absolutely. There was a point in time where I had a full data cabinet in my basement with switches and routers and servers and everything else, and that and I was already out in the industry working, but that's how I was keeping my skills sharp and learning. There's advantages now. I mean, you don't need to invest in all the hardware, you can go to a drive. All virtual or you can go virtual and you can set this stuff up and play around with it and learn. Like you, when I'm working with people who've come to me for mentoring or coaching, I talk to them about these basic skills that you have to learn. You don't have to become an expert at them, but you have to understand how they function, uh how everything's built, because if you're going to secure it, you have to have some knowledge around what it is you're securing and where you need to secure it and how you secure it layers.

Rob Whetstine: 09:31

So, I agree with and how it'll be attacked, right? I mean, that those are so many factors that people don't look at, you know. When you're building like a threat model on something, you know, it's like, how could a bad actor attack whatever you're building or whatever you're doing? You know, what is the worst-case scenario? I feel like a lot of the education that's being taught is just to pass a test and to get them out the door as quickly as possible. But then when they hit the real world and they go into a technical interview, they just they get decimated. And it it's a shame too, because many of them default to lying or faking it till they make it, and they try to kind of skirt around the answer when all I want you to say is, I don't know. Like it's okay to not know something when I ask you a question, you and how you answer something you don't know tells me more about your character than when you answer something you do know. 100 like every time.

Jess Vachon: 10:29

Yeah, and that's an excellent point. With the people I work with, I say look at the experiences that you have had and how they might relate to the work that you're going to do and talk about how you've had those situations, how you gathered information, how you know went through your troubleshooting steps, and then how you came to a resolution and how you propose you would do that in a technical field. If you're new to the field, no one expects you to know everything, but we do expect you to exhibit how you can think critically and overcome obstacles that are in your way because that's what we need you to do.

Rob Whetstine: 11:04

Yeah, I always say know what you don't know instantly, right?

Jess Vachon: 11:08

Like there's nothing to be ashamed about. I'm a CISO, and I will tell you there's a lot of stuff I don't know, and that's why I rely on the expertise of my teams. I can't know it all. Nobody in security or even in IT in general can know everything, it's just there's too much moving too fast, and it constantly changes.

Rob Whetstine: 11:27

This is your most important skill as a new person. Yep. Like, I need some help, right? Like, imposter syndrome is something all of us have dealt with. All of us feel like imposters in in certain cases. I finally conquered my imposter syndrome, and it took 40 years. And I was a guy who, with a high school education, somehow got a job at the largest company in the world at a Fortune 100 running their security, one of their major security programs. I still didn't believe that I was good enough. And I want anyone listening to understand like not feeling adequate is part of the job. And you're always going to feel like you're the person who doesn't know that much coming in because you're not the best person for the job. You're literally you're the best worst person for that job. And what I mean by that is the best person left. You're not going to know the intricacies; you're not going to know all the things that they learned over the last year or two they've been doing the role. You're going to come in and it's a totally new world. Whether the job is something you've done before doesn't matter because each company is completely different than the last company that you worked with, from politics to understanding just where things are, knowing where you can push and where you can't. All of those soft skills and a lot of those emotional intelligence things, those are just gained with experience and wisdom.

Jess Vachon: 12:48

That's such an important part. First of all, what you said that something you said just hit hard and was that the best person just left. I've never thought about it that way. Right. But that's a that is a good way to think about it. It's humbling because it breaks that mindset you have that you might be an imposter, right? No, you're in a completely new area, you're expected to not do everything and to learn.

Rob Whetstine: 13:12

There is a there is a difference between being stupid and that and not knowing something, and that difference is education, right? Learning about it and things of that nature is critical. You if you learn about it and then you still do the same thing, that's stupid. But if you learn about it and you grow from it, that's the difference of not knowing and knowing. It's uh so many people beat themselves up when they don't know something, and it instantly derails interviews. I see it all the time when I'm doing mock interviews with people where like I'll ask a question they don't know, and then they'll just their entire demeanor just they feel so deflated. It's like, no, it's all good that you don't know. The answer to that question of I don't know is I don't know, but I guarantee you after I get off this call, I will know because I'm going to go research it.

Jess Vachon: 13:59

Yeah, and that's that coaching part, right? You've given them the experience in in a safer space. Well, they've learned something about themselves, they've learned that they have to go and adopt another skill that they didn't necessarily have. And hopefully they come back to you, and they go through that mock interview again. And by the time they get the real interview, they have that level of confidence where if they don't know an answer, they know that they know what to say and then how to rebound. And that's it's very familiar to me because it's the same thing I tell the people I work with is know your story, know what you know, be able to make those conversions from your skills you do have to what you're going to be expected to do, but be very clear and open about something that you don't know about, but that you're interested in.

Rob Whetstine: 14:45

Um the interview's job is for you to fail. Like when you interview someone, you are going to push them until they can't answer, and that's the goal because you want to know how somebody responds when they don't know something. Because you can practice answers, you can put a bunch of cheat sheets on your screen of just reminding you of stuff and all those things. I busted multiple people using chat GPT. Like the reality is when you don't know something, that's when I learn about your character and who you are. And that that one question, I remember when I was going through to become the IoT mobile specialist for Disney, the first role ever hired at Disney for IoT and mobile security. They were going to be in charge of all this stuff and building out the whole platform. And the red team was just hammering me. And I was already six hours into interviews for that day. I was completely sick the night before. I hadn't eaten for hours, and they're just hammering me. And I finally got to a point where I go,” Do I need to know this?” And they just started laughing. They're like, “No, we just wanted to see where you would break”. Like, where was that point where you would say, I don't know what you're talking about? And you would just own the fact that you don't know. Because so many people try to try to fake it through because we've been taught and we've been educated that we don't show that we don't know something in other fields. That may be okay. In security, it it's not. It's so critical to know I don't know this and then stop.

Jess Vachon: 16:20

Yeah. So, you touched upon your time at Disney, and you've given us a taste of what it's like to interview there. Brutal. It's brutal, but it's not unusual for certain companies.

Rob Whetstine: 16:30

I've heard about Fortune 100s, it's all of them are that way. Like I've gone through the Google interview, I've gone through the Amazon interview. They're equally as rough.

Jess Vachon: 16:40

I've had those interviews myself where it was eight hours. And I've had, and people don't believe this story, but it's true, three days of eight-hour interviews before. Yeah, there were different areas I had to support, and I had to travel around and interview those different areas. But that's important because if when you reach a certain level of responsibility for an organization; you should expect that they want to vet you thoroughly.

Rob Whetstine: 17:06

Um, and they know they're going to be stuck with you for a little bit. Getting rid of someone at a Fortune 100 is not as easy as Elon Musk pretends it is. Um yeah, you can do it that way, and then you open yourself up to hundreds and hundreds of lawsuits. So, when you're the richest person in the world, it doesn't matter. But when you're a company who really prides themselves on your brand and your image, it does. And it's very difficult to get rid of people like at Disney, it would take me to basically get rid of someone who wasn't doing their job would take me about a year of them not doing their job and me documenting, like having a having a stack of like this that I'm like, hey, I've got this entire book of them not meeting requirements in their job. And they'd be like, that's great, give them one more chance. It's like, okay. Thankfully, my new company is not like that. Like they're like, hey, you've given them multiple chances, it's been 90 days, sorry. And that's and that's how I think it should be because when you keep people around who aren't doing what they're supposed to do, it creates this whole animosity for the entire team. You know, why is why am I doing so much and they're doing so little?

Jess Vachon: 18:18

Have you ever found in any of those circumstances that one, you've been able to help that person change so that they could retain their job? And what did you learn about yourself through that process?

Rob Whetstine: 18:31

One of my favorite success stories, and I don't know if she'll be watching this, I had a leader who'd never really been coached or corrected, and she was very assertive. And she was a female, and most male leaders will refuse to coach a female underneath them because they're afraid of for some asinine reason. And I coached them and explained to them what they were doing, and they had never been given feedback before. And to me, it was really interesting because they instantly went to like my boss, like, is he just going to get rid of me? Is this the end? It's never that way with me. I will actively work to make you successful. I don't want to hire someone else; I don't want to get rid of you. I there's no maliciousness to it. This is just you're not meeting your job requirements that are very detailed out, which as a leader, I have detailed requirements of what success looks like, so you know what it is. I know crazy just. Um, but uh it that they know where they're supposed to be and they're not there. And if I can help them get there, I will. And I've turned multiple people around, but some people just don't want help, they just want to make excuses, or in some cases, I know people have been working second jobs or third jobs, which is a whole problem onto itself with our industry. And people don't realize it. Like a lot of these jobs are going to people who already have jobs, they're just working this job as a secondary job and waiting to get fired from that job, and this is their new primary that they care about. There was a situation recently where the FBI investigated somebody with 13 jobs. They were making, you know, 1.0 million dollars a year as a coder working for multiple companies remote. And a lot of those people, if you go to the overemployed forum on Reddit, will work three, four, five jobs, six jobs because there's no stability in our field anymore. People don't feel like they have a concrete place to land, they don't feel like job stability is there, and rightfully so. Companies are not investing in longevity; they're planning for two to three year exits for every employee. And it's not the right way to think. So, but yeah, I've definitely turned people around and I love that's my favorite is when people actually want to change, and then we see the change and we demonstrate the change and we get them off of the pip and we get them off of the write-up. And that's just a footnote; it's no longer defining them.

Jess Vachon: 21:03

Yeah, there's so many interesting things that you brought forward in that. I asked that question specifically because I learned a lesson at one point in my career uh with a person who I had on a performance plan that I thought was not going to be able to meet the requirements laid out in the plan. But then I became aware that their success for them to succeed, I had to really create an environment for them to succeed. So, I had to do work on myself. And when I did that work on myself, and when I stood in the right place for them in front of HR and in front of the administration of the company I was working for, and said, “This is what we need to change to give them a chance.” When I got that permission and was able to do that, that person succeeded tremendously and became one of the strongest people on the team. It was just it was great. So, I'm like you. I come to the table not wanting to get rid of someone. I want to be successful. We've invested in you. I brought you aboard because I think you're a valuable member of the team. Yeah. And I will do everything I can to set you up for success. But to your point, it's you have to decide you want to succeed. If you've made that decision you don't want to succeed or that you think we're going to push you out the door, then that's on you.

Rob Whetstine: 22:24

And I think that's the mindset of a lot of employees where you've got to build a lot of trust with your employees to know that you're not doing this maliciously, right? I've even coached people after I've laid them off to help them find their next job because I don't think they were bad. They just didn't, they weren't right for the role, and they were put in that role for the wrong reasons, and they weren't set up for success. And like you said, many times people don't know what success looks like because their leader had never defined that success criteria. I always say that I've learned more from my bad leaders than I have for any good leader because I've learned what not to do.

Jess Vachon: 23:07

Yeah, another excellent point, and uh something I coach on as well is to always take notes of what you like and what you don't like about the people that are leading you, because if you're in the position of leadership down the road, then you know what to do and what not to do. So great advice there. I don't know where I stand on people being overemployed. I think a lot of what you had to say is valid. People don't feel like they're ever secure in any one job, or they may not be given the opportunities to give 100% of themselves at the job that the first job that they're employed at. So, they choose to make as much money as they can because they don't know how long their career is going to be.

Rob Whetstine: 23:46

Um it's a weird mindset for me. And I actually really questioned it when I got laid off. Do I want to do that? I have the potential to do it. I have something called short sleeper syndrome. I don't require sleep, I'm up 20 hours a day, and I have been my entire life. So, I could easily work multiple jobs, but could I look myself in the mirror knowing that there are people struggling? I my buddy told me when I got laid off, and I he I talked about how many people I'd mentored, which is like I've probably had conversations with over 400 people now. And he goes, I know this is going to sound messed up, but I feel like you got laid off for a reason. And I feel like it's to help people in this market because there's so many people trying to take advantage of people struggling. It's just nice to have somebody like you who's literally in it just to help people and not trying to like nickel and dime somebody with their program or their resume writing service. Like, I can't tell you how many people reached out and offered help, and then it was helping dollar behind it, you know. That was just so vulturistic. And for me, I just it didn't sit right. So that's why I kept doing it even after I got a job. Like, I I've only been on LinkedIn for like three years. I literally built a LinkedIn because my recruiter was like, Rob, you don't exist. And I'm like, Well, yeah, I'm a professional social engineer and ethical hacker. Why the hell would I have? And he goes, I'm telling you right now, Rob, your resume looks too good and no one's going to believe you're real. And when they try to look you up and you literally have no online presence at all, you're not going to get jobs. And I was like, “You've got to be kidding me”. He's like, no, because of AI resumes, because of nation-state actors, Amazon put out a report where they've already stopped 1,700 nation-state actors from getting jobs. If you're wondering why, you can't get an interview, it's because the nation-state actor took your interview spot. Right. So that's the problem that we're running into. So, I built an online presence very quickly and I hit LinkedIn way too hard. I like with my autism and ADHD; I like went to full autism mode on it. I studied algorithms, I studied and understood how they how to exploit them, how to get them to start seeing my content. My first post went viral. I hit something like a million plus impressions. And then I went from having no presence online to literally having thousands of people connecting with me. And I just kept it rolling. And I grew really, really quickly. And now I continue to do this, and now I'm on a podcast with you. If you asked any of my friends, like if I would ever have a social media presence, they still find it absolutely hilarious that I'm a like people take selfies with me and stuff. They're like, they're like, you were the most anti-social, like social person that uh that I've ever seen. And the fact that you've hit it so hard and you have sponsors and you've continued to grow is just tantamount to you being obsessed about something and just continuing to do it. I love that you completely social engineered LinkedIn and now you basically own it. So, I mean, even if you look at my original post, I used older photos of myself and the original videos that I posted to make it look like I'd been there longer. So, the entire impression of my profile is that I've been there for years, but it's only about three years old.

Jess Vachon: 27:18

Yeah, I think I think LinkedIn is so big now, and our industry is so big now that you can actually be a professional at social engineering and that sort of work and still be on LinkedIn. Now, how much information you put in there and how accurate is a completely different story.

Rob Whetstine: 27:37

Agreed. But it's so critical. Anybody listening, if you're not investing time in LinkedIn, you will not find a job unless you know somebody who knows someone. And I had so many people because I had sent out when I got laid off, I sent out 2,900 messages. Anybody who responded got a personal video message from me just telling them about who I was and my career and kind of what opportunities I was looking for. And I created a bunch of brand advocates that would look out for me. They would be like, hey Rob, there's an opportunity at Amazon. I'd love you to apply. Hey, I'd love you to apply here. I got to interview jobs I had no business interviewing at, you know, VP jobs and like CISO roles. Like, I'm just like the one of the guys who was running the company, a very large restaurant company, was like, Rob, I'm not going to lie to you. I think you could crush this job. But if I hired a guy who was previously a manager functional director at Disney as my CISO for this brand with no education, with no, with a high school education and barely any certificates, like I I'm going to be laughed out of, I would be laughed out of my job. So, I don't know even how you got this interview, but man, I wish I could hire you, but I can't because I have to take a I have to hire a sheer thing. I have to hire somebody who has the pedigree that way if something goes wrong. And I was like, look, I appreciate the honesty and I totally get it. Uh but that was far from the first time I heard that because I applied for jobs, I had no business applying for. Because for me, you want me in a job I know nothing because I'm going to get obsessed. If you hire me for a job I know, I'm going to do it well, but I'm not going to have that same fire, that passion to be the knowledge expert because I don't need to. But like I applied for a role at another large company, and it was like their engagement person with hackers. Like they got to work with hackers and kind of talk them through stuff and kind of de-escalate them. And I was like, what a cool job! Like, that sounds awesome. I'll de-escalate some hackers. Let's do this. So, I applied for it and they were like, I would literally give you any job, Rob, but my career is on the line. Like, I can't hire you for this because you have no experience in it. And I said, But I'll be better than anyone you hire in six months. And I said, and if I'm not, you can fire me. And they go, God, I really want to. But again, like, you know, a lot of times the interview process comes down to a few seconds. You and I spent days interviewing. A perfect example. I spent nine hours interviewing for my Disney role, eight or nine hours for my Disney role for IoT and mobile security. And I asked the hiring manager later why she hired me. And she said it was the way I answered one question. She said, “Why did you know you applied for both the desktop and PC role and the mobile and IoT role? Which one do you want more? “And I said, desktop and PC, I could do in my sleep, and in two years I'm going to be bored and I'll need something more. IoT, I didn't even know what the acronym meant when I applied, and I can't stop researching, and I'm absolutely that 10-second answer is why I got the job over people who were way more qualified, why I got the job over people who were way smarter than me, why I got the job from people who have bachelor's degrees and master's and all these certs. That's the difference. That's why I got the job, because of that 10-second response of saying, I love this and I'm obsessed with it, and I meant it.

Jess Vachon: 31:15

Yeah, see, you just gave a class, a master class, on how to interview and answer questions. No, seriously, you did though. That's what we were talking about this before we started recording. That is how you get the job, that's how you have to be prepared to answer the questions. Know what you know, know what you don't know, be truthful about it, but also show the potential you can bring to the table for work that you might not have done before. There are industries I hadn't worked in before. The first time I worked in in manufacturing, I had never worked in manufacturing before, but I worked in healthcare and I had been a consultant in for education and so my answer was yes, I haven't worked in manufacturing, but I've worked in all these other industries I never worked in before, and I was successful there. Yep. I know I can be successful here. That's the same thing that you basically just said. I have an interest and I can learn, and I give me six months, and I'll show you what I can do. Yeah, a point I want to make there. There's a difference between managers and leaders. Oh, 100%. Because I think you might be able to do this, and I want to see what you can do. And if I'm wrong, 100% own it, and we'll both own it together. Sounds like you've interviewed with both the people we would call bosses and the people we would call leaders.

Rob Whetstine: 32:40

The person who took a chance on me, I told her, I said, Look, I will do this. You gave me a chance. I mean, it fundamentally changed my life, and it changed the entire direction of my life. And I told her, I said, I will continue to pay it forward as long as I can breathe. I will continue to mentor, and I will continue to help people. And like I'll send her a message like every year or two, and I'll be like, hey, just wanted to show you what I'm doing. And all of this was kind of because you took a chance on me. And she's very much a neurodiverse person like I am. So, there's no real emotions to it. It's just, oh, that's awesome. And I find that just so you know interesting. One of the most important skills I try to tell people, especially because our field of technology and cyber is so technical driven, it attracts a certain personality type, which is normally someone who is neurodiverse and someone who is going to obsess about those little details. The problem is that majority of those people can't interview. They can be the smartest person in the room, but they cannot answer a damn question if their life depended on it. Have them solve and solution something, put a whiteboard in front of them, they will crush it. There's a quote that's normally attributed to Einstein, which is wrongfully attributed, which is a fish will spend its entire life feeling it's stupid if you teach it to climb a tree. So, we put these neurodiverse people into a room and then we attack them like we do a neurotypical person, and it is an attack, right? If you hit me with a bunch of questions, I will fail. So, I think companies need to really take a bead and like really create an environment that's healthy and help, helpful. Uh, one of my favorite interviews was at Hacker One, and they asked me in advance, is there anything that we can do? Like kind of, you know, are there any disabilities or anything that would help you with the interview process? And they even offered to give me the questions in advance. And that to me was so novel, but it's that's the difference between making someone who is not neurotypical feel comfortable and allow them to thrive in an environment that's supporting them. And there's some great companies out there, Huntress is another one that does great with their enablement for people who are struggling to give them the best opportunity for success in the interview. But many people don't know how to interview. They just ask a bunch of questions, and they expect somebody to be able to answer those. But many of the people you're interviewing, and anyone listening to this, if you're a hiring manager, the people you're interviewing are literally losing their homes. They're there, I've had people who've taken calls from shelters, they're struggling. And it's like asking somebody who's bleeding out to diagnose themselves. Like, tell me, tell me about your problem. Well, I have a gushing hole in my lung, and I probably I would like to stop that. And that's what the mind of the unemployed is like. I I've done a video on it on my social media, is like you have to understand if somebody's been laid off for several months, their money is running out. Us in technology, we never thought we would have to chase jobs this hard. So, like, if your interview process is like yours, three days or like Disney's eight hours, stop. If you can't decide on somebody in two interviews, you have no business interviewing. Period. I it just drives me crazy because we waste so many cycles and we put these people through so much, and then we can't give them feedback. We're not allowed to talk about the things that they did wrong. HR is so afraid of lawsuits. I give feedback on the call. This is why you're not moving forward. I want to explain to you. I thank you for you know coming. Here's some things I recommend you do in the future. Please feel free to reach out to me. I am happy to work with you. I'm happy to help you interview better. Here's some of the skills that I think you could work on. Out of all the times I've offered that, which is literally now hundreds in my career for hiring for being a hiring manager, two people have ever taken me up on it. And one of those I hired later.

Jess Vachon: 36:53

Yeah, and that’s part of the beauty of mentoring and helping others, is even if you can't give them a position right now, you've established that relationship. And should they be available down the road? And you need that particular skill set or that person with that skill set, then they're available. You made me think so much while you were talking about, you know, we put so much pressure on the person that's interviewing and saying, you need to be trained to this level, but we never look at the person who's the hiring manager and say, are you trained appropriately to hire or to lead? And in I will just speak about the United States right now because that's where I live and what I know. In the United States, there's this mentality that we shouldn't have any feelings, we shouldn't be concerned about the person we're interviewing, And our teams that we have, that it's all about the business. That's not true. There's a reason that research has shown that we need to know about the difference between neurotypical and neurodivergent. And yeah, my schools teach in multiple different ways so that students can learn because we don't all come off an assembly line exactly alike. We're all different. That doesn't make that's not weaknesses that we're talking about. Everyone, that diversity is a power. That person who's neurodivergent who wants to obsess about something might end up being one of your best engineers that you have on your team because they want to know everything there is to know about the particular function, oh, yeah, area of expertise. And I'll tell you what, if you let them do their work and you support them doing their work, they are going to be the best person you've ever had working on your team. 100%. Ask me how I know this, I'll tell you because I've worked with tons of people that tell me that they're neurodivergent, and I've brought them from job to job to job with me because they are excellent.

Rob Whetstine: 38:48

They are and they can do anything but interview.

Jess Vachon: 38:56

That's the least important skill.

Rob Whetstine: 38:59

It is interviewing. Yeah, yeah, yeah. But you but it a lot of the judgment that we pass on people during interviewing now is very much superficial, right? I'm very good at pretending to be an extrovert. I'm very good at expressing myself because I literally spent a decade working on these skills because I knew it was going to be the differentiator between me getting a job and somebody more qualified. I've always looked at myself as the underdog, even now, having Fortune 100, Fortune 500 experience, being an executive at a Fortune 500 company, something less than 5% of the population does. I still look at myself as an underdog. So, you've got to have that kind of fight mentality in you, but you've got to also work on your weaknesses, and you have to accept your weaknesses. And I've had mentees that are just like, well, I'm not going to adapt. And I'm like, that's cool, you're just not going to find work. Like, I get it. Start your own company because that's going to be your only option. That's you know, that's the Zuckerberg’s, right? Mark was not somebody you would hire because Mark's very odd and he talks, and when he was a kid, he was probably very difficult to work with and very difficult. But Steve Jobs learned very early on if you try to make people leaders who have been career leaders, you're going to have failure because they don't understand what the job is, they don't understand the nuances, they don't get it. And when you promote people who've never wanted to be leaders into a leadership role, those are your best leaders because they're going to do it because it's the right thing to do. And I was hiring for a leadership role recently, and uh it was about a year or so now, and the answer that they gave on the interview of I asked why they wanted the leadership role, and they said, I don't, but we deserve consistency, we deserve a leader who cares, and I believe I can bring that. And I was like, damn, like I was just like, I was floored. I was like, “Well, okay, like I have no choice but to hire you because that was the best answer I've ever heard”. Because it came with compassion, it came with honesty. I hire servant leaders. I if you're if you have an ego or if you think you're the reason your team is successful, you're highly mistaken. Um, I enable my team for success. I support them, I have conversations with them, I talk them through their struggles, both personal and professionally, because that personal side I think a lot of leaders miss out on because they don't spend the time. And then when their top performer starts not behaving, they're just like, oh, we're going to write them up. My first conversation is everything okay? I don't give a damn about the job. You're a human, and I care about you and your success. And if you hate your job or you don't want to be here, like my job is to make you successful. Like, tell me what's wrong, and I'm happy to talk you through it.

Jess Vachon: 41:59

Yeah, absolutely. And I if you're not asking the members of your team on a, if not a daily basis, but a weekly basis, how are things going? And you're really invested in that honest answer that they give you, then then you're I don't know why you're in a leadership position because you know, I think the point you're making is people are not assets, people are people. We're all here working because that's part of what we do. It's our need to feel fulfilled, is to contribute and to gather and to build great things. But that person has a life outside of work, and that is important to them, and it should be important to you because every decision you make as a leader affects that person, it affects their family, it affects their life, and it may affect generations to come. And I'm not exaggerating, that's not verbally. It's not. I there was a time where I was on the local school board and I would talk to the teachers and I said, it’s important for you to hear me say this when you struggle in your classroom and you wonder if you're making a difference, you are making a difference. Even if you hit 10% of the students in your class and you make it a difference with those 10%, they will go out and they will probably have a family at some point and they will have kids, and what they learn from you is going to influence how they raise their kids. And that influence is going to go to their kids. So, you influence generations, you make a difference. For anyone listening to this who's any sort of leader, you have to be thinking about the impact you're having outside of the organization you're supporting. These are real people with real lives that we affect. They trust us to lead them and to take care of them, and we owe them that. It's more than it's more than just at the end of the day, did you accomplish the goal for the organization? It has to be win-win for everybody involved in the goal.

Rob Whetstine: 43:58

Yeah, and I think that's so cool. Critical is we get so hyper focused on the goals and things that we lose sight of the people. And if you just support the people, the goals are easy. Like it's I've never had I my boss recently asked me because we're going through some changes. She's like, what do you want to do? And I said, like, honestly, give me your worst performing team that nobody wants to work with, and I'll prove to you it's not the team, it's the leader. Like I said, that's what I love, right? Because when I joined the team, I have now, one of my employees was like, “Hey, I'm going on vacation. Don't worry, I'll have my laptop, I'll have my phone with me.” And I was like, “whoa, whoa, whoa, whoa, whoa, whoa, whoa, whoa, what?” And they're like, “Yeah, I'll have my laptop and phone”. And I was like, “No, you won't. Like, you're leaving, you're on vacation. We don't have on call for your vacation. Like, go enjoy yourself”. “Well, what if you need me?” Then that's my failure. Because I have not properly staffed or I have not properly educated myself to do your job in your absence. And I think it was something that took a lot of people, you know, time to adjust to. I had another person who joined my team who hadn't taken a vacation in two years. And I said, “Hey, you've got, you know, almost two months of banked vacation time. I'll see you in two months”. And they're like, “Well, am I fired? “And I was like, “No, you need a vacation. You're burned out and you don't realize it. You stepped over your 100% months ago”. You’re 100% is dead. It's been dead for like a year. You think you're giving 100, but you're not because you physically cannot work this much and never take a break. And they were very reluctant because work is life. A lot of men and women too, their identity is their job, their identity is their career. And that is a toxic way to think. So that person called me two weeks into their vacation, and they're like, I had no idea I was so stressed. I had no idea that I was carrying so much weight. I had no idea that that it was that this bad. Like, period, right? Like, if you don't stop swimming for a moment, you don't realize that you're drowning. But the reality is you are. And so many people, myself included, I don't do it anymore, but man, did I. I left a job at Disney. I got hired into an operation role. I was running like nine or so security teams and application teams and operation teams. And I had a bunch of different vendors that were reporting to me of 40 or 50 plus people. And it was absolute craziness every single day. And when I left that role, we met with a recruiter, and they explained what Rob did. And she looks at him and goes, “Okay, so you want a unicorn. You want somebody who can do all the technical, who can lead major incident bridges, who can vendor manage, project manage and do all this. You don't need one person, you need three”. And that's when I realized I had made a fatal flaw. My underdog imposter syndrome had driven me to accept everything and to sacrifice everything for my job. I was on bridge calls while my wife was in labor because my boss was like, I need you on this call because nobody else can do what you do. And I'm like, I did this to myself. So many people blame their leaders for their overwork. No one can make you overwork. Like you can fear your job, and they can try to fire you because you're not working 60, 70 hours a week. And I know many leaders who think that that's not a in if your salary, your job is just to be there always. I don't. I pay you for 40, 45 hours. And if I'm consistently working you over that, I'm failing you as a leader. Period. But it's so many people don't think that way. I remember being in a in a meeting room with a bunch of other executives at a at Disney, and one of the other leaders getting upset with me because my team is could just do more. They could put more time in. And I said, hang on. Well, let's unpack that a little. Have I missed any deadlines or any engineering projects? Well, no. Cool. That's all I wanted to say. That doesn't matter. You're your team could put in more and they could do more. My team's putting in 60, 70 hours. And I said, that is your failure as a leader? That is not their fault. If you are taking on too much and you're not asking for the help, you need to talk to that lady right there. And I pointed to the SVP. And I said, and it's her failure if she doesn't help you. And she looked over at the room and she goes, “No, I mean, I agree with Rob”. I didn't realize that was a problem. I didn't know this was an issue. And what had happened was their team was going to HR saying that Rob's team's not working for you know 60, 70 hours a week and that it's unfair. And they blamed me because I wasn't working my people to death. And I thought it was such a humorous thing because people don't realize there are, like you said, there's people behind that. And if you're working your people 60, 70 hours a week, unless there's some crazy deadline, and then after that, you should be giving them some time off to recoup. But if there's a crazy deadline, fine. In securities, sometimes you work multiple days in a row, especially if you're in like an incident response role. Those are roles that you signed up for. But so many roles I see that are not ones that need to be on fire are on fire. And I've when I did major incident bridges for a while. And the first question I would have, everybody'd be freaking out, and I would join a call and I go, “Is anyone dying?” And the call would go silent for a moment. And I go, again, “is anyone dying?” And then someone would be like, “No”. And I said, “Cool. Now that we've established this isn't life or death, let's breathe for a moment”. Like, yes, we're down. Yes, it sucks. Yes, we're losing money by the second. Freaking out about it is not going to get us solved. It's not going to fix the problem immediately. So, let's figure out what would fix the problem. And then I start calling on individuals. Hey, where are we at with this? Where are we at with this? And I orchestrated it. I love those calls because I thrive in chaos. As somebody with ADHD, like chaos to me is like everything slows down, everything becomes a delicate symphony. And I get to navigate through it just really willy-nilly, like just la la. And it's lovely for me. While others are panicking because the room's on fire, I'm there going, everything's good. Let's talk through this. And I'm able to get to the problem much quicker. But that mentality of always on, always on fire when something is broken is what's very toxic. And that's what this entire field of cybersecurity fosters. We reward arsonists, and we don't reward firefighters who are, you know, doing the battle. Like if you're the one who created the problem, that's all good. Congratulations, you got that product over the finish line quickly, and you're the best. But the people who then have to put out the fire because you put your code into production without scanning it or doing the appropriate things to protect it, and now we've been compromised, they're just they're forgotten about. They've now had to do a 22-hour workday to fix your breach, but nobody cares about them because you got that product over the finish line, right? And uh we lose so much sight of that, and it's very fascinating to me.

Jess Vachon: 52:04

So much there, so much there. This has been amazing. I didn't even get to any of the questions I had, but I didn't have to because you covered so many of the things that I think are important that tie right into the core of why I started Vigilant Violet and why I started this podcast, Voices of the Vigilant, because these things need to be heard. And I want the people who are the rebels out there to have their voices heard so that we can create change, not just in information security, but in industry as a whole and in the US, we need to start changing the tone. It wasn't always like this. For people who are newer to working careers, you know, if you're in your 20s or 30s, it was not always like this. There was a time when companies took care of their employees and employees in return gave everything they could to the companies, not in excess, but in equal value and equal measure. So, this everything you had to say today was great. I really appreciate it. Before we close up, where can people find you and what are you going to be up to in say the next six months?

Rob Whetstine: 53:06

Yeah, so bowtie securityguy.com will take you to my podcast. And then just search hashtag bowtie security guy. You can find my LinkedIn, or you can find me on YouTube under Bowtie SecurityGuy. I share a ton of videos there. I also share content on Instagram and Facebook if that's where you follow. My next talk is going to be at the Zero Trust event for ThreatLocker. So, I'll be doing a talk on building an effective anti-phishing program and building all that out and kind of talking about kind of what I did and what's effective and what's not. But yeah, and pleased, the podcast is for anyone. It's really just talking about professionals so you can learn about the jobs and learn about the sacrifice and kind of understand what you're getting into. The schools create a very false perception of what the cyber market is. When they say that there are millions of jobs in cyber, they forget a very important thing, which is those jobs are not funded. They send out a survey every single year and they ask companies such as mine and such as yours, Jess, they say, “Do you have the right amount of people for your job? Or basically, could you use more people to do what you do?” And the answer is always yes; I could use at least three more headcount to get this done or to do this. And then they go back, and the colleges say, “This is a shortage in cyber, and we don't have enough people”. But the reality is it's a shortage in jobs that don't have funding. So, they're never going to actually come to fruition. So, a lot of what I do on my channel and my content is educating those who are coming up, those who are looking to get into cyber about what the reality is. Your social skills and your networking is what's going to find you a job, period. You're not going to find an opportunity for an entry-level job without that. You're not going to just cold apply for an entry-level job at Jesser Mai's company, and then we're going to magically interview you. A great example, a buddy of mine works for a major startup. They opened up an entry-level role. In 24 hours, they got 2,100 applications. They interviewed 10 or 15 people. Another company, another major player in the cyber field, they opened up an internship. 1,700 applications in the first 24 hours, 3,000 in the first 72. You know who gets interviews? People they know, people their friends know, and people who are referrals. Like, and that's it, it sucks, right? It's not fair because it's putting a social stigma on you and it's putting more work on you as an individual to work on your soft skills. But that's going to be the difference between getting a job and not getting a job is simply who you know. And we're going back to the time in the 90s where it's not what you know, it's who you know. And it's unfortunate, but AI has not perpetuated the issue. AI has just put a spotlight on the issue that's always been there.

Jess Vachon: 56:17

Perfect. Perfect way to end it. Thank you so much. To our listeners, thank you as always for joining us today. Until next time. Bye.

Want to get notified when new episodes are released?

Click the button below to subscribe: