It’s Just Plain Cyber: Information Security, Cyber Security, and Risk Management

It’s Just Plain Cyber: Information Security, Cyber Security, and Risk Management

It’s Just Plain Cyber discusses on various topics related to information security, cyber security, and risk management. Key points include:

    • Information Security vs. Cyber Security: Terry begins by differentiating between information security and cyber security. Information security involves protecting personal and company data, including sensitive information like bank details, while cyber security focuses on safeguarding internet access and protecting against online threats, such as malware and phishing.
    • Careers in the Security Field: The conversation then shifts to discussing the various career opportunities within the security industry. They emphasise that it’s not just about technical roles but also includes roles related to risk management, compliance, and auditing.
    • GRC (Governance, Risk, and Compliance): GRC involves setting policies and standards to ensure that data is secure and compliant with regulations like ISO 27001.
    • Third-Party Risk Management: The discussion touches upon the importance of managing third-party risk, especially in the context of supply chains. They highlight the need for companies to assess the security measures of the third-party organisations they work with to prevent data breaches.
    • MGM Casino Data Breach: The conversation brings up the recent data breach at the MGM casino. Steve shares his perspective on how the breach occurred due to stolen credentials and how it could have been preventable through security training and awareness.
    • Phishing and User Awareness: They talk about the increasing sophistication of phishing attacks and the challenges faced by employees in recognising them. The importance of user awareness and training is emphasised.
    • Balancing Security and Usability: It’s just plain cyber underscores the need to strike a balance between strong security measures and user-friendliness, especially for companies with non-technical employees.

About Terry & Steve

Terry German, Group Head of Information Security at Mawdsleys

Let me tell you a little about myself. Now I’m not going to copy and paste my CV/Resume as I wouldn’t want you to fall asleep even before you hear the podcast.

I started my passion of Cyber/Information Security whilst working in I.T which I started way back in 1994. Bored and fed-up of working 24/7, not weekends off and being on-call, I had a young family at the time and not seeing them a lot made me feel really low. I was given the opportunity to move into the security team at the company I worked at in 2000. From there my love of security grew and grew along with my career and of course my knowledge. All this has put me in the great position I’m today as the Group Head of Information Security at my current company.

What about outside of security Terry? Well, its hard to not thinking about security in our everyday life but I try my best. I have the same love for security as I do for my football team Liverpool Football Club. I’m season ticket holder and go to most of the home games I can get to, which is sometimes hard when you have a loving family to take care of. I play a lot of golf and enjoy leaving the real world and playing on my Xbox, yes, even adult play computer games.

Steve Arnold, Senior Consultant at Via Resource

Steve joined Via Resource two years ago, having spent the previous 4 years working solely in the Information/Cyber Security sector recruiting roles such as Information Security Manager, Security Architect, Security Engineers and Security Analysts.

Steve now solely focuses on GRC positions for Via Resource and has experience managing the end-to-end recruitment process for organisations nationwide with roles covering all facets of Governance, Risk & Compliance both contract and permanent.

As well as this Steve gained a National Diploma Level 2 and NVQ Level 3 in Recruitment and is CertRP certified.

Transcript:

Terry     00:04

Good morning, good afternoon, good evening, and welcome to. It’s just plain cyber. Welcome to episode two, and I hope you’ll enjoy this episode as we have joined the last few episodes or the last episode. Sorry in the future ones. But before we get started, let’s do the little disclaimer. So protect ourselves. So our my views and Steve’s views during this episode or any future episodes are our views entirely and has no relation or connection to our current company or our past companies. So. That’s that out of the way. Steve, I get all the difficult job formalities out of the way. Yeah, I’ll have to change that around. So it’s so it’s different. Um, so let’s start this one. So what are we going to talk about in this episode?

 

Terry     00:52

Steve, can you can you remember what we said we were going to talk about?

 

Steve     00:55

Yeah, I think we’ll so the first one if anybody’s checked out, we just did a slight brief introduction in terms of what the format will be this week. This month, um, will be a bit of a roundup of what we’ve been doing from our personal lives. Um, because we also do want to connect with people on a personal level. Be good to hear what other people get up to in their personal lives. We’re going to we’re going to look at the differences between information security and cyber security, which I think is always a big misconception. Um, then we’re going to look at some hot topics, um, some recent news. There’s a there’s a.

 

 

Steve     01:32

Relatively big issue with one of the slightly larger casinos in Vegas we’re going to touch on. And then. Shall we say? And then, um, yeah, just a couple of other bits as well. But, um, yeah, I think, yeah, mainly it’s, uh, it’s kind of we’ll just ease everybody in.

 

 

Terry     01:48

Yeah. It’s like teaching people to swim. I’m not going to put them in the deep end yet. We’ll just let them know. Well, please don’t paddle around.

 

Steve     01:56

Don’t do it to me either.

 

Terry     01:57

No, no. Okay then. So I’ll make a start on this.

 

Steve     02:01

So how Terry, how is your week been?

 

Terry     02:04

Oh my week weeks. Should I say it’s been busy at work. Which is. Which is good. Um, I went to I think it was last, last Thursday. I think it was the 19th. I went to an e-crime conference in London.

 

Terry     02:16

Um, it’s the mid the mid year one, even though it’s towards the end of the year. Um, and it’s all different cyber security, information security, people with all the expert knowledge talking about different topics such as cloud security and jobs in, in, in the industry, um, people, the companies, how they’ve dealt with different cyber attacks and things like that. And there’s also little education sessions where you can go and do little workshops. That was really interesting. So I went down on the Wednesday. Wednesday night came back on the Friday morning. Full day on the Thursday.

 

 

Terry     02:52

But that was good. What else did I do? Oh yes I had a we had a Peaky Blinders theme night at our golf club on Saturday.

Steve     03:00 Nice.

Terry     03:01

Yes, it was good and I well not going to get we’re not going to brag about it but I won best dressed male.

 

Steve     03:08 Oh, here we go.

Terry     03:08

Yeah, I went as Alfie Solomons. Alfie Solomons and I had to try and grow some kind of a stubbly beard to make me look a little bit more like him.

 

Steve     03:18

I’ll lend you some if you want, mate.

 

Terry     03:19

No, I think after a week I got a little bit of stubble, but it was. But it was all right. Um, didn’t play any golf this weekend. Which is. Which is a pity, because it was a partners weekend, as I call it, you know, giving all your time to your partner. Well, that was it. Um, kids still playing in the backside, but we got to carry on.

 

Terry     03:39

We got to we got to carry on and enjoy our world in this. Slightly colder as it gets colder now. What about yourself, Steve? Did you anything interesting?

 

Steve     03:48

Probably not quite as interesting as dressing up as Miss Solomons from Peaky Blinders. Um, from my side. Uh, I mean, in my personal life, I’m. I’m a big fan of mixed martial arts, so I’ve been looking forward to. There was a big UFC event this weekend which was in Abu Dhabi. Normally I have to get up at 3:00 in the morning to watch the ones that are over in Vegas, but because Abu Dhabi are the other side of the world, it was, um, a nice change actually, because it started at 5:00. I am also an Arsenal fan for my sins football.

 

 

Terry     04:20

Um, oh, last correction there. That bit. Maybe we’ll have to edit that part out of the podcast.

 

Steve     04:25

Oh, I thought you were being serious. Um, yeah. No, um, the less said about that, the better, albeit we’ll take a draw and then, um. Yeah, I know, but I also do like rugby. So I did catch the last half an hour of the rugby on Saturday after the, um, after UFC and then, uh, Friday night it was my eldest niece’s 19th birthday. So I went out for a nice family meal with her. And Sunday I cooked a nice roast dinner for my lovely fiance.

 

Steve     04:53

So a bit of a best of both worlds, I think. Really.

 

Terry     04:57

But yeah, that’s a that’s a that’s a question there. And the more you cook for family on larger family is do you feel a Sunday roast is roughly the same as a Christmas dinner? Just more people?

 

Steve     05:13

100%, honestly. Well, I’m not sure what angle you’re coming from on that yet, but I, I don’t know why people over. Get over, over egg cooking, Christmas dinner. It’s literally the exact same thing. You’re just cooking. More like it really is. It’s really.

 

 

Steve     05:30

I cook a roast dinner every weekend without fail for my fiance, and cooking a Christmas dinner is no different at all. It’s just more people that like, I don’t know why people make a big deal out of it, to be honest.

 

Terry     05:43

Yeah, well that’ll be, that’ll be. We’ll save them Christmas topics for the next.

 

Steve     05:49 Yeah. We’ll do.

Terry     05:50

Yeah 100%. It’s a little bit early at the moment so.

 

Steve     05:54

Oh do you know what last night. So I also play for a pool team. And last night it’s a Tuesday today for those depending on what they listening. I play for a pool team on a Monday and not only well they’ve got their Halloween decorations up already, which is fair enough. But they started putting their Christmas decorations up last night. I’m not sure how I feel about that. We’re we’re still in October now.

 

Terry     06:16

I think last year, last year I lost the bet with my stepdaughter. I said if she because she was a university, I said, if you don’t come here the first weekend in November, we’re not putting the Christmas decorations up until the 10th of December. And she got here for the first weekend in November. So we had the Christmas decorations up the first week in November last year. So I wasn’t happy about that. But anyway, that’s all the boring life stuff. Let’s let’s get let’s get on to what we’re going to talk about today.

 

 

Terry     06:43

So, um, let’s talk about, uh, information security. Cyber security first.

 

Steve     06:50 Yeah, sure.

Terry     06:50

So I’ll give you my brief view and you can come from it from a from a career agency’s point of view. Yeah. Now. People who aren’t in the business of information security or cyber security can see the both exactly the same. But we could also sit here and says it says exactly what it does on the tin. Um, information security is protecting the company or your personal data. So my bank details my children’s names, my gender, my religion.

 

Terry     07:32

Um, if I have any special needs, that’s all information. So that’s all information that we need to keep protected. So, um, your your your wife’s details, your kids details, all personal data. When they’re linked together, they link to to our person. So that’s in brief, what information security is. And that’s also around data protection and things like that. So in a business you will hear information security more than you will hear cyber security.

 

Terry     08:04

Now cyber security. Is. What we all deal with in day in and day out the internet. We can’t get away from the internet. You can’t get away from your phones. So cyber security is protecting. Protecting of your internet access.

 

Terry     08:21

So your your again you could look at it going to your bank details, but it’s protecting you from losing that ability to go to your bank or clicking on an email you shouldn’t be clicking on. And all these all these silly links you have in an email and making sure you you are protected to do that. That’s why you when you see companies doing cyber awareness training, that’s some company. The company I work for do it in two ways. So you have your cyber training and you have your information security or your data protection. And it’s making sure that when you get an email, you look at it, you you assess the email, you make sure it’s great. And if it’s if it’s not, then you move away.

 

 

Terry     09:03

And this also goes and then this and this is where in the, in the, in the radio term this is a good Segway. Is, is that the right way. We’re using it Steve. Segway. Yeah.

 

Steve     09:11

We’ll go with that 100%.

 

Terry     09:13

This is a good Segway is as well as um, you personally protecting your data and protecting your company’s data, by which it’s also on the career side. Now, there is loads of careers in the security world, if we call it the security world as a whole. There’s loads of careers. It’s not just as we briefly mentioned in the first episode, it’s not just your kids that hang around in the basement doing all the funky stuff with their code. It’s your it’s your analysts, your, your business security people. So if I go over to you, Steve, and what do you see from a, from a recruitment agency of the different roles within the two areas or security as a whole?

 

 

 

Steve     09:57

Well, I’ve got a couple of quick questions for you, if you don’t mind, just off the back of what you were asking there, just in terms of going back, which is obviously going to make things a little bit clearer. If we take two, I’ll pull two roles out of thin air here now. So if you take a security engineer, that’s gonna be hands on with firewalls, VPNs, malware, things like that, would you class that as cyber security or information security?

 

Terry     10:24

And well, in the business, it’ll be called information security. So that person will be part of the information security team.

 

 

Steve     10:30 Yeah.

Terry     10:30

And they will be looking at the firewalls protecting of the business.

 

Steve     10:35 Yeah.

Terry     10:35

So they, they, they will be seeing. So if I’m employing as group head of information security, someone in the department, I’ll be employing them as an engineer and analyst.

 

Steve     10:47 Yeah.

Terry     10:47

And their job is to analyse our current environment and make sure it’s fine. When it comes to the cyber side, you’re looking at people that may be in between it and information security. And cyber is you. You could you could say as it’s, it’s the new funky word for for the security outside of your business. Yeah, that’s what I see. So from what you’re saying, that person would be in information security, but he could also be seen as someone who works in the cyber, which is just the internet.

 

Steve     11:27

And the other role I had in mind, just a little bit of clarity, because again, there are are 70 different facets to the information or cybersecurity world, which again, we’ll touch on in a minute. Penetration testers. Now, they could be internal or external. They could be working for you via an external source or you can I mean, the larger companies sometimes have internal penetration testers. Would you consider them information security or cybersecurity?

 

Terry     11:51

They’re definitely not. Well, when I say they’re definitely not, they’re not information security because penetration test, you could put them if you were creating a cyber team, then your penetration testers or your auditors or people like that, they would most probably fall into that team. And majority of companies have outsourced penetration testers because you don’t want that phrase of marking your own homework.

 

Steve     12:18 Yeah, there is that.

Terry     12:21

There’s that part. So. As in my position, I wouldn’t employ someone to be a pen tester. I would do that completely outside of it.

 

 

Steve     12:33

It does tend to only be the really large companies have internal because they’ll have so many different probably offices and hubs or external companies they work with that they’ll probably be working with there. But, yeah, going back to your I’ve totally gone off topic from what you initially asked me. So what was your question initially to me in terms of from a career perspective? Sorry?

 

 

Terry     12:55

What roles, what different types of roles do you see in the GRC world? Now, you’re going to explain what GRC is, because I’ve said that to my missus and she said, what does that mean? I told it’s government risk and control, so you can elaborate. I like using these big words, elaborate on your GRC recruitment, because that’s another area of security, and that’s information security, not cyber.

 

 

Steve     13:20

Yeah, for sure. It’s always one of those conversations I have with people. I’m kind of reticent to use the word nontechnical, because there are technical abilities and you do need an underlying knowledge of the technical infrastructure, but it tends to be a lot more policy based. If you look at Hadn’t. For example, a lot of the well, most UK companies are aligned to a framework called ISO 27,001, which, depending on the level of people that are listening to this, it’s basically a policy, is basically people’s data secure, making sure the framework yeah, but it kind of covers the entire company. So there’s obviously a risk register involved, there are controls involved, but they will also talk to the more technical guys, the engineers, the analysts, things like that. It’s kind of an overarching, high level, enterprise level framework, which helps should do, at least in theory, keep the company secure.

 

 

 

Steve     14:22

That’s kind of the area that I work in. Prior to that, I worked in architecture. And again, architecture is kind of almost a sidestep to it because, again, they have the high level and low level.

 

Terry     14:34

When I went in, I worked for a company four or five years ago, maybe a little bit longer than that, a company called CGI. And they’re not graphics, they’re not a graphic designing company. They’re a consultancy generated images. Yeah, and I worked them for a few years and the first consultancy role I got with them was working as a security architect. And nice and it was way over my head. It was so deep and technical that I found it really hard. You had to do it anyway.

 

Terry     15:11

It’s part of the consultancy. But I found that part of security, so you could even say security then. Security covers information, security and cybersecurity, it’s all security, so so I’m kind of just completely just written off what I’ve just said in the front then, haven’t I, in the first two?

 

Steve     15:32

So going back to what we were saying. I’ve lost what I was saying. Yeah. Obviously ISO, if we construct on UK firms, obviously ISO is the new one. There was a new update of it introduced in 2022. I think the previous one to that was 2013, I think it’s kind of been a long time for an update. Yeah.

 

Steve     15:57

Really, there’s not a huge amount of difference between the two from what understand, other than it’s just moving with the times a little bit. There’s some more controls and stuff like that. Then obviously companies, if they’ve got more overseas, particularly America, they might align to things like NIST. The difference between NIST and ISO, other than the controls and things involved, is a company can get ISO certified. You don’t get NIST certified. I don’t want to use the word tick box. It’s not a tick box, because if anything, it’s more in depth than ISO.

 

Steve     16:28

But the company I work for is ISO certified. You can’t get NIST certified, but either way, there are other countries around the world that will align to different frameworks. And then if you want to go down the mod route, you’ve got Hmvspf and there’s loads and loads of things. And I’ve worked with aviation companies that have. CAA Caf. There’s so many different frameworks, but the main one in the UK for sure is ISO 27,001, which, again, if we go back to where we started in terms of the careers, you’ll often find particularly through the GRC market, whether it’s people that are coming out of university or people that are coming from another area of technology that want to move into GRC, they’ll probably start looking at things like ISO 27,001 Lead Auditor or Lead Implementer Certification, things like that. Gives you a good idea of how infrastructures work, the way to look into them.

 

 

 

Steve     17:22

What are you looking for? There’s a phrase that’s used all the time in information security, and it’s what looks good that’s been able to look at a dashboard or a risk register and say, look, the information we’re receiving from these guys, is this is this what we should be seeing? And is it not what looks good from the company looking at the risk appetite for the company? Because, again, that changes as well, and you’ll be able to probably talk about that bit more than I will. A company’s risk appetite will probably change. What needs to be done in terms of an audit and implementation. The changes that things happen with the company.

 

 

 

Steve     18:00

Maybe that’s something you could touch on in terms of risk, appetite, things like that. Because, again, that could be. Compared to a real world scenario as well.

 

Terry     18:07

Yeah, we could, and I could, but I’d be taking up another 35, 40 minutes. And we don’t want people to fall asleep yet. We want people to get a flavour of security or information cybersecurity or security as a whole before we go into deeper and based on what people feel or give us feedback. And we can go deeper into things like that, because you just brought up another thing which, okay, it’s along with careers, but it may be another topic we can talk about later, is about the different kinds of qualifications you get within security. Yeah, you talked about the auditor and all that. That could be something we can look about.

 

 

 

Steve     18:48

But two very different certifications as well.

 

Terry     18:52

The auditor and implementer are very but that gives people a little flavour of the differences, but depending on who you speak to and again, this is just mine and Steve’s view. It’s not the official law bible of what is right or wrong, it’s just mine and Steve’s view.

 

 

Steve     19:09

I’m certainly not an expert.

 

Terry     19:11

No, we don’t want to be an expert. I like trying to find things out and working through mistakes and things like that. So, next topic, risk management and third party risk.

 

Steve     19:22

Yes. Now, big thing in a minute.

 

Terry     19:26

So if we were to ask the world what is a risk and what is a third party risk, I think people would know what a risk is. And again, without going into too much detail, people know what a risk, but maybe not familiar what a third party risk is. I don’t know if you want to kick off this one, Steve.

 

Steve     19:51

It? Yeah. I mean, this is something I mentioned to yourself in terms of this seems to be a hot topic in information security at the moment. A lot of people looking at their supply chain and third party risk management. Again, it comes through. There’s a lot of companies, okay, so I deal with a lot of companies who then deal with other companies that are either supplying them things or you’re supplying them things. And there’s a transaction between the two whereby there has to be a risk analysis in terms of who’s keeping the data that you are sharing with each other secure.

 

Steve     20:31

Now, it’s kind of strange that I’m kind of doing the information security side of things. And you’re going to make it.

 

Terry     20:38

This is the whole part of it.

 

Steve     20:40

And my view no, of course, it’s that exchange of data in a very high level overview, the exchange of data and who is keeping that secure and what parameters you put in in place to make sure that any data you are sharing with each other is secure, and are the products you’re using secure? How are you doing that? And then how do those two come together? That’s my view of it.

 

 

Terry     21:04

And if we look at it because I like doing this and I’ll do this throughout all the podcasts, if we put it in the average Joe’s mind what a third party is. So I buy a car, car breaks down. I send the garage, garage fix part of it, and then they can’t fix a certain area. So they send that car away. It to somebody else to fix. Now, there’s the third party. One, two, three.

 

Terry     21:31

There’s the third party now. As as a consumer, I would hope that the garage, whoever I took my car to and who’s sending it off to get fixed is respectable garage that I can rely on. So I’ve got to be comfortable that that process is something I’m happy with. So in the real world, that’s what a kind of third party risk is. In the business world, a third party risk is something that I, as a company, cannot control. So when I sign up to, say, somebody’s, I’m a construction, and I sign up for this company to build a bridge for me, right, I’ve done my due diligence on that company. They’ve got the requirements I want.

 

 

Terry     22:27

Now, that company now I think they call it, subcontract that to another company to do now, you’ve got to be in a position that you’ve got to feel comfortable that third party is going to do exactly the same as in risk management as you’ve got with this other company. And that is a hard thing to do with a spreadsheet. It is a hard thing to do. And there are companies out there now and there are people with the knowledge out there now that can help you follow that whole chain and then help you with it, because that also facts. If that third party has a data breach or loses data, or is hacked and has malware in their system, you’ve got to be comfortable enough that they’ve got a defence in place that’ll stop it feeding back towards you.

 

 

Steve     23:18 Yeah, exactly.

Terry     23:19

So there’s the managing of third parties. As soon as you send it off to Fred Blogs company to deal with it, you need to know that Fred Bloggs is dealing with it. And then if Fred Bloggs decides to go and put it over to Susan, then you need to be made aware that they’re dealing with that.

 

Steve     23:38

So not coming back to you. Yeah, exactly that. But it. Why has that become, all of a sudden a big thing in the industry? I’m kind of just throwing this at you out of nowhere, but it does seem like all of a sudden companies are saying, right, we need to look at our supply chain, we need to look at our third party risk. It would seem like a very standard Practise to put in place, but all of a sudden, a lot of the clients I’m working at, working with are looking at third party risk. Supply chain operational, which is another area we can touch on another time.

 

 

Terry     24:10

Yeah, but I think it’s mainly down to the cost. If you can spread the work out to different companies, it reduces the cost. So if I pay you X amount to sort out my bridge and then you go, okay, then I’m going to third party it to other companies to spread the cost out. Now, back in the olden days, it was me dealing with you, and that was it. In fact, to be honest with you, my view is in the olden days, I dealed with you, and I didn’t have a clue what you did. Yeah. My attitude there was, as long as you come back and tell me you’ve done my job, I don’t care what you do with who you outsource it to, as long as you come back and do that.

 

Terry     24:55

But now, because there’s been so many problems with third parties, the company that starts the process needs to be in a position where they’re comfortable the whole way through. And not just say not do blinkers and just say, right. As long as you do what I ask you to do, I don’t care what you do with how you do it, just do it. And that’s where the worry comes from.

 

Steve     25:18

Yeah. And then if you know that there is a standard that is holding everybody that you’re working with in place, it’s not in the lapse of the god, so to speak, but you understand that if everybody’s following the same standard protocols, it means that we all should would, in theory, be safe. However, that probably brings up onto our last topic.

 

Terry     25:41 There’s another segue.

Steve     25:43

I was yeah, that was a good segue. I’m going to take credit for that. But it was something I wanted to talk about because it was something that I had been following when it happened. It was a few weeks ago now, to be fair. If we’re not going to talk about it now, we’re not going to talk about it at big. Well, MGM wasn’t the only casino that got hacked with Ransomware Say. Hacked got breached.

 

 

Steve     26:08

There was a number of reasons why I was following it, for a start. One, my old employers are some of the senior managers at said casino or rather the nightclub that’s part of the casino.

 

Terry     26:23

Hang on, Steve. You’ve just said casino, but you actually released the name of it before we started the right.

 

Steve     26:34

It was the MGM. I wasn’t trying to hide their secrecy. It’s all open source. But then also, it was just intriguing to me because the more I read about it, it seemed that it very much came from a very preventable situation that was essentially I mean, it wasn’t even phishing, was it? Or would you call it phishing? It was credentials, wasn’t it, essentially, wasn’t it?

 

Terry     27:04 Stolen credentials.

Steve     27:07

I wanted to really get your thoughts on that because, again, we touched on it on the first episode when I said, I’m always telling my dad, don’t click this link, don’t click that link. That’s essentially where it came from. And that’s a huge gap in someone’s network if somebody can steal someone’s credentials that easily from a company that big.

 

Terry     27:30

Yeah. And most a good 80% of breaches start from a human. Now, in reference to the MGM one. What I believed happened. And again, this is just my view is credentials were stolen. Now, whether this was stolen via the Dark Web or someone had left a posted note on a train or something like that, it was stolen. Now.

 

Terry     28:07

You could say the way they stolen it was via efficient. So they may have got an email that’s saying that your account has expired, please enter your details. And they’ve gone in there, we’ve all had them. Yeah. Or what could have happened is and when I say I’ve seen it, I’ve seen. Not to the level of that, but I’ve seen it. Where user will get an email.

 

Terry     28:29

It’ll say, click on this link, you click on it, enter your credentials, and then the screen will say not found, or the page will say not found. That person innocently will say, I’ll send this over to one of my colleagues and ask them, could you have a go and see if you do it? And what happens then is you get this old fashioned chain mail that goes through where somebody can’t get the right thing to work. So they pass it on and sooner or later the right credentials will be evade available. So a director will have it or someone who has admin privileges, and then they get it and then all the floodgates open and it starts with something so small as that as someone doing something innocently. And I guarantee that that person who started it didn’t even know what they were doing or was just so innocent. And this is why we do training and this is why we do security training and things like that to get people aware and to people to understand and.

 

Terry     29:33

We all know casinos exist. It’s not something that it’s hiding away. And we don’t know if somebody says, oh, I do this business, and people go, I’ve never heard of that. Everybody knows a casino. Everybody knows what money is involved in a casino. So if casinos can have a breach and anybody can have a breach, there was nothing that happened there that couldn’t have happened to a company had five employees, 100%. Nothing can happen.

 

Terry     30:02

So this is why I in my role and in my business. I try and. To really force and promote security and being aware of what’s going on. And I could sit here and say, oh, they should have done this, you should have done that. Well, I could have told them they should have done something and they would have got through still. So there’s no difference, it’s just how that company react and how they deal with it and we all make mistakes, but if they picked up themselves selves and said, right, okay, we’ve got to correct this, then they’ll be in a better place, but it’s happened, so we can’t really dwell on it too much.

 

 

Steve     30:40

No. And they are getting more and more sophisticated as well. I’ve seen a couple of instances online where they’ve spoken about people within a company have received an email saying that they’ve failed a phishing exercise. But that email was the phishing exercise. It was the email saying they’d failed a phishing exercise.

 

Terry     31:08

Sometimes feel sorry for employees or even just your person on the end of the other end of the internet is because they’re getting so tough and so, so hard to recognise to the person without any knowledge. You’re more likely going to click on something that you shouldn’t have clicked on and it’s hard. So I’m running phishing campaigns in my current company, but I’m trying to make the email. Not be so secretive. Yeah. You want them to click on it and then go, silly idiot. I knew that.

 

Terry     31:54

Rather than, well, I have no idea. That just looked and you can only go to a certain level with people. You can’t expect them to be techie wizards on the internet. So if you’re working for a company that just owns a warehouse and has three or four staff, you can’t really go too deep because it’s pointless. You’ve got to keep it relevant to what your business is.

 

Steve     32:17

No. And as an employer, you can’t really be seen to be trying to catch your staff out constantly because it’s not going to build morale.

 

 

Terry     32:24

I do, I try to get a job, especially directors. If you can get a direct wrecked a name on that list of who’s clicked, then that’s it, that’s your pride, you go home.

 

Steve     32:36

No. Yeah. It’s crazy. The more you delve into it, and there’s evidences every single day, whenever I’m looking at the news and stuff, of things going like and like I said.

 

Terry     32:47

But again, Steve, this is the topic we can just rabbit in on about forever.

 

Steve     32:51 Forever.

Terry     32:52

But, yeah, this is what we want to do. We want to make it just a nice little banter between ourselves. I don’t want people come and say, oh, Terry, that was wrong. That was completely wrong, or, Steve, you don’t know what you’re talking about.

 

Steve     33:04

It’s all opinions. It’s all opinions. I’m a recruiter. I’m certainly not an expert on these things. I just talk to people about them. It’s fine. Terry.

 

Steve     33:16

And I am throwing this at you a little bit at the end, and I’m happy to go first, but just because I wanted to end on a little bit of a humorous note. Are you a fan of random facts?

 

Terry     33:27

It depends how random they are. Well, I’ve got a stepdaughter that constantly comes in and gives me random facts that I have.

 

 

Steve     33:35

I do it to my misses all the time. I just thought we’d end on just a relatively humorous random fact. Crocodiles have been around longer than trees. There you go.

 

Terry     33:49

Is that it? That was it. You don’t get out.

 

Steve     33:52

Do you know what? And I’ve actually messed it up. It’s actually sharks. I’ve messed up. Sharks have been around longer than trees.

 

 

Terry     34:00

Right? There’s one little quote for me. Passwords are like underwear. You would never share it with anybody else. You constantly changing it and you wouldn’t show it to the public.

 

Steve     34:13 Wow.

Terry     34:14 There you go.

Steve     34:16

That’s a way to end the episode. Don’t mess up a fact like I did.

 

Terry     34:23

Don’t do your stand up comedian role, Steve.

 

Steve     34:25

No, I wouldn’t do a very good job in that.

 

Terry     34:31

I think we’ll end it there.

 

Steve     34:33

Yeah, I think so. I think so. But I hope everyone enjoyed it. It’s been pretty good. We’ll build up from there. Any comments from anybody online? Anyone that watches it, listens to it, LinkedIn, Spotify, anything like that, let us know.

 

Steve     34:46

Any topics you want to discuss, give us a shout. Obviously, Terry’s available as well.

 

Terry     34:50

Anything you want to sign off on, terry yeah, I’ve got a few people, a few experts other than me and Steve, because we are experts, a few experts that have said they’re happy to come on and join us in a future episode, so they will all be happy as well in the near future. Amazing, everyone. Thank you very much for joining us, and we’ll see you very soon. Thanks very much.

 

Steve     35:17

Cheers, guys. See you later.

It’s Just Plain Cyber: Introductory

It's Just Plain Cyber: Introductory

It’s Just Plain Cyber is an engaging and informative cybersecurity podcast hosted by Terry German and Steve Arnold. The hosts aim to demystify the world of cybersecurity and make it accessible to everyone, regardless of their technical background.

Terry, with a vast 18 years of experience in cybersecurity, shares his passion for cybersecurity and the need to bridge the gap between complex technical concepts and everyday understanding. His shift from IT to information security was driven by a desire to have a better work-life balance and to spend more time with his family.

Steve, who works in cybersecurity recruitment, want to engage with people and share knowledge in a relatable manner. Steve wants to bridge the gap between technical jargon and everyday understanding.

It’s Just Plain Cyber is to address real-world scenarios and common cybersecurity issues that affect everyone. This podcast is not just for tech geeks; it’s for everyone, from those who are just getting started in the field to those looking to understand how cybersecurity impacts their daily lives.

Terry and Steve plan to cover a wide range of topics, including data protection, GDPR, careers in cybersecurity, and real-life stories from their extensive experience.

About Terry & Steve

Terry German, Group Head of Information Security at Mawdsleys

Let me tell you a little about myself. Now I’m not going to copy and paste my CV/Resume as I wouldn’t want you to fall asleep even before you hear the podcast.

I started my passion of Cyber/Information Security whilst working in I.T which I started way back in 1994. Bored and fed-up of working 24/7, not weekends off and being on-call, I had a young family at the time and not seeing them a lot made me feel really low. I was given the opportunity to move into the security team at the company I worked at in 2000. From there my love of security grew and grew along with my career and of course my knowledge. All this has put me in the great position I’m today as the Group Head of Information Security at my current company.

What about outside of security Terry? Well, its hard to not thinking about security in our everyday life but I try my best. I have the same love for security as I do for my football team Liverpool Football Club. I’m season ticket holder and go to most of the home games I can get to, which is sometimes hard when you have a loving family to take care of. I play a lot of golf and enjoy leaving the real world and playing on my Xbox, yes, even adult play computer games.

Steve Arnold, Senior Consultant at Via Resource

Steve joined Via Resource two years ago, having spent the previous 4 years working solely in the Information/Cyber Security sector recruiting roles such as Information Security Manager, Security Architect, Security Engineers and Security Analysts.

Steve now solely focuses on GRC positions for Via Resource and has experience managing the end-to-end recruitment process for organisations nationwide with roles covering all facets of Governance, Risk & Compliance both contract and permanent.

As well as this Steve gained a National Diploma Level 2 and NVQ Level 3 in Recruitment and is CertRP certified.

Transcript:

Terry     00:06

Good morning. Good afternoon. Good evening. Welcome to. It’s just plain cyber. I’m your host, Terry. My co host, Steve.

 

Terry     00:15 Say hello, Steve.

 

Steve     00:16

How you doing, guys? You’re okay?

 

Terry     00:18

Good. This is our first podcast, our first episode. I hope you enjoy the rest of the episodes and you take a lot of information and understand the passion that me and Steve have.

 

Steve     00:35

Yeah, exactly. Thanks for tuning in, guys. Terry and I have been talking for a little while about putting this together. I think the format sounds like it should be something that’s pretty open to everybody. I guess the first and foremost thing is probably explain who we are. Terry, you kind of kick things off, so I’ll let you explain to everybody who you are, and then once you’ve done that, I’ll give everyone a little bit of background on myself as well.

 

Terry     00:58

Yeah. Okay. So I’ve been in It and Information Security, or Cybersecurity we’ll explain the difference between Cybersecurity and information Security in a future episode. But I’ve been in it for. Oh, coming up to 1617 years first. And then I moved into Information Security. The reason I moved into information Security was because I was sick and tired of working 24/7 on call, having no weekends, having a young family and not being able to see them.

 

Terry     01:34

So I moved into security, and I’ve been in security about 18 years, something like that, 1819 years. And me and Steve first met when Steve contacted me about a job. And we built up a good relationship. Then we’ve been friends for the last, what, two or three years.

 

 

Steve     01:53

Steve, would you say it’s been a little while now.

 

Terry     01:56

Yeah, we had to look back. We had to look back and see how long it was. And it was a long time. Yeah. So that’s a bit about myself, health. I’m now in a position of Group, head of Information Security for a pharmaceutical company, but that’s a little bit about me. And again, I’ll introduce you to myself a little bit more as we go along in future episodes.

 

Terry     02:16

But over to you, Steve.

 

Steve     02:18

Yeah, sure. I think, as you alluded to there, I do, for my sins, work in recruitment. Did it? Of course my phone would ring.

 

Terry     02:28

Yeah, of course. It’s very important that’s somebody who wants a job, Steve.

 

Steve     02:33

Well, there we go. That couldn’t have been timed any better, could it? We’ll leave that in the edit, actually. But, yeah, as Terry alluded to, there would have been a number of years going out, actually. I contacted Terry about a position because he was on the market, kind of kept in contact ever since then. Him and I had a couple of chats recently. I saw that he was looking to launch a podcast.

 

Steve     02:58

I had previously done a bunch of webinars. I was looking to get back into that because I love talking to people, letting people talk and learning and also putting things out on the internet, because I used to previously run the radio. I’ve done various things around social media, stuff like that. So I just enjoy that side of things now, working as a senior consultant for a company called Viaresource, focusing very much in the GRC spectrum. But, yeah, essentially, the idea I don’t know if you wanted to take this bit or not, Terry, but the idea behind the podcast was to keep it as light, light as possible. But I’ll let you kind of give the colour around that, if that makes sense.

 

 

Terry     03:37

Yes. So. I’ve been listening to lots of podcasts around Cybersecurity and information security, and some of them are really interesting and go into a lot of detail, but I found out that there was not many out there that your average person could quite easily listen to and pick up really valuable information around the security world. So we’re talking about what to look out for in emails, what’s the latest thing going on in the world? So we wanted to try and I wanted to try and bring a podcast together where it was easy for everyone to follow and not some dry and boring security stuff, because security can be boring and it can make you fall asleep. But we don’t want people to fall asleep listening to this. We want people to be involved in it.

 

 

 

Terry     04:26

So that was the meaning behind it. We want to make it light and easy. And I explained to Steve, when I spoke to him quite a few weeks ago, I wanted it to be like, you’re either sitting around the table at home and you’re just shooting the breeze, or you’ve gone to the pub with your mates and you just want to talk about yeah, yeah, exactly.

 

Steve     04:42

Which kind of brings onto the name of the podcast. I don’t think it was mentioned, was it? Calling it? It’s just plain cyber with the caveat. That it’s. Not just for geeks.

 

Terry     04:53

Right, yeah. It’s for Doris, who owns a flower shop down the end of the street. That’s it. It’s for say. I always say. Steve, I’ll ask you a question. What appealed to you when you see me post this on LinkedIn about starting a pod?

 

Terry     05:12 Discussed?

 

Steve     05:12

Well, there was a couple of things, to be fair. One. I like talking. My job, by its very nature, does generally focus around talking to people. But I have spent a lot of my time learning as much as possibly can around things like this, particularly around the sort of day to day aspects of it that can affect you, which are conversations you and I have discussed leading up to this episode, which we we will obviously venture into either later in this episode or on further ones. Also, the fact that I was looking to launch another webinar series, if you like, but podcasts seem to be where it’s at the moment in terms of it doesn’t give people the necessity to tune in at a certain time. They can kind of listen to it at their leisure.

 

 

Steve     06:01

But, yeah, the more you and I spoke, it was more about creating the real world scenarios around things because ultimately, these are things that affect everybody. And it’s also very much taking that low level information, the technical information, that can seem super confusing to people, the layman like myself, and then explaining how that can relate to them in real world life, if that makes sense.

 

 

Terry     06:25

Yeah, that’s exactly right.

 

Steve     06:28

And what made just to flip the script on yourself?

 

Terry     06:33

Oh, no, you’re not supposed to be doing this.

 

Steve     06:37

What made you decide to go? Do you know what? I haven’t got enough to do as head of Information Security, I’m going to go out there and launch a podcast as well.

 

Terry     06:46

Don’t tell my director this. Yeah. I’m excited about security and I’m very passionate about it. I’ve often used my lovely partner and my children as guinea pigs just to learn to see how much they know, and it gives me a good insight to how much people know and how much people don’t know and. I wanted to bring together this big, vast world of cybersecurity, and we will talk about the careers in cybersecurity as we go along in future episodes. But people just think it’s these kids that sit in their basement making code and causing problems for business. But cybersecurity and information security is a big, big world, and it’s not just your kids that sit in the basement on their computers.

 

 

Terry     07:41

And we want to get this across to people. One of the areas we’ll look at in our future episodes is this big problem called GDPR. Now, every company talks about GDPR, and it literally is somebody telling you what you can and can’t do. Now, I could sit here for hours and talk to you about GDPR, but. It’s boring. It’s a dry subject. What I wanted to do and I’ve spoke to Steve about this, is I want to look at different parts of GDPR and make it relevant for the real life.

 

Terry     08:17

So just to give you a little example, I spoke to Steve a couple of weeks ago about profiling. I’m part of one of the articles, and GDPR includes about profiling. It’s quite interesting to understand how profiling works and when you relate it to something that everybody’s applied for a bank account, everybody’s applied for a mortgage, and profiling is heavily involved in that. So when we look at GDPR, we’ll make it relevant. So you, Steve, you can understand GDPR, and anybody in the street can understand GDPR. So these are the kind of subject we’ve got loads of things to talk about, and Steve almost why I tell you a couple of areas that we’re going to cover as we further go along in future episodes.

 

 

Steve     09:00

Yeah, no, exactly. And you know what? It’s funny that we’ve had this conversation many times in terms of them. Making it as sort of down to earth as possible. I literally went to the shop today to get some lunch and one of my neighbours asked me what I did for a job. Well, I work in cybersecurity recruitment. He said cybersecurity.

 

Steve     09:18

What’s that? Is that all the hackers and stuff? And I was like I just said yes because I didn’t have an hour to explain to me that it’s not just that, but this is exactly why we’re doing these, because people hear the word cybersecurity or information security, which, again, is another topic. We will discuss the difference between the two and how there is disconnect between the real world and what you see online. And I have these conversations with my dad all the time as well. Don’t click on this link. My nieces, my sister, everybody.

 

 

Steve     09:55

Are there’s so many real world examples of where it’s very easy to read a news article about, let’s say, the MGM hacking the week? They got a ransomware attack, et cetera, et cetera, locked ransomware, do you know what I mean? But that all came from accessing a public lock that came from a very low well, yeah, whether you call it low level or high level, a very public access point which could have been prevented and obviously that’s a really high profile example of it, but this is pretty much what we want to talk about. But also at the same time, we want to keep it as light as possible. We’re not trying to bore anybody, we want to try and add some humour. I’m sure everybody will get to learn a bit about my personality and Terry’s personality as we go along and I’m sure we’ll add some jokes in there and then ultimately we’re going to get some other people to come in and have a conversation as know, maybe talk about things like firewalls. Firewalls again, a firewall is a word that every person that owns a laptop top or a PC or an Apple Mac or anything has heard the word says yeah, we won’t go into too much detail in explaining people what a firewall is because that is quite technical.

 

 

 

Terry     11:12

To. We want to keep it quite light. And if you don’t understand it, Steve, then it’s pointless just going out because you’re the biggest guinea pig we have. I’m happy to be a guinea pig. That’s fine. We’ll also talk about data protection as well. And Steve will also talk about careers and the different areas of cybersecurity or information security you can go into.

 

Terry     11:38

We’ll tell you some of our funny stories we’ve experienced through our many years in our job roles. We might have a section in there where we can get listeners to ask us questions and we can look at them questions later on in a future episode. We want this to be us talking, but also heavily involved with you guys out there in the big wide world.

 

Steve     12:04

Sure. And also. Terry and I don’t live a million miles away from each other. We’re both in the Midlands for our sins, aren’t we?

 

 

Terry     12:14 Only via job choice.

 

Steve     12:18

I just can’t afford to live in London, mate, that’s all it but listen, to say that if this does start to pick up a little bit momentum, we wouldn’t start to do these things in person again. It meant to be like a pub chat. We can meet up in a pub and all of us and the more heads of the merrier, we can have these conversations. It’s meant to be interesting stuff that everybody can relate to.

 

 

Terry     12:44

Yeah. And as you said there, we will bring in people who know more about certain areas of security than we do. We’ll also bring in people like ourselves that just have an interest in it and just see what their view on cybersecurity is or information security to make it really light. I’m looking forward to this. It’s going to be a great adventure. We want to get you guys involved as much as we can.

 

 

Steve     13:12

No, for sure. I think particularly the mean. I’m very active on social media. Terry, you’re relatively active on social media. We’ll be putting stuff out there if there are topics that people are interested in. Whether you are somebody who works in a totally different field that has an interest in getting into information and cybersecurity. Whether you’re somebody that’s a level one security analyst, whether you’re somebody that’s.

 

Steve     13:40

A lead security engineer that wants to learn more about the less technical side of things. We’re going to try and keep it as light as possible, but the more topics that people give us to talk about, the more information we’ve got. And I’m sure there’s a lot of people we can pull information from and opinions from that we can try and create real world scenarios out of. So, yeah, the more interaction we get from other people, the better.

 

Terry     14:06

Yeah, no, totally agree. So we hope that you guys will enjoy it as much as us because it is just a bit lighthearted. We’ll try and cover as many topics as we can and we’ll take it from there and we’ll see how we go. Go on, Steve. I’m sorry.

 

Steve     14:27

No, I’ll let you finish, mate. I was just going to say, yeah, no, I appreciate anybody that’s listening. And I figured this is probably we were going to use this one as an introductory episode, so kind of gives an idea of what we’re going to be covering, gives people time to come back to us.

 

Terry     14:43

How long are these episodes going to be, then, Steve? What did we agree on?

 

Steve     14:47

I think about 25, 30 minutes, wasn’t it?

 

Terry     14:50

People get bored after that.

 

Steve     14:52

No, they do. I’m a stick, cliff, a podcast. But even the longer ones, I split them up through days, because today everyone’s attention span is quite short. So this is 25, 30 minutes. Whether that’s a travel to work in the morning, travel home, could be a lunch break. You might be fortunate enough to live at home and just live at home.

 

Terry     15:14

Well, live at home, Steve. Everybody lives at home.

 

Steve     15:18

Work from home. Work from home. Yeah. The idea is to keep it short, but sweet, light hearted, and something you’d be able to take in and hopefully take something from.

 

Terry     15:32

Yeah. Every episode we release will also have a title in there to what it’s covering. So if it’s something that you’re interested in, then it’s there for you. And we were going to start trying to do this at least once a month. Because we wanted the information in these 25 30 minutes podcast to be valuable and not just mundane. Same thing over and over again. So that’s the plan going forward.

 

 

Steve     16:01

Yeah, exactly that. I guess that about wraps things up for this one.

 

Terry     16:06

Yeah. As we’ve not done any data sensitive information, we’ll leave the disclaimer world till the first episode.

 

Steve     16:16

Our views are our own.

 

Terry     16:18

Yeah, our views are our own. Even though stupid they may be.

 

Steve     16:23

Exactly, mate. Yeah, no, it’s been enjoyable. Yeah, I’m looking forward to it.

 

Terry     16:29

Brilliant. Right, okay, let’s sign off for this first episode and this first introduction, and I hope you join us in our next one. Thanks very much, guys.

 

Steve     16:38

Guys, see you later. Bye.

Hyperfocus Hour: ADHD, RSD, and Corporate Life: Navigating Ideas and Rejections

Hyperfocus Hour: ADHD, RSD, and Corporate Life: Navigating Ideas and Rejections

Jon Wakefield, Consultant at Via Resource and Leanne Maskell, ADHD Coach, Author, and Activist covers various aspects of ADHD, including understanding it, supporting individuals with ADHD, and harnessing the strengths of ADHD. They touch on the challenges faced by individuals with ADHD, particularly in corporate settings.

Overview

    1. Introduction: The conversation begins with one of the speakers expressing a desire to accidentally buy a year’s supply of beer or whiskey, which leads to a discussion on ADHD and its relevance in the workplace.
    2. Three Key Points About ADHD in the Workplace: The conversation focuses on three main points related to ADHD in the corporate world. These points are:
      • Understanding ADHD: This involves explaining what ADHD is, addressing misconceptions, and discussing how it impacts executive functioning and work performance.
      • Supporting ADHD: This section covers strategies and policies for supporting neurodivergent individuals in the workplace, such as providing written instructions, coaching, and access to resources.
      • Harnessing ADHD: This part highlights the strengths and positive aspects of being neurodivergent and encourages embracing diversity in the workplace.
    3. Gender and ADHD: The speakers touch on the gender disparity in ADHD diagnoses, discussing how ADHD can manifest differently in men and women. They also mention the higher risk of suicide among individuals with ADHD.
    4. Dealing with Rejection Sensitive Dysphoria (RSD): The conversation delves into RSD, a concept related to intense emotional pain in response to real or perceived rejection. They discuss strategies to cope with RSD, including understanding the thought processes behind it and validating one’s own experiences.
    5. Ideas and Innovation in the Workplace: The speakers discuss handling a situation where someone has innovative ideas but faces resistance or rejection in a corporate setting. The advice includes writing down ideas, presenting them thoughtfully, and considering implementing them independently, if possible.
    6. Personal Experiences and ADHD Coaching: The conversation also includes personal experiences of the speakers, the importance of coaching, and how coaching can help individuals with ADHD

About Our Host Jon And Guest Leanne

Jon Wakefield, Consultant at Via Resource

Jon joined Via Resource with a year of recruitment experience in the Cyber Security market, where he specialises in Security Engineering and DFIR.

Having placed candidates from Senior Manager Security Engineering to mid-level in highly regulated industries such as finance; Jon has built a comprehensive understanding of both candidate and client needs and addresses each role, and person, on an individual basis to find the perfect fit.

As an avid Star Wars fan, you will often see or hear Jon making connections and references to cyber security. Jon has ADHD and is an avid supporter of neurodivergent talent in the workplace.

Leanne Maskell, ADHD Coach, Author, and Activist

Leanne Maskell is an ADHD Coach, Author, and Activist, having presented to the World Health Organization on improving global access to support for ADHD. Previously working in mental health and disability law, Leanne set up ADHD Works to empower as many people as possible to learn about how to make ADHD work for them through courses, talks, and coaching. After being diagnosed with ADHD aged 25, Leanne published 4 books, including her latest book ‘ADHD Works at Work’ & ‘ADHD: an A to Z’, as featured on Sky News.

Transcript:

Jon  0:00 

Hello and welcome to this month’s episode of hyper focus hour brought to you by John myself the host and via resource and information cybersecurity recruitment specialist that operates in the UK, the US, Asia and Europe. This month we have LAN Maskull, who is the founder of ADHD works, a coaching service offered to neurodivergent ADHD people to help them better to help better equip them in the work environment and to bring awareness to ADHD overall. He’s also the author of ADHD, and A to Zed, which is a wonderful tool used by many, many ADHD and neurodivergent people to better equip them to to successfully work in a working office environment. So Leanne, thank you so much for this for coming on this month. I can’t wait to discuss what it means to have ADHD, what that looks like and how we as ADHD ears can utilise tools to help us be more successful in the office place and work overall. So again, thank you, man for coming on.

 

Leanne  0:59 

Thank you so much for having me. It’s really, really great to talk to you.

 

Jon  1:02 

I have one question for you today. ADHD tax you know what that was, obviously, I were at least I’m assuming what? What was your most recent ADHD tax?

 

Leanne  1:17 

But the woman in my course who she said that she two people, one of them I saw that she was running an ADHD retreats I impulsively bought it. And then before she passed on your aid, I want to go on a retreat and have against everyone that ADHD retreat sort of gets go on them. So poor retreat, and another person that did my course, said that she made this is called the neuro divergence channel by Libby, Summerfield, new deal for neurodiversity. That’s what she runs. She’s amazing. And they bought two of them. I forgot I got two things in the pace. And I was like, Oh, great, and then realise they bought her book two times. gotten the first time I’m like, okay, just about two journals now. Yeah, so there’s things.

 

Jon  2:03 

Okay, yeah, I It’s funny, you say that I specifically promised my partner was not going to mention this. So when she lists that she’s gonna be like, Why did you say this for the fourth time in a row. But I did the exact same thing a few months ago, I bought a Lego set, and totally forgot that I bought it. And then, you know, two weeks later, it showed up my doorstep. And I was like, oh, free Lego.

 

Speaker 2  2:27 

To expensive book a very reasonably priced. It was kind of a nice and funny surprise. So that’s ironic. As a journalist myself,

 

Jon  2:36 

yeah. Yeah. To be fair, that’s a bit more useful than then, you know, few Pete few 100 pieces of plastic.

 

Leanne  2:44 

You can never have too much like a

 

Jon  2:47 

no, no, I have a I have a four foot long Lego set. It’s a starter story or from Star Wars. I think looking at it right now. Yeah, it’s, um,

 

Leanne  2:56 

that sounds very useful to me.

 

Jon  2:59 

It’s totally useful. You know, it wasn’t way too much money. And it doesn’t just sit in the corner because it can’t be played with but. And that, that was probably the biggest impulse buy I have ever done. And I have absolutely no regrets about it.

 

Speaker 2  3:12 

Yeah, my friend accidentally bought a year’s worth of toilet paper at the start of the pandemic. But it was before the pandemic happened. So she she was like, You need to come over to my house and get toilet paper because she was like, I’ve accidentally ordered this huge, huge box of toilet paper, and then the pandemic into months later. And people were like, panic buying toilet roll from the shops. I think we actually are predicting the future here where these things are useful. We just don’t know why at the moment.

 

Jon  3:39 

But eventually it becomes useful.

 

Speaker 2  3:41 

Yeah, you could have predicted right? Toilet paper the hottest commodity.

 

Jon  3:47 

Honestly, yeah, I remember I remember when it was just all like the shelves it was it was all dry and everything it was it was like that for months was months. I don’t miss those days. Don’t miss

 

Leanne  3:59 

a year’s supply of toilet paper that you accidentally bought for him on Sunday.

 

Jon  4:06 

I wouldn’t mind accidentally buying a year supply like beer like whiskey or something. But then that probably wouldn’t be a year supply that probably lasts me like three months. I just be like, Oh, okay, anyways, I have died diverged a lot there. So, obviously, the point of this podcast is to discuss ADHD and in the workplace. As for the listeners, you guys are obviously used to a more structured kind of podcast episode. This one specifically, I haven’t structured because I wanted to see what would happen. So apologies if we go into tangents and it’s bit hard to follow at times. Just bear with us. But Leanne, my first kind of big question that I was thinking when it comes to a corporate setting, you’ve done talks, I think Disney and a few other kind of big companies, right. So So, when you do those talks, what would you say are the three kind of big points about ADHD that you always try to hit on?

 

Speaker 2  5:12 

It depends on the company. But number one, I would say, like the general trainings, I do like understanding ADHD, so like, actually explain what it is and what isn’t and how not everyone in the world has got ADHD, I usually share about my experience, and how perfectly perfect my life was before I was diagnosed. But not just like a cute bluff, like, here’s kind of thing. They kind of like actually understanding what it is. So I’ll go through like executive functioning impacts and like how it can show up in the workplace. The difference between like diversity, sorry, this is not your, I’ve got ADHD myself, so they come under free bullet points. This is a personal understanding ADHD, like the difference between like disability and diversity. And neurodiversity, like breaking that down for people to actually understand that we’re in a coaching language, we call that like, name it to tame it. So if you can’t understand that, and you feel scared talking about that, then that’s hard to do. But next is supporting ADHD. So like how you can actually support people that are neurodivergent in the workplace. And again, to kind of do it like by explaining how it shows up to the kind of basic human to human interaction, like having policies in place for people to know how to get support or giving written instructions. But the fact that like, everyone is different. So what works for one person won’t work for everyone, but like, maybe some kind of coaching skills, like how to people without being like, Oh, my God go to HR, support, and having access to work. Again, I would say that is a really important one, if someone’s a company based in the UK, like because access to ICT can pay for people to get support, like coaching, like administrative support, and then some good understanding, harnessing and then the third one will be next goal, like my ADHD. Third one is harnessing ADHD, so the understanding, supporting and harnessing ADHD. So harnessing is all about, like, the strengths and the brilliant sides of being neurodivergent. Because he wants everyone to think the same. All of the brilliant qualities that can come from it and like how I like to think of it like if you have a plant that is dying, you don’t check out the plant, you just put it in the right place, or the right soil or whatever it is that what that plant needs, and then it can thrive. Right. And so that’s pretty much it. It’s like, why bother doing all of this in the first place? Like herald the really nice benefits to young people to have a good workplace?

 

Jon  7:51 

Do you talk about do you talk about like the difference in like, what ADHD looks like in men and what it like, what it looks like, and like women kind of the differences there?

 

Speaker 2  8:02 

Yeah, I got that kind of it depends on the company and what they want. Essentially, like, the fact most people would think ADHD like I did when I was diagnosed, like connects to hyperactive little boys. There’s so much terrible disparities in general, and the access to health care that people that are black are different racial backgrounds. And women and girls and all of the intersectionality isn’t between trans people. There’s like, so so many people that are denied support, like, you know, one in four women who have attempted suicide who have ADHD. Yeah, embedded in my brain now. So they kind of come out at random points when needed.

 

Jon  8:48 

One in one sorry, one in four women with ADHD has attempted suicide. Yeah. Yes. And I didn’t know that. That’s insane.

 

Speaker 2  8:59 

Yeah, yeah. And five times higher risk of suicide for people with ADHD. I should know about different backgrounds, but But yeah, like it’s so there’s lots of every every book called ADHD and A to Zed. And for that I tried to find facts and like research for every single chapter, very painful process. Many, many facts, many types of very stressful, but many like academic papers and stuff. But it was good because now they are like, embedded in my brain. So they come out, but yeah, it’s really really bad. So like raising in particularly that’s about that that’s not like, and especially in a workplace where often I’ll get asked to talk a company as being like, we want to hear about the secret pill of ADHD and neurodiversity, and like, oh, I actually almost died. I was told this joke when I do corporate talks that no one ever laughs at and I always say like, oh, basically I was like knows, I I basically became extremely suicidal myself. But fortunately, I’ve got ADHD so not very good at following for everyone. and kind of looks at me like, she just say that and then whenever laugh at this joke, I don’t know why. Maybe it’s because I didn’t finish my standard comedy course. And then they laugh. So

 

Unknown Speaker  10:12 

everyone can laugh. Yeah, it’s not a normal I did that recently, Deutsche Bank and the Bank of America, they’re like, why did you?

 

Speaker 2  10:21 

But no, I tried to bring a bit more like human into it. And yeah, like, make it a bit more accessible and less like corporate because exactly like, I can go in and read stuff off Google and be like, these things, but having had literally the lived experience myself, I tried to bring about a lie. Yeah,

 

Jon  10:38 

yeah. Yeah, I mean, I just I just awkward. The last when you mentioned that wasn’t like a voluntary thing. It’s not like it’s like a but mine was like, shocked by that. So that’s why I left.

 

Speaker 2  10:57 

But, but, but the good thing, like, because that is like a way of me expressing that and making it like a real life person that’s standing in front of you, instead of just reading out a fact that’s not very, like tangible, but also without dragging everyone down into my trauma. But making it really obvious, because I do think like, yeah, like neuro diversity can be great. And there’s lots of brilliant benefits to it, as I said, but in the wrong situations without the right support, if you don’t know, I was 25, and I got diagnosed, and it’s true, like I very much would not be here if I hadn’t got that diagnosis. So really important. It’s something I just tried that I guess that’s the big point I tried to hit on, which is like, not everyone is not something people like making, like can’t get it from eating sugar. It’s like a really serious, it can be really serious. If you don’t get that help, so

 

Jon  11:50 

yeah, yeah. And I think I think that that’s one of those things is you know, there’s there’s so many people on like Tik Tok or Instagram and I’m that there’s one person in particular, I can think of, I don’t remember their their handle, and I’m not gonna blast their name or anything right now. But when I first started watching them on tick tock, I was like, oh, man, like, this is so true. You know, they really have that they’ve, they have ADHD, they get it. And I don’t want to be the person that says, No, you don’t have it. Unfortunately, as I’ve been watching it more and more, I’m starting to, you know, I’m starting to wonder, do do they actually have ADHD? Most likely they do. But are they? Are they using hyperbole? Or, you know, they’re making it a bigger deal than they are than it? I don’t want to say it’s a bigger deal. You know, what I’m trying to say, though, I hopefully at least, like are they trying to show to make a kind of a show to highlight it, but in doing it, it looks, it looks fake. It doesn’t, it looks inauthentic. And then, from my perspective, at least from my from my opinion, when something like that happens, it exacerbates the issue of hyperactivity and impulsiveness. And all of these stereotypes that that we face on a daily basis. Because then people watch them like, well, you can only have ADHD, if you’re at that, at that level. And that that’s not the case. I know, tonnes of people who have ADHD, but it’s quite mild. And they don’t need medication. And they’ve, they know they’ve done things in their life to help them kind of work it through. To work through it, I need medication. If I don’t have my meds, then I’ll take a picture, send it to my girlfriend and say, Hey, can you help me with this? And then five minutes later, she’ll respond. And I’ll have already forgotten what I was talking about. Like, that’s me, MIT unmedicated. It’s just yeah, it’s just a shame that like that, that kind of stuff happens. And it exacerbates the issue. And then you have to go into you know, like you said, Deutsche Bank or Bank of America and make this kind of like, this this joke, which isn’t really

 

Speaker 2  14:08 

like, that’s, I quit my stand up comedy course, they were like, you can’t make people laugh at you. They’re like, you can’t use trauma. That’s all I’ve got. I don’t have anything. Yeah, I get what you mean. But I think thing and that’s something I’ve really struggled with when I became an ADHD coach, because I was inundated by people contacting me, like, non stop. And now we’ve got boundaries around how they can contact me, but like, particularly from people that were like, oh, like I had a call once a month. I woke up in the morning to read an article in the news about ADHD. And then I went on social media and I saw this meme that said, the things in your house don’t have a home it means you have ADHD and I knew that was me. And then she called up a private psychiatrist, like scoop it out and then she books, thing, paedophiles and homes and within like, by the time had partner had woken up. She has like, she’s like, Oh, guess what, I’ve got ADHD. And like, she paid 1000 for an assessment, like a week later, and then she was on medication. And she called me like, hey, what do I do? And I was like, and you know, I think it’s really hard because it’s not my place or your place and you want anyone’s place to save someone. Yeah, has hasn’t like, I often get told by people that I don’t look like I have ADHD. Like before, I had, like, got free books, and very much like your workaholic or ADHD. But at the same time, I can’t like, cook, stay alive. James, the bedsheets like basic human stuff, but also the internet. And social media brings a really, it’s great, because, again, from that adults in the UK weren’t able to be diagnosed until 2008. So there are so many people that like, have been missed, and like would, you know, like me, I was like, what? I didn’t have it. And I actually kind of accepted the diagnosis from hearing the podcast where they talked about rejection sensitive dysphoria when I was like, Oh, there you go. But, you know, like, at the same time, I’ve heard from people like, someone said that my book shouldn’t talk about RST, because they were like, That’s not academically verified. And I was like, well, and I ended up then going on my own RSD tangent and talking to the World Health Organisation about how they should be recognising this stuff, maybe that’s why women are killing themselves. But honestly, yes, I think the internet is like a very. And that’s again, why I wanted to do like ADHD works a lot. Because to bring some kind of like, help there, because the internet can just keep you like, I went through that myself. And I was having a really tough time, like, endlessly Googling and scrolling and being like, I need to find out what I should do, what next, what next, what next? And like, what coaching was sort of like, Hey, sit down. Well, like how does it affect you? Like, they’re, they’re like inside you? And like, what does that mean for you? And how, you know, what do you want to do with this information? Whereas social media, like is kind of a what is it like a show, showplace? Like, people, like people become like character cultures of themselves on the USA. And if you’re talking about something like mental health, neurodiverse, anything, then you end up like that, that’s my first book. It’s called the reality manifesto, which I actually wrote, from going down this rabbit hole, about social media, because I grew up modelling from like, the age of 13. So it’s basically when we start objectifying ourselves like you can kind of become, that’s a lot again, what I’m trying to do ADHD works, because I didn’t want to personally have to go and talk about my experiences every day to help other people. Like, I don’t have to objectify myself my experiences, but be able to, like, train up other coaches to coach people, so I’m not doing it all myself.

 

Jon  17:56 

Yeah. Yeah. And I mean, if you’re training other people and and they’re going out and doing the same thing that you’re doing as well, you’re suddenly it’s not just you that’s doing it. You’re not like the you know, the the sole Vanguard or whatever you want to call it, that that’s going out, you know, now, now you have a network, you have people that are dedicated and passionate about it, they want to talk about it, it spreads more awareness than you could ever do by yourself. And I think that’s great. It’s, um, and, and like you said, I mean, it hits on the rst as well, I the rst is tough, it’s really tough. I don’t even know how else to say it. Like, you know, if I use I’ll use an example a few months ago. Obviously, as a recruiter, I send out emails and messages and stuff like that on LinkedIn all the time. And I sent out a message to one hiring manager basically saying, Hey, I know you’re not hiring. We’d love to have a conversation with you, just to see what your options are for the next six, six to nine months, something like that. And I go back to my messages on LinkedIn, probably 15 minutes later, and the guy had blocked me. He didn’t even respond. He just straight up blocked me. And wouldn’t talk to my I told my manager this and he was like, oh, whatever, just, you know, move on. And I’m like, I want to know why he blocked me. I’m upset. I was like, I’m actually upset. And it actually spiralled me. I was upset for the better part of probably 45 minutes to an hour just like, what’s going on? Why was I blocked? What did I ever do this guy?

 

Speaker 2  19:37 

What was the thought that was causing me to be upset?

 

Jon  19:42 

What was the thought that was causing me to be upset? The thought that was causing me to be upset was that I didn’t feel like I deserved to be blocked. It was like you could have just it was like he could have just said no thanks. It just felt so unnecessary and just mean.

 

Speaker 2  20:05 

Yeah. Because at night What other reasons could they have had for blocking?

 

Jon  20:08 

Yeah, yeah, that’s the thing. It was like, Yeah, that was that was it as well? Like, what are the reasons that you have to block me besides this one message? And I’ve never had anyone blocked me before because of just the standard. I’m doing my job message.

 

Speaker 2  20:27 

So if, let’s say if you put yourself in what why do you think he that blocked you?

 

Jon  20:33 

I think what I thought about this, I think he blocked me because I’m an annoying critter. Yeah. Which I mean, like, I, I can see that and be like, you know, that’s fair. But at the same time, my more rational part is like that, if that happened to me, I wouldn’t block the person. I would just ignore them. Or you know, say No, thanks.

 

Speaker 2  20:57 

Yeah. Say, because basically, by going into coaching mode coaching me on how I coach people around RSD, right, because I remember you telling me this, and I was like, Oh, I blocked people all the time. I always I’d love people, because I get like, 100 messages a day, particularly, particularly from people that like, Give me also like, they want stuff. I also got message from someone that was like, I’ve got quite a few of these kind of messages, because because the handle that we have like these kind of automated Not really, but template ones to, because I’ll get people like trauma dumping time, all of the very intense drama asking for help, like, again, because the support, isn’t there. Yeah, I’m gonna try to reply to as many as possible, but like, they want to have chats want to do it, like has so much to deal with myself. And then but I often get messages from people being like, I have rejection sensitive before because you sent me automated response, like huge email being like you shouldn’t have that. I’m not responsible. Like, what how we try to coach people around RSD is like, it’s basically identifying the thought, because often, it’s just like, being punched in the chest kind of like trauma of like, everyone’s doing my job again, oh, my God. But then if you can identify it to the fore, and then see how it’s affecting you. And then what I tried to do when I’m coaching people is try to get them to actually imagine that they’re like a lawyer for the other person. And being like, well, actually, they did this because they’d get like, 150 messages a day, and I didn’t already take them did it because they’re like, too busy. And they’re just like, they will need the end the messenger. And when I blocked people, it’s just because I knew that message on my inbox, I don’t think they’ll even notice, like, wherever they go in trying to see it from their side and then see the impact it’s having on us because usually, then the impact that has on us makes us repeat that first thought because we like to self preface. Stuff like confirm, and then kind of identifying a bad thought to replace that with that’s not going to cause us some same. Like, okay, like, he’s just busy or like, well, like what does it deserve to be blocked? Like, you can’t? Who Who can say whatever you do deserve to be blocked? Yeah. Doesn’t matter if you get locked out. But yeah, but it’s, you know, he missed out by blocking. He missed could have been on this podcast right now that we’re here talking about him.

 

Jon  23:33 

I like to think he missed out. Yeah, I’ll never know. And I don’t even remember the guy’s name at this point. Yeah. That’s, I had before Before this, I hadn’t even thought about that in probably two or three months. So in last time, I thought about it. I was just like, that was ridiculous. But,

 

Speaker 2  23:53 

but like, again, because that’s how we tried to coach people on it as like, especially for me once I understood it was real. And like, for no one listening that doesn’t know rejection sensitive dysphoria is a really, really intense emotional pain to real or perceived rejection. That lasts like a few hours. And the fact that really struck me was like, it’s different from things like bipolar or borderline personality disorder, because it’s always caused by something like a thought or a look that gave us and lasts for like, a short period of time, as opposed to like, a few days. I’ve had a really awful awful fortnight event now, ironically. But that really, so when we’re coaching people on they’re always like, I think just knowing it’s real, it’s like, oh, then you then you don’t feel so much. Like, you’re not beating yourself up so much, because you’re like, Oh, this is happening. And then validating your own experiences. And as coaches we really tried to like, do what I just said would be about, like, valid in a way that’s validating. So it’s not like oh, no, you’re being ridiculous. It’s like, okay, What impact of the like, do you want to have it? What do you want to do about it? Like, you know, but your your feelings are very valid and he is me and and it’s really horrible to block people that you don’t know. But like, it’s so we accept it and we’re like, yeah, it’s very, very valid because for me anyway, whenever I experience RST, I’m like, I’m being ridiculous. I need to, I need to get over it. What’s the problem in it? It’s kind of like a tornado. Yeah, it’s ironic that you open this asking me about the corporate talks, because it’s actually thanks to you. But I do them at all, because I used to have such bad corporate stuff such bad rejections and the three around public speaking that I refuse to basically do any of them. And I was just really, really, actually, I think it was after had a talk where I like, it was just the Zoom broke. And the talk was like an online one. Zoom kind of phrase, like, I didn’t realise, and everyone was like, You were amazing. But afterwards, I like cried in bed for like a week. And then I said, I’m not doing any more talks. And then it was only because you had suggested me to your company. And I was getting a lot of like, requests and companies, but I just put my fees really, really high. And I was like, No, I’m on the phone. I put my fees really high because I didn’t really like doing talks, especially in person I’m like, would never be one in person. And they were like, Wait would like to book you in person for a million pounds? Can you not do that? I’m doing it helped me to like get over the fear and to do it and to realise like, it’s okay. And to validate it like it’s, it’s you can do it and not, like, end up in a puddle on the floor crying.

 

Jon  26:30 

Yeah. Yeah, it’s, I guess, I guess you’re welcome. I, I don’t remember if I messaged you, or if I just put like a comment down on a post or something I honestly don’t remember. But I’ve, like, I was talking to somebody about this recently. And just thinking, because I think you mentioned this. When I’m when I reached out to you for this podcast, you mentioned the same thing. And I was like, Oh, I had absolutely no idea about this at all. And it’s just, it’s baffles me it’s a, it’s baffling. It’s very humbling as well, because I have a lot of respect for you. You do such great work and to know that I have any kind of like, impact on that. It’s just like, Oh, okay.

 

Speaker 2  27:09 

Yeah, see, like, block two, maybe he will be doing the same way. We never know how something will never know what is going on in someone else’s life. Right. Yeah. Ever, and then find out like, Oh, I didn’t even know it was the person that that me said that you had suggested me to them to talk?

 

Jon  27:29 

Wow, okay. Oh, oh, somebody out the company that said I suggest to them, okay. Okay, that makes more sense. Now.

 

I’ve even now you’re doing you know, talks, like Disney and these types of companies. Yeah. It’s crazy. Yeah, this is crazy. That happens. So I mean, when it comes to like the RSD. And I’ll just kind of dive into this, like when it comes to the RSD. And, and doing these talks at the companies. I assume you follow you’re on coaching and everything from for for other people, let’s say that you either lead a team or have to run a meeting or something like that. What are some things that they that they could do if they have ideas or something like that, that maybe shot down in the meeting?

 

Speaker 2  28:25 

Oh, yeah. I feel your pain. First of all, write a book. Take them into yourself. That is my experience. Personally, I have several experiences of having a 5000 million ideas and being like, we should do this. We should do this we should end now. It’s where ironic running a company with ADHD is because I’m like, Oh my God, I know how they all think they’re all like, you should that this module, you should do this. You should and like because now for me, being the manager like oh, I actually don’t have capacity to breathe I’m I can’t take on everyone else’s ideas. And also like and especially knowing like Yeah, so it’s it’s a really ironic thing, but I would say for the individual, try your best to putt it’s really hard I fully fully get you but like try to kind of write them all down and particularly around what like I’ve been in situations where I felt like I didn’t want to share my ideas because I thought like they’re not gonna get taken on or like you know, get shut down and stuff so, but I would say to instead write them all down and like to kind of I think probably the, to share them but like to think about them actually will say we have this concept and coaching is called like river of ideas like write them down. The concept is that if you think of a river with fish in it, and you were going to take one of the fish out the river to eat it like you could only take one at a time otherwise the other ones would die faster cooking fish So you apply the same concept, the idea is like, if you take all the ideas out the river, then it’s hard to do them all at the same time. And especially like writing them down. I’ve literally one of my coaching clients has an actions like make a river on a wall of like fish. But writing them down helps you do something with them. Yeah, to do one of my old companies that, like set up a agency overnight, a website, and then they message me like you, you can’t do that. Yeah, so basically writing them down putting them somewhere, having a think about them. And then if you want to take one to the company, or something, like do it in a way where, like, you kind of show that you’ve thought about it a bit more. Like media, like I’m not saying I’m gonna do it right now by you’re gonna catch up with me later. So you try your best to plan it out and be like, show why you think it’s a good idea, do your research and ask for like, the time to go through that. Rather than like bombarding your person with like, an email. I’m laughing. I’m feeling I’m feeling the free 60 Now, but you know, like, rather than sending loads and loads and loads of stuff, like by email, and then getting really upset, because like, they’re not taking on and like, then RSD jumps up. And we’re like this. I mean, well, one thing on my day is on like, what’s wrong with them? Trying to do it? It’s very ironic leaving a team now because I’m, like, oh, I help people run retreats and do groups. Yeah. You’re welcome. I’m like, Oh, my God, it’s literally impossible to actually make everyone’s ideas happen. So you can’t find the middle ground. And then if you’re a team, leader, manager, Oh, yeah. And also, I think, in general, for the ADHD personal, like person, we’re building ideas. Like, yes, take the idea to the person if you like. But like, actually, I would suggest that the majority of them you put into you, because like, especially if you’re working in an organisation like that organisation has probably got this that like, whatever work they need to do. Like, I’ll give you an example. Like in the last course, I did, one of the coaches, and I’d love to make like a course, an add on to the course about like social media, I do have a bit of social media on that. Because I would like to add this on, like, do training for coaches on social media. And I was like, Oh, I was like, Oh, that’s a good idea. But then I have over all of the curriculum, the corresponding to other modules and more like, Oh, my Oh, so that I would say, actually, you should do this yourself. Like, why do you need to at my company, you can do it yourself. On the same day, like the ADHD book, I wrote on the side of my law job, like, literally, on the side of it. So I think, take it all in, like all the ideas that you’ve got, and I think that’s ties in very strongly with the rst because we’re like, oh, I want to, like it’d be good if I do it in the company. Like in my old law job, I wanted some mental health circles, moving the job. And they said, no, no, no, I do it as a job. Yeah. run my own company. Yeah, basically put it into yourself on the side and, like, overcome the RSD about like you doing that if you want to, if you’ve got ideas about like networks, I feel like a lot of people know and you’re divergent one set up like Gladsome we all want to set up like communities and support groups and events. And then the company is like, no, yeah, please. They were like we’ve got a community but every different kind of like neurodivergent say of like, 1000s of police officers, and they’re like, and they all want, like, funding and support and all of the stuff and they’re like, how do we help one community. So having, like, putting to you, especially if you’ve got the minute that I left my job, like, it was quite amazing because like, I’ve got so much energy I will happily work from 6am till 12pm Not good thing should not don’t work for 18 hours. But once I had once I was free of a lot of restrictions, like the bureaucracy that’s why it actually works so well because I just am like fully unfettered retreat, whatever. So I think that for the individual and like I really do feel your pain but like the like get a coach. Like do it for you don’t have don’t feel like that’s the only option. Yeah, and I know I can show what I would recommend for managers. Sorry. Like real passionate me and like real pain, but I really understand. But also Yeah, they do it for you because the world needs it and like don’t wait for your like, if your company doesn’t want the idea, like whatever, like do it yourself.

Leanne  30:00 

So you apply the same concept. The idea is like, if you take all the ideas out the river, and it’s hard to do them all at the same time, and especially like writing them down, I’ve literally one of my coaching clients on actions like make a river on a wall of like fish. But writing them down helps you can do something with them. Yeah, to do one of my old companies that, like set up a agency overnight, a website, and then they message me like you, you can’t do that. Yeah, so basically writing them down putting them somewhere, having a think about them. And then if you want to take one to the company, or something, like do it in a way where, like, you kind of showed that you thought about it a bit more. Like me, they’re like, I’m gonna do that thing. I’m gonna do it right now by you’re gonna catch up with me later. So you try your best to plan it out and be like, show why you think it’s a good idea, do your research and ask for like, the time to go through that. Rather than like bombarding your person with like, an email. I’m laughing. I’m feeling I’m feeling the free 60 now. But you know, rather than sending loads and loads and loads of stuff, like by email, and then getting really upset, because like, they’re not taking on and like, then RSD jumps up, and we’re like this. I mean, well, one thing on my day is I’m like, What’s wrong with them? Trying to do it? It’s very ironic leaving a team now because I’m, like, oh, how people run retreats and do groups? Yeah. You’re welcome. I’m like, Oh, my God, it’s literally impossible to actually make everyone’s ideas happen. So you can’t find the middle ground. And then if you’re a team, leader, manager, Oh, yeah. And also, I think, in general, for the ADHD personal, like person, we’re building ideas. Like, yes, take the idea to the person if you like. But like, actually, I would suggest that the majority of them you put into you, because like, especially if you’re working in an organisation like that organisation has probably got this that like, whatever work they need to do. Like, I’ll give you an example. Like in the last course, I did, one of the coaches, and I’d love to make like a course, an add on to the course about like social media, I do have a bit of social media on that. Because I would like to add this on, like, do training for coaches on social media. And I was like, Oh, I was like, Oh, that’s a good idea. But then I have over all of the curriculum, the corresponding to other modules on the left paid more like, Oh, my Oh, so that I would say, actually, you should do this yourself. Like, why do you need to at my company, you can do it yourself. And same day, like the ADHD book, I wrote on the side of my law job, like, literally, on the side of it. So I think, take it all, like all the ideas that you’ve got, and I think that’s ties in very strongly with the rst because we’re like, oh, I want to, like it’d be good if I do it in the company. Like in my old law job, I wanted some mental health circles, moving the job. And they said, no, no, no, I do it as a job. Yeah. run my own company. Yeah, basically put it into yourself on the side and like, overcome the RSD about like you doing that if you want to, if you’ve got ideas about like networks, I feel like a lot of people know and you’re divergent one set up like Gladsome we all want to set up like communities and support groups and events and then the company is like, no, yeah, please they were like we’ve got a community but every different kind of like neurodivergent say of like 1000s of police officers and they’re like and they all want like funding and support and all the stuff and they’re like how do we help one community so having like, putting to you especially if you’ve got the minute I left my job like it was quite amazing because like I’ve got so much energy I will happily work from 6am till 12pm Not good thing should not don’t work for 18 hours but once I had once I was free of all the restrictions like the bureaucracy that’s why it actually works so well because I just haven’t like fully unfettered retreat whatever. So I think that for the individual and like I really do feel your pain but like the like get a coach like do it for you don’t have don’t feel like that’s the only option. Yeah, and I know I can show what I would recommend for managers. Sorry. Like real passionate me and like real pain, but I really understand but also Yeah, they do it for you because the world needs it and like don’t wait for your like if your company doesn’t want the idea like whatever like do it yourself.

 

Jon  34:35 

Yeah, just do yourself out right?

 

Leanne  34:36 

Like the thing like if I didn’t want to learn coding your way with them from the top from definitely because of other mental health cycle your company but the Yeah, and then for managers and leaders and it’s going to people that are managing people like myself that like I want I want you to do this. I think you should like like me. Yeah. I think it’s finding, setting really, really clear boundaries of like, what is expected, like, you know, within the work hours. And then like, help the person like, find opportunities to do that. Right. Like, let them know that that idea is like, super, super welcome and valid, because, ya know, when, when I’ve, when I’ve wanted to do things with ADHD works, I’ve got this team, I’m like, give me your ideas, you’re great. I would like your burns, think of me. You know, it’s like, really making people feel that their ideas are like, welcome. Yeah, and appreciate that, because they aren’t great. And amazing, but it’s kind of setting the expectation is that like, we can’t do it, or that all these like bureaucracy and stuff, but maybe even like, talking through the ideas with them, like, you know, if they, if they wanted to really set up like a community has only been like, okay, but actually, like, I can do one of the I can go an hour off my senior manager or HR person, like, which one is most important to you? What would the outcomes be? What do you want to get out of it, but then also being like, kind of working on the person being like, what could you do by yourself, like, do you want like, you know, if you want to get all these things, like, you can do it on the side of your job, you don’t have to do that, like for this company, kind of how I just said, like, actually supporting people to achieve what they want to achieve, like, not necessarily just within the confines of the job, but like, all of the energy, and helping them to see opportunities within the company. Like, I’ve got someone like weekly group coaching, so I was like, cool, like, this person wants to do group coaching, like their hair like so giving them like learning opportunities that will help them develop those ideas and recognising that their real real asset, really amazing, really welcome them, giving them a my dad that you have this idea, like a blue sky thinking day, so like, a time like so basically, instead of like me, sharing your ideas, like in the team meeting, or like by email, like firing off emails, yeah, you could create like an ideas. hour where people can bring their ideas to you, you know, and share them and present them like maybe like one idea at a time. But then, but then you get the best ideas, right? And like you’ve set the time up. So then anything around that you like, do it in the container. I think it’s time and then having like, little process around that. But I do. Yeah, I think it’s really interesting. I hope you don’t mind me just babbling on about that. Because I think it’s something that comes up so much at work that people don’t talk about, because it’s a bit of a random thing to talk about. Yeah, it’s a bit, you would have to know someone with ADHD, particularly to talk about, oh, I know what you mean. But I do I see a huge, but I coach people like often that’s because they have no idea if they go into a job, they’re super like, like, I’m gonna do this and this and this, and then their managers or whoever, like no, yeah.

 

Jon  37:56 

I mean, that’s, this is actually all touched on something that I’ve talked to I’ve talked about previously. But it’s quite linked. And I think, if you have if you have ADHD employees, and you’re a manager, so this situation that we’re this kind of situation we’re talking about, it’s such a good way of encouraging them and also letting encouraging them to work to their potential, not just not just to the potential that everyone thinks maybe we are, we can get to, but it actually can tap into our just kind of innate strengths as well, you can tap into the hyperfocus and doing the research doing everything. And even if it starts out as like a personal project, it could lead to a company project that could actually in the end benefit the company, they just didn’t want to put that initial, like risk or investment in which if you don’t have unlimited money, which very few companies do fair enough, and then you know, that person gets that ownership, and they get the encouragement, the thing, the thing that I’m struck with those, and I don’t know, if you would agree, I feel like there’s with the management level. At least from my perspective, in tech and in cyber there, there’s not much in the way of understanding of what ADHD is, and there’s not much in the way of how to understanding of how to support people like that. And I think that’s that’s this is one of the areas where there needs to be real change not just in the menu for the managers but in how companies train the managers to deal with neurodivergent people in AD in ADHD ears so that they can support it you know, when they when they walk up and they’re like, I have an idea to make this a little bit easier and so that we can all leave and go to the pump at three o’clock instead of five o’clock. And right now the managers I think for the most part are like no, no, no, we you know, we’re stuck in our ways. We have we have this we have this process and you know Then the employee will probably do it anyways. Do it in their own time. And it actually is better. But they

 

Leanne  40:10 

Yeah, yeah. So when I did the Disney, Disney are basically trying to induce Mental Health First Aiders on ADHD coaching skills, and then gave them like workbooks and stuff around ADHD. And because instead, like that situation I just described or the one before, but ideas like, endless. And so I can coach individual managers like that way I can give them support around that specific situation. But the best thing that I think they can do is trained in like actual ADHD coaching, like coaching people working with you, because then they know it’s not, that person hasn’t made that suggestion, because they want to go to the pub at four o’clock, like, they’re not doing it, because they don’t want to be at work. And then just, they’re not doing it because they want to speed through their work and they didn’t care. Or they’re not coming up with those ideas, because they didn’t want to do that job. Like they are actually doing it because they probably finished their job. And they bought and then we could do all of these things really quickly, like do the sunrise wherever they are, and like the mansions like but that’s not how we make, which I know really get being a manager myself.

 

Jon  41:21 

I can really understand that. Because, you know, like, now having different employees, right? Oh, well, it’s really important that we’ll do like, Ben, I have my deposit. I want to do all these things I want in my managers like, well, that’s a lot of other people’s areas.

 

Leanne  41:37 

But like now I’m like, Oh, actually, if I did someone else’s job for them, they don’t know what to do. And like I’m coaching someone now that came up. They told lots of people what to do, like the big manager, and over the weekend, they did all themselves. Like, Oh, I feel Yeah, I feel Yup. Do you know that feeling? And so that’s yeah, it’s very ironic and interesting. So I think for managers to have that understanding and awareness, my manager was actually really good. She helped me. You know, when I was like, I had we would respond to these government consultations. And she had, she said that I could respond to other ones my uncle was responding to like, the job. And then I was like, Oh, what about body image? Can I do the thing about? Like, yeah, fine, but I think that can often be a big thought in people’s heads, like with the book, that ADHD book, I was so sure that I wouldn’t be allowed to publish it. And obviously, they did not care. But in my head, I was like, they’re not gonna let me publish my book. Like, that’s kind of, like, the people never care as much as they think they do. But I think for managers having like, just, I mean, that training, understanding and like, the coaching skills are so useful, because then like, it doesn’t matter the situation, but you’ve got the context. And like, particularly in understanding a person, because I think that’s probably the biggest challenge is like, because they don’t get that training. So then the, like, might have their own assumptions and personal functions, but instead of like actually understanding like this individual person, like for me, I might be very different to a different like that someone else my ADHD, like, very loud person, I was very quiet person, but I was doing a month’s worth of work in a day like I’m done. Yeah. What are we doing? Let’s go. It’s very different for everyone. But if you’ve got those skills, you can kind of apply them to the end, which I think is like management in general, right. But a lot of managers aren’t trained on management. They’re just promoted because they’re good at their job, which might have nothing to do with people.

 

Jon  43:51 

Yeah, yeah. And that’s the thing is, I mean, as we’ve been talking to mistaking you, I have a good example of kind of, I had a project that I wanted to do, I had something I wanted to do. And it was this podcast, ironically enough. I had been at via for probably think about three weeks a month, absolute tops. When I had this idea. I want to start a podcast. So I go to go to my manager, and basically the rest the team was like, Okay, I want to start a podcast on ADHD and cybersecurity. I don’t know how to do this, because I’ve never done a podcast before. And they’re basically my managers response was, do the research. You know, do the research find, find people that are interested in doing and coming out as a guest speaker? Can you act Do you have enough content, blah, blah, all of these things. And I started that I started the process and then after about a week of starting the process, I got it I got bored. I was like, I’m not seeing the payoff yet. So I let it sit for probably two or three weeks and then people started responding to me Me, there was interest growing, you know, I’ve made, I’ve made made a couple posts in LinkedIn about, you know, would people be interested in watching or listening to it. And that started to get some traction, my family and my girlfriend, were all talking about it. And after like a two to three week hiatus, I was like, Okay, I’m doing this and started up the process again. And once I had, I think five or six people lined up as guest speakers. And I’d written out the, you know, the sheets, the questions and all that stuff to help guide the conversations, I’ve done the research booklet, blah. Then my company was like, Okay, we will support you, you know, any, any tech, we need to do this, we’ll do it. That’s one of those moments where I had an idea. And, you know, I figured, like, Oh, my company will help. And they did, but they didn’t, you know, they, they gave me the leeway and everything to do it for myself. And then once it was like, Oh, this could actually be something then they came in, and they’re like, Okay, yes, we’re happy to do this with you. But that’s that’s one of those moments where that’s that’s good management, isn’t it? Where they’re supporting someone with ADHD? That has that idea. But like you said, kind of delegating and saying, like, do on your own time, and then we’ll talk about it again. Yeah.

 

Leanne  46:21 

Because Are they helping you have this podcast now?

 

Jon  46:25 

Yeah, yeah, this Thank you. Thank you very much.

 

Leanne  46:30 

Did I have a question? Do they find this podcast of like, do they have to listen to it before? Funny?

 

Jon  46:37 

So they, they want one of my colleagues does, helps. And does. She doesn’t she does all the editing. So she, she listens to it, but I, you know, I listened to it. And then we can discuss where to go from editing after that. So they actually do they are actually in the process.

 

Leanne  46:56 

Yeah, yeah, that’s yeah. The reason I started, I was like, That’s literally what I did my job.

 

Very similar than the right like a 16 page, podcast policy. Anyone can follow it, anyone can do it. But then. And I think, again, it’s a really good example of how like these ideas, week we ADHD is all very amazing ideas. And not so many reports are boring. I can follow through. And then once I’ve done it once, and then bored now. So I got all the work, like, did all the prep work, recorded the podcast, then had to sign it. And then I had to fend off the podcast, and I had to edit the podcast, and this but my brain was like just that my beautiful podcast, I like recording that episode, then it was like, oh my god, that was very painful, nothing again. And so that was really not an edge. Again, it’s a really good example. Because like, thinking it through and like having that buy in. Because if you like, it’s really hard, because if you’re the company, right, and so like me, it actually works. Like if one of my coaches were like, We do actually have a podcast, but if they wanted, I would just want you to, if you can handle the admin, if you want to upload it all fine, but obviously it can’t have them going out doing podcasting, like ADHD is not real sucks. So it’s like these interesting bounces. But then like, showing that I think probably what I would if I was one job, like if you can show me that you fought every step of the way through and you can find someone that wants to help you and the parts that like you don’t want to do like the sign off, or the editing or upload like the admin. Thank cool, because, for me, it’s a good, the best way to manage people with each day. So how I did? Because you’re like, I know what your brain is like, as well. Yeah. It’s like, we can do the fun bits, but the US, but those bits after can be really challenging. So um, yeah, it’s a really interesting thing. It’s really nice talk about it, because I think people when they do the talk, like, you know, the most corporate, like, near diversity clapping like well, they’re like, oh, people with ADHD are so innovative. But it is that thing of like most corporations, they work in a very org. Like, I couldn’t believe it when I started my job. And they had like a separate person doing social media. So pressing, pressing pocket, I was like, but what did they do audit? I did the job was like, 45 people now My thing is, I was like, but then what did they do? Are they so I think it’s a really interesting like balance. They’re like they’ve ADHD brandsma Like those ideas and things are amazing. So how do you like literally harness them like your company has a podcast of like finding the way to make it work like setting I think like the boundaries around it and like making it realistic. Again, it’s not running because I do ADHD coaching now. Again, that’s probably why I’m good at coaching other people. We find the boundaries are on the containers. They’re like, Okay, how do you know When you’re going to finish it, then what are you going to do? Like, on the first fun that, then what? And then like setting up in that way. So yeah, I’m really lucky now because I’ve got Beth, who helps me do everything with ADHD works but poor bath like, poor like so as like I’m gonna do a POC and we have the podcast here, but I was like, Oh, I’m gonna do a podcast blitzing on LinkedIn and like, so if anyone wants to be on it had like 50 to 100 people contact Beth like, she woke up to all these emails being like, I want to come on the podcast that she didn’t know existed. And then that was me. She just went and turned it into a podcast, make that happen stuff. And then we had we people booked in weekly for like, a year, and then a few months online, I was like, I can’t be able to do this anymore. And then cancel that. So that’s a really nice thing about running your own company. It’s like, you don’t have so many people. Like, you’re kind of accountable to yourself. Yeah, people that rely on you. But like, you learn as you go, but if you’re working for someone, then you like for, like, you know, if you’re being managed by someone you have to consider like that. Their workload and the workload of your team and the workload that run out. Like, yeah, I’m always I’ll do it. Well, it’s fine. But like, then, like, Will I actually do it or down the line? Like?

 

Jon  51:12 

I don’t know. Maybe, maybe we’ll see when we get there.

 

Leanne  51:17 

Yeah, in the moment, I really am like, yeah, I will happily do all of that. It’s like, it’s fine. But then when you’re in it, you’re like, Oh, my brain doesn’t work anymore. Like, you’re like, No, no, don’t. And then that’s where all the RSD comes are.

 

Jon  51:33 

Yeah, yeah. Cuz then yeah. Because then you kind of question yourself, like, yeah, you question yourself, and you’re you kind of like, I’m not good enough? Or that that’s kind of impostor syndrome, as well, isn’t it? You’re just kind of questioning like, am I even good enough to be doing all of these different things, and you’re just being too hard on yourself?

 

Leanne  51:50 

Yeah. And that’s what comes to the thought of like, you know, actually, kind of setting yourself up, or being kind to yourself lenders was really nice. And I run the company and like Kellyanne, like, maybe next time, we’ll run it in like, slightly different way, but it’s alright. It’s fine. It’s not gonna end because we have to cancel 75 podcasts.

 

Jon  52:09 

Yeah. Yeah. And I mean, one thing you mentioned, you touched on very, just very briefly, but I’ve been I’ve been curious to get your kind of perspective on it. There are obviously people out there that don’t believe ADHD is real. How they believe that if they know anything about it, I don’t know. I, in fact, I used to work with someone who diagnosed ADHD, primarily active, I still am not going to muck in the name blast or anything. nice enough guy. One day, you know, came into work. I was working at a bar at the time. And it was really loud. It was noisy, and I went up to him because he had ADHD as well as like, Hey, I’m getting really overstimulated. I’ve been here. For like, 10 hours, I’ve had 120 minute break. I need to step outside for like 2030 minutes, because it’s just too loud. And he was like, why it wasn’t because I have ADHD. And I’m overstimulated and I’m like, I’m frazzled. I can’t work, I can’t function. And he just looked at me dead in the eyes. And he was like, No, you’re fine. Don’t have ADHD. It’s not real. So let me know, I know. That’s, that was my that was my reaction as well. It was just kind of like an incredulous laugh, because I know for a fact he had an ADHD diagnosis. So it’s kind of what I’m what I’m getting at is like, when we inevitably get to the point, or our listeners get to a point where they meet someone in that professional setting, that actually does say, No, it’s not real or, or argues against it. In your experience, how do you handle that? Like, what’s the best way for someone to to handle that situation?

 

Leanne  53:55 

Like all my answers, it depends on the situation. If it’s like your situation, then the thing I definitely want to advise people to do, but I would say talk to her HR. That’s why do you think it’s really important to have that policy we’ve got free policy on our website, but like policies around I don’t like really like the word like discuss telling your employer you’ve got ADHD in a kind of formal way. Because there are like, this is a lot of what I do as well, because I unfortunately worked in mental health and disability law. So I know a little bit like there are lots of laws that get triggered when someone discloses a disability which a disability only has to be a health condition that basically affects your ability to do normal day to day activities significantly negatively in contrast to your peers. The diagnostic criteria for ADHD is to have two or more areas of your life that are significantly negatively impacted for a long period of time. So guess what, probably it’s gonna amount to disability but interestingly, any of the tribunal and tell you that which is a long road. So companies are best to assume that everyone’s got this multi if they say they have because and that’s even without a formal diagnosis as well, like, because I don’t change the fact that you’ve got a disability, right? Like, you were disabled before you were disabled. Like, yeah, so it’s so if you’re in that situation, and like, I often talk to people, like, I want to tell my employer after I pass my probation, I’m like, don’t do that, do it now. Because if they’re gonna fire you, then like, if they don’t know that you’ve got ADHD, then they can’t do what they’re meant to do, like, but if they do know, then they have to do adjustments, and they have to take into account they need to do something to make sure that you are not disadvantaged in comparison to people that don’t have ADHD, that white colour, you know, like your explanation that you’ve got that, like, obviously, it sounded quite horrible in the first place. But I really love the fact I really love is that bullying is not illegal in the workplace. But discrimination and harassment is so that’s like, if you, you know, basically someone can bully you and be like, go and stand in that corner. Like, we don’t like you. But if they said, I didn’t like that you’ve got ADHD, go stand in that corner, because you’ve got ADHD, then that’s discrimination. That’s so like, that’s why, you know, again, like I do a lot of training for companies, because like, they’re really important legal obligations that if you’ve got people like this guy that talked to you, that are like, not very old, didn’t really care go away. The companies can be sued that discrimination. Damages are like unlimited. So I got a call from a lot of money, huge amount of and particularly like a failure, they call it a failure to make reasonable adjustments. So what you asked for was like a reasonable adjustment. So I want to go outside. And they were like, no. So that would be like a failure to make reasonable adjustments. And then afterwards, he’s like, I don’t believe in it. You don’t have ADHD, you’re fine, like, harassment? Because he’s saying, yeah, so. But yeah, so I’d say talk to HR. It’s really scary to do that for people because like, obviously, it’s kind of putting your hands up, but they will help you because they have to, because it’s the law. So if they don’t help you, a lawyer? Yeah, it’s a really, really tricky area. And the tricky part of it is that a lot of companies are not trained on disability law. Because of the fact like neurodiversity, for example, it’s only been talked about a lot in the last like five years, and the company level, even the year where like, ADHD works. There’s literally no one on LinkedIn, in particular talks about ADHD, like, it was just announced on LinkedIn, I literally felt like I was saying, Hi, I’m a clown now. And now it feels like everyone I know on LinkedIn is like, the person that BIOS I like I’m walking. Yeah, I’ve got I’m neurodiverse,

 

Jon  57:48 

which is great. But it’s great. Yeah.

 

Leanne  57:51 

The old day, the people individuals have called up the company’s still in the process, understandably, because they’re, it’s really complicated. And it’s really different for everyone. But I would say in general, in general, like on a more practical day to day level, like if you’ve got people around you that are like making comments and stuff. Like kind of thing. It depends on the situation of where you want to draw the line of being like a group that or, you know, communicating, like when you’re saying this thing, it’s making me feel this way, I would prefer it if you don’t put in writing, write it down, keep it keep a log of one when it happens. And keep keep a good, good tracking log of that. Because then you can use that later on. And what’s the end? Like my general advice, because you know, for example, though, something last week on LinkedIn, about it was like, this woman said, autism is real, because I’ve got people in my life with autism that

 

Jon  58:52 

oh, I’ve saw that

 

Leanne  58:54 

ADHD rail. Oh, really pick like just one, I really like her and have a book about trauma. But and so I’m like, you can’t really pick but basically, in general, kind of going back to the guy that blocked you, right? Everyone is entitled to believe or do whatever they want. Just like them have, like, it’s very hard to change people. And you know why? He says that what we say is right, anyway, what like when I was diagnosed with ADHD, I was like, That’s not real. Like, I’ve got a real problem. So I’m not really wanting to judge people that think it’s not real because five years ago and if again, like I don’t think people do it really to be malicious. I think it’s just like, their conditioning, that situation whatever it is, you know, that person that you sent has been diagnosed with ADHD actually want to do it or someone that had also been diagnosed with ADHD. He was like, It’s not rare when I was like, claiming it’s gonna work out, to be honest with me, because he didn’t want to. For a good year. I was kind of the same way as well. I was like, no I just my family were like, psychiatrists are just trying to make money out of you. Because and that is what is really annoying because like, I had to pay another 400 pounds to see the psychiatrist to finish the diagnosis off. Didn’t have to pay for insurance months to get medication. So it was very much like, Yeah, well, and the information available on the Internet back then was just like, nothing. No, no, no Instagram accounts on ADHD like me five years ago. That’s why I wrote that book, because I was like, I don’t even like, like, what is like, I’m not a hyperactive person. Like, I would just wake up and sit on the computer for like, 12 hours, but now I know, it’s like mentally hyperactive.

Forging the Future: Leadership in the Cyber Security Landscape

Forging the Future: Leadership in the Cyber Security Landscape

The world of cyber security is constantly evolving, with new threats emerging at an unprecedented pace. As we stand on the height of a digital revolution, the need for visionary and capable leadership in the field of cyber security has never been more critical. The next generation of leaders in this domain will play a pivotal role in safeguarding the digital world. We explore the key attributes and strategies for effective leadership in cyber security, providing valuable insights for those aspiring to lead the charge in this ever-changing landscape.

The evolving role of cyber security leaders

In the past, cyber security was often relegated to the IT department, but today’s leaders in this field must possess a broader set of skills and competencies. They are expected to be visionary strategists, adept communicators, and resilient problem-solvers. With the increasing complexity of cyber threats, leadership in cyber security extends far beyond technical know-how.

Core leadership qualities

    1. Vision: Future leaders in cyber security must have a clear vision of what security means in a digital world. They should be able to anticipate emerging threats and develop long-term strategies that adapt to evolving technologies.
    2. Adaptability: The next generation of cyber security leaders should be flexible and open to change. Cyber threats are constantly evolving, and leaders need to pivot quickly to counter new challenges.
    3. Communication: Effective communication is vital in a field where collaboration and information sharing are key to success. Leaders should be able to explain complex concepts to non-technical stakeholders and build cohesive teams.
    4.  Ethical Integrity: Cyber security leaders must operate with unwavering ethical integrity. They are the guardians of data and privacy, and any lapse in ethical conduct can have severe consequences.

Building high-performing teams

Leaders in cyber security should focus on nurturing high-performing teams. The next generation of leaders should:

    • Cultivate Talent: Invest in the development and growth of team members through training, mentorship, and fostering a culture of continuous learning.
    • Diversity and Inclusion: Embrace diversity in your team to encourage a broader range of perspectives, which can help identify and mitigate risks more effectively.
    • Resilience: Foster a culture of resilience, where team members understand that failures are opportunities to learn and improve security measures.

Subscribe To Our Newsletter

Staying ahead of the curve

Cyber security leaders must be perpetual learners, to stay ahead of emerging threats, where they should:

    • Continuous education: Cyber security is a constantly evolving field, so leaders must keep up with the latest trends, technologies, and best practices.
    • Networking: Building a strong network within the cyber security community is crucial for sharing insights, gathering threat intelligence, and staying informed about industry developments.
    • Scenario Planning: Develop and practice incident response plans to be prepared for a wide range of cyber threats.

Ultimately, leadership in cyber security is not just about protecting systems and data; it’s about protecting people and their trust in the digital world. Leaders must lead with purpose, emphasising the critical role cyber security plays in our interconnected society.

The next generation of leaders in cyber security faces a complex, ever-changing landscape, but with the right qualities, strategies, and a commitment to continuous improvement, they can make a significant impact. The next leaders have the power to shape the future, ensuring that it remains secure, resilient, and trustworthy for generations to come.

Hyperfocus Hour: The Impact of ADHD in Work and Life  

Hyperfocus Hour: The Impact of ADHD in Work and Life 

Jon Wakefield, Consultant at Via Resource and Simon Monaghan, Founder of Odd Shoes discuss their experiences with ADHD as recruiters, including struggles with impulsiveness, inattentiveness, and prioritising tasks. They also discuss the challenges of being spontaneous and the guilt that comes with having ADHD. Simon shares their structured approach to generating and refining ideas, as well as their experiences with neurodiverse candidates in the workplace. Emphasising the importance of understanding and accommodating individual differences, and discussing their unique approach to helping candidates prepare for interviews through personalised microsites. They also discuss how ADHD has impacted their career, including difficulty with listening and interrupting others, having many ideas but struggling to follow through on them, and leaving jobs. They advise others with ADHD to be transparent about their job history on LinkedIn and explain why they left each position. With also touching on rejection sensitivity dysphoria (RSD) and suggests ways to make the hiring process more bearable for neurodivergent individuals.

Points highlighted in this episode:

    1. Encourage open communication and support from employers for neurodiverse individuals in the workplace. 
    2. Consider a structured approach to generating and refining ideas to combat the negative aspects of ADHD. 
    3. Prioritize quality over quantity in the recruitment process and work closely with clients to understand their needs. 
    4. Be transparent about job history on LinkedIn and explain reasons for leaving each position. 
    5. Take responsibility for one’s actions and avoid blaming others, especially in job interviews. 

Overview Of Podcast

    • Introduction & your ADHD tax 
      • 5.45 What does your normal workday look like? 
      • 40.46 Neurodiversity for candidates with hiring managers 
      • 58:26 Microsites for Candidates 
      • 01:14:16 Biggest impact ADHD has on a professional career 
      • 01:27:52 Rejection, Sensitivity, Dysphoria 

About Our Host Jon And Guest Simon

Jon Wakefield, Consultant at Via Resource

Jon joined Via Resource with a year of recruitment experience in the Cyber Security market, where he specialises in Security Engineering and DFIR.

Having placed candidates from Senior Manager Security Engineering to mid-level in highly regulated industries such as finance; Jon has built a comprehensive understanding of both candidate and client needs and addresses each role, and person, on an individual basis to find the perfect fit.

As an avid Star Wars fan, you will often see or hear Jon making connections and references to cyber security. Jon has ADHD and is an avid supporter of neurodivergent talent in the workplace.

Simon Monaghan, founder of Odd Shoes

Simon spent his adult life bouncing around sales jobs, promoting house music and singing in bands. He knew he had a problem with being distracted, distracting others and struggling to listen and focus; it wasn’t until he got into recruitment at age 35 that he realised that he couldn’t continue not taking life seriously and meeting his potential, so he got diagnosed. 

That diagnosis changed everything, and structure/organisation became the platform he stood on, building a reputation in recruitment until he set up his own company at the beginning of COVID-19 in 2020, intending to change tech recruitment one hire at a time.  

Now happily married and living in France, he’s made serious steps towards his lofty goals.

Transcript:

Introduction & your ADHD tax

Jon: Welcome to Hyper Focus Hour. This is a podcast dedicated to ADHD, nero and neurodiversity in the workplace, where myself and wonderfully talented people such as Simon here attempt to navigate and build tools for neurodivergent, people in tech, cybersecurity and anything else to help, basically help them succeed in building a successful career.  I’m Jon, I’m a cybersecurity consultant with a year and a half of experience in security, operations, digital forensics and incident response. And I have ADHD primarily in attentive. This podcast is brought to you by myself, obviously, and by a resource which is a specialist information cybersecurity recruitment agency which operate in the UK, Europe, US and Middle East. Today we have Simon Monahan as a guest on the show. Simon is a software development recruiter who, like me, obviously also has ADHD and has extensive experience navigating the tech and recruitment industries from a neurodivergent perspective. So Simon, welcome to Hyperfocus Hour. I’m really excited for our conversation today on rejection sensitivity dysphoria, what that means for ADHD and how that translates into a professional context. But before we get started, I have one question for you. ADHD text, do you know what that is?  

Simon: I think so. Like a financial implication of having ADHD. Financial implication?  

Jon: Yeah. Or even just you went into a different room to get something and you did five other things before you actually did the thing you meant to do. So my question is, what was your most recent ADHD tax? Whether that was yesterday or in the last week.  

Simon: Yeah. I would say that there’s two things that I can think of. So number one is just being impulsive. So I’ve got this like. In recruitment, I want to be as efficient as possible. And I’m always kind of attracted by the shiny new thing, whether that be AI tech or whatever. Things are going to help me to be more efficient. So impulsiveness costs me quite a lot because what I would do is I’d see this tool. I get this daily email from this guy called Superhuman, which is basically just an AI daily email about the latest things that are happening. So he’ll send me stuff and I’ll then go on and I’ll be like these three tools every day that he sends that I could use. So I’ll be like going on there going, oh, that looks really good. I can see that. That would be great for me. So I’ll book a demo or whatever and then when it actually comes to the demo, about half an hour before, I’m like, I don’t feel like I really need this, but because I was so excited and impulsive about it. So that costs me time in that whole setting up and canceling and actually sometimes doing the demo, then starting with the product, getting used to it, and then after a while realizing actually I don’t need that. And sometimes I give equal weight to what I call money making activities. Things that are really like the biggest impact on my business, like phoning candidates or doing business development. And I give equal weight to that as I do posting on social media and replying to every single comment and, you know, or anything really. Like, you know, these demos, for instance. And I worked I worked out actually based on the ADHD tax, like. If I spend 30 minutes a day on stuff like this, I worked out exactly what that cost me in terms of my billings based on the last year and whatnot. And it would cost me 19,000 pounds a year just to spend 30 minutes a day on tasks that aren’t money making tasks.  

Jon: Wow.  

Simon: If I waste 30 minutes a day, it’s 19,000 pounds a year for my business.  

Jon: That’s crazy. In some businesses, 19,000 pounds isn’t a lot, but well, I mean, it is. But for yourself, that’s a decent amount of money that you’re kind of costing yourself just by doing these tasks, isn’t it?  

Simon: But you know what the worst thing about it is? That even though I know that it does that yeah, I can’t control myself. Even though I’m diagnosed ADHD and I take tablets every day, I still can’t stop myself from being impulsive and not prioritizing as well as I could. I’m working on it every day. But it’s a challenge.  

Jon: Yeah. And that’s one of the things with ADHD, isn’t it? We have our medication and we can have the tools and the buffers, if you will, to kind of build around ourselves so that we remain productive. But there’s only so much that it can do. There’s only so much it can really do. The ADHD still comes through, regardless of whether we want to or not. It’s just who we are.  

Simon: Exactly. Yeah. It’s annoying, but yes, it’s what it is.  
 

Jon: Speaking of this, the money making activities, the 30 minutes a day, the the 19,000 pounds a year, when you look at your day with someone with ADHD who’s also a recruiter, who also recruits in tech, what does a normal workday look for you look like for you? 

5.45 What does your normal workday look like?

Simon: Well, for me, I mean. I have, I have a really, really I have to have a really, really strict day plan and it’s like so intricate and detailed that I have everything mapped out in my day. So I have different tasks together. Like these are resourcing tasks, these are business development tasks, these are admin tasks. And I open each one up on Monday.com, which is like my operating system for my business. I couldn’t live without that. And then it will have maybe ten or 15 tasks that I follow through in my process for that. So something that I’m trying to do now is theme my days because what I was doing is I was doing admin, then resourcing candidates in the morning and then in the afternoon trying to fit business development in. But by 3:00pm, all of my desire for doing a new task, it’s burnt out. So some days I would get to 3:00pm and I’m like, right, business development now and I’d end up just going home because I’d feel like I can’t start a brand new task. So what I’m doing now, which rightly or wrongly is starting to be better for me, is just right. Today is a resourcing day. The only thing I’m going to do is focus on candidate resourcing and obviously your day to day admin tasks. I’m obsessed with being efficient with my time. And the problem that that raises is that sometimes I spend so much time and thinking about how I can be more efficient or what tools I can implement or maybe more efficient. The time it takes to research and understand and all of that actually makes me less efficient. 

Jon: Yeah, you’ve lost efficiency. Like you were saying earlier, you’ve lost money by doing kind of the impulse. Yeah, I know what you mean. I go into the office normally about once a week, trying to go in about two days a week now. And when I started doing this, I told myself, okay, Wednesdays when I go into the office, that’s a business development day for me. So all day I’m going to focus on researching companies, researching roles, chasing leads, emailing, hiring managers, ta people, really trying to just nail that down. So I’m kind of doing something similar to what you’re doing. So I do that on Wednesdays. But then, for example, before we started this episode, probably about half an hour, maybe 45 minutes ago, I sat at my desk. I went home today, and I was thinking, I don’t know what to do because I have this I just got stuck with that ADHD paralysis, and I was like, I know I have things to do. I know I have work to do, but I’m not sure how to do it or what to do because I didn’t have that structure in kind of my diary. So I was just like, I don’t know what to do now.  

Simon: Well, I track absolutely everything that I’m doing, and I have a process for every single facet of what I do. So for me, it’s kind of taking the thinking out of it, the paralysis, like you’re saying, and just being like, right, okay, today is that day. I just follow that process come, and that works. And it’s a constant refining, always looking to refine it. The other thing as well, I think, is I’m so focused on having a plan for everything, I struggle with being spontaneous. And it affects my relationship at home and stuff. Obviously my wife understands, and as much as anyone who hasn’t got ADHD can understand, she understands. But I actually have to plan to be spontaneous, which is like, yeah.  

Jon: I understand it. I used to think that I was I was spontaneous as well. And what was it like when I started dating my girlfriend and we would do kind of the occasional spontaneous thing, but it would cause me a lot of stress because I wouldn’t know exactly what we were doing or where we were going and I couldn’t plan it out. So then I started to do what you were saying, like started planning the spontaneous things and she’s wonderful with it. She rides the waves. Some days we do do something spontaneous, but most of the time it’s planned out a week or two in advance and that’s the only way I can do it. I have to know when it’s going to happen, who’s going to be there, where we’re going to be as much as I can. 

Simon: When the plan changes. That’s what I hate. I’ll go home from work on a Monday, Tuesday, Wednesday, Thursday. Right now for me, I get home from work, we have dinner, maybe I’ll play a couple of games of FIFA and then we’ll have dinner with the family and then I’ll walk the dogs. And I have kind of a rough routine in my head and sometimes my wife will say, why don’t we go out for dinner? I’m like, inside, obviously I’ll go with it, but inside I’m like, this is my routine. No, that’s not what we do on a Tuesday or a Wednesday. And it drives me crazy. And I know it drives her crazy a little bit as well because she’d like it to be a little less. Structured, and I’m trying to work on that again. It’s hard.  

Jon: When that happens, like, when your routine changes, do you feel rejected? That your routine. How do you feel in that moment?  

Simon: Just feel like, God, why doesn’t she understand that I can’t handle that and it’s not her fault? Like, it annoys it annoys me that I even think these thoughts, but in my head, I’m like, God’s sake. For example, when I’m working during the day, sometimes she’ll just come into the office while I’m working and I’m in the flow, and then she’ll come in just for a kiss because she works in the office upstairs.  

Jon: Right. 

Simon: And I should just love that. And I’m trying hard to try and do it, but I know that in my head, like, I’m just like, oh, my God, why she done that? Does she not understand that I’ve got ADHD and now that’s going to take me 5-10 minutes to get back into the brain space that I need to be in? And she know I’ve talked to her about it, and it’s horrible having to have that conversation. So now I tried to take control of that by me being the one who goes upstairs and interrupts her to give her a kiss and then goes back down, because then I took control of that as opposed to her. It’s annoying. I feel like one of the biggest things with ADHD is I never feel really, truly understood by anybody. I have this conscious battle between what I know is the right thing to do for a normal person and the way I react.  

Jon: Yeah. Do you feel like when. Speak to other ADHD or neurodivergent people, do you feel like they understand you a little bit better?  

Simon: You know what? I actually don’t know if I do, because one of the traits of ADHD, especially in my life, is not really thinking so much about what the other person feels or is thinking in, because all you’re concerned about is what you’re thinking. Like your thoughts are the most important thing in the world, which is not right. Yeah, obviously, I know that people with ADHD should be able to understand me more, but I don’t really think about it because I’m not really, sadly, not as interested in how they feel about it, which, again, goes completely against how I actually want to be.  

Jon: Yeah, no, I honestly understand that. I’m very similar when I know someone else’s ADHD. And it’s difficult as well, because ADHD is is such a it’s it’s on such a spectrum. Like, it can it can manifest. You can have symptoms that manifest in so many different ways. Like, one of my closest friends has ADHD as well. Well, he’s he’s primarily hyperactive. I’m primarily inattentive. So the way we are with our ADHD is it’s totally different now. There are times where he does something or he says something, and I’m like, okay, I do genuinely understand that. But at the same time, when I talk to him about my issues with ADHD or I talk to other people about it, I have that same feeling of, why don’t they get it? I’m not that person. It’s so interesting that we can all have you and me, we have ADHD. And we’re both diagnosed with it, but we’ve both had so vastly different experiences with it that we still feel like no one understands us, even though there’s other people that should actually be able to better understand it than most others. It’s a very interesting thing.  

Simon: Yeah, I agree. I’ve got a double whammy of the hyperactivity as well. So my wife’s got two daughters and they absolutely love it because in the morning at 07:00 A.m., I’ll be putting music on and I’ll be doing silly dances with them and all that sort of stuff. Like I’m just a child. Yeah. And that must be really tiring for my wife as well, because she’s literally got three children. I mean, don’t get me wrong, there are upsides to being my wife. I have got a lot of positives, but there are things that you have to have an understanding partner to have ADHD, I think. And I just carry around so much guilt about everything that I kind of forcing people to live through all of the downsides of it. I’m forcing them to handle those things. I just feel constantly guilty, I guess.  

Jon: Yeah, it’s like imposter syndrome or just like yeah, maybe guilt was the right word. Because a lot of people, I mean, if they start dating, especially if it’s a romantic relationship, like your wife or my girlfriend or something. My girlfriend didn’t know hardly anything about ADHD before we started dating, so she had to learn kind of on the fly, everything about it. And at the same time, I, even though I had the diagnosis, didn’t know much about it as well. So we’re both learning together and very similar. There’s so many moments where. Um, this it’s kind of silly, but at the same time, it’s, I think, emphasize it quite well. If there’s, like, a bag of, like, chips crisps, right? If I if I’m holding the bag and my girlfriend wants a handful, she’ll put her hand in the bag, and to this day, I cannot tell you why. I do think it’s ADHD, though. As soon as her hand goes into the bag, even if the bag is in my hand, the bag ceases to exist. It’s like, okay, your hands in the bag, it just stops existing for me. So what happens? The bag of crisps just falls to the floor. It’s funny. It is funny, but at the same time, it’s so frustrating for her because she’s like, why can’t you just hold the bag? And I’m like, Because it just no longer exists for me. I’m done. My brain is like, no, this is in the nowhere space now. But that’s one of those things of, like it’s a small example, right? But it’s an example of she has to deal with that every time she wants to eat some crisps. But there’s bigger examples of, what if I hand her a wine glass and the wine glass breaks? Because as soon as contact was made, even if she’s not holding it, as soon as contact is even gently made, I’m just like, no, I’m done. My brain is like, It’s out of there. Yeah, that guilt you have for putting people through that when they don’t fully know what they’re getting themselves into. And then they’re like, I’m here now. It’s really challenging.  

Simon: And they can never really well, you feel like they can never really understand it the way that you do. But I also think sometimes I wonder how many behaviors in my life that. I excuse with ADHD as well, if we’re being honest, there’s sometimes where I’m like, well, that’s down to the ADHD, the way I am there, and I wonder whether it becomes a bit of a crutch for me sometimes, as if you’re over kind of justifying why you do the way things the way that you do. I mean, there’s obvious stuff, isn’t there? Like inattentivity and inattentiveness sorry, yeah, needing to be constantly stimulated, for example, I can’t just sit there in silence and I’m like, right, okay, I need to put CD on or I need to put some music on, or I need to put my game on or whatever, I need something I wonder if that happens.  

Jon: You’re on medication as well, aren’t you?  

Simon: Yeah.  

Jon; When you come off your meds, do you have a comedown?  

Simon: I don’t watch them. We talked about this, right?  

Jon: Yes.  

Simon: You let yourself not have them at the weekend? I’ve not allowed myself to do that yet because I don’t want to put my family through, or my wife at least, because the kids love it, but I don’t want to put my wife through whatever comes from it. I’m a bit worried to do it, but I said to her that I want to try it one day and she said, it’s okay, but I don’t know what I’m going to be like you.  

Jon: Yeah. So I was thinking about this as you were talking, because most weekends I take my meds, like we’ve just discussed previously, kind of in a research for this episode, sometimes I don’t take my meds, but because of that. Let’s say I take my meds at seven or eight seven or eight in the morning, right? Usually about four or 05:00 p.m.. Although the meds are still my system on a workday, their effectiveness kind of wanes because it’s a stimulant, of course, and I don’t take them. 24/7. Kind of like yourself. Yeah. So what happens if especially if I’m if I have low blood sugar or if I’m not hydrated, I get quite I can sometimes get a really bad comedown, effectively, where that causes irritability. Just maybe a headache sometimes or something like that. And that’s one of those. Coming back to what you were talking about a second ago. Surely there have been times, and I can’t think of any recently, but I know for a fact there have been times where I’ve just genuinely been in a bad mood and I haven’t wanted to talk to my girlfriend. Not because I’m mad at her, I’m just not in a good mood. And then she’s like, what’s wrong? And I’m like, oh, come down from the meds.  

Simon: It can come from nothing as well. Sometimes I’ll go home from work, I’ve had a good day. Probably today will be one of those days. I’ve had a really good day yesterday. I had a good day. So I go home and have dinner. Everything’s good. Good mood, nothing to complain about. And then the later he gets, my wife might say something like, I’m ready to watch something because I’m done talking now. And she’s like, Is it okay if I put billions on? Because we’re watching that together and I can see in. She’s like, can’t we just not for a bit. I start to get wound up about it. And the later it gets that she tries to force me into a non stimulating situation. The later it gets in the evening, the more irritable I get, and. Absolutely hate it because I can’t control it. And I’m always a morning person as well. So I have my meds at like 06:00 a.m.. So I have like, concerta. I don’t know what you’re on, but I have concerta. I have 54 milligram of that in the morning before work. And I’m always like proper motivated in the so I always do, always do really well. I work quickly. I do the gym in the morning. But if I say to myself, I’m going to do gym at 04:00 p.m., doesn’t happen. I have to have another small what is it, an 18 milligram at lunchtime. Just to top me up, right?  

Jon: Yeah. I’m a total opposite. I’m definitely a night person. I start working about 8.30/9am most days. And if I’m working from home, I don’t roll out of bed until 08:00 every morning, every single night. Tell myself I’m going to wake up in the morning, I’m going to go for a run. And what happens? Without fail, 07:00, a.m. Alarm goes off and I’m like, no, not doing that, I’m going to sleep another hour. But on the flip side, if I wanted to go for a run after work, like 05:00 or something, that wouldn’t be an issue. I’m much more of an evening person. I find the productivity, especially my work day, is with the ADHD. My brain is very slow in the morning. So as the day goes on, by about 1130 noon, that’s when I really start to kick in. So I usually do an early lunch, like 11:00 a.m., and then just work from like noon to five or six.  

Simon: I’m getting you at your best and you’re getting me at my worst right now. It’s welcome. Yeah.  

Jon: It’s it’s it’s interesting as well, because, like, you know, you were you were talking about low dope, like low dopamine tasks. You know how we were talking about that a few minutes ago? How do we combat that? And you split your day up. You say, I’m going to do this all day for one day. Because you do that. You might do, let’s say, business development all Tuesday, right?  

Simon: Yeah.  

Jon: That gets repetitive after a while. We both know it does. And it gets boring. What do you do in those instances where that repetitive task is no longer fulfilling? To make it more interesting.  

Simon: Yeah, to make it more interesting. So what I would do is I would drink a lot of Diet Coke to keep me going, but by the afternoon, I’d crash and I’d end up finishing early. So to get past that thing and I still struggle with drinking energy drinks now, but I drink Monster now. But two years ago, I was talking to a coach. I don’t know whether she’s a life coach or whatever. Anyway, she she did this NLP thing with me where she she got she read this script and kind of like we went through this thing and she made me associate Diet Coke with the worst thing that I had during childhood, which was eating Sprouts on a Sunday at my mom’s. And she made me imagine what it was like when I was eating Sprouts and how I’d feel and blah, blah, blah. And then she linked it to Diet Coke. Honestly, since I had that in LP and I’m not into all that kind of woo woo type stuff like that, but honestly, I’ve never drank Diet Coke since. Not once? Yeah. Two years. And it just stopped that day. I couldn’t believe it. So part of me thinks I should try to do it. Again for other things, like drinking Monster energy drinks and stuff like that. But, yeah, I guess the dopamine thing, I mean, a good example of how that affected me is sometimes I feel like I need it to really matter before it kicks me into action. And last year, I got married and went on my honeymoon. And I’d build, like, 140K by the end of April, which for me was like me heading towards, like 300 plus, which was good. So I was like, yeah, wedding, honeymoon, traveling across America. And by the end of May, all my roles had dried up, and I needed new clients. So it was absolutely crucial for me to do business development. But doing business development was such a big thing because I’d not needed to for about four years, because all clients had come to me and my reputation was good and blah, blah, blah. So I just kept putting it off, kept putting it off. I see it as this really massive thing, and I was worried about it, so I put it off to the last possible moment in August, which was breaking point for the business, breaking point for me personally, and I ended up managing to salvage it. And I’m going through a similar thing now again, but I’m getting through it a bit better now. But it was almost like I felt like I needed the verge of before my desire and my hunger actually kicked in. I guess what I’m saying is all of the individual tasks that I do apart from writing, because I love writing it’s. They are boring, repetitive tasks, and they’re hard to stimulate myself. So I used to be in sales until nine years ago, and it was a very one dimensional role. Like, here’s a script, here’s a list of people to call bang, read the script, do the objections. And it was just I was good at it, but it was very one dimensional. So recruitment interested me because it had so many different areas to it. So now I’m not just a salesperson. Sales is one area of it. I’m a recruiter, I’m a CV coach, I’m a psychologist, I’m a marketer, I’m a data analyst, all of those different things in one job. So I saw that as a way of being more stimulated. I have loads of ideas on how to improve recruitment, so I work on those quarterly to keep the creativity levels high. I listen to music all day in the office while I’m working. I guess the way that I get past it is that when the days get boring, I try to find the stimulation and how can I find the stimulation is I try to understand the bigger reasons for what I do, so they’re the things I find stimulating. So for me, my big reasons for what I do is I want to help people escape something bad in their role or help them find something that they’re reaching for that helps to fill them. I want to find ways to lead by example and improve the image that tech recruiters have. I want to help other recruiters to be better at what they do and. You know, I want because there’s recruiters out there who have got bosses who aren’t giving them the right information. So they they look externally to people like me to to help them to understand better ways that they’re not maybe getting the training or some of them want to start their own business. And for me, that’s really rewarding because I’m helping them to improve recruitment. Because when they do start the business, they’re going to do it in a better way than they did before. Those are real drivers. I don’t want to go back to being poor and living on a council estate like I used to when I was growing up. I want to make my family proud of me and proud of the person I am and proud of what I do.  

Jon: That’s a big one as well.  

Simon: Yeah. So if I’ve got all of these strong whys that really identify with me as a person? The boring work, like spending an hour looking for 100 CVS to find the gold, that’s just part of the process for me getting to the bigger whys of why I do what I do. I don’t actually worry about the minutiae of what I do because they’re just linking into the bigger reasons of why I’m here and what I’m trying to achieve. So I don’t find the task stimulating, but I find the bigger picture stimulating.  

Jon: That’s really admirable that one, that you do that in the way that you do it, that you do it for so many different reasons. But two, I imagine it’s got to be quite difficult because from my perspective, at least from my personal experience and from other people I’ve talked to, looking at that big picture, looking at kind of the end goal, if you will, or the long term kind of goal seems to be. Quite difficult for ADHD people to be able to look at and say, I’ve got a project that’s due in a year from now. This is what I need to do to be able to be successful in the project in a year. So the fact that you’re able to look at those big whys and say, this is what I need to do on a day to day basis or on a weekly basis, quarterly basis, break that down and use that as the fuel that you need to make those low dopamine tasks. Not necessarily more fun, but bearable. It’s really intuitive, at least as far as I’m aware. It seems to be very intuitive, very unique way of doing it, which doesn’t shock me at all, considering ADHD people are very unique and out of the box thinking, but it definitely combats some of the negatives that we have and actually turns them into strengths.  

Simon: Yeah, I didn’t see it as out of the box thinking because we do think about things differently. We think we do. I’m not in other people’s brains, so I don’t know whether that’s actually true. But I feel like I do think differently to a lot of people and the ideas I have. But for me to do that, I have to be really structured. Like we said earlier, all of my wise, I couldn’t have just come up with those. I had to have a structured way of looking at that for me to get to that. So it wasn’t just like, AHA, there’s an idea of why I do what I do. It was like somebody sat down with me and went, why do you do what you do? Answer these questions about what you want to do. And it was in year one of we setting up this business, 2020. And I didn’t know at the time. I just wanted more freedom and more money. That was why I set up the business. But then as soon as he had this conversation with me about my why and it made me think about actually, yeah, f***, I’ve got all of these reasons of why I want to do. I want to be like David taking on Goliath. I want to kind of help my industry. I want to I want to make my family proud. All of these different things that we just talked about. And as soon as it had a structured way of looking at that, then I’ve always been about like, you find your goal, you build your process and you work your way back and then you constantly refine it. And that’s just become so part of my identity now that these ideas, or whatever you want to call them, just second nature for me. I have a process for new ideas. So as soon as I have a little idea, I put it into a process. And I’ve got, like, probably 50 different things that I want to do in recruitment or in my business. But it’s all in a structured process of when I’m going to approach those things and what I’ll look at each every quarter.  
I’ll go away for two or three days, and I’ll just be constantly like, right, this is my creative time to focus on new ideas. I’ll look at what needs priority, what’s going to excite me the most, what’s going to make the biggest impact, and then I’ll just work through the process of that idea.  

Jon: Yeah. And I assume working through that process also helps weed out the ideas that you thought were initially really good ideas and have turned, you know, after after going through the process a little bit, it’s it’s literally process of elimination for some of them, isn’t it? Yeah. We’re like, oh, this actually isn’t as good of an idea as I initially thought. Yeah.  

Simon: So they end up just being like this big mood board of ideas, all in different categories, like business development ideas. Candidate qualification, ideas, whatever. And then if I have one idea, what I typically do is I’ll be at home, I’ll have an idea, or I’ll see something that sparks an idea, I’ll send myself an email with the idea. Then the next day, I will put it into my processes, and then it just stays there. And then when it gets to the point where I actually look at those ideas is bank, then I’ll go, that shit. Actually, I don’t agree with that.  
Now, like you say, it just eliminates the crap. Or sometimes that crap helps you to get to a better idea. 

Jon: This goes into I don’t know if you were taught this when you were starting out in recruitment, but there’s that old adage of process. Process just always follow the process and recruitment. Like, start with the candidate process, with the business development process, with just putting things into your CRM. Or when you’re rejecting people or accepting people under, like, the ATS or something, there’s always a process that you need to follow. So it’s really cool to see that you’ve not just taken that perspective to heart, but that you’ve made it work in a way that works for you. It’s just really cool to see that. Yeah. I don’t know. It’s making me want to go out after our episode is done to sit down and be like, now I need a process because I’ve been struggling in a lot of these areas. I very much have this what’s what I’m looking for, my process, if you will, is to brute force things. 

Simon:  Yeah, okay.  

Jon: So it’s the same thing for video games or if I’m building an Ikea table.  

Simon: I can’t do that. Yes, I can. But I’m exactly the same. Brute force it. And then. I’ve done three quarters, and I’m like, Shit, I’ve got to go all the way back to this point because I didn’t read the instructions properly.  

Jon: I’m just like, no, I’m just going to hammer it anyways. But it’s the same thing. Like, if it’s a video game or if it’s Ikea furniture, if it’s my process for business development, or, God, if I get lost in London or something, am my phone’s not my phone is rarely ever dead. But let’s say it was, I would just pick a direction and say, this is the general direction I need to go. Probably isn’t. But I will just try and brute force it just because I am just unwilling to take no for an answer. It’s like, no, I will make this work. And with video games, most of the time that works. But with puzzle games like Zelda and stuff, not really. But with business development and with work, it gets so tiring because you get to a point where trying to brute force it, you’re just getting closed doors. Every time you send an email where you call someone, they’re like, no. And then you get that RSD, that rejection sensitivity, dysphoria and then you’re like, I don’t know how much more rejection I can take.  

Simon: Yeah, I know what you mean.  

40.46 Neurodiversity for candidates with hiring managers

Jon: Yeah. It’s a tough one. But with that process, when you have different when you have different ideas, if we turn it to just kind of back to ADHD in the workplace and everything, when you get in that process, let’s say with a candidate and they get rejected, or if a candidate ghosts you, how do you deal with that?  
 

Simon: Talking about candidates that ghost me, I take it really personally because I feel like I treat. Every candidate with complete respect. I provide them with a lot of information, microsites. I only work with clients, I believe, that offer a great environment. I’m very strict with that, which is why I’ve only got six clients right now. And I believe that I’m not like the the recruiters, the other 90% that everyone complains about. So why should they ghost me? 

Like, why ghost me? It really upsets me because I feel like I give so much to the industry, but they don’t know that, and they’re just ghosting a recruiter as far as they’re concerned. But in my head, I’m like, don’t you know what I do for the industry? Don’t you know, all the effort that I make? Can I take it personally? Yeah, definitely. Luckily, it doesn’t happen that often, but in the last year, it’s probably ramped up a little bit, I’d say.  

Jon: Yeah. I remember when I first started, I’ve been doing this for close yeah, just almost two years now, year and a half. And I remember when I first started, I was getting ghosted left and right, obviously, because I was working for a big agency, I didn’t know what the hell I was doing, and call candidates and call them, call them, blah, blah, blah. They never responded. And it was the same thing. I was like and I just remember thinking, why are they ghosting me? I’m trying to help them. I’m trying to get them a new job, like, trying to make their lives better. Why are they not interested? What have I done?  

Simon: And what have I done? Classic thing that goes through your ad in it.  

Jon: Yeah. What have I done? And how can I learn from that? And I would like to say that I, as a recruiter, don’t ghost anymore, but I know for a fact. There is the odd person, probably one in 50, maybe one in 60 that I reach out to, and they just slip through the cracks. So it’s one of those as well. I take it personally, but with that one in 50 or one in 60 that I forget to get back to, how do I justify that to myself of, like, how can I be upset? It’s just having it’s just having the process, though, isn’t it? Like, if you have a process in place to make sure that you never let somebody slip through the cracks. Yeah, that’s not candidates ghosting you, though, is it?  

Jon: I kind of sidetracked on that one. I’m not entirely sure where I was going with that. 

Simon: All right. When I’ve dealt with neurodiverse candidates, what I’ve noticed is they tend to be very structured and very clear on how they need things to be in the interview process or beginning the job. And when I’ve kind of put somebody across because I’ve got ADHD, I’m like the champion for neurodiverse candidates, and rightly or wrongly, sometimes I’m too honest with the clients and I’m like, look, this guy’s got ADHD, and these are the ways that it affects his job. But these are all the positives. And I think some clients see it as a little bit overwhelming or that people might be hard to manage, which isn’t fair, because I look through all of the reckon, mandations, that they’ve got from ex employers and stuff. And yeah, of course they’re going to be distracted, of course they’re going to be like they’re going to have stuff that they need from a hiring manager. And sometimes I just think hiring managers, they don’t want to. And officially, you’re not really allowed to say stuff like that, but obviously I hear the unofficial versions and it really pisses me off, to be honest with you. I say to clients sometimes one of the things I said to a client who’s no longer a client now, for this reason, I said, why are you rejecting this person just because they’ve got ADHD? Do you know that the recruiter that you’ve been working with for four years, who’s made all these placements has got ADHD too, and you’ve not struggled with that, have you? I know it can be a pain in the ass sometimes, but I get results. And the answer was, Well, I understand that, but we had somebody recently who caused a bit of a problem with the culture and stuff, so we’re really worried to bring in anyone in at the moment like that, and you just hear all the bullshit reasons and you’re just like, that’s just bullshit. What I hate more than anything is that when I know that their real reason for not hiring someone is because they’re autistic or they’ve got ADHD or whatever and they don’t say that, I’d rather they were honest with me and I can handle that than them just go, yeah, we like them. We could see that they’d be really good, but they’re just not very structured in this area. Or we just don’t think they’ll fit into the culture. They don’t think we’ll fit into the culture? What does that mean? Like, really intelligent sort of person who can do the work of three developers in one that needs a little bit of understanding and management. I said to one client once, that’s on you. That’s your failing. That’s not on them. The reason you’re rejecting them is because of you. You’re not good enough. Or. Open enough to actually learning what you need to learn about people with neurodiversity. And he actually said, yeah, you’re probably right. I’m sorry, but that’s the way it is. 

Jon: That’s the way it is.  

Simon: Yeah, that’s the way it is. That’s not private anymore.  

Jon: Yeah. I don’t even know how I would have responded to that. That’s the way it is.  

Simon: But these are the things that I have to shield my neurodiverse candidates from, of course, in software development, like, one of my clients who’s got ADHD, actually, who’s head of development, I’ve been working with him for five years. We’re friends. He came to my wedding last year, and he said to me, honestly, I’d probably say as much as 40, 45% of the people that we have on our dev team have got some form of neurodiversity. Yeah. And I’ve actually said that to clients. I’m like, God, if I had to call the people who’ve got neurodiversities out of your team, you’d probably have asked the team that you’ve got.  

Jon: And that is the same thing. It’s the exact same thing in cybersecurity as well, which absolutely it doesn’t baffle me for tech at all that a very large chunk of people are neurodiverse. What baffles me about it, especially for yourself in your industry and then for cybersecurity, is you get these companies that, let’s say, at CISO level or CTO level, at these senior levels, either they are neurodiverse but don’t have the diagnosis and aren’t aware, or they aren’t neurodiverse and they want to run this portion of the company. They’re their tech portion of the company, like it’s just a normal kind of sales or accounts or HR or something, when, let’s face it, yeah, we’re all different. And then in cybersecurity. A lot of these people are on the autism spectrum or have ADHD, and they work better not being in the office, or they work better with tight deadlines, but they can manage their own time or they don’t XYZ you pick the accommodation. It’s there, but because it’s run by neurotypical, they don’t understand it, and then you send a neurodiverse candidate, and that’s the way it is.  

Simon: And do you know what the sad thing is? Neurodiverse people have to pretend that they’re not neurodiverse to get through the door. Yeah. And that’s a really sad thing that you’ve got to shield hiring managers from who you really are positives and negatives. If it was me and I was going for a job now, I’d honestly say, Look, I’ve got ADHD, I’m completely process driven. I don’t need you to manage me, because if you do that, that won’t go well. What I need is I need you to give me I’ll come to you with what support I need, and you give me that support. And if I feel like you’re restricting me in some way or you’re restricting my freedom in some way, or forcing me to do things that I’m not into or stimulated by, we’ll probably have a falling out, or I might not fall out of you, but internally it’ll be annoying for me. But what you’ll get in return for you understanding this is you’ll get someone who’s got the ability to completely hyper focus on a task. You’ll get someone who really cares about what they do and is their own harshest critic and really cares about the quality of what they do and. You know, I know that if you put me against a Neurotypical recruiter, I know that I’ll outperform them. But there is caveats to that, and you’ve got to understand that that’s how I would approach it. And I guess the one advantage to being like that is it’s also being a filter. Because if they can’t handle the thought of the those pros and cons right at the beginning, what’s the point in getting four or five months down the. They realize, and then they let you go because you’re too much hassle or whatever. Yeah.  

Jon: To counter that, I was having conversation about this recently, and the person I was having a conversation with basically said, and honestly, I think it’s an argument to be made. Basically the argument was, while neurodiverse people do need these accommodations, while we act differently, we think differently, and we work differently, to neurotypical people, basically the person was saying, everybody is different. Everybody is unique in different ways. So outside of neurodiversity people, you have disabled people, you have hearing impaired people, vision impaired people, et cetera, et cetera, blah, blah, blah, all of these different things. And basically the person was saying, why should neurodiverse people or ADHD get the special treatment, if you will?  

Simon: Yeah, I get that. I’ve had that conversation with because I wanted to write a guide to Neurodiversity for hiring managers. So I started talking to a few neurodiverse people that I knew and talking about on LinkedIn, and some of them was like, that’s a great idea. Like, that’d be great. And then some of them were like, why do. You treat us like everybody else. I think it was kind of 50 50 split down the middle. And I also had a conversation with women about this, and some of the women were like, there are complete prejudices to women, and we want to be treated better. And then there were some like, I don’t want any special treatment because I’m a woman. Yeah. So there isn’t a right or wrong answer, I don’t think, to this. I think what I’ve learned is it’s down to the individual. So if somebody is open and honest enough with me on the call to say, look, I’ve got neurodiversity, this is how it impacts, I will say to them, look, are you the type of person that would like to feel more comfortable and have accommodations made for you going through that process? Or are you the type of person who just wants to be treated like everybody else?  

Jon: Yeah, absolutely. And that was kind of the consensus that I came to in this other conversation, and I basically said and I now actually have what I think is a better argument against that point. But I basically said, you know what? You’re absolutely right. There are so many different things out there. There’s the gender pay gap, there’s women underrepresented in cybersecurity, and I’m sure in software as well. But while you were talking, I was thinking, well, there’s actually probably another good way of going about this for some autistic people. You can kind of see it not in everybody because it’s obviously on a spectrum, right? Yeah. But if you’re physically impaired, such as you’re blind or you have hearing AIDS or something. That’s a visible disability. It’s visible for that you need them. Whereas neurodiversity, by its very nature is an invisible disability. It’s in the brain, right. It’s neurological, hence the word. So why should we talk about it? If I were to answer that person right now, I would say we should be talking about this, not because we necessarily deserve that special treatment over other people, we should all be treated equally, obviously, but we need to talk about it a bit more because we have an invisible thing and people don’t easily see that. So if people don’t know about it and know what signs to look for, they’re not going to know what it is because it’s not someone walking down the pavement with one of those sticks that a blind person would use. Yeah. And I think that would be my answer, yeah.  

Simon: I mean, awareness is the most important thing. I really believe that and I’m neurodiverse, but I don’t understand everything about other neurodiversities and I’d like to know more. I’ve even got a book called Neurodiversity at Work behind me that I keep meaning to read, and it will be, I’ve got a list that I’m trying to get through, but I want to understand it more. And I think that desire to want to understand it is important. And a lot of hiring managers just want the easiest solution as quickly as possible, when really, like, easiest solution isn’t always the best solution. Some of the best candidates I’ve worked with are neurodiverse. There’s one of the place recently, actually, that’s like amazing. Wow. Amazing. And luckily, the client bought into it, and they hired, and it’s early days, but it looks like it’s going all right.  

Jon: On the flip side, I had a client that so I had a candidate who’s neurodiverse, and they were an exceptional candidate. I’m 26, and this guy was 25, I think 24, 25, and was already at senior level, so already a senior security engineer. He’s been in the industry for, like, four years, so he’s really, really gifted. And the client loved him. They wanted to offer him at first, they wanted to put him into different roles, and this candidate wanted to stay there at this company if all things went well for a long time, do internal progressions well, they inevitably decided not to go with him for basically ADHD reasons, if you ask me. And he is now a security architect for one of their direct competitors.  

Simon: I love that. Because then it’s a way for you to go, look, you made a mistake there. Look at what this guy is doing now. I’ve done that so many times with people who’ve been rejected, and I’ve disagreed because over time, you chip away at it, and you’re like, Right, okay, yeah, maybe you’re right, but it’s a journey for everybody. I don’t blame people for not understanding. What I blame people for is not trying, not caring, understand others 

Jon: You’re just not being inclusive of others just because they think a little bit differently.  
 

58:26 Microsites for Candidates

Jon: Yeah, you’ve talked before. You mentioned it very briefly a few minutes ago about microsites, and then you’ve mentioned it before, I think, in LinkedIn post. About how you build microsites for candidates so they can get more info for interviews and stuff. How did you come up with that idea?  

Simon: It’s very unique. So when I was working in an agency, I just wanted to help people to understand the interview process better and to prepare well. So what I did is I built like a PDF on canva, and I was just using that, getting information. And then when I started up my own business, I was, like, getting my website designed, and I just had this idea, like, oh my God, this could be something that would really help, because I feel really comfortable when I have a structure to follow and I understand what’s expected. I wondered whether other people might feel the same. I wasn’t necessarily thinking about neurodiverse people at that point. Steve Jobs, like, I was listening to his biography autobiography. I can’t remember which the difference is. Autobiography. But anyway, he said that he didn’t build what customers said they wanted. He never did any customer, like, research or anything like that. He always built stuff that he wanted to build that people maybe didn’t know that they wanted or needed. Because customers don’t always know what they need until it’s in front of them. So nobody asked me to build micro sites. I did it because I really believe that it would just be easier for candidates if they knew what to expect. They had good advice and they had a good understanding. I wanted to take anxiety of interviewing. If somebody knows this is what the interview is going to be like, this is everything I need to know about the company, the tech stack, everything. I’ve got no questions, no possible questions beforehand, apart from what I want to know. Yeah. So I just felt that if I did that, they could then focus only on showing their best selves at that interview. Because all of the other anxieties that people typically have, like, what types of questions am I going to get? What’s the technical test going to look like? Are they going to ask me questions that are going to trip me up? Blah, blah, blah. Remove all them and then the anxiety goes, and then you can just focus on giving you best. So it’s what I would have wanted if I was interviewing, and it’s proven to be correct. So to give you an example, I monitor my first interview, how many first interviews I have and how many of them turn into offers. 18 months ago, before I implemented this, that was actually 20.5%. So nearly one in five of my first interviews, obviously it’d be second interviews and whatnot, but one in five of my first interviews were ended up getting an offer. So just by doing this, this is the only change that I made. It’s actually 33.7% last year. So that’s gone from one in five to one in three.  

Jon: That’s incredible.  

Simon: Yeah. So it means that candidates are having higher success rates. It means that clients are not having to interview as many people to get results and everything for you. Yeah, but also the other thing is first impressions really matter. And if you think if I’m up against three other recruiters, let’s say, right, not necessarily on my role, but on other roles, and I spoke to the candidate and I’ve then gone, right, okay, here’s a micro website with everything you could possibly need to know, presented in a really cool looking way, an easy way, all just about that role. Just for. And then recruitment number two, three and four, what they do is they send the company’s job spec. Not even a proper written job advert like the job spec. And that’s it? Yeah. Which one are you going to be emotionally attached to from the beginning of the process?  

Jon: You’re going to be attached to the one that gives you the more information and that helps you the best, aren’t you, in this case is going to be yours. 

Simon:  Exactly. So when it gets to the office stage, most nine times out of ten, maybe more than that. I think it’s 94% of the time my offers are accepted, even though now my clients are competing the whole of the UK for talent. They compete with the whole of the UK and most of the time they might have 4,5,6,7 different opportunities on the go, maybe five to seven recruiters that they’re working with. But they take my job because my job is presented in a way that they understand. They feel comfortable with the interview process. Visually, it makes them happy. They feel like they’re going to be joining a good company because that company is obviously given all this information to help them.  

Jon: Yeah. Do you think this came about because of your ADHD? Because it’s a very visually, whether it’s indirectly or directly, mind you, but it’s a very visual thing if it breaks everything down, kind of like you said in your process.  

Simon: It was only recently that I realized, actually, it’s because of my ADHD at the time. I just thought it’d be a good idea because it’s what I would have wanted if I was going for interview new processes. But there was a guy called Jack who replaced a lead DevOps engineer and he’d got autism and we’ve been on a bit of a journey together because I had to understand the best way to interact with him. He sent me a two page document of. How he how basically sent to the client before he accepted the offer to give them a roadmap of the best, how to get the best out of him and how to get the worst. And I thought it was great. I mean, you can go over the top with stuff like this. I’ve had people give me five page, six page documents. I’m like, you’re going to put a client off if you do that. But a two page document, which is got humor in it, which shows your personality and also all the good parts of you. I think it was a good idea. But he wrote me a review on LinkedIn, and he said, honestly, this role understood. I felt understood by the company because of the allowances that they made for me moving into the role. I felt understood by Simon because he’s also neurodiverse, and I felt understood in terms of my autism because I needed that structured approach that Simon delivered for me to feel comfortable, a with the interview process, and B, with the job. I knew what I was walking into, and I was able to not worry about anything else but what I needed to show. And he said that that’s the first time that’s ever happened for him, and he was really grateful. And it’s heartwarming to hear that. I had a tear in my eye when he told me, because I’m an emotional guy anyway, but I had a tear in my eye, I was just like, that’s exactly why I did it. And I didn’t realize that was why I did it, but now I realize that’s why I’ve done it, for that. And it’s a happy coincidence that maybe 30, 40, 50% of my candidates will probably be just like Jack. Some won’t tell me. Some won’t. 

Jon: It’s funny that I think it’s interesting that we were talking about this, because I think you made a post about this at first, and that’s when I kind of got the I was intrigued by it, as when I saw it. I was thinking to myself, now I don’t have a microsite, but for each of my clients and for each of the roles that I have, I do something not as extensive as you, but quite similar. I have basically a pre formatted email that I send to every single candidate. It talks about, basically goes over the location of the role, the name of the role, the salary that I’ve agreed to put the put the candidate forwards for how many times a week. Even their notice period is in there. Why they’re leaving. Yeah, it has their interview stages, what to expect at what stage, if it’s a phone call, but the phone call is over. Teams don’t turn on your camera because they don’t want that. And after I saw your post, I think we talked about it briefly, I was like, oh, instead of having this in an email, I’m going to put this in a PDF document, just going to compile it and leave the key information such as the role title and stuff that’s going to stay on the email. And I’ve now done that. And what’s happened is the candidates that I send this to, which is now everybody, I’ve had fewer candidates. I don’t have a lot of candidates that ghost me, but basically I’ve had fewer candidates be less successful at first stage, a lot more going to second, 3rd stage, blah, blah, blah, doing more successful in that and everybody’s happier because there’s less of that. How do I act in this stage? Or how can I get the best out of the interview? Because now it’s all compiled for them to be like they don’t have to ask the silly questions of what does career progression look like from it’s all there.  

Simon: And it takes a little bit more work from the client. But ultimately I only work with clients bar one that are exclusive with me anyway. I’m almost I’m almost acting like an internal recruiter would that they share rather than an agency recruiter, like a typical sort of contingency guy. I don’t work retained and all that money up front because it just feels like an extra hassle that I don’t need. But I make sure all the clients are completely engaged from the beginning. I’m very clear about what I look for from them, but also, I’m also very clear about the results that I’ll get for them. So I’m like, look, instead of investing an hour with four recruiters, that’s 4 hours of investment. And then all of the CVS that you’ve got to review and all of that. Why don’t you just invest that three or 4 hours with me up front getting all of these things right so I can demonstrate them to the client, the candidates, in the best possible way, which is going to improve your reputation and give you more qualified candidates that actually understand the interview process and what you’re looking for. And it’s been a massive success for me. It really has. I’m filling like nine out of the ten CVS that I send are interviewed, which it was 66% last year, and 94% of the roles that I have are filled.  

Jon: Yeah, it just makes your job easier, frees up your time to do more things.  

Simon: Just high in recruitment, you’re constantly told like, numbers, numbers, volume, volume, volume. But for me, it’s like everything is as quality focused as I can possibly have it. And I still fill my dev roles within three weeks, which is better than most recruiters. Most recruiters, I’m told is like 4,5,6,7 weeks. I’m filling my dev roles within three weeks. And I’m not just sending people over quickly. I’m sending the best three or four or five people, and that’s it. And they’re all prepared. And why wouldn’t you want that?  

Jon: I’ve got a role that I’ve had for six months, not because there’s no interest, but because of the location. It’s horrible. It’s such an odd location. And everyone that specialism and that specialism lives basically in the wrong location, and they don’t want to travel 2 hours each way. And I’m like, yeah, that’s fair.  

Simon: It can’t be done remotely.  

Jon: It could, but they don’t want to.  

Simon: The thing that I’ve realized is there’s only so many times you can take the horse to water with clients. I’m like, I score all of my clients out of ten on ten different areas. Right? Yeah. And it’s about how I feel about the job, what’s important to me, but also what’s important to my candidates. And I give them a grade, and I use that as a way to get the clients to change. So if, like you said, that role, you’ve had it for six months, and I’m sure that you constantly said, look, that role could be done remotely, and if you could have it remote, I will fill that within a month, easily. Because it’s a good role if you do that, and then you’re constantly banging that drum, you’re showing them different case studies of what your other clients are doing, all the different things that you do, and they’re still not getting it.  
Time to drop the client. Yeah, it is, because that space with that client, that negative six months, I’ve had that role open, you could then get rid of that, win a new client, bring them on board. And then suddenly you’ve replaced it with something better. And that’s how I’m constantly doing it. Like, all of my clients about one are fully remote. The one that isn’t will allow office once a week, once a fortnight in the office. That’s it. So it means I can go an hour of their office and it makes it a little bit more difficult, but it’s still fillable.  

Jon: Yeah, that’s still easier than two or three days a week in the office, though.  

Simon: It’s infinitely easier. Yeah. So you’ve just got to think of all the blockers that your clients giving you and keep trying to get over them and eventually you’ll either get over it or you’ll realize, actually, this is a waste of my time. I’m going to have to drop you unless you change that. And this is the reason why. And you’re just filling up space for something better.  

Jon: Yeah, pretty much.  

Simon: It’s like that thing that people say, isn’t it? Like you’ve got your friends and if you’ve got a friend that’s constantly negative and they drag you down, they drag your energy down, you have to let them go. You have to. Eventually you have to. And then you’ll find that that friend naturally gets replaced by somebody who’s maybe doing better in life, who helps raise you up, who’s more supportive. And you’ve only got enough time to deal with so many clients or so many friends. And you’ve got to make sure that the friends that you’ve got, like all the clients that you’ve got, are helping you to the bigger picture.  

01:14:16 Biggest impact ADHD has on a professional career

Jon: Yeah, I know what you mean. I do know what you mean. It’s an interesting one with that one, but from everything that we’ve talked about, I was going to ask you, how does ADHD impact your work life? But we’ve been talking about it the entire time, like, how does it impact your life as a recruiter and how does it impact my life as a recruiter? And I think, I think it’d be quite easy to say. It’s definitely impactful with your microsites with my PDF file without we talk to candidates. I’m definitely a quality over quantity person myself. And the extra understanding with neurodivergent candidates. All of this stuff, like every single aspect, I would argue every single aspect of both of our jobs is impacted by our neurodiversity and hopefully makes us better because of it. Yeah. I’m curious to get your perspective on this. What would you say are the two to three biggest impacts that ADHD has on someone’s professional career?  

Simon: Yeah, I mean, I can always talk from my perspective, but I’m sure it’s common across most people with ADHD. But one of the biggest things was me not listening to people or constantly interrupting them when they were talking. I was always not listening to what they were saying. I was thinking about what I was getting excited about, what was in my head, waiting for my opportunity to interrupt. And that was really brought home by so I used to be in a band, and the guitarist out of the band, his misses, pre ADHD diagnosis. I had a good relationship with him, but obviously now I know I didn’t listen right. So I saw her on a night out and I remember it was like three or four days after having my first tablets, my first conserva, and I’d had them and we had this really great conversation. And before she left, like, I was my friend, she was with hers. Before I left, or she left, I can’t remember. She came up to me and she said she had tears in her eyes, and I’ll never forget this. And she said, you know what, Simon? Like, I’ve known you now for four or five years, and I love you. You know I do. But that’s the first time in my time of knowing you that I’ve ever felt that you’ve really took anything that I’ve said under any sort of importance. And you’ve listened to me and I cried. I was like, I’m so sorry. Because in my head, I was like, I would never, ever want somebody to feel like I don’t care about their opinion or I just don’t listen to them or they’re not important. They are. They’re so important. But I just have this thing where I can’t so that was one of the biggest things I had so many ideas that I could never see through. I’d have ideas and more ideas than most people I have more ideas in a day than most people have in a week or a year. And I’d have all these ideas, and I’d never quite be able to follow through on them. And the other thing is and you’ve had this yourself, haven’t you? It’s not on my LinkedIn profile, but prior to 2007, I must have had, like, maybe 50 jobs over a ten year period. And what would happen is I’d join a role it and they would they would say, like, this is the commission structure, blah, blah, blah. I joined three months in. They changed the goal posts. Yeah. And I’m like, well, f*** you, I’m leaving. Like, I don’t need this bullshit. I’ll find somewhere else that treats me with more respect. So maybe I had an overly high opinion of myself. Maybe I felt like I always needed to fight every fight so I just leave jobs. It was never because it wasn’t stimulating because they were all the same, just different. Selling to been different but it was always down to being wronged in some way. And it was the same in personal relationships. I’m not going to give you a number, but I’ve had a lot of relationships before I was 30 years old, before I was diagnosed and it was just for the same reason. But the thing is I always felt like it was me that was right and it was always them that was wrong or I left there because of this. I left her because of that and I never ever looked inward.  

Jon: Yeah, and you are right about the jobs thing. I’ll say this not to you and to the listeners, viewers, to the people that are interested in this, that are at this point here in the podcast. I have had quite a few jobs myself. I’ve done package handling for FedEx and Amazon. I have worked in hospitality for almost a decade. I worked for a church for a while, I worked for a charity. I am a year and a half into my recruitment career and I’m on my third agency. Here’s the thing that I have found about having ADHD and jobs sometimes it is our fault. It genuinely is sometimes our fault. Sometimes with a couple of those jobs I got bored. And I needed something else. Sometimes the role was overstimulating, such as a hospitality. I was bartending, and it was like this bar kind of nightclub venue. I don’t really know how to describe it. Essentially, the music was way too loud. We were constantly understaffed, and I was getting auditory overstimulation, and I was doing that for about 50, 60 hours a week. And I just I was going to a point where I would sneak into the bin room for about five minutes, every half an hour or so, just to be able to reorient myself. And then I was recently talking to someone about this, about ADHD and job hopping, or having jumpy CVS, if you will. I don’t necessarily believe in a jumpy CV for neurodivergent people. I believe in us not doing the research sometimes on the position that we’ve gone to, and then finding out that it’s maybe not the right fit or believing it’s the right fit, and then it turns out it’s not. So my advice is, if I can give one piece of advice about CVS when you go on LinkedIn, because, let’s face it, LinkedIn is important. It is so vitally important if you’ve left roles within, let’s say, six to seven, eight months of of joining, go into your LinkedIn, go to that role, and then say why you joined that position and why you left. For example, I started my career at Hayes. I left. And I have no shame admitting this because the cost of living crisis had started. I was also working a second job full time to make ends meet. I literally could not afford to live, and it was burning me out. So I left. I then moved to another agency. That one didn’t work out. Why? Because I didn’t have the time to do the research. Because I needed to get out of that position that I was in prior. Now, just because I have ADHD doesn’t mean that. That it’s a jumpy CV. So that’s kind of my advice. If you can justify it and you can make sense of it on LinkedIn, I would really recommend it because it will help you. It will help recruiters such as myself and Simon look at your profile and better understand what’s happening. And it’ll help hiring managers better understand as well. 

Simon: Yeah, and just to elaborate on that, actually, and one of the biggest skills that I’ve learned over my career, and it was from reading a book by Jocko Willink, it’s called Extreme Ownership. And I learned a lesson. It’s for leaders, but I’m not a leader, I’m just like a recruiter on my own. But what I learned from that is that you should always take full responsibility for what you can take out of a situation. Always look for how you can improve, because you’re taking the control of that then, and you’re looking at how you could have done things differently instead of blaming. And one of the things that hiring managers hate more than anything is when somebody comes to an interview and just slags off their ex company. And if you are going to write something on LinkedIn, being self reflective and being honest about your role, I wouldn’t even write down. But it’s something in person that you can do on LinkedIn. You’ve got to find a way of diplomatically saying what you need to say. And sometimes it isn’t your fault, sometimes it’s other people’s fault. But you have got to think, like, hiring managers are going to look at that and they don’t want to see a problem, someone who complains, they want to see someone positive, who’s going to be a positive member of the team. But of course, when you actually are at interview, you’re having that conversation. So why did you leave the last role? Again, you’ve got to be diplomatic. You can say, look, when I joined, they told me that the role was going to be this and it turned out to be this. But if I’m honest, when I was at the interview, I was desperate to go out of the place that I was in before. Maybe I could have questioned them a lot deeper, but just got overexcited at the interview and they probably sensed it and maybe oversold the role a little bit and it was a mistake and we all make them. And that’s what I’m trying to rectify now.  

Jon: Absolutely no, absolutely agree. And if anyone wants to take a look at my LinkedIn, you’ll see exactly that kind of thing on my LinkedIn profile. It literally says, basically, Simon, exactly what you said. Yeah, it’s fine. Basically says I left this position and joined this one because I wanted to get out. I didn’t do the research that I probably should have done and then saying, although, because I did at my previous company, I did genuinely enjoy the role, I loved the people I was working with. Right. It was a great atmosphere, but it became apparent quite quickly on that the management style and my ADHD wasn’t working. Now, we spent six months trying to rectify this and coming with solutions and basically working together, me and my line manager, to try and get this to work. And after six months of trying, it still wasn’t quite gelling. And so at that point, I had to say, you know what? I think I jumped the gun by joining this place. That’s my mistake, I do, but I think it’s best for me to leave. And so I had to do that. Yeah, and there’s nothing wrong with that. And I think there’s this atmosphere of shame in moving roles and not wanting to be to own, like you said. Own? Why? Well, I’m going to own mine. I started a position that I didn’t do enough research into and I had to leave before I probably should have. That’s okay. And it’s the same thing for ADHD people. It happens a lot. There’s no shame in it. If you want to explain it, if you can, I would say go for it.  

Simon: Yeah. But spin it in the right way as well, though. What qualities do you want this? What hiring manage is what does a hiring manager want to see from a person? Humility is a big one. So it’s not blaming being open and being humble about what you could do better. They always say, like, what are the biggest challenges that you’ve had in this project? And what they’re always looking for is, well, the biggest challenge was this. This is how I tackled it. But I realized now I could have done this differently and if I had the chance again, I would have done this. It’s just the same with every decision that you make. Everybody makes mistakes. There’s no shame at all. Even the hiring managers that you’re talking to have made some hummingers of mistakes and it’s just understanding that and appealing to them as a human.  

Jon: Yeah, no, absolutely.  I do have just realized the time. I have another meeting in about five minutes. Okay. So maybe we’ll finish up with just. Like one last kind of thing.  

Chris; The rejection on the rejection sensitivity one.  

Jon: Yeah, we’ll just finish up with that and then I’ll do the quick the outro and then we’ll call it a day.

01:27:52 Rejection, Sensitivity, Dysphoria

Jon: Yeah. Okay. Okay, cool. Now where is the RSD? Third from bottom. Yeah. So third from bottom. So. I realize we’re almost out of time for this, but I do want to get your feedback on this or kind of your ideas. Rejection, sensitivity, dysphoria, which in a nutshell, for those that are listening and don’t know what it is, this general, it’s a neurological thing. It is real. There is science behind it. I’m not a scientist, so I can’t tell you exactly what it is, but I’ll give you the best understanding that I can. Essentially, it means that neurodivergent, ADHD people specifically, are more sensitive to rejection. There is a neurological reason for why this is. I don’t know exactly what that is, and I don’t want to butcher it. But yeah, essentially we’re more sensitive to rejection. We take it harder, we take it more personally. And this can be a real challenge in the workforce, especially if you’re a recruiter or if you are someone who has been recently affected by the layoffs all across tech and is just being hit by rejection after rejection after rejection in CVS. It’s challenging. It sucks. It’s really difficult. So, Simon, kind of my last question for you. How can we make the hiring process just a little bit more bearable for those neurodivergent people that have RSD and how can we support those candidates when they feel rejected like this?  
 

Simon: Yeah, before this call, I didn’t really know what RSD was, but I definitely agree that I take rejection quite different courtly and it’s mad that lots of people with ADHD actually take roles that are based in sales or recruitment or public facing or whatever roles that have probably got the most rejection of any role. So maybe this, maybe there’s something in that. But. I mean, the way that I can’t speak for all hiring managers, but what I force my hiring managers to do, and a lot of them do it willingly, but some might just to really get it out of them, is every candidate is treated with respect throughout the process. So I have like, seven different templates that I send to candidates for different reason that I would reject them. Maybe it’s because they’ve not got a visa and my client can’t sponsor, or maybe it’s because technically they’re not what they’re looking for. Maybe it’s because their type of work history I e they’ve only worked in consultancies. And whatever the reason is, I’ve got seven of them. So I always make sure if I reject somebody’s CV, they’ve got one of those seven reasons so they can understand what I’m seeing and where it’s come from. Now, every time, all my clients have a client portal where they manage all the roles which have built similar to the microsite but for clients. And they’re not allowed to reject a candidate without giving a rejection reason. So I always make sure that I give really specific feedback to people who’ve interviewed or people have sent to clients, and they’ve happened to say no to them on the rare occasion that happens. And I understand, obviously, how hard it is to be rejected. So I always try to sort of give candidates the specific reasons, also the understanding. Look, I know it’s horrible being rejected, so I wanted to give you really honest feedback on why I’m having to reject you. And how do you feel about that? Yeah. And the other thing as well is sometimes I don’t do it all the time, but sometimes I’ll ask candidates, if you were rejected, how would you like that rejection? Would you like that over the phone? Would you like me to call you? Or would you prefer it by email so you can process it? How do you best handle that if it happened? And I admit I should do that more, but more, most of the time I just call them because that’s who I am. I call people. That’s all.  

Jon: Really good insights. I hadn’t thought about asking candidates what’s maybe the best way to let them know?  

Simon: Feedback. 

Jon: Yeah. It depends on the candidate. If I know them quite well, I call them. But sometimes I might send an email. It just depends on the person for me. But it’d probably be better to just ask them, like you said. So I might use that. Yeah. Simon, we are unfortunately out of time.  

Simon: Yeah, no worries.  

Jon: But I just want to say thank you so very much for coming on to this episode today. I realized the initial topic was rejection sensitivity, dysphoria, and we only got to that in the last four minutes, but but, yes, I just want to thank you so much for coming on. It was absolutely wonderful having you. Until next time. I cannot wait to have you guys. Don’t forget to, like, comment, subscribe, send it to your friends and family, everyone else, and stay tuned.  
 

How are hackers on the dark web recruiting?

How are hackers on the dark web recruiting?

The dark web is notorious for its illicit activities, which has evolved into a bustling marketplace for various illegal purposes. It serves as a hub for cybercriminals, offering opportunities for stolen data transactions, hacking services, and collaborations in illegal activities. Job seekers can find diverse postings for roles related to cybercrime, ranging from developers to pen testers and specialised positions. As we delve into the dark web job market, I shed light on the recruitment process, motivations, costs and risks involved.

The Recruitment Process

Dark web forums and marketplaces attract individuals interested by the world of cybercrime, providing them with opportunities to engage in stolen data transactions, hacking services, and collaborations for illegal activities.

The job postings on the dark web cover malware development, phishing tools, website hacking, email hacking, encryption cracking, and web scraping. Each category seeks individuals with specialised skills to carry out these illegal activities. Whether it is the creation of malware, development of phishing campaigns, exploitation of vulnerabilities in websites and emails, or the decryption of encrypted data, there is a demand for skilled individuals who can execute these tasks with precision and expertise.

Within the dark web, job seekers can come across many postings for diverse roles related to cybercrime. These positions encompass a broad spectrum, including developers, penetration testers, and other specialised positions. The recruitment process on the dark web often involves:

    • Prospective candidates undertake test assignments
    • Having their examples of work/portfolios reviewed
    • Participating in conversations with perspective teams/wrongdoers

Motivations

The motivations for seeking employment on the dark web can vary greatly. For some, the attraction of easy money proves irresistible, especially compared to the set financial rewards and pay scales offered by commercial and ethical positions

Cost

Researchers at Comparitech, examined over 100 listings from 12 different hacking websites. The actual prices are negotiated based on the time, scope, complexity and level of risk. Where they were able to find the average prices of these illicit services (prices have been converted from BTC to USD).

    1. Personal Attacks – this was the highest service at $551 (Is this per target). Personal attack could include financial sabotage, legal trouble or public defamation.
    2. Grades Change – One of the most common hacking services, where students who want a higher grade can pay $526 on average to hack into a school system and alter their grades. Some hackers also said they can steal the answers to future exams.
    3. Website hacking – Costing an average $394 and includes attacks against websites and other services hosted online. One hacker said they could access an underlying web server or a website’s administrative panel. With another said they can steal databases and administrative credentials.
    4. Computer and phone hacking – Average of $343, where the hacker breaks into the victim’s PC or phone to steal data or deploy malware on any operating systems.
    5. Social media hacking – Costing $230 to hack platforms including WhatsApp, Facebook, Twitter, Instagram, TikTok etc for either credentials or to give the buyer full access to the account. WhatsApp to spy on messages or take screenshots. This is another popular service.
    6. Email hacking – $241 for the hacker to steal the victim’s email password and then either gives that password to the buyer or breaks into the account to access data. In some cases, the criminal may set up an email forwarded process to get a copy of all the victim’s emails.
    7. DDoS Attacks – hackers who offer Distributed Denial-of-Service attacks charge on average $26 per hour, though prices vary based on the length and bandwidth of the attack. Some hackers will charge by the hour or even by the month to maintain an attack for as long as the buyer wants.

All of the services required payment up front, with some but not all of the hacking service websites promised a refund for unsuccessful jobs. Most hacking services set realistic expectations in that they only take jobs they reasonably believe they can accomplish. One website stated, “in about 5-7% of cases, hacking is impossible.” Many hackers would say if they can complete jobs within 24 hours, but more advanced jobs might take days or weeks. These hacking service websites instruct prospective customers to get in contact by encrypted email or secure chat app.

Risks

    • Illegal access: browsing on the dark web is not illegal, but accessing illegal websites on the dark web using an anonymous browser is.
    • Legal Protection: Anyone involved in cybercrime, faces the constant threat of legal consequences if their illicit activities are uncovered, and law enforcement intervention, due to no legal protection.
    • Data cloning: going on the Dark Web means a risk in infecting your devices with malware, ransomware, and trojan horse viruses.

As society faces challenges posed by cybercrime, efforts to strengthen cybersecurity, enforce legislation, and educate individuals about the risks and consequences of participating in illegal activities on the dark web are become increasingly vital.

NCSC’s Cyber Assessment Framework (CAF)

NCSC's Cyber Assessment Framework (CAF)

Cyber Assessment Framework (CAF) assesses how satisfactorily an organisation manages cyber threats to core functions. The outcomes of cyber attacks vary widely, both in terms of the nature of the computer systems attacked and the goals of the attackers. Generally, very strong levels of cyber privacy and flexibility are required in cases where the potential effects of cyber disasters are highly significant or even catastrophic. The NCSC has compiled the CAF for the institutions administrating the essential services and pursuits that are to the collective advantage of all of us.

As stated in the National Cyber Strategy, the CAF is being introduced as part of a new programme aimed at improving government cyber security. Outside of government, the organisations likely to find the CAF collection most useful fall into three broad categories:

    1. Organisations within the UK Critical National Infrastructure (CNI)
    2. Organisations subject to Network and Information Systems (NIS) Regulations
    3. Organisations managing cyber-related risks to public safety

CAF Requirements

CAF was designed to meet the following requirements:

    1. Give online privacy breach resilience evaluations a framework.
    2. Uphold the outcome-focused NCSC cybercrime and resilience principles and discourage tick-box evaluations.
    3. Concede with existing protection recommendations and standards.
    4. Identify effective online breaches and resilience enhancement activities.
    5. Sector-agnostic shared core version.
    6. Accommodate sector-specific components as needed.
    7. Enable organisations to define expressive targets that may represent regulator views of adequate and proportionate security.
    8. Be simple and affordable to implement.

CAF explained

The CAF is structured around four overall security objectives and 14 cyber security principles:

Objective A: Managing security risk

Appropriate organisational structures, policies and processes are in place to understand, assess, and systemically manage security risks.

Principles:

    • A1 Governance
    • A2 Risk management
    • A3 Asset management
    • A4 Supply chain

Objective B: Protecting against cyber attack

Proportionate security measures are in place to protect core government functions and critical systems from cyber attacks.

Principles:

    • B1 Services protection policies and processes
    • B2 Identity and access control
    • B3 Data security
    • B4 System security
    • B5 Resilient networks and systems
    • B6 Staff awareness

Objective C: Detecting cyber security events

Capabilities to ensure security defences remain effective and to detect cyber security events affecting, or with the potential to affect core government functions.

Principles:

    • C1 Security monitoring
    • C2 Proactive security event discovery

Objective D: Minimising the impact of cyber security incidents

Appropriate organisational structures, policies and processes are in place to understand, assess and systemically manage security risks.

Principles:

    • D1 Response and recovery planning
    • D2 Lessons learned

The objectives should be viewed as interdependent, where the CAF should contribute to performing continual security improvement activity through the detection of incidents and events contributing to lessons learned and the continual refinement of existing security measures.

Indicators Of Good Practices (IGP)

The Indicators of Good Practice (IGP) are a set of statements developed by NCSC that describe what a good practice looks like in a particular area of cyber security. The IGP covers a range of cyber security practices across different categories, including governance, risk management, access control, network security, and incident management.

The IGP statements are meant to serve as a guide for companies to better understand what constitutes secure practices and how to implement them.

Each outcome is associated with a set of IGPs which are broken down into the following three categories with an explanation of how they should be interpreted, and recommended that these are worked through from top to bottom:

    1. Not achieved: The ‘not achieved’ column of an IGP table defines the typical characteristics of an organisation not achieving that outcome. It is intended that the presence of any one indicator would normally be sufficient to justify an assessment of ‘not achieved’ at the contributing outcome level.
    2. Partially achieved: When present, the ‘partially achieved’ column of an IGP table defines the typical characteristics of an organisation partially achieving that outcome. It is also important that the partial achievement is delivering specific worthwhile cyber security benefits. Assessing at ‘partially achieved’ should represent more than giving credit for doing something vaguely relevant.
    3. Achieved: The ‘achieved’ column of an IGP table defines the typical characteristics of an organisation fully achieving that outcome. It is intended that all the indicators would normally be present to support an assessment of ‘achieved’ at the contributing outcome level.

Implementing and maintaining an ISMS

Implementing and maintaining an ISMS

An Information Security Management System (ISMS) describes and demonstrates your organisation’s approach to information security and privacy. It helps identify and address the threats and opportunities around your valuable information and any related assets. That protects your organisation from security breaches and shields it from disruption if and when they do happen.

It contains policies, procedures and controls that are designed to meet the three objectives of information security:

    • Confidentiality: making sure data can only be accessed by authorised people.
    • Integrity: keeping data accurate and complete.
    • Availability: making sure data can be accessed when it’s required.

To achieve ISO 27001 compliance or certification, you need a fully functioning ISMS that meets the standard’s requirements. It will define your organisation’s information assets, then cover off all the:

    • Risks your organisation’s information assets face
    • Measures you’ve put in place to protect them
    • Guidance to follow or actions to take when they’re threatened
    • People responsible for or involved in every step of the infosec process

Key benefits of implementing ISMS

Secures your information in all forms – ISMS helps protect all forms of information, including digital, paper-based, intellectual property, company secrets, data on devices and in the cloud, hard copies and personal information.

Increase your attack resilience – Implementing and maintaining an ISMS will significantly increase the organisation’s resilience to cyber attacks.

Reduce information security costs – Due to the risk assessment and analysis approach of an ISMS, organisations can reduce costs spent on indiscriminately adding layers of defensive technology that might not work.

Respond to evolving security threats – Constantly adapting to changes both in the environment and inside the organisation, an ISMS reduces the threat of continually evolving risks.

Improve company culture – The Standard’s holistic approach covers the whole organisation, not just IT, and encompasses people, processes and technology. This enables employees to readily understand risks and embrace security controls as part of their everyday working practices.

Offers organisation wide protection – ISMS protects your entire organisation from technology-based risks and other, more common threats, such as poorly informed staff or ineffective procedures.

Provides a central framework – ISMS provides a framework for keeping your organisation’s information safe and managing it all in one place.

Protects confidentiality of data – ISMS offers a set of policies, procedures, technical and physical controls to protect the confidentiality, availability and integrity of information.

5 steps on how to implement ISMS

Most organisations either follow a plan-do-check-act process or study the ISO 27001 international security standard which effectively details the requirements for an ISMS. Below are five steps to illustrate how an ISMS should be implemented:

    1. Define the scope and objectives – Determine which assets need protection and the reasons behind protecting them. Consider the preference of what the clients, stakeholders and trustees want to be protected. Company management should also define clear-cut objectives for the areas of application and limitations of the ISMS.
    2. Identify assets – Identify the assets that are going to be protected. This can be achieved by creating an inventory of business-critical assets including hardware, software, services, information, databases and physical locations by using a business process map.
    3. Recognise the risks – Once the assets are identified, their risk factors should be analysed and scored by assessing the legal requirements or compliance guidelines. Organisations should also weigh the effects of the identified risks. For example, they could question the amount of impact it would create if the confidentiality, availability or integrity of information assets is breached, or the probability of that breach’s occurrence. The end goal should be to arrive at a conclusion outlining which risks are acceptable and which must be tackled at all costs due to the potential amount of harm involved.
    4. Identify mitigation measures – An effective ISMS not only identifies risk factors but also provides satisfactory measures to effectively mitigate and combat them. The mitigation measures should lay out a clear treatment plan to avoid the risk altogether. For example, a company trying to avoid the risk of losing a laptop with sensitive customer data should prevent that data from being stored on that laptop in the first place. An effective mitigation measure would be to set up a policy or rule that doesn’t permit employees to store customer data on their laptops.
    5. Make improvements – All the previous measures should be monitored, audited and checked repeatedly for effectiveness. If the monitoring reveals any deficiencies or new risk management factors, then restart the ISMS process from scratch. This enables the ISMS to rapidly adapt to changing conditions and offers an effective approach to mitigating the information security risks for an organisation.

Maintaining

1. Continually test and review risks

ISMS was built to address risks that have been identified, but the threat landscape is constantly evolving. Therefore, regularly monitor the risks the organisation can face to ensure that your defences are adequate. This also includes vulnerability scans and other tools that can automatically spot new risks. Rigorous tests on a regular basis must be performed.

To remain compliant, ISO 27001 risk assessment must be completed at least once a year or when there is a substantial change made to the organisation.

2. Keep documentation up to date

The policies and processes written during the initial implementation will have been created specifically for the way your organisation operated at that time. However, as operations evolve, it is important documentation is taken account. For example is there a significant change in the way you perform certain actions? Have you undertaken new activities involving sensitive data? Has the physical premises changed in any way? If the answer to any of those questions is yes, then you must amend your documentation accordingly.

3. Perform internal audits

An internal audit provides a comprehensive review of the effectiveness of your ISMS. Alongside a risk assessment and a documentation review, it will help you assess the status of your ISO 27001 compliance. Part of the initial certification process, an internal audit would have been done which just needs to be updated.

4. Keep senior management informed

Remedying vulnerabilities will take time and resources, which requires board-level approval, therefore keeping senior management informed of both activities maintaining the ISMS and the benefits that it has brought.

5. Establish a regular management review process

Involving stakeholders in the review process, ensures opportunities for improvement or necessary changes that must be made are discussed. There is no requirement for how often the management review should take place, but it should be at least once a year and ideally every six months.

6. Stay on top of corrective actions

Regular monitoring the effectiveness of the organisations ISMS, where corrective actions should be performed to prevent weaknesses from spilling over into major problems. Some of these changes could be minor tweaks to processes and policies, or the addition of a new tool.

7. Promote ongoing information security staff awareness

One of the key principles of ISO 27001 is that effective information security is everybody’s responsibility. Compliance should not be left to the IT department or managers. Anyone in the organisation that handles sensitive data plays a role in the organisation’s security. They must understand their obligations for protecting sensitive information and appreciate the stakes involved.

Hyperfocus Hour: Neurodiversity and Management Styles 

Hyperfocus Hour: Neurodiversity and Management Styles

Jon interviews Gabriel Severi, a Security Architect, about the economic impact of neurodiversity and management. They discuss the concept of ADHD tax, where neurodivergent individuals spend extra time and money on tasks that neurotypical individuals can complete more efficiently. The conversation also touches on the flaws in current productivity metrics and the negative impact of bad managers on the economy. Gabriel suggests measuring candidates based on measurable metrics such as IQ, problem-solving skills, and pattern detection rather than experience or knowledge with a particular tool. The podcast concludes by emphasising the need for continuous learning and training for everyone.

Points highlighted in this episode:

    1. Consider the concept of ADHD tax and how it may impact neurodivergent individuals in the workplace.
    2. Evaluate current productivity metrics and consider alternative methods for measuring productivity.
    3. Provide better performance management and people management training, especially for neurodiverse employees.
    4. Measure candidates based on measurable metrics such as IQ, problem-solving skills, and pattern detection rather than experience or knowledge with a particular tool.
    5. Emphasise the need for continuous learning and training for everyone.

Overview Of Podcast

    • Introduction & your ADHD tax
    • 06:22 ADHD management and the economics of it – Video Game Theory 
    • 13:10 Trend 1: Bullmarket
    • 15:50 Trend 2: Promotions
    • 17.01 Trend 3: Bad Management
    • 25:22 Wage inflation & Hiring Market
    • 46.14 Skills gaps and hiring
    • 59:11 Diamond in the rough
    • 64.27 The big five
    • 70:42 Personality Traits
    • 87:01 Last Comments

About Our Host Jon And Guest Gabriel

Jon Wakefield, Consultant at Via Resource

Jon joined Via Resource with a year of recruitment experience in the Cyber Security market, where he specialises in Security Engineering and DFIR.

Having placed candidates from Senior Manager Security Engineering to mid-level in highly regulated industries such as finance; Jon has built a comprehensive understanding of both candidate and client needs and addresses each role, and person, on an individual basis to find the perfect fit.

As an avid Star Wars fan, you will often see or hear Jon making connections and references to cyber security. Jon has ADHD and is an avid supporter of neurodivergent talent in the workplace.

Gabriel Severi, Security Architect

Gabriel is a cybersecurity professional with just over 6 years of experience and exposure to multiple industry sectors. Currently he works as a Senior Consultant, specialising in Security Architecture. Outside of cybersecurity, Gabriel has a deep interest in Psychology and Game Theory, which he has used to analyse the current job market and identify areas which are causing negative impact to the economy. He was diagnosed with ADHD in 2021, and has been trying to upskill companies in neurodiversity management, one employer at a time.

He identified that this might be too slow a method, so now he is campaigning more strongly for better management practices in general, which he hopes will improve the score for neurodiverse employees holistically as a result.

Transcript:

Introduction & your ADHD tax

Jon: Welcome to Hyper Focus Hour, a podcast that is dedicated to ADHD and neurodiversity in the workplace, where myself and wonderful people such as you, Gabriel, attempt to navigate and build tools for neurodivergent people in tech and cybersecurity to essentially help them build and succeed in their career. I’m Jon, I’m a cybersecurity recruitment consultant. I’ve got a year and a half of experience in security operations and digital forensics incident response. I have ADHD primarily in attentive. I have two diagnoses from the US and a third from the United Kingdom. This podcast is now going to be brought to you by myself, obviously, and by a resource, a specialist information and security recruitment specialist who operate in the UK, Europe, US and Middle East, which I realize is quite a lot. Today we have Gabriel Severi as a guest on the show. Gabriel is a security engineer and who, like me, obviously has ADHD. Gabriel has extensive experience in the security industry and I’m really excited to be talking to you, Gabriel, about the economic impact of neurodiversity and management. So welcome to Hyper focus hour. And again, I’m really, really excited to be talking about neurodiversity and management in the workplace and how that can impact the economy. But before we get started, I have one question for you.

Gabriel: Sure.

Jon: Do you know what ADHD tax is? Have you heard that phrase?

Gabriel: Yes, I absolutely have. The extra amount of time that it takes us to do anything, that means we’re often paying for the amount of time that we spend on doing something that neurotypical people do a lot faster.

Jon: Yeah, or like we bought something and we’ve forgotten we’ve bought it, or whatever. So before we get started.

Gabriel: The impulsiveness of buying things without impulsiveness or forgetting to pay for something early, when you get a discount, but then ending up paying for it late and you pay the full price.

Jon: So whether it was today, yesterday, in the last week, what was your most recent ADHD tax?

Gabriel: Oh, dear. I’m lucky on that front that as soon as I identified issues like that, I try to put structures in place to prevent me from doing that. I just make it a default rule. For example, for me, I don’t buy things unless it’s 100% pre planned. If I’m out, I’m in a shopping mall, or if I’m traveling, if I haven’t planned to buy something, it’s a flat rule. Even if I need it, even if I like it and I want it.

Jon: You won’t buy it?

Gabriel: No.

Jon: That’s a lot of self constraint.

Jon: Yeah. Okay, so you haven’t had a text like that in a while.

Gabriel: Thankfully, it has happened and it’s bit me hard. It’s one of those things, it takes a number of times for it to bite you, but you learn.

Jon: Yeah, I had a tax recently that was probably about a month or two ago. Basically, I really like Lego, especially as it pertains to the Star Wars. Right. And basically I bought a Lego Star Wars set and I forgot that I bought it. And about a week ago, it showed. Up in my flat and I was. Like, oh, I have new Star Wars. I have new Lego sets. Cool. I completely forgotten. Absolutely, totally forgotten. And then I was like, this is my Saturday sorted. I can now have a fun day.

Gabriel: That is beautiful. It’s like a present to yourself. From your past self.

Jon: Yeah, that’s how I look at it now. I’m just like, if something like that happens I bought some seasoning that I needed to make, like a curry and like a fried rice and stuff. And it showed up on, I think, Saturday. Same thing showed up. And I was like, what is this? And open it. I was like, oh,

Gabriel: That’s happens every once in a while. The longer it takes for things to get this. I recently bought a present for my fiancé well, I recently before Christmas, I bought a present for my fiancé’s birthday, which is coming up in August. Sorry, apologies. It’s not in August. August is my mother. See, there’s your ADHD again. There it is. Hers is in October. I know it’s a long time in advance, but I knew it was a preorder. I knew that it would take some time for it to get dispatched. And eventually it did get dispatched, and it arrived last week. And it’s related to a game. I don’t know if you like gaming .

Jon: Yeah

Gabriel: Destiny Kingdom is beautiful. I’m currently on Destiny, two, and there’s this beautiful cybernetic dog that you get to pet in the game. And she loves animals and she loves plushies. So a couple of years ago, I bought her a five Nights of Freddy’s Plushie. So this time around, I thought I get this pettable cybernetic dog as a plushie. And he arrived exactly as you said when he arrived. I was like, what’s this? I wasn’t expecting anything. And then I was like, oh, yeah.

Jon: The o moment is a great moment. Because you’re like, all right, I forgot I did that. It’s a really good it’s a good feeling. And it’s also like, how could I have forgotten that? But it’s when you got an.

Gabriel: Email reminding you three days before you arrived yeah.

Jon: And you didn’t read the email because you’re like, no, I can’t be that important.

Gabriel: Yeah. ADHD tax. Right. There not reading emails that you’re supposed to.

Jon: And speaking of that, like, ADHD tax, not reading emails when you’re supposed to. That goes into this into our conversation today.

06:22 ADHD management and the economics of it – Video Game Theory

Jon: Neurodiversity ADHD management and the economics of it. So this is a really interesting topic, and it’s a topic that I don’t think I’ve really had anyone else kind of speak about. What attracted you to it? Where did your interest grow from this? What caused you to think about it?

Gabriel: Sure, I work in cybersecurity, and I’ve got ADHD, so it’s no surprise to anyone that I like maths, mathematics, so anything mathy, anything numbers, anything that you can calculate and measure has attracted me for forever, basically physics, quantum physics, chemistry. So that’s always been an area of interest of mine. But sometimes there’s a topic in the media that sort of pulls up and you’re like, I’ve got some knowledge about this that feels significant. And I had been recently doing some work on game theory, trying to understand it better and trying to see how it applies in different scenarios, but particularly evolution and economics. So there’s two branches of game theory, evolutionary game theory and economical game theory.

Jon: We’re talking about video game theory here?

Gabriel: Almost. So game theory is a scientific theory of interaction and decision making.

Jon: Okay?

Gabriel: So because games fall under that category, it’s called Game Theory. So essentially, if you have a rules of interaction, that is the rules of the game, and then you have an outcome or an objective, right?

Jon: Yeah.

Gabriel: And that is the aim of the game. And then you have the participants, they’re the players. So you can describe games through Game theory, like like chess, or you can describe any strategical interaction with the same theory.

Jon: Right

Gabriel: So hence why, let’s say evolutionary competition started being described in terms of Game theory because it’s two competing participants. For example, in a two player interaction could be multiplayer interaction, could be team based, like a sport, like football. That can be described in Game Theory, but each team is a unit of participation. So you wouldn’t consider each individual player as a player, you consider the team as a player.

Jon: as a player. Okay, so from following you then, game Theory translates into neurodivergence and the economics of management and stuff because you’re not thinking of the managers, maybe individually, but as a company or even what’s it like different kind of verticals like finance or insurance or consultancy.

Gabriel: There’s an entire branch of Game Theory called economics game Theory. And because of my interest in Game Theory, I started getting interested in economics and how the strategies and choices of actors in the market impact the market and each other because companies are constantly competing against each other, trying to do better than each other, et cetera. And, you can even compare. There’s a word that we use in business called incorporated. So incorporated comes from the Latin corpus, which means body. So you can make a parallel between a business entity, a corporation with a body. So the executive management is your brain. The departments are like each individual organ, each individual employee is a cell, and money is the energy.

Jon: So it really breaks down. Okay,

Gabriel: It maps very well. It maps perfectly. In fact, there’s a reason they called it incorporated at the end of the day. And what you get is because I have that interest already. And now a hot topic is this idea of stagflation, right? So you have stagnation, so lack of productivity and inflation where market prices are going up despite us not producing more. And you get COVID and everybody’s now working from home and you’ve got all the subsidies being given out, which is making inflation even worse.
And you’ve got issue of being capable now of working from home. But once COVID is out, some companies are pushing people back into the office. And that caught my eye, that caught my interest because I was like, I think I can model this theory. But after doing the modeling, this is nothing extensively mathematical, but it’s just mainly logic. My area mainly focuses on logic diagrams and logical outcomes. And what I identified was something that I had somewhat presumed or observed. But then I was capable of modeling it at a larger scale, because in the businesses I have worked in, you notice the behavior, and you can predict, this will lead this behavior or this strategy. This choice will lead to these outcome, or given a certain set of circumstances, these will be the outcome of these.

Jon: Was it at that point that when you’re doing this modeling and you were running it through game theory and everything, was it at that point you kind of maybe did you notice there was a trend in like neurotypical managers and a lack of neurodiverse managers? What was the trend there?

Gabriel: So for sure, I’m going to start like this. If I remember correctly, two main trends, potentially three, but one main trend is I’m going to use a technical term, but I will try to explain it as best as I can.

13:10 Trend 1: Bullmarket

Gabriel: During bull markets, you have extreme inefficiency. So what that means is a bull market is when the market is doing financially very well or even exceeding expectations. And what ends up happening is in periods of abundance, you efficiency can be masked by simply applying more resources. So you have a manager that isn’t particularly smart or isn’t particularly good at strategizing or managing people and engaging. And then what happens is. They in order to solve the lack of productivity that his team is having, they say to their manager, the senior management, I need more employees, I need a bigger team. Right. We’re not producing enough because we don’t have the resources. It’s always a resources problem. You’ve seen that picture where this guy trying to look over a wall, has about 15 ladders, but they’re stacked horizontally. Whereas if you used a single ladder stacked vertically on the wall, you’d be able to get over the wall.

Jon: So essentially, instead of using the ladder the way that the ladder should be used, they’re just mismanaging it.

Gabriel: They’re mismanaging resources because they’re inefficient, they’re not good strategists. And what ends up happening is in a period in a bull market condition, that is fine, you can throw more resources at the problem. Let’s tax some more ladders horizontally. Yeah. Because we can afford it. And you see, that’s exactly what happened with Facebook, Google, Microsoft, and all of these large tech companies that are now doing mass layoffs. Why are they doing mass layoffs during a bull market? They overhired. They just threw resources at a problem when the correct solution would have been, let’s find a more efficient way. Yeah, so that is the first trend. Right. And we’re seeing that now. So as soon as a bull market ends and you start going into recession, the inefficiencies of management start becoming critically apparent. Yeah. The second thing I started noticing is because of poor management, promotions were also.

15:50 Trend 2: Promotions

Gabriel: And hiring was also inefficient. And by that I mean they were. More socially oriented to make people happy. Rather than measured on a capacity and skill basis. So what that means is you’ve been. At the job for ten years, you’re best friends with your executive, and you get promoted to becoming a director. Yeah. You’re not being promoted by competency or your actual skills.

Jon: You’re being promoted by nepotism might be a good word. Yeah. Who. You know. Yeah. That’s something that just or you can make happy.

Gabriel: Who. You can make happy. Right. So if you can make somebody happy that has the power to promote you, your likelihood of being promoted goes up significantly. And. What ended up happening there is. You can see now, the evidence is in the job market, whenever you’re looking for a role to apply to and it says you need this many years of experience. How does the years of experience correlate. To capacity to do that job? Yeah. It may or it may not. It could be a close approximation, too, but in isolation, it is not much.

17.01 Trend 3: Bad Management

Jon: Yeah. And then if I’m following with where you’re going, I’m thinking your third point if we bring it back to ADHD or Neurodiversity the third point if I’m following is the people that are getting hired or they’re getting from promoted the nepotism, if you will, that’s being given to other neurotypical people maybe a lot of the time, because they are the ones that make the higher ups, they make the seniors happy. They get on with them. They have those connections, whereas social ability. That social awareness. Yeah. Whereas neurodivergent people, we struggle a little bit more with the social aspects, not even to get into the fact that we often don’t stay at jobs as long as a neurotypical does. So then it cascades because there are probably definitely some really good neurodivergent people out there that would be better suited for these roles and are being passed up because they maybe are a bit too blunt or they just think differently. And the seniors thinking they don’t think.

Gabriel: There isn’t a worse experience of going to an interview where the candidate is more capable of the job than the hiring manager. Yeah. And because they’re speaking completely different languages, the hiring manager can’t identify it. Yeah. And that’s the problem that I’m talking about here, is primarily one where managers that have been promoted into management inappropriately then are compounding the problem by making hiring decisions that are inappropriate. Now, when it comes to neurodiversity, that is affected usually in two ways. So on one hand, where the neurodiverse candidate is the one applying or the one that would like a promotion is the employee, the subordinate? Let’s say, then bad management essentially means that they don’t get the reasonable adjustment that they need. It may mean that their true capacity to perform is not assessed correctly because.

Jon: It’s being assessed on neurotypical standards.

Gabriel: Yeah. Not just neurotypical standards. They’re just. Bad managers don’t know how to assess. Even neurotypicals, some brilliantly talented neurotypicals are being passed over because a bad manager does not have the right metrics to measure capacity. So it’s not limited to one or the other. It’s not us versus them. It’s a bad managers are going to bad manage, do you know what I mean? Whether the candidate is a neurotypical or not. Now then you can flip it and say what happens when it’s a neurodiverse person that is the manager, right? And then you start getting into a whole other scale of problems. And I’ve identified this, particularly in the tech sector. It’s no surprise there’s a lot of psychological research, scientific research that have quantified what percentage of tech employees have a neurodiversity of some sort. Whether it be autism, ADHD, dyslexia, you name it. It is incredibly high, right? I don’t have the number right in front of me, but it is a known fact we are really good engineers, we’re really good analysts.

Jon: Really. That means that we workers, good technical workers.

Gabriel: We outperform. Which means we might stay in the job longer than a neurotypical peer. So because we’ve been there longer, we’ve been there ten years in that company and we’ve made friends with the executive despite our neurodivergency. Then you get promoted despite not being capable of being a manager or not having the adequate training. It compounds the problem because now not only are you a bad manager, you’re a bad manager with a neurodiversity. So not only you’re a bad manager, you’re a bad manager with a neurodiversity. And. I’m sure we’re going to talk about this some more, but as you said, the lack of training and preparation for these neurodiverse managers is really starting to bite these companies in the rear end because particularly the tech industry and the cybersecurity industry, even more so, is starting to severely suffer from the poor management. And that’s what’s in my estimation, what’s causing the prices and cost of salaries to raise. And we can discuss that in more detail if you’d like.

Jon: Yeah, that’s the thing is, as you were speaking, I was thinking about this and at a previous company I had a manager neurotypical and obviously I have ADHD. I’m primarily an attentive, right? One of my coworkers is primarily hyper. One of my coworkers was primarily hyperactive. And this manager knew a little bit about ADHD and they’d come up with a really good way and solution to manage my coworker. So they then took that management style and I don’t know if impose is the right word, but they used that management style as a fellow ADHD on me.

Gabriel: based them all with one brush.

Jon: But the problem was, and I didn’t realize this at the time, which is a shame, because if I had, I think things would have changed, would have would have worked out quite differently. I probably would have ended up staying there. But it’s only with hindsight, obviously, because it’s 2020, I. That management style because it was focused for a hyperactive person was actually horrible for me. It led to micromanagement, it led to undue stress. I wasn’t delivering the way that I needed to miscommunications, lack of communication, and I slowed down.

Gabriel: That makes perfect sense.

Jon: Yeah. And it’s only realized, well, it’s not not that he was a bad manager. This guy was not a bad man. I actually think he’s a great manager. The problem was he was managing me like he was managing someone else when it was a totally different type of ADHD because of the lack of awareness on the different types of ADHD and neurodivergence.

Gabriel: Here’s the thing. I’m going to contradict you there for a moment, but I do think it’s bad management, and maybe it’s not intentional. They were not an evil person by any means. No, I’m just going to term it as management is a skill. Just because somebody is a bad footballer does not mean they are a bad person. T

Jon: I wasn’t saying he’s a bad person. By no means.

Gabriel: Exactly. So bad in this sense, not in the moral sense, but certainly in the lacking skill sense, which is often what we’ve been finding as a result of the bull market. These people that have bad management skills being promoted and rewarded despite each.

Jon: Now because of the bull market, it’s going into a recession or what would you call it? A bear market. So that’s the flip end. Or I don’t know. I believe that’s right.

25:22 Wage inflation & Hiring Market

Gabriel: A bear market is a cold market that things start slumping down.

Jon: And so now that we’re in that market. Now that we’re in that market, we’ve been seeing just wage inflation, especially in cybersecurity. When I started a year and a half ago, was it a security architect would be looking realistically was looking for about maybe 80, maybe 90K on average on the base for really good company, really good security architect, they’d be looking for like 100, right? It’s absolutely changed. Now the price has gone up by 20%. So now the same person with the same experience for the same kind of job, everything is looking for like 100. And what’s happened is you have a lot of these people who come from Meta or Amazon, the big ones. I’m not going to name some of the smaller ones because GDPR, but they come and they have these overinflated egos of oh, I’m worth 120k, I’m worth one hundred and fifty k. And I’m like, but that’s not what the market’s saying. The only reason that you can say that you are worth that is because of the wage inflation that we’ve had, because of the kind of microcosm or the bubble that security is in that’s now starting to pop. And you have both neurodivergent and I think it is, I think it is.

Gabriel: So here’s why it’s not popping. What you’re going to end up with is a classification, a crystallization of and have nots in cybersecurity. And what that means is essentially is at the top end of the market prices are going to keep rising, whereas at the bottom end of the market prices are going to drop. And the reason prices are going to drop is because. More people that believe they’re worth 120 are not going to be able to get those roles at 120. And they’re going to start going for roles at 100, at 80. And it’s going to start slowly trickling down to those levels. But the thing you will find is they will not be doing the same role that is worth 120. They’re going to start looking for roles such as analysts or engineering roles that are now worth 70. So they’re going to start doing roles that they might in theory, right, because when somebody is hired because they’ve got good charisma rather than because they’ve got good capabilities, they might end up with experience in a role that they’re not capable of. So I want to preface it with that. But they’re going to end up in a role that they are over experienced for but paid an inflated wage there.

Jon: Or maybe in a role that they think they’re Over experienced for, but in reality they got lucky with a role that they didn’t have enough experience for and now they’re actually in a role that is actually suited for where they’re at in their career.

Gabriel: Correct. And what that’s going to do is that’s going to dry up the experienced market. The more these people start dropping down to lower wage roles, the more companies are going to be competing for that senior architect, the more companies are going to be competing for that security manager or senior engineers, senior analysts. There’s going to be a lot of competition because people are the companies are unreasonable. And I was going to use this going to these detail, so I’m going to actually take the moment and do that now. So here’s how the inflation generally is occurring, right? And this is across the board, not just in technology or cybersecurity, but in particularly strong. This effect is particularly strong in cybersecurity. A bad manager that is incapable of assessing capability during interview might be overly selective. Yeah. Or might be more likely to dismiss an employee they don’t like, despite that employee being capable of the job. So when an employer, a hiring manager, is being highly selective with the candidates that they want to hire, they’re choosing from a smaller pool of candidates. Supply demand rules, right? When the supply is lower and the demand is higher, that smaller pool of candidates are going to be competed over on the basis of salary.

Jon: We’re seeing the same thing with hybrid working remote working. The amount of people that are wanting to work remote, let’s say fully remote, the amount of people that are wanting to workflow remote hasn’t decreased. If anything, it’s increased. But because of the market that we’re in and companies are like, oh, no, we actually have more power than we did a couple of years ago during COVID They’re now going, oh, we’re going to do two or three days in the week in the office. There’s a couple of companies I know that are doing they actually do five days a week in the office for security analysts and engineers. You guys don’t need to be in the office. You can work from home just as easily. But what’s happening then?

Gabriel: They’re having to pay the big bucks for them because it’s a small pool of candidates. Yeah.

Jon: But at the same time, the hybrid and remote roles, those salaries are actually starting to dwindle a little bit because those companies know that they don’t have to be paying extortionate prices to find a broader pool of candidates.

Gabriel: Correct. And people are willing to go to those jobs despite being a lower salary. And that is very true. And that’s what you’re going to find. So the lower the supply, the lower the candidate pool, the higher the salary range is going to go. And the more selective or picky an employer or hiring manager is due to being a bad manager, the higher you’ll see wage inflation go. Right. Simply because of that effect. But then that causes a feedback loop that I’ve been noticing in the last two years, particularly. Right. So this is really bad feedback loop. Consider I’m going to use an analogy to sort of show how stupid really, this mentality is that is happening in the hiring market. So let’s say a bananas are scarce at the moment due to lack of rainfall, so their price has suddenly shot up, right. So there’s low supply, high demand, price of bananas increase.

Jon: Sure.

Gabriel: People going to the supermarket go, oh, my days, it’s increased so much for that price. I want a really good banana, right. So I’m not going to get these crappy bananas over here. I want the really good banana that’s actually yeah.

Jon: You’re going to sift through the bunch to find the best one you possibly can for that price.

Gabriel: Exactly. And then what you end up happening is that’s the price of the banana that year. You’re not going to find anything better because that’s what you get. Yeah, right. That’s how supply and demand works. You might be lucky and find one good banana in a bunch of bad bananas, but it’s luck more than the way things work.

Jon: Yeah, it’s more luck in finding the good banana than it is skill in being able to spot the good banana. Exactly. I see where you’re going.

Gabriel: The idea there is you’ve got to pay the price of the banana at where it’s at because that’s how the market works. Right. If you think a produce is currently in a good deal, you buy it early so that it appreciates. That’s how the stock market works. If the company’s shares are undervalued, you want to buy them so that when they grow to the value they are supposed to be, you’ve made money.

Jon: I’ve done that with my Lego. I’m going to use another Lego example. Yes, go ahead. Lego. Normally a lot of Lego sets, especially Star Wars Lego sets, appreciate with value, but that only happens when the set is retired. So I have the big 2019 UCS Ultimate Collector Series stardust order. Things sent me back probably about 600 pounds. Now, if I had kept it in the box and not opened the box, just sealed factory, everything, I could now sell that on ebay or whatever, for oh, gosh. I think I saw it for about two about 1500 to 2000 pounds. Just because the supply is now gone, but the desire for it hasn’t left. And it’s the same thing with a lot. Sipping with a lot of the other Lego sets that I buy. I buy them not because I want them or even because I like them. I buy them. I put them in my cupboard. I’m thinking, two or three years, this will be worth, let’s say it’s a 50 pound set. A couple of years, that set is going to be worth 200, 300, maybe even 400 pounds. Not even.

Gabriel: Imagine how stupid then it would be if somebody looked at you, knew that you owned that thing and went was like, I’m willing to pay you $40 for it.

Jon: Yeah. I’d be like, no, you’re an idiot.

Gabriel: That’s less than I paid. Exactly. So that’s what’s happening in the job market. So what ends up happening in the job market is the hiring managers start becoming more picky because they’re bad managers. So they hire somebody that is clearly bad for the job and doesn’t turn out well. They get fired. Then they hire somebody else. They’re clearly bad for the job, so they get fired. So the manager starts thinking, I need somebody with more experience. I need somebody more skilled. So the manager goes, because they’re incapable of finding the right person. They start thinking it’s an experience issue. So they start looking for more experienced people. Yeah, but they want those at the price of the junior. This is a junior role.

Jon: So my question then comes to you for ADHD people, for neurodiverse people, how does this impact them? Where’s the impact?

Gabriel: For neurodiverse people, it’s the same impact as you get for neurotypicals, but we struggle more, let’s say, depending on what type of neurodiverse you have, might struggle more at interviews. When you consider that luck in finding the beautiful banana in a bunch of bad bananas, is that idea of trying to find a talented candidate that is undervalued willing to accept a low salary.

Jon: But you’ve got to find that candidate as well. We’ll use ADHD as an example. Right. I cannot tell you how bad I am at taking written exams. I’m horrible at it. Now, it’s not because I don’t know the stuff. When I take a written exam, I know the stuff. It’s in my head. The problem is, sometimes I need a little bit of, like, a Kickstart or maybe a note, and it could be one word. It could be I don’t know.

Gabriel: I call it the seed. Yeah, I know what you mean. To grow that tree.

Jon: Yeah. And it doesn’t mean that I don’t know it. It just means, okay, if I if I was to do a lecture on why the Galactic Empire fell in Star Wars, right? I love Star Wars. Everybody knows that. Anybody that has seen my my LinkedIn post or has talked to me or anything, they they know I love Star Wars. Right. But here’s the thing. If I was going to give a lecture on why the Galactic Empire fell now, I could tell you why that is, but if I were to get up in front of 500 people, I would probably start waffling, because I know the stuff, but I can’t quite get to it, and you can’t focus on where to start. What do I do to Kickstart or what do I do for that seed? I have a note card or a piece of paper that has key words at different points in that talk to literally give my brain that little boost. Now, when we go over to Cybersecurity, we’re just interviewing in general what happens to ADHD people. It’s the exact same thing. If I were to ask you a highly technical question on a topic. About engineering that you haven’t touched in six months. Now, I know that you will know the answer because you’ve done it. And I know that you know the answer. I know that you’ve done it because it’s on your CV and we’ve talked about it before, but if I were to ask you right now, there’s a high chance, there’s a high probability that you’d be like, it’s there, but you can’t quite get to it. So then what happens? Manager has found their banana. They found their excellent banana. They’re one in a million, right? But because of the way the interview process is built, or because of the way that they recognize it, they don’t recognize it. So they might have the fantastic banana that is under budget, that’s available immediately, that doesn’t have any blemishes or any whatever the hell bananas have. It’s the perfect banana.

Gabriel: Let’s call it a bruised banana. Sometimes you will find, and this is really beautiful example, that’s why I like using bananas. My father, you can tell from my accent, I’m from Brazil, and my father absolutely loves bananas. I do too, but he particularly loves them. And he can tell a good banana from a bad banana really quickly. And a lot of people make this mistake. They want the banana without any spots whatsoever. That banana was picked too green and it’s not going to be sweet. It might be a living a little bit sharp. If you get a banana that’s got some blemishes, some of the purple or some of the black on the skin in, but then you peel it, you’re going to find that it’s actually not penetrated into the actual banana. It’s just surface deep, right? It’s just skin deep. But that banana was picked at the right time. And it’s the sweetest banana you will ever taste.

Jon: Yeah, it’s a ripened banana. It’s perfect.

Gabriel: Here’s what you get. You get a bad manager that can’t tell what a ripened banana is. Yeah.

Jon: So then back to the question. If we take that into mind with ADHD people bad manager doesn’t like, maybe they don’t know what they’re looking for, so they hire the wrong people. How does this negatively impact people such as ourselves? How does it negatively impact? And how then, can we change that process, this economics of management, if you will, to give if we can or help boost neurodivergent people in getting the roles that they would actually probably be good for and would miss otherwise?

Gabriel: Sure, I will get to that. What I’m going to do first is just conclude the mechanics of how the feedback loop occurs. And on the back of that, I will start providing some solutions. So essentially what happens is, once those managers that can’t find a good candidate, what they end up doing is they’re looking through a smaller and smaller pool of candidates, and the price of them, the salary of the candidates, start going up because companies are competing with each other for those bad candidates. The pristine banana that looks with that has no amish. Yeah. But actually, in reality, it’s a green banana. It’s not ripe, it’s not sweet, it’s not right at all. But they’re competing over that banana.

Jon: Yeah. Because it looks pretty.

Gabriel: Because it looks pretty, exactly. So what ends up happening there is for the. Entire industry, salaries go up. But then you’ve got the actually good ripe bananas and they know they’re worth and they know actually, if they’re given a chance, they can outperform the green banana. Right. So those candidates will surf through the inflation of salaries, leverage that high salary and absolutely smash it. And then they will go from strength to strength. Right. So they’re going to be getting better and better salaries, better and better jobs, particularly if they’re capable of navigating and finding, let’s say, some good managers.

Jon: This is supposing that, again, pull back to ASD or ADHD, right. This is on the supposition that that candidate that has the blemishes but is actually pristine in the middle. This is under the supposition that they know how to navigate social interactions, that they know how to interview well or say the right things.

Gabriel: Sure.

Jon: What is the reality of this is a lot of ADHD people, this is stuff that they fundamentally struggle with. I can’t tell you how many ADHD really genuinely struggle with interviewing or picking up on sarcasm or in office politics. And so they get passed up. So I get what you’re saying when it comes to that kind of small minority of bananas. It but then we get to, let’s. Say the I don’t want to say the bigger majority of bananas, but the but the other bananas.

Gabriel: Sure. Yeah.

Jon: You see where I’m going?

Gabriel: Yeah. So because the. So I just wanted to make sure that the point is across, that it creates a feedback loop, right. Bad management raises the salary for everyone, so this is actually a good thing for even neurodiverse individuals. But the feedback loop is there because then they start looking, start narrowing. Because if they want to hire somebody at that high inflated price yeah. They want to look for something that in their mind is worth that price. Yeah. So they start making the criteria smaller and smaller and smaller the higher the inflation goes. Yeah. So that’s a feedback loop that is ever increasing. So let’s say tomorrow the price, the salary of a security architect hit 200K. They’re going to start looking for people with ten years experience.

Jon: Yeah. If not more. Honestly.

Gabriel: If not more, because they think that that’s what it should be. But then guess what? That’s the price for people with two years experience. Yeah. And if you’re looking for people with ten years experience, what I’m calling the banana that is ripe, they’re going to go, no, two years experience is worth that. I was worth that last year. But now there’s inflation, I’m worth more.

46.14 Skills gaps and hiring

Jon: Yeah. Right. But then it compounds a bit more as well, doesn’t it? Because although you have the price inflation, you have the wage inflation, it compounds a little bit more. Because I had the thought in my head, dang it, I’ve lost it. I just need that it is detected. I was, I was trying to listen and I was also trying to think like, oh, this is such a good point. Oh, I’ve got it, I’ve got it, I’ve got it. So it compounds because here’s the problem, right? Let’s say you have ten years of experience. Great. And you’re worth 200K, you’re a security architect. That’s great. But. At the more junior levels. Let’s say junior security engineer or junior security analyst, not architect analyst. A lot of companies either don’t want to invest in these junior people because they don’t think they’re going to stay for very long, or they don’t want to hire people with, let’s say, one or two years of experience or even graduates, because it’s cybersecurity, right? You guys are literally there to protect the infrastructure and the finances of these companies, blah, blah, blah, the GDPR, everything, right? So then this comes into effect of, oh, hey, we have this skills gap for mid to senior and executive level roles. But you don’t really have this skills gap because there’s a lot of junior and mid level people that aren’t being invested in and aren’t getting the money that they deserve because the companies don’t want to come in and say, oh, hey, you have two years of experience. I’m going to give you more money. I’m going to promote you to a security engineer. I’m going to invest in you because. I trust your ability shows up in the market.

Gabriel: So here’s how he shows up in the market. It’s beautiful. Researchers, HR recruitment researchers have done what’s the word, surveys for donkeys years now, seeing how many people are looking for jobs and how many roles are currently available. And it has been demonstrated, you statistically, there isn’t a shortage of candidates issue. No. So employers that used to say there’s not enough candidates, we need to get more people into cyber. We need to get more people into cyber. We need to get. So there were all of these plans. To flood the market with candidates, and. It’S not solved the problem, it’s made it worse. So now the analysis is starting to become, okay, well, there are enough candidates, so why is there still a shortage? They’ve changed the wording. Oh, it’s a skills shortage. It’s no longer a candidate shortage. It’s a skill skilled. Yeah, it’s a skilled candidate shortage. So you mean you don’t want to pay the worth of the candidate? You want a more skilled candidate for. The price that you’re paying.

Jon: Or you don’t want to invest in the get? Because as a recruiter right, obviously I speak to people such as yourself all day. And one of the things I learned quite quickly, there are a lot of open security roles in the mid to senior level positions.

Gabriel: Yes.

Jon: And there are particularly in the mid to senior level position, there are a lot of people that are really good for the role. But why are they not being hired? Well, I can tell you it’s because a lot of these people need sponsorship or don’t need sponsorship, but haven’t worked in the UK, and the companies, for whatever reason, may not want to take that risk, because they’re like, oh, we don’t know if they’re going to be a good culture fit, blah, blah, blah. But they have the technical skills. So they say there’s this skill shortage. And there was a report by it was like CyberNews Weekly or something, I can’t remember who it was. Don’t quote me on that. Basically saying there’s going to be a reported skills gap of like, three and a half million cyber security professionals or jobs in the entire world by 2025 or 2027. What’s? Not the case. I get contacted probably five to ten times a week by graduate level security. We have just graduates, cybersecurity graduates, asking if I have roles. The issue isn’t the candidates. The issue isn’t even a skills shortage. The issue, in my mind is an unwillingness to invest in these people or to invest in the people that are nearly at that point, bring them up to mid, to senior level and then train up and start entry level people. That’s where the issue.

Gabriel: It’s worse than that because a lot of companies are not doing that because they think the junior candidates are not worth their salary. Yeah, right. So if they’re going to hire somebody at that salary, they want somebody a jack of all trace that can do everything. So particularly in that junior to mid role. I’ve been there and I’ve got the T shirt and I can tell you every time I used to apply for a junior to mid level role, they wanted a check of all trades for the price that they were paying. I can’t afford a mid position, but that’s what I need. And a junior is not qualified enough to do what I want them to do. So in order to justify paying somebody at a mid level position, I wanted to do both. But here’s the thing and starting to get into solutions now, what you find is a mismatch between is always every time, always a mismatch between what the worth of the candidate is and how much the company is willing to pay for it and bad manager. Instead of trying to find the diamond in the rough, rather than try to find, let’s say, lower prices, lower the salary offer, but find a diamond candidate within that price range, what they end up doing instead. Is because of the bull market. Remember we started this with say it’s part of the bull market. They just ask executives, can we get a higher budget? Yeah, can we get a higher budget? And so they start going up. But then the company says, for that price, I want somebody with more experience. But then the person with more experience is not going to want to do the job for that much. They’re going to want to the job for more. And every time they go up it scales. So how do you solve it? There’s three ways that it can be solved, right? There are some, let’s say easy pickings, and there are some more structural difficulty issues. So the simple answer is just to pay people what they’re worth and stop overestimating this idea that if you raise salary, you’re going to find a better candidate. If you can’t find the candidate at the salary that you’ve got, the issue is with your metrics, not with the salary.

Jon: I don’t know. I think I would disagree on that one. I’ve got one role right now for a client and genuinely, the quality of the candidates I’ve been sending to them, they like, right? They like the quality. The problem is the quality that I’m sending is about 20k over budget for what they’re able to pay. And I’ve gone and I’ve said, look, know the budget that you’ve given us, the budget that you’re willing to pay. This is the quality candidate that you’re going to get. And so I’ve sent candidates at that level saying this is what you’re going to get for this quality for this.

Gabriel: I’ve got a question for you. How do you know it’s at that level?

Jon: What metric are you using to measure so what to measure the candidates that I speak to, that you sent to them.

Gabriel: How do you know the candidate is a good fit?

Jon: So I don’t base it on years of experience. Some clients appreciate that. Some clients don’t appreciate that. Some candidates, again, appreciate that, some don’t. I don’t care how how many years of experience you have.

Gabriel: How do you do it?

Jon: Don’t worry. I get it by I talk to them. Right. Depending on the role, I have a list of questions, both technical and competency based, that I ask my candidates. Let’s say I’m working for a seam role. I’ll be asking, can you tell me of a time that you were working on a configuration and it all went to hell? And how did you fix it? Or if I’m working a digital forensics role, can you tell me about a time that there was an incident escalation? Again, it all went to hell. What did you do? What kind of remediations did you work on? What platforms did you use? What was your process to find out why it went to hell in the first place? Then what was your process to remediate that? What were the tools that you used? Talk me through everything that you did.

Gabriel: That’s one way down. Yeah. I love this. I absolutely love this. So let’s break that down by asking those questions. What skills do you think you’re assessing?

Jon: So, first off, I’m assessing whether or not they are interested actually interested in the role. Because if they don’t want tell me in detail about that. And I appreciate that there is obviously confidentiality that we have to go through. And so a lot of times, they can’t tell me specific things that they’ve done. I get that. That’s fine. But the first thing I’m assessing is, are they actually interested in this role? If they’re willing to talk to me about it, cool. They’re interested in the role. Second thing, interest. Second thing I am assessing is what they have on their CV. Does it line up to what I’m asking them? So if they can tell me in detail about an incident that they resolved or a seam configuration that they worked on, if they can tell me that in detail, then they are also telling me, cool, they were truthful on their CV. They’re also telling me that they are technically capable and that they can back that up with real world examples.

Gabriel: So you’re measuring for experience?

Jon: I am.

Gabriel: Okay, so you see, here’s the thing. There’s a difference between years of experience and experience with a process.

Jon: Yes.

Gabriel: It’s not necessarily a bad thing.

Jon: I’m not measuring for years of experience so much as that I’m measuring for.

Gabriel: Can you tell me, can you demonstrate that you have experience in the tools that role the processes, the best practices?

Jon: I don’t care if you’ve only done it for a year. If you can show measuring the knowledge, if you can show me that you have the knowledge and the tools and the capacity to do the job, I will be happy to send you. I don’t care if you’ve only been doing it for a year, but then I’m also assessment how do you know they’re doing it? Well, that’s the thing. This is the thing. As a recruiter, as much as recruiters say, we like to say, I’m a specialist in security recruitment. Yeah. I’m a specialist in infrastructure, a software developer development. I don’t work in I don’t use Miter and Attack. I don’t use splunk.

Gabriel: It means you understand the market, not necessarily cybersecurity itself.

Jon: I understand the market, and I understand enough of what you guys do that I can get a baseline understanding of. Or let’s call it like a soft competency baseline. But I can’t technically assess in the way that a hiring manager can or in the way that an advisory board can.

Gabriel: They’re worse, by the way.

Yeah.

Gabriel: What you’ve described is better than many hiring managers. I’m telling you that now.

Jon: But there’s only so much that I can do as a recruiter in what I’m able to do. I try to do my due diligence. Obviously, some people get through the cracks, and if they get through the cracks, hats off to them. That means they’re a good interviewer.

59:11 Diamond in the rough

Gabriel: Let me blow your mind now. The true diamond in the rough that you’re going to find is when you find somebody with a skill set without experience in that matter. In that subject matter. Yeah. This is generally called transferable skills, even technical skills. So let’s say you want to have somebody that is a forensic investigator, but they don’t have experience in forensics or forensic tooling. But guess what? They’ve done a year in soc. They’ve been a junior soc analyst. Yeah, they don’t have a lot of experience. They’ve worked with some soc tools. They’ve done a few investigations, but certainly nothing that they can talk extensively about. How would you measure their ability to do forensics?

Jon: So I’ve actually had this. Quite proud of this one. Although the person you should be the person get the job.

Gabriel: Exactly.

Jon: Which was really annoying. Which was really annoying.

Gabriel: But you’re starting to touch on the point now.

Jon: Exactly. This person was a threat hunter. They’ve been doing a lot of threat hunters. Yeah, they’ve been a threat hunter for years and years and years. Now they are at their current place, they are a threat team lead. So they’re running a team of, I think it’s like five or six threat analysts. Absolutely. Awesome. I put them forwards for a digital forensics and incident response position. Their CV didn’t have much in the way of DFIR at all. So how did I measure and figure out that or think that they were good for the role? To be completely honest, I don’t know. Part of it was a gut feeling. Genuinely part of it was a gut feeling. I was talking to them. I have a relationship with this person. I know them decently well, as well as I can without having met them, but you know what I mean.

Gabriel: Yes, of course.

Jon: And from the conversations that I’d had and knowing the kind of person that they were, I just had this gut feeling of, I know they’re good enough to get through technical, but maybe they’re not going to be good enough for exactly what the company is looking for.

Gabriel: Fine. Let me run that by you. Yeah, good. No, that’s fine. I know, because I do the same. So the difference between a good and a bad manager is the ability to quantify structuralize system to systematize. No. There’s a proper word for that systematize. Systematize. That’s the word systematize. That gut feeling into operational metrics. Right. So what you perceived through your pattern detection mechanisms, right? Instinctive pattern detection mechanisms. There are some really smart people out there that they’re capable to take what this is generally called art, and turn it into science. Art and turn it into science. So here’s the trick. Problem solving ability.

Jon: I was going to say, you know what this candidate has in common? ADHD.

Gabriel: ADHD, of course. ADHD are pattern detection machines. Look. So problem solving ability, number one. Number two, the pattern detection mechanisms, the ability to perceive and identify patterns. It doesn’t matter whether they are threat hunting patterns or whether they are forensic patterns. The ability to follow a system in a methodological fashion, right? Generally, all of these things tend to be somewhat associated with IQ. And when you’re talking about psychometrics so the measurement of personality the most trusted nowadays personality measurements is called the big five.

64.27 The big five

Jon: The big five?

Gabriel: The big five personality test. So this covers things like extraversion, um. Openness. So openness to experience the willingness to try out new things. Conscientiousness, which usually means how organized you are or how hardworking you are. Neuroticism, which generally is your aversion to threat, right? So how risk adverse you are and how emotionally in vested you are to risk detection. And what’s the third one to go extraversion openness? Conscientiousness neuroticism. And I forgot the other one. Give me 2 seconds. I literally can google this.

Jon: What I’m hearing is a lot of these traits are traits that neurodiverse people have.

Gabriel: No, everybody has them, but then it’s like a spectrum. It’s a personality spectrum.

Jon: Okay, let me rephrase that then. A lot of the traits that you’re talking about, I think ADHD or neurodiverse people maybe show to a higher extent, like ADHD on the whole are more risk tolerant.

Gabriel: Correct. Lower nervous system.

Jon: I picked up and moved from the US to the UK with hardly a second thought. I literally was like, okay, I’m going to sell my car. Everything I own, I’m just going to pick up, I’m going to move, and it’s going to figure itself out. I think very few neurotypical people would do that. Whether or not that’s a good trait is up for debate. But it’s something that I.

Gabriel: Because of object permanence. So in ADHD, the lack of object permanence, the fact that you forget things easily, right? It means you don’t remember risks as pretty much as permanently as neurotypical people.

Jon: So yeah, maybe maybe a way, maybe a way to address the economic impact of bad management and neurodiversity is let’s say we bring more neurodiverse people into I’m not saying that we have to bring them in as managers. That one specifically. That won’t change things.

Gabriel: Well, what I’m saying is in cybersecurity you have preponderance of autistic and ADHD managers. I know, but what does not solve the problem,

Jon: that’s not let’s bring them into the hiring process, right? So let’s say we have a neurotypical hiring manager and that neurotypical hiring manager is like, okay, this is what I want, this is what I want, this is what I want. And then let’s say I put five CVS in front of the neurotypical manager and let’s just presuppose one of them is going to get the job, right? No matter what, one of them is going to get the job. And the five CVS are all of different qualities. They all match or don’t match for varying reasons. Now, the hiring manager might go for the shiniest CV because again, let’s prespose the neurotypical. They might go for the shiny CV and say all the buzzwords are there, blah, blah, blah. Great, now let’s take a neurodiverse person then whether ASD doesn’t matter or ADHD doesn’t matter and we give that person the same five CVS, there is a chance that they would look at a CV that isn’t pretty. Maybe the candidate is a bit jumpy, they’ve moved every nine months to a year or something. They don’t have as much technical information. Or maybe they have too much. They’ve waffled it too much. Right. But they have that level of intuition on that CV that the neurotypical hiring manager doesn’t. So what then could happen? Well, that neurodivergent person could then go to the hiring manager and say, hey, I know you like candidate A, but candidate D here, they are really good and this is why. But you have to be able to quantify that and break that down and have that relationship with that hiring manager. Maybe I’m convoluted it way too much.

Gabriel: No, I think there’s a lot of assumptions in the sense there’s the assumption there that the neurodiverse person will always 100% of the time, be better at detecting a diamond in the rough than the than the neurotypical.

Jon: Yes, that is an assumption that’s made. That’s the thing. It’s an us versus them approach which is not going to make things better, that a neurodiverse person is going to be always better at the job. I’m not trying to take an us for a Stem approach. I’m trying to find an approach of how can we, as neurodivergent people work with neurotypical people to help solve this problem?

Gabriel: Ignore the label system. That’s the solution.

Jon: Just ignore neurodivergent neurotypical. Just ignore the labels.

Gabriel: No, in the sense of the label won’t be the differentiating factor when it comes to hiring or promoting or retaining. Because here’s the thing a neurodiverse manager is just as likely to drive an employee into resigning as a neurotypical manager.

Jon: That’s true.

Gabriel: And they’re just as easily misled when it comes to identifying the right candidate. Because you said it earlier, that gut feeling. Now, some neurodiverse people have that gut feeling, some don’t. Some neurotypical people have that gut feeling, some don’t. How do you solve the problem? You take the gut feeling and you systematize it so that everybody can do it.

Jon: But how do you quantify or systematize something that is. But I don’t even know how to describe it.

Gabriel: Easy. That’s why I was saying the personality traits

70:42 Personality Traits

Jon: Oh, this is where you’re going with it. Okay, I see where that’s where I was going.

Gabriel: Yes. So you have to find, for example, you want to find a hard worker conscientious people and their tests done with this repeatedly, ad nauseam. People that are high conscientiousness are known to work harder. It’s a fact.

Jon: You would want to test candidates with this personality test.

Gabriel: It’s the most successful personality test in psychology ever, and it’s being developed even further. They say now there’s even a big six model with H being honesty right. As an additional factor to it. So here’s the thing. If you want somebody to be creative, if you’re hiring for a creative role, openness, you want somebody high in openness, happy to experience new things.

Jon: But there you’re having to presuppose that candidates are going to be willing to take this test

Gabriel: 100%. I know. I know for a fact that that is a factor. But this is one way of, let’s say, solving the problem. Now, if you don’t want the candidates to take these tests, you can narrow them down as part of an interview process. You can ask them during your interview.

Jon: Oh. And just kind of create, like, an internal scoring like, system, right?

Gabriel: IQ what does IQ what does intelligence quotient measure? Do you know?

Jon: Yes, but supposedly it measures the which is what? The innate intelligence of someone or their ability to problem solve.

Gabriel: Problem solve, yeah, exactly. It measures two things pattern detection and problem solving. So your ability to visualize a solution to a contextual problem instinctively. So how quickly does your brain process the problem, how quickly it processes a simulation to identify a given solution, and how quickly you will pattern match a solution on paper to the solution in your mind. Right, so most IQ tests, you’re given a question, which is the problem, and you have to embed that problem into your brain and simulate it. And then you’re given a set of multiple choice answers and your brain will come up with the answer. And then you have to pattern match from the multiple choice the answer that your brain came up with. That’s how IQ tests work. So at the end of the day, at least, that’s the Culture Fair version. Right, the Culture Fair being the images and geometric shapes one, and you’re identifying rotation. So you’ve got a clock at twelve, a clock at three, a clock at six, and then he asks you, what’s the next one in the sequence? Nine. Yeah, exactly. So that you have to be able to imagine the problem, which is the rotation of the clock. You’ve got the sequence. That’s what it’s measuring. So if you want some body in a job that is an engineering job.

Jon: You want to be looking for someone that has that same kind of intellectual acumen, if you will.

Gabriel: Yeah, the ability to problem solve, to engineer, simulate. Yeah.

Jon: Whereas if you were looking for someone for like a GRC role, you wouldn’t be looking for the same thing.

Gabriel: You’d be looking for no, you’d be. Looking for somebody that’s conscientious, potentially a little bit neurotic because you want them to be risk adverse.

Jon: Right. I was thinking about this. We were talking and I think you’ve actually dressed I basically had a question. I think you’ve actually dressed it because there are different types of intellect, if you will. Right. You have logical intellect, emotional intellect, psychological impact intellect, social intellect, even physical intellect, where you’re intellectually, maybe you’re not as smart and smart, but, you know,

Gabriel: Good visual and kinesthetic.

Jon: Yeah, you’re kinesthetically intellectual. That was going to be my rebuttal. But it seems like you’ve actually thought this through, where if you have an engineer, you’re going to be looking for one type of intellect because that’s the thing that engineers need. Whereas if you’re looking for, you need.

Gabriel: To match the intelligence to the role. You can’t pick somebody that is a beautiful artist. They are an amazing musician, they have. A high IQ and they are high in openness. And then they’re going to try to do a GRC role.

Jon: Yeah. Or like a pen testing role. Yeah. They’d hate it.

Gabriel: Right. They’d hate it. It’s not open enough for them. It’s not creative enough. So it’s too procedural. Right. So that’s the thing. You need to match the role to the candidate. And sometimes experience not just experience, but experience with a particular tool, particular process is not the best predictor of capacity to do that job. So what you had with your gut feeling is you identified in that candidate an ability to do pattern detection, an ability to problem solve, particularly. A heightened consciousness, the ability to be very dedicated to the job. Somebody might be a quick learner. And if you’re capable of assessing during an interview how quick a learner somebody is, give them a case. Right. And don’t give them time to prepare. Surprise them with a case study during the interview and see how quickly they will remember the facts of that case study. That’s somebody’s ability to learn.

Jon: So this is kind of your solution to it’s. Not bad.

Gabriel: I’m saying you need to systematize the hiring process, because decade, a whole generation of bad managers have killed the hiring industry. They’ve killed the science behind hiring. They’ve really killed it. And you can use the same thing for performance and promotion. Somebody is on the job, and you need a new manager. Rather than giving it to the person that’s been in the company the longest, you need to give it to the person potentially with a higher agreeableness, because a disagreeable person is not a good manager. Yeah, disagreeable people make good directors, very good directors.

Jon: But they don’t make good managers. Yeah. They can’t make an advertiser. They can’t work well with others.

Gabriel: Correct. So you see the idea. So you need to find the right skill set for the role, and you need to find ways to measure that skill set. And that’s what’s been missing. That’s why neurodiverse people are losing out. That’s why neurotypical people are losing out. That’s why companies are losing out on a lot of money. Right. The whole economic system is broken because of this fact. Poor measurement of productivity, right? So that’s when it comes to personal management and companies need a whole lot better outcome measurement. Outcome measurement. When it comes to productivity, how do you know if somebody is being productive? The traditional approach how many hours have you done a day? If that doesn’t mean that you’re being.

Jon: it’s like in recruitment. How many calls have you made today?

Gabriel: How many calls have you made today?

Jon: You haven’t been productive today.

Gabriel: Yeah, but how many candidates did you successfully place in a job?

Jon: Or it’s like how many calls were actually how many calls connected, or how many calls did you actually get something out of? Like, how many people of those 20 were interested in the role? A good fit match the salary, it could produce results.

Gabriel: Call to offer ratio. Your call to offer ratio is your performance.

Jon: Not even that. I go off of interview to offer ratio.

Gabriel:  Well, even tighter. Yeah, even tighter.

Jon: Very tight. Yeah.

Gabriel: So interview to offer ratio is once you’ve got an interview set up, what’s the percentage of those interviews that result in an offer?

Jon: I don’t know off the top of my head.

Gabriel: No, I’m not asking. I’m saying. A good measurement for productivity, because you can mathematically calculate how good you are at finding the right candidate. But that can be gamed, you see? That can be gamed, let’s say by sending less candidates into interviews.

Jon: Yeah.

Gabriel: But if you’re really good. At selecting. If that gut feeling of yours is really good at preselecting the right candidate, then you know that this candidate will be successful.

Jon; Yeah.

Gabriel: So you send less. So you’re boosting your ratio. Right. Hopefully, you can see, so every metric has its way to be gamed, but at the very least, it’s a metric that is measured on the basis of something productive. If the company made an offer, that means they liked the candidate, so it’s undeniably a good outcome. So even if you can game the ratio, the outcome is still good. But then you’ve got companies that make some measurements that are ineffective that leads to bad outcomes.

Jon: Well, they’re arbitrary measurements at best.

Gabriel: Arbitrary at best, outright disruptive at worst. And people are smart. Employees are smart. They’ll learn to game the measurements. They’ll learn to game the metrics, and now they’re gaming the metrics that are irrelevant, arbitrary at best. So you’re teaching employees to become more arbitrary. So why else would we have a stagflation? Why would productivity be low if you’re not training employees?

Jon: All of a sudden? It comes around circle.

Gabriel: Of course it does. Yeah. And this is what game theory teaches. You see, once you start identifying these things, okay, managers being bad managers, they’re measuring your productivity with the wrong metric. And now you’ll see a lot of articles saying, oh, employees are lazy. Are they? Or have you trained them to game the wrong metrics? Yeah. It’s.

Jon: And you’re and you’re measuring them on the wrong metrics, not on the you’re measuring them. Yeah. You’re not measuring them on things that matter. You’re measuring them on things that someone put in place to make themselves feel more important while having to do less work.

Gabriel: Yes. Here’s the thing. Productivity at the country level or at the company level is measured appropriately, roughly. Right. GDP and monetary values are a good measure of success. Sure. But here’s the thing. How does your team, your individual team performance correlate to how much profit your company makes? If you can’t prove that the metric you’re using for your team actually increases the profit by either lowering cost or boosting revenue? Yeah. Your metric is irrelevant. It’s literally that simple.

Jon: Oh, I think we’re going to have some upset people at the end of this episode.

Gabriel: But it’s the truth. Blaming employees for being Jocko Willink created a beautiful book. Extreme ownership. I don’t know if you’re familiar with it, but I’m sure some people listening to this podcast would know. Extreme ownership is brilliant. And basically, every manager that tries to or every executive, every CEO director that tries to blame employees for being lazy or less productive, particularly around this conversation about working from home, right. Oh, we want employees back in the office because they’re less productive when they’re working from home. Let that book. Extreme Owners should be a lesson. The buck ends with the accountable executive every time. Every time.

Jon: I didn’t know there were accountable executives.

Gabriel: Well, great point. Exactly. So the idea is if your employees are being less productive. Maybe you’re not measuring productivity correctly. Maybe you’re not measuring incentive correctly. Right. Because there’s the idea as well. How are you incentivizing people to be more productive?

Jon: Yeah. But then that would mean if you’re not measuring that correctly, then you’re also not measuring your hiring needs on what you actually need, but on what you exactly.

Gabriel: And then who suffers even more? Neurodiverse people. Because we’re now being managed by bad managers and they are not happy with us because we’re not that social. Or maybe we’re too social, or maybe we’re grumpy because you’re measuring us badly.

Jon: Or we’re taking it too literally, but you’re telling us what to do, and we’re doing it very literally.

Gabriel: Yeah. So all of these things and we end up getting the short end of the stick and being fired because the manager can’t measure productivity well, they can’t measure hiring skills well. They can’t. Right. So that is the key. So once a good manager that is capable of measuring things correctly, they will go to a low salary, they’ll open a role at a lower salary, and they’ll have the cream of the crop of candidates. Because here’s what they’re going to do. They’re not going to measure candidate skill on the basis of experience or knowledge with a particular tool. They’re going to measure the candidate on the basis of actual measurable metrics to find if they’re a good fit to that role. No. What’s their IQ? Roughly? What’s their conscientiousness? How hardworking are they going to be? How good are they problem solving? How good are they at pattern detection? How good are they at learning? How fast a learner are they? And then you’re going to find, actually, there are some really good candidates here that don’t have that experience.

Jon: Yeah. But they would have otherwise missed had they not done it that way.

Gabriel: But within three weeks, they’ve learned it’s literally that quickly. Three weeks they learned how to use the tool. Yeah. Three weeks they learned how to detect patterns that they had never seen before.

87:01 Last Comments

Jon: Yeah. Well, Gabriel, I think we’ve run out of time for this, but I do genuinely believe that we could be talking about this for hours yet. So it would definitely be good to get you back on at a later point, and we can just keep going into this.

Gabriel: But I think we’re reaching the end anyways. The three main solutions are better hiring and recruitment, better performance management and productivity monitoring and people management training. Because at the end of the day, it’s good enough. Not good enough. Yes. Okay. You can measure an engineer productivity, you can measure an analyst productivity, but how are you going to measure management productivity? So you need good people management training and a good way of assessing their skills yeah. Within their role. And train them to do better. Train them to do better. Train them on how to handle neurodiverse employees. If you’ve got a neurodiverse manager, then train them so that they can handle things despite being neurodiverse, they can manage better. Yeah. Everybody needs training. Everybody

Jon: Everybody needs training. I completely agree on that. I need training. You need training. We do. Yes. It is just something that yeah, we all have something to learn every day. It doesn’t stop. Yeah, I think that’s really well summarized. It’s a really complex subject. Maybe we haven’t solved anything. Maybe we have. Hopefully we have. All I can hope is that the people that have been listening have gotten something out of it. But yeah. Thank you to everyone that’s been listening or watching. Thank you guys for listening to Hyper Focus Hour, which has been hosted by myself, obviously, and Gabriel here through Via Resource, which, again, we are a recruitment company. So if you need us, I’m right here. Gabe, thank you so much for your time today, for your wonderful insights on neurodiversity management and the economy. You have a lot of thoughts into it. You’ve obviously put a lot of time and effort into it. It’s been amazing getting to hear you. Just wonderful to get the challenges on my ideas, my presuppositions. It’s been really informative, and I just really appreciate it. So, yeah, thank you again. And for everyone else, stay tuned for the next episode. Don’t forget to take a break, drink some water, and take a stand up and walk around for a few minutes until next time.

The importance of IoT penetration testing

The importance of IoT penetration testing

Internet of Things (IoT) connected devices are an unexpected source of intense and preventable security breaches, and it’s time they get the penetration testing treatment just like other hardware. Why is it essential to give IoT devices special treatment and how can companies defend them successfully?

What is IoT penetration testing?

An IoT penetration test is the assessment and exploitation of various components present in an IoT device solution to help make the device more secure.

The first step of IoT penetration testing is to map the entire attack surface of the solution, followed by identifying vulnerabilities and performing exploitation, followed by post exploitation. The testing concludes with an in-depth technical report providing insights into the risks, and of course suggestions for remediations.

What’s the Importance of Penetration Testing for IoT?

As IoT devices rely on connectivity, their utility crumbles in the face of a threat actor or power outage. Because such devices are growing in popularity at a rapid pace, security professionals are presented with growing challenges and a need to provide as much assurance as possible in this space. Since IoT devices connect from countless routing points, servers, and regions, few connections are reliably the same meaning there is a larger scope for attacks.

Penetration testing of IoT devices reveals unknown security gaps as trustworthy professionals simulate the techniques of malicious actors. They dig through firmware and hardware for vulnerabilities and accessibility oversights.

Testers get inside the mind of a hacker, trying to find sneaky ways into systems, tease out the most valuable exploits and extract the most priceless information. Analysts need to perform these tests — especially with rising technologies like IoT — so their reputation for being insecure and modern technologies quickly dissolves.

1. Identify Security Vulnerabilities

Security vulnerabilities vary from hidden back doors to out-of-date software and firmware with default passwords, which is why you need to know which pathways could impact systems the most. For instance, if your organisation uses IoT systems, the level of risk can increase since these are some of the most overlooked networked devices when it comes to cybersecurity.

IoT devices are sometimes mobile and can connect and disconnect at any given moment. Therefore, security teams may lose track of their usage and even avoid mentioning them in reports.

This doesn’t mean your organisation should not use IoT systems or devices. Like most widely adopted technologies, the use of IoT devices can bring a wide range of benefits, however, it also comes with a need for enhanced cybersecurity measures. Where, you can use penetration testing in combination with AI-powered security tools to determine if any of your users are engaging in risky or malicious behaviour.

Subscribe To Our Newsletter

2. Improve Security Posture

The great thing about penetration testing is that there’s no one single way to do it. There are different types of testing you can apply, and specialists recommend combining several different methods to get the best results.

Diversity of penetration testing methods is what keeps your organisations data secure and help improve the company’s security posture. That’s because different methods produce different results, which, when combined, provide decision-makers with a well-detailed map of the company’s weak areas.

3. Complying with Regulations

Cyber security regulations help organisations understand different security standards and push for a more secure business environment. This is why many of these regulations require organisations to undertake regular penetration testing and audit their IT systems to ensure compliance.

Failure to comply will often lead to a data leak, which can follow to a fine and an investigation into the business’s cybersecurity practices and decreased customer confidence.

4. Reduced Costs

Penetration testing can help reduce costs in the long term as any identified vulnerabilities can be addressed before outsider ill-intended entities will discover and exploit them. It’s also a good way to get your employees used to the idea of always being on the lookout for suspicious activity and taking everything with a grain of salt when it comes to dealing with people online.

However, this shouldn’t be used as an excuse to forgo cybersecurity training sessions, which also need to be an ongoing occurrence. Combining a good security system with well-trained employees, the security posture will improve significantly.

Top 3 IoT Security Testing Tools

It is essential to perform IoT security testing to ensure that your device is not part of the next big hack. The following are the top 3 IoT security testing tools: 

    • Firmware Analysis ToolkitFAT is built to help security researchers analyse and identify vulnerabilities in IoT and embedded device firmware.
    • PENIOTPENIOT is a penetration testing tool for the IoT devices. It helps you test/penetrate your devices by targeting their internet connectivity with different types of security attacks.
    • AWS IoT Device DefenderAWS IoT Device Defender is a fully managed service that helps organisations protect their fleet of IoT devices from external threats. AWS IoT Device Defender gives you the ability to monitor your fleet of IoT devices’ health continuously and detect and remediate potential threats.