Security Unfiltered
Security Unfiltered
From Engineering to Marketing: Unconventional Career Paths and the Power of Soft Skills With Anne Baker
Anne Baker's journey from mechanical engineering to cybersecurity marketing is nothing short of inspiring. With a love for math inherited from her father, Anne began her career at Boeing before leveraging her engineering skills in various roles, eventually landing in the tech-forward world of cybersecurity marketing. We share our own unconventional paths, including a leap from criminal justice to cloud security engineering, while highlighting the diverse backgrounds that enrich this field. The demand for cybersecurity talent is growing rapidly, evidenced by unique career shifts like an opera singer becoming an application security engineer.
The discussion turns to the significant role soft skills play in cybersecurity, often overshadowed by the emphasis on technical prowess. Drawing from personal experiences, we underline the necessity of communication and conflict resolution skills, learned in high-pressure roles, to succeed in cybersecurity. It's crucial for candidates to balance technical expertise with the ability to foster teamwork and drive security initiatives through effective communication. Hiring for attitude and aptitude, not just technical skills, can lead to growth and stability in this fast-evolving industry.
Interdepartmental dynamics in cybersecurity bring their own set of challenges, from maintaining security protocols under developer pressure to the tension between IT and security teams. We explore how effective communication and emotional control are vital in fostering productive relationships across teams. Additionally, the conversation highlights the innovation of Adaptiva's OneSite platform in automating vulnerability management, helping simplify the patching process. To top it all off, we discuss a remarkable opportunity for aspiring cybersecurity professionals: scholarships for the Microsoft Fundamentals course in security, offered through a collaboration with Women in the Cloud. This inclusive initiative is a great starting point for anyone looking to enhance their cybersecurity knowledge and skills.
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
How's it going, Anne? It's great to get you on the podcast. I think that we've been trying to get this thing done for a couple months now, but I'm really excited for our conversation.
Speaker 2:Thanks, joe. It's great to be here, Happy to finally connect.
Speaker 1:Yeah, absolutely so, anne. You know why don't you tell me about how your journey started, right? What made you go down the path that you did? Because you have a bit more of a unique background compared to, you know, the other degenerate hackers that I have on the podcast, right?
Speaker 2:Yeah, I know. Thanks for letting you know someone from the dark side of marketing come into your, your podcast. I appreciate it. But I I did start with an engineering degree so I actually went from the tech deep tech over to a little more soft skills but still have stayed in technology and cybersecurity and have really loved this industry and space. So happy to be on the show.
Speaker 1:So you got your degree in engineering. What specifically like, what part of engineering?
Speaker 2:I did mechanical engineering. I really loved math and looked at different careers that would allow me to do things with math and numbers and analytics, and it went into that area. My father was an engineer. He really encouraged me, which I appreciate to this day, and I started out interning at Boeing in true kind of mechanical engineering and then, you know, just sort of evolved evolved into more product management and then now kind of all aspects of marketing which I enjoy and still getting to work with a lot of the technology, getting the dive as deep as I want to go but still be able to enjoy some of the creative aspects that marketing brings.
Speaker 1:Yeah, it's interesting, when I was in college I was getting my degree in criminal justice and I worked with a guy that was getting his degree in mechanical engineering and you know, he, he studied more than anyone else I knew, and I I mean he. He ended up getting his degree, but he didn't go into mechanical engineering or anything like that, he actually just went into iet and I.
Speaker 1:I graduated like a year or two ahead of him and I told him I was like hey, you know, I know you're trying to be a mechanical engineer, right? I don't know what the career path looks like for that, but you already have experience in IT. Just look at that first and then try and make your pivot. You know, because he had student loans, like I did, right, so he has to have an income, you know, coming in to pay off those loans. But it's really fascinating, right? Because I always think if I were to go back and like get my bachelor's and do it all over.
Speaker 1:I would probably get my degree in, like math or engineering or something like that. Like that is right. In my wheelhouse I took calculus for fun, because it was. I considered it to be an easy class, and math that is an easy class. To people that are not in math, you know that's considered to be like a difficult class, right, I took. I literally took it for fun and I wanted to go farther with it. But it was like, okay, you're gonna, you're gonna do criminal justice, you're gonna do math. And I was like I don't know about that math thing yeah, I did.
Speaker 2:There's something great about like getting that solution at the end of a problem, and so I still, uh, really enjoy, enjoy math although I don't get to do it nearly as much anymore now. It's just maybe calculating revenues and things like that not as not as much detailed calculus as I was doing at one point. But engineering is a great degree that you can use to bounce off into so many different fields of study, and that's how I feel about cybersecurity in general. You know we're seeing more and more people come into this field and this realm and this area. They come from all different backgrounds, right. Sometimes it's communications coming into cybersecurity. Come from all different backgrounds, right. Sometimes it's communications coming into cyber security, sometimes it's testers.
Speaker 1:It all different, different areas that are now joining kind of the whole swath of cyber security professionals that are needed to kind of fill some of the resource gaps that are happening in this industry today yeah, yeah, it's interesting, you know, as, as I mean, now I'm a cloud security engineer, right, and so I have to be able to think of problems forward, backwards, start at the middle, go to the end, start at the middle, go to the front. You know, like I have to really be able to just dissect different problems, no-transcript, you know you'll see a solution and you start thinking of, okay, well, how did they get there? Well, this is probably where they started. And you know, like it's a game, almost right, and I think that that's what kind of piqued my interest with cybersecurity, right, is that ability to be so fluid with your thinking. Because, you know, I guess it's interesting.
Speaker 1:I don't consider myself to be a very creative person. I consider myself to be like very average, not creative at all. I can't draw to save my life. I can't play an instrument to save my life. My wife, on the other hand, she can play like six or seven instruments, you know, like hands down, like she's a symphony orchestra violinist, like I'm sitting over here, the least talented person in my, in my family, you know, and somehow I made it right. So it's interesting. Also, you know, you bring up the different backgrounds that everyone is coming into cybersecurity with, and a few months ago, maybe even a year ago at this point I think it might have been a year I had on someone that was a former opera singer and now she's an application security engineer and I'm sitting here like how in the world do you make that jump?
Speaker 2:I think you're going to see more and more of that, though. I mean because there is this huge gap, right, four million or something. The world economic forum said open jobs and a deficit in cyber security workers, and so there's a huge opportunity here, when the job market as a whole may not be as exciting in tech as we'd like it to be, and so you know you're going to see people, I think, explore it and see if there are ways for opera singers or marketers or other people to play a part, because it is one of the maybe unique roles in tech where you really feel like you can make an impact and that you're giving back. In a way, there's a you know, there's a real purpose to it, in the sense that you're fighting the bad guys.
Speaker 1:Right, you're fighting the bad guys, right, and you're, you know, not only helping companies be more secure and resilient, but potentially even the whole 2014, 2015,. I was doing everything under the sun that I possibly could be to get into the field. Yeah, you know anything like that really. You know, in all honesty, I was underpaid, so I wanted to make more money, right, I wanted to, like, make enough money to have a family and whatnot. But it also, like, piqued my interest. It seemed like there was just, you know, never ending amount of things that I could learn, that I could dive into, that I could specialize in. And now, you know, that still holds true, right, and so that kind of scratches that itch for me in a different way, if that makes sense. But I think COVID kind of I don't want to say exacerbated the situation, but it really put cybersecurity at the forefront, right, because you know, I'll tell you, I have a friend.
Speaker 1:He's a manager in a in a ford manufacturing plant, right, and I went to high school with him and we've stayed in touch ever since and whatnot. And when covid hit, he was out of work for like six months. Like six months he was basically out of work and for the next maybe two years after that, there will be months where he just didn't work because they'd shut down the plant for whatever reason. You know, and I'm, I'm over here just living my life like nothing ever changed, because it literally never changed. You know, the only, literally the only thing that changed for me was my manager calling me one day and saying yeah, you're just going to be remote now it's fine.
Speaker 1:And I've been remote for the past, you know, four years, five years at this point, and like there's nothing changed, right, I've changed jobs several times and whatnot. And he looks at that and he's like man, I really want, I want the stability, I want the freedom to be able to you know kind of work from wherever I want to work. It doesn't make sense for me to have to be in one singular place, you know, to do a job. And he, he wants to be able to have a family, you know, have, have a career that is paying, paying the bills, you know, having some money left over for the family and whatnot. And I think that was put to the forefront of everyone's mind where there was like I feel like it happened for a week, but during that week people were like well, what jobs are still working right now? What jobs were not even impacted and I mean the job that was the least impacted that worked the entire time was cybersecurity.
Speaker 2:Yeah.
Speaker 2:Yeah, I mean, that's really eye-opening yeah, I mean, not only is, I mean obviously cyber security is a, you know, fairly lucrative field, but yeah, it's not going away anytime soon. In fact, the problem's only getting bigger. I mean my company, adam tiva. We're in the patch management space, where we're patching vulnerabilities that are discovered on endpoints, and last year there were like 26,000 plus vulnerabilities discovered. It's going up this year and the meantime the exploitum just keeps getting faster and faster.
Speaker 2:I think it was like seven days on average, and for some of the high risk ones it was like less than a day. So when you are facing those kind of numbers and with some of the new technology that's coming out, like AI, that only makes it faster and easier to secure your network, but also, potentially, if the bad guys use it, exploit it, then you know this career path is one that is only going to become more and more in demand and potentially, you know just more and more areas to be able to focus on and have to look at and secure. And so you know, obviously I think it's a great area to be involved in, but one that I hope we can recruit more people into and bring more people into, because there's so much work to be done.
Speaker 1:Yeah, it's interesting. You bring up an interesting problem, because I feel like still there's a lot of companies out there that don't know the type of position or the type of person that they're looking for to really come in and make a meaningful difference. I'll give you an example, you know previously, when I was interviewing for a job which, if you're my employer right now and you're listening, I haven't done it in a while, right, but people would be like extremely, extremely technical, right, and that's fine, I can deep dive into things. But typically when I get into those interviews, you know the recruiter is prepping me ahead of time and they're saying like hey, they're going to do a deep dive into IAM or Kim or whatever. It might. Be right, because it's a courtesy, it gives me the opportunity to brush up on that knowledge, because I'm not going to know everything at all times. I may have learned it for three months and I haven't touched it in four years. I mean, that's a very real thing. It's not that I don't know it, it's that I haven't looked at it.
Speaker 1:You know, like there's a very big difference between the two. You know, and you know, this role really needed someone that was more of a people person. You know someone that would actually meet with the teams, get to know them. You know, kind of sway them to patch. You know one of those 26,000 vulnerabilities right and make a difference in the environment. And you know this company kept on going extremely technical. And I'm sitting here like guys, you don't need that. What you need is you need someone that can talk to people, that of which you know I have a proven track record of over 200 episodes where I could talk to you. Know anyone and make an impact right, make a difference to some extent. But they didn't see it like that, you know. But they're hiring for a role now that isn't going to be a fit for the job functions that they have, and that's a problem that is very prevalent, I think. And then I think another part of it is companies. One, they don't know really the skill sets necessary for the role. But two, we're also under-hiring.
Speaker 1:If you go on LinkedIn Jobs right now, I feel like LinkedIn jobs is a good barometer for where the job market is. Every single security role out there has over 100 applicants, every single one, and if you find one under a hundred, like it's a, it's a rarity. You're on page 12,. You know you're probably pretty desperate at that point, which is which is crazy to me, because it it tells me something really weird is going on in the market, where I think everyone's a little bit nervous.
Speaker 1:You know, we have a, we have a major election coming up here in a couple of days. People are nervous about where the economy is going to go, like what the outlook of it is, and I think a lot of companies are also worried, and so we're. We're in an interesting like limbo that we haven't been in in quite a long time at least not not that I remember. You know I entered the workforce what I like 2009, technically right, and that was at like the tail end of the recession, so I didn't even really understand the recession, you know of like what was going on when it was happening, you know yeah, and I I mean I I really agree with you.
Speaker 2:Your ability, you know, to communicate is key, I think, in the cyber security role and you're not alone in that sometimes those technical certifications and things will open the door for you and get you the interviews.
Speaker 2:But in hiring today there really has to be that balance, because I had a boss shout out to Lisa Stewart that used to say she hired for attitude as much as aptitude, and I think that's really going to become key with cybersecurity roles in particular going forward, because, you know, not only do you have to have those technical skills to be able to do the forensic analysis or whatever the job is requiring from, you know, just security perspective, but you have to be able to communicate that, you have to be able to present it to the team, you have to be able to convince people to, you know, do certain, take certain courses of action, and you also have to maybe have just sort of that creativity to try different solutions to problems.
Speaker 2:So, um, and hopefully high integrity as well in this role is key, uh, too. So there's a lot of soft skills there that just have to blend with the the technical skills as well in order to really make a good candidate and a good employee, but it is still very competitive. I agree it's kind of hard to get your foot in the door sometimes on these positions. For sure, and a lot of people are recognizing there's a lot of growth potential, stability potential in this space that are struggling to kind of find their way in and navigate how they at least get that first door open for them in cybersecurity.
Speaker 1:Yeah, yeah, that's a good point. You brought up the soft skills, right. We've been talking about it for a bit now, right, but you brought up the soft skills and having that foundation of soft skills really, really benefits. You know you like tenfold in cybersecurity and I'll give you a good example. You know I started my career in help desk right, when you're on help desk and I worked for an enhanced 911 company, right. So when our solution is going down, people typically just lose their mind because they may or may not be able to dial 911. And, yes, it is absolutely an emergency, but you know you don't have to, you don't have to yell at me right from hello, right so, but I've learned a lot of social skills in that job, right, and for probably a year and a half, you know I would have like massive anxiety in this job, to the point where I'd have to like go for walks, you know, several times a day for 30 minutes just to just to like decompress and process what I just went through. And you know that that may be sound I guess that maybe sounds potentially like weak or stupid or something like that Right, but you know, going from being in education right, just being in college to a job that is high stress like help desk overall can be high stress regardless but now you're thrown into a company that supports a critical application for a business and you don't even know what a critical application is. You know because you're that new in the field. It was a trying time but you know.
Speaker 1:In that situation I learned how to de-escalate very quickly. I learned how to you know find out critical information within 30 seconds. Within 30 seconds, you know find out critical information within 30 seconds. Within 30 seconds, you know what's going on generally and you can start making progress and whatnot.
Speaker 1:I learned how to get the right people on the call right from the very beginning. You know how to assess the situation quickly and move forward with it in the right direction. And all of those skills really do pay off when you get into security because I always, I always tell people start with help desk right, like you want. You want the ability to tell someone no, have them yell at you in return and you stick to your no, right? I'm 10 years into security, literally. Last week I had a phone call with 150 developers on the call and then I was the only security person on the call the only one and they were trying to convince me. At first they were very nice. They were trying to convince me to put in a certain rule into my AWS WAF that I was rolling out globally.
Speaker 1:And they couldn't really explain it properly. Right, because I need to know what the rule is, why it's getting blocked, why do we need to add this exception? Does it bypass the entire WAF? You know all of these. You know minutiae, right, the things that you need to know for the technical aspect of the job.
Speaker 1:Well, at one point in time they couldn't give me any straight answers, and so I just kept on asking questions for 30 minutes. I asked questions, I didn't give any answers, I didn't give any context. I only asked questions because they were trying to beat around the bush and I could tell they were trying to bully me into, you know, just going with them, right, because they wanted to get off this call. And so they figure okay, 150 developers are going to overwhelm Joe and you know he's going to give us what we want. Right, because it probably would have worked. At the other, you know 10 security guys that they had there, but not with me because I got all day. You know, you, that they had there, but not with me because I got all day. You just made this a priority, right? So now I get to call other things off and at the end of the questions, literally 30 minutes of me questioning it.
Speaker 1:I said you guys are just trying to bully me into bypassing the WAF because you don't want to deploy it, you don't want to work within it. And I had to explain to them. I said, hey look, this was an audit finding right. They gave us a timeline for when we needed to fix this. This is why it's going in. And they like tried to rebuttal it, tried to refute it you know many different ways and whatnot and I said there is no refuting this. You are doing this or it's going to be reported to your VP and your director and I will reference this conversation and, like I told him, I was like it's being recorded. I have the minute keeper, like right now, and I'll tell them go to minute 33 in this conversation where I started to like really go into them.
Speaker 2:Yeah.
Speaker 1:Right, and at the end of the day, you know they very begrudgingly went along with it. But you know I had to learn how to stand my ground from 10 years prior, Right, Like I had to learn how to literally look at someone that is yelling at me in the face in person to you and you know, tell them no, that's not happening and that's a very unique skill set that not many security professionals have. Like I said, the other 10 security people that they would have had on that call, they would have just caved in 10, 15 minutes. It's funny they wouldn't have known that they were making the environment less secure.
Speaker 2:Our CEO here and founderak kumar.
Speaker 2:He came, he actually has a medical degree, so he was a doctor and now he does software, so he's made a big career transition.
Speaker 2:But he has often, uh, talked about, just you know, the need, especially when you're in the medical profession and dealing with emergencies, to sort of stay emotionally calm and how, like, having a control over your emotions is so key in just day-to-day business, creating, in marketing and also in even our technical roles.
Speaker 2:He really encourages us to look for people who either have a customer service background at some point in their career or like a help desk background, like what you're describing, where they've had to deal with challenging personalities and figure out how to just maintain those relationships and be professional and not get overly emotional or overly reactive in those situations. He feels that that basic skill set is something that is just so hugely important in day-to-day business at all different levels of the company, and so, as we recruit, that's something he always encourages us to look for, and I think it applies to the cybersecurity profession as well. It's just like I said, even for marketing. I tend to try to look for that too. It's just a great skill to have, especially when you're on a call with you know 150 people who might be, you know telling you something different. Figuring out just how you find common ground and work forward is really key.
Speaker 1:Right, yeah, I mean I've. You know, I've been in situations where I'll go into a company and there's a terrible relationship between my team and another team and of course, a system down incident occurs and I need that other team. We're relying on them and they really don't like to work with us. I have not shied away from bribery with food and drinks and whatever it takes, you know, to get the help that I need I agree on that. Sometimes it's required.
Speaker 2:It really is. You know, and I will say, the cybersecurity in general, a lot of emergencies that that happen, and being able to handle those crisis communications in a way that's, you know, done professionally, delicately, understands everything and all the implications that come at it, can be challenging. So you have the those big emergencies that happen that you really need strong leaders who don't get overly, you know, overly emotional in some of those situations, but then also just day to day. I mean, you mentioned starting in IT or starting in help desk as a way to potentially pivot and swerve into a cybersecurity career, and one of the things I hear about most often, even from our customers and prospects is most often even from our customers and prospects is, you know, that kind of fight between IT and security today or at least gap we'll call it gap where you know security is finding all these vulnerabilities and issues and then pointing to IT to go fix them and that's saying, oh, it, you're not, you know, moving fast enough and you're exposing me to too much risk, and so there is sort of this constant kind of like back and forth that's going on between IT and security today and having the skill set to, you know, approach that from a collaborative. How can we work together to reduce risk for our organization?
Speaker 2:Perspective is important, but you know where we're coming from too. Perspective is important, but you know where we're coming from, too is we also want technology to help bridge that gap too, between IT and security teams, where the reports and the findings and the vulnerability assessments all that data is there and being found by technology. But then IT can also show their progress against it and how they're taking action on that data, and you know the rationale they have behind what they're prioritizing and how they're taking action on that data. And and you know the rationale they have behind what they're prioritizing and what they. They can connect all that in technology and use technology as a way to bridge the, the security teams and the IT teams. That can help augment some of the and hopefully resolve some of the communication issues that come about because of just that dynamic between IT and security teams.
Speaker 1:Yeah, you know something that I've recently run into that's been a prevalent problem for many years now. Right, is, with the advent of the cloud, your on-prem legacy solutions don't quite work like they should in the cloud, right, and so now you end up having, you know, six, seven solutions doing vulnerability management, looking at different things, different ways, and how in the world can your developers or your engineers or just it overall keep up with that? Right, because I'm the security professional that's supposed to own all seven of those tools and I don't look at all of them. Right, like I need a solution that correlates all of it, brings it all in and tells me what I need to pay attention to. Right, and I think that's like kind of where most of the industry is missing the mark. Right, it's like they provide a solution of we do pipeline security vulnerability management, right, or we do infrastructure in the cloud vulnerability management, all this stuff. It's like I don't care. You said vulnerability management. At the end of all of that, I need it all in one singular tool.
Speaker 2:Yeah, and it's been interesting. I mean, vulnerability management is one area, right, but security in general I mean, how many different tools and technologies and vendors are there in that space? Now it's unbelievable, and that's why we're starting to see especially some of the big leaders, like CrowdStrike and Microsoft and others, start talking about consolidation. And how can we help you consolidate the number of vendors you're using, the number of technologies you're using, so that you know, I mean because there's a risk to that.
Speaker 2:I mean, just managing a whole bunch of different vendors is hard on resources, but also, like making sure they're all secure and keeping up to date is key, and so we are seeing a move towards trying to consolidate and have fewer vendors and fewer different products in the space.
Speaker 2:And so I think the technologies that are going to be, you know, cross-platform, like for us, like helping you patch Windows and Mac and Linux on all your devices as opposed to needing a different solution for each those are the ones that you're going to start seeing win across the board. And then also, in addition to just sort of consolidating the different vendors, I think in general, you know just the more that we can bring together visibility into what's happening across your systems, the better in and get all your alerts and keep an eye, but I feel like IT is missing, that IT doesn't have that single view into all my deployments that are happening, all my patches that are happening, all the things in real time and I actually believe certainly that's where we're heading from a product vision perspective is starting to give companies more unified insight into both their security and their IT operations, bringing them together into one kind of single pane of glass so that you can stay on top of all the changes and data that are happening across endpoints and across the network.
Speaker 1:So talk to me about how Adaptiva does that right, how you guys bridge the gap between all these different kind of sprawling domains of vulnerability management and bring it all together into a consolidated way.
Speaker 2:Yeah, so we built a platform we call it our one-site platform and on top of that we built a suite of products, and the one that most you know we're talking about most these days is our patch management one-site patch solution which integrates with all your different vulnerability management solutions out there in the marketplace today. So, for example, next week I'm going to crowdstrike's falcon event in in europe and um, and there we'll be showcasing how you can use Falcon to analyze and assess all the vulnerabilities on your network. They have something called their expert AI rating that prioritizes them as critical, high, medium, low. We take all that data and we take their criticality factors in and we allow you to set up patching strategies based on that data. So if it's a critical one, maybe I want you to go patch it right away with very limited approvals, but if it's a lower, medium one, maybe I want to roll that out more slowly.
Speaker 2:A series of deployment waves. Deployment waves she set up those rules in our system, but we're pulling in all the vulnerability management information from the vulnerability management providers and then we're kind of consolidating, reporting them right. So, immediately, the security teams can quickly see the reports, see the insights in real time. Okay, how are my vulnerabilities getting patched? Which devices still need to be patched? Which ones are successful? What versions are they on All that rich insight and data in real time? So today in many companies those vulnerability assessments, they print them out on like huge Excel spreadsheets and hand them over to IT and say go patch this. And they meet every week and kind of fight back and forth on why more things weren't patched. We're hoping again that by just pulling all that data, in taking automated action on the data, you can solve that or resolve those kind of back and forth fights on vulnerabilities and provide a single, unified view into the compliance of your organization and it.
Speaker 1:So it sounds like you know my, my developers or my engineers. They would be able to log in and like see the assets that they're responsible for, or get like some sort of automated alerts like hey, you know this new high finding or whatever right is on your assets over here. Here's the card. Go work on it, that sort of thing. Is there a flag?
Speaker 2:We're taking a slightly different approach. I mean traditional patch management forces kind of the IT teams to have to go in and every time a patch comes out they have to take it down, take the metadata, configure it, test it, roll it out to a test system, make sure it's working. With us we have a team that's constantly putting those patches into our catalog and really our customers just set up the rules. They say anytime for you know this group of machines or for this type of patch, do these things, and so we let you really set up the strategies and then we automate it. So we believe in really speeding and accelerating the patching through automation so you're not having to manually patch and set up deployments for each patch. You're setting your rules for patching as an organization and we're taking care of the rest. But we're putting controls in place too, because we know automation can be scary.
Speaker 2:Bad things can happen sometimes when you roll out patches and we give a lot of control over that process so you can pause patching, you can cancel patches, you can roll back patches to previous versions. Our belief is you need to move faster. The bad guys are not slowing down. You need to find ways to accelerate and free up your IT teams and limited resources, and so by allowing them to set up their rules and then we automate, but giving them controls and guardrails that if something does go wrong, they can pause. Take a minute. That's our belief on how patching should really happen in the future.
Speaker 1:Hmm, and does it work for like pipeline security or pipeline vulnerabilities?
Speaker 2:We're focused on endpoint. So our patching is around endpoints, but we're beta testing right now the full cross-platform, so Mac, linux and Windows updates, and then also third-party applications, and then also third-party applications. We support patching of over 9,000 third-party applications BIOS, drivers, servers, all sorts of patching, truly unified endpoint patching.
Speaker 1:That's interesting. It seemed like when I got into security, the industry was at a scheduled, a scheduled, you know patching process right, where you're like, like what you said, this group of devices gets patched, you know, every monday night at like midnight or whatever it might be right. And then I think, as people got more into the cloud and their environments grew rapidly, they started moving away from that. It's interesting because I actually never noticed moving away from it, but I moved away from it and it's a fascinating way to kind of bring it back, especially if you're centralizing all of it right, like you're making it more easily consumable for everything to be in one place and then schedule it out from there. That really kind of like frees up at least my developers, right, frees up my developers to be able to do developing work rather than security work necessarily.
Speaker 2:It's the only way you can really start.
Speaker 2:I mean, with the rate of vulnerabilities that we were talking about earlier and just how many are coming at you and how quickly they're being exploited, the only way that you can get the scale necessary is to automate work, and right now we did a state of patch management report with the Ponemon Institute and we found that 59% said it was taking them two weeks or more to begin a patch, a deployment after a patch was released. So that's just like way too long when, on average, vulnerabilities are being exploited every seven days. And in many cases I think Gartner found it was taking, like companies, a month or more to fully roll out of cash. So that's just never. You're just constantly going to be behind and it's never going to scale. And so we're very bullish on automation that's going to help you scale, but automation with control, yeah. So yeah, it's a mindset shift a little bit for companies, but with how limited we are in resources right now and people to just tackle this problem, technology is going to have to fill the gap.
Speaker 1:Yeah, yeah, absolutely. Well, you know, unfortunately, I think we're at like the top of our time here. I know you have a flight to catch and whatnot, but you know I really enjoyed our conversation. I definitely would want to have you back on sometime.
Speaker 2:Yeah, it was great, joe, I loved it. Thanks for letting a marketer stray over here. I appreciate it and would love to talk again in the future.
Speaker 1:Yeah, yeah, absolutely. Well, before I let you go, how about you tell my audience you know where they could connect with you if they wanted to connect with you and where they could find the company if they wanted to learn more?
Speaker 2:Sure, I'm very active on LinkedIn, so that's a great place to find me and Baker and LinkedIn, and then also Adapteva is the name of the company A-D-A-P-T-I-V-A. If you're a drummer, I want to go check that out. I blog on there and we have a lot of great resources just for training. And also, I know we talked a lot about entering the cybersecurity field. I will just put a shout out to. I'm very active in Women in the Cloud, and Women in the Cloud right now is working with Microsoft, who's sponsoring over 5,000 scholarships for people who want to take the Microsoft Fundamentals course in security. That's a great one for women and allies as well. It's gender neutral to go and apply for those scholarships. If you want to break into cybersecurity, I highly recommend going and taking a look at that, and that's a great way to start getting some of those early certifications with Microsoft in order to start showcasing and learning more about cybersecurity. So definitely check that out as well.
Speaker 1:Yeah, absolutely Well, thanks everyone. I hope you enjoyed this episode.