At Bishop Fox's second-annual livestream from the 2024 RSA Conference in San Francisco, we interviewed special guest, Dave Lewis, the Founder and Managing Director at Liquidmatrix Security Advisors, who will soon be starting at 1Password. In our conversation, we discuss building and maintaining high-performing teams, effective leadership strategies, the challenges facing cybersecurity leaders today, and the evolving role of AI in cybersecurity.

---

Transcript

Tom Eston: Welcome back to the Bishop Fox livestream from the RSA conference in San Francisco. My name is Tom Eston. I'm the VP of consulting and Cosmos delivery at Bishop Fox. Joining me is Dave Lewis, the founder and managing director at Liquidmatrix Security Advisors. Congratulations, by the way, on starting at 1Password.

Dave Lewis: Yeah, I'll be starting on May 29th, and I'm really excited about that.

Tom Eston: Yes, definitely. I was reminiscing with you before we started. I met you back in the day at ShmooCon. I think we called ourselves the OG Security Twits back then, right?

Dave Lewis: Those were good days, back when Twitter was actually very functional and useful. I met so many people through that, including folks like yourself. It's sad to see how it's degraded over time.

Tom Eston: Yes, it's unfortunate what has happened to Twitter. I still call it Twitter, by the way.

Dave Lewis: Me too. It's not that other letter, whatever.

Tom Eston: But you've been busy over the last couple of years, right? Coming from Cisco, you've worked at Akamai, IBM. You're an amazing leader, first and foremost.

Dave Lewis: Thank you for that. I hope my colleagues would say the same. Building and maintaining a high-performing team is challenging. The key is empowering your team to believe they're part of it and ensuring they understand their contributions are valid. I remember one company where the team felt liberated when I took over. They were mortified and badly disposed towards their jobs. I said, if you want to go somewhere else in the company or to another company, I'll help you get there. They were worried it was a trap. In about six months, we turned that team around. None of them left, and they all became high producers. Everyone wants to do a good job, and if you make it so they're not vilified, they will produce.

Tom Eston: I often look at it as you're there to remove roadblocks, not create them as a leader. You're air cover.

Dave Lewis: Exactly. And to be a firewall. I've got plenty of daggers in my back over the years.

Tom Eston: Oh, yes, definitely. I think you're a lot like me. I grew up with a technical background and was one day asked, hey, you're really good at this stuff. Maybe you want to be a manager. I talk to many people with similar journeys. What advice do you have for very technical people who want to make the leap into management?

Dave Lewis: Learning how to communicate with others is crucial. Not everybody speaks or listens in the same manner. Malcolm Gladwell's book "Talking to Strangers" is great for understanding how to communicate with others. Security people talk about zero days, but that doesn't resonate with the C-suite. You need to put it in terms of risk. The best thing I ever did was take a PMP course. I learned how to deal with project managers, which improved our interactions. It's about communicating so they understand your requirements as well. Communication can really help build your career.

Tom Eston: I think you touched on something important. Learning about your team and what they do helps you become a better leader. It brings up a conversation of empathy. People may have things going on in their lives that you don't know about. When leading teams, empathy is really important. Do you have examples of how empathy has shaped you as a leader?

Dave Lewis: The team I mentioned earlier is a great example. I had to pivot quickly because my initial ideas didn't apply. I started doing one-on-ones every other week and learned more about them. Building rapport, constantly talking with them, and having that human connection is essential. Hybrid organizations still need human connection to build relationships and trust.

Tom Eston: What are some of the biggest challenges you see with cybersecurity leaders these days?

Dave Lewis: There are two types of security leaders: the "flaming sword of justice" who always says no, and those who see security as a business enabler. Thankfully, the former group is shrinking. Security is a business enabler, much like privacy. When people shift their mindset, things get better. Dr. Peter Attia's book "Outlive" is about changing your health approach. Apply that same iterative process to cybersecurity. Build fundamental relationships within your organization for your people and technology.

Tom Eston: Thinking of the future, with AI and other technologies, how do you think leadership needs to evolve?

Dave Lewis: We have to be the adults in the room. The pandemic showed how security can help businesses function. Organizations need to look at things strategically, not just tactically. I've learned that from experience. Always be learning and growing. Security is fantastic for those who love education and learning.

Tom Eston: I assume you're a big fan of mentorship. Do you have examples of how you've implemented good mentorship programs within an organization?

Dave Lewis: At a financial institution I worked at, we had people with ability but no guidance. We had a shortage of people to fill roles, so I mentored them and associated them with others with greater security knowledge. Some of them are now industry leaders. It's frustrating to hear about a shortage of security personnel when there are many skilled people available. Companies should hire them because the resources are available if you're willing to pay for them.

Tom Eston: Dave, this has been a great conversation. Thank you for coming on the livestream. Where can our audience find out more about you?

Dave Lewis: Check me out on LinkedIn. I left Twitter a year and a half ago.

Tom Eston: And the Liquid Matrix podcast?

Dave Lewis: We're bringing it back. The first episode should be out in about a month.

Tom Eston: I'm so happy to hear that. It was a regular listen for me and many others in the security community. We have to bring the fun back to security.