Unspoken Security

Evolution of the CISO

AJ Nash and Kayla Williams Season 1 Episode 14

In this episode of "Unspoken Security" - a turbo-charged special recorded live at the RSA Conference last week - host AJ Nash and guest Kayla Williams of DEVO dive into the evolving role of Chief Information Security Officers (CISOs) in today’s fast-paced cybersecurity landscape. Kayla, a seasoned CISO with a non-traditional background in governance, risk, and compliance (GRC), shares insights into the unique advantages and challenges of her career path. Her expertise in translating security into business terms fosters strong collaborations and aids in securing budgets—essential for driving security initiatives forward.

Kayla emphasizes the strategic importance of aligning security objectives with business goals, highlighting how security is not just a cost center but a growth driver in modern enterprises. Her approach underscores the necessity of communication skills and business acumen for CISOs, which are often overshadowed by the technical aspects of the role.

The conversation also touches on the interpersonal skills crucial for leading security teams, such as emotional intelligence and the ability to manage stress and team dynamics effectively. Kayla’s journey illustrates the broader impacts of security leadership, from fostering trust among customers to navigating the complexities of corporate governance and compliance. This episode is a must-listen for those interested in the broader implications of cybersecurity leadership and its integration with business strategies.

And, as usual, this episode ends with our guest telling us something that has so far gone unspoken...and Kayla overachieved by sharing two very interesting stories that I'm certain you'll want to hear.


Send us a text

Support the show

Unspoken Security Ep 14: Evolution of the CISO

Kayla WIlliams: [00:00:00] if you're not trusted, you don't have a brand, right?

You, there are companies that have gone through incidents who have survived. And that's because. They are otherwise competent and trustworthy. So security leads to those things. Security tends to be the most audited function in a company, whether it's through customer contracts, SOC2, ISO, FedRAMP, PCI, whatever.

AJ Nash: [00:01:00] Welcome to another episode of Unspoken Security. My name is AJ Nash. I'm your host. As the show is brought to you by ZeroFox, you know, and as you can see by the background, a little different this week we're at RSA Conference. So we're going to have a special edition of the show, a little bit shorter, a little bit quieter, quicker, because there's just not enough time around here, but we have an amazing guest today.

I'm really excited to have a chance to talk with her. It's Kayla Williams. Kayla is a 10-year cybersecurity veteran, currently serves as the CISO at Devo. For those unfamiliar with Devo, this is not the new wave band from the 70s and 80s. And if you're not old enough to know that joke, I don't want to hear about it.

This Devo is actually a cyber security firm. They replace traditional solutions with a real time security data platform that includes security information, event management. That's the same, of course, security orchestration, automation and response, your SOAR and user identity behavior analytics, UEBA.

I don't know if anybody ever calls it UEBA, but I did. Before her current role Kayla held various roles on both sides of the Atlantic ocean, [00:02:00] primarily focused on governance, risk, and compliance, which we're going to talk about really interesting stuff. She's a graduate of NYU Polytechnic School of Engineering.

So she's way smarter than I am. She also has a master's degree in project management from LaSalle university. So anything in that bio that I missed Kayla, anything else you want to add about yourself? 

Kayla WIlliams: No, I like dogs. We'll add that. 

AJ Nash: I like dogs too. There we go. Perfect. That's awesome. What kind of dog do you have?

Kayla WIlliams: I have two. They are Pitbull mom and dad. Oh, mom and son. I don't know why I just said dad. Mom and son. That's 

AJ Nash: okay. It's, listen, it's a long week. I'm tired. It's been a long week. It's a long morning. I asked for milk in 

Kayla WIlliams: my cappuccino. That's how tired I am, but. 

AJ Nash: I, it's, this is how it works out here. We all know.

So no sweat. I've got a Wheaton Terrier and a Hound Mix. And they're totally different dogs and I love them both. Um, So I'm also a dog person. And most people who watch the show know they've seen Riley the Wheaton on more than once. Myrtle the Hound hasn't made an appearance because she's even louder than I am.

So we try to keep her off mic if we can. All right. So listen, I want to jump into this show quickly, cause again, we're doing this on a much shorter timeframe than [00:03:00] usual. Let's do it. The topic for today is the evolution of the CISO. So, CISO, every company has a CISO, right? There's a lot of different paths to getting there.

I think everybody knows CISOs who are super technical and some that are less so and all these different ways of getting there. Yours is really, I won't say unique because I can't prove it's unique, but certainly unusual. I haven't seen a lot of people, you know, you came up through governance risk and compliance, right?

And most folks are more on the technical side. I'm an Intel guy. I'm excited to see Intel people start getting there too. But GRC is not really like the standard path. You don't see a lot of that. So the first question I want to ask is what do you see as the benefits and challenges of moving into a CISO role from that non-traditional background like GRC?

Kayla WIlliams: So the pro is being able to speak about the business. I have a Great collaborative, collaborative relationship with folks that are my peers and above and with the board because I can take security and make it relevant to their different functional departments. And I can make it kind of land at home for them.

I would say a con is it's not, often, but sometimes there are people who are like you've never written a line of code. How can [00:04:00] you tell me how to secure something? And I just, I'm like, okay, seriously, if you have a CISO who's writing code, you have a problem right now. That's not what my role is.

The another, I'd say like another con is, having to gain the respect of people like that, and it's difficult because they, the detractors can be a problem, so it's really, positive in the sense that you get to collaborate a bit more. You can really tailor your conversations to your stakeholders, which comes in handy for budget season and roadmaps.

If you can understand the corporate objectives, but then on the other flip side of that, it's sometimes there are other areas where you have to work a little bit harder and you have to negotiate and having those skills, I think comes with being so governance, risk, compliance, GRC, like you have to do that.

Constantly. 

AJ Nash: And those are, those, you covered all the really interesting points, right? I think the business piece, I think is really interesting, right? Being able to speak the business, right? So a lot of CISOs, they come up through the tech side and they, yeah, they can write the code and they understand the architecture and all the technical components.

They can really make a strong argument for how to build security programs. But then they can't get the budget. Yeah. And without money, last I checked, we don't get a lot accomplished, [00:05:00] and I've never met a CISO yet who said, my biggest problem is I'm just rolling in cash. They just keep handing me all this money wish, and I don't know what to do with it.

right? Yeah. 

AJ Nash: I'm gonna ask a question. I'm, I'm assuming, but I don't want, assume, so with governance, risk and compliance, there's a lot of communication in that, right? You have to build relationships, you have to sell, the processes of what you're trying to accomplish, right? You have to really gain trust and some of the things you mentioned.

That, I assume, is really helping you. Are you, when you compare notes with other CISOs, if you do. Do you have those kinds of discussions about, Hey, what, what works? How do you communicate? What's getting us more budget in it? You know, How are we justifying it better? Everybody needs it, but it's about how do you justify it?

Does that help at all? Have you had those discussions? 

Kayla WIlliams: Yeah, we talk constantly. There's a lot of different groups. And I was actually on a panel on Monday here at RSA and every single CISO that was there, I was like, we have to do better at documenting things. And I'm like, Oh my gosh, that's GRC. That's exactly what I do.

And having people that are technical writers for those that are, engineers or the other teams that just don't like to document things is, want to move fast and innovate. Being able to have things documented makes it a lot [00:06:00] easier to do GRC, to get through your audits, which no one likes audits, right?

Yeah, you're rolling your eyes. That's been my life. Being able to collaborate and document and have an alignment to your business goals and objectives and very clearly be able to articulate, Hey, security helps with sales. Because security builds trust. Collaboration builds trust. You cannot sell if your customers don't trust you.

And it is full circle now where security is no longer a cost center. We are a growth driver. Really? Every company is a data company now. If you're not able to prove that you can be trusted with data, you're not going to get it. 

AJ Nash: That's interesting because you're saying it's not a cost center. I don't know if that's true in every company.

A lot of companies still don't think that way. They don't, you're that way. 

They 

Kayla WIlliams: need to come to that, that, that maturity. That realization that you will not grow if you cannot be trusted. 

AJ Nash: As is normal whenever you're dealing with something live, my computer has made its own choice on what it wants to do today.

And immediately just shut off all of my notes. So I'm going to go to my backups. I [00:07:00] have my phone. Oh, no, I come prepared. Cause I always assume bad things will happen. So 

Kayla WIlliams: restoration live on TV, 

AJ Nash: You got to have a backup plan, right? All of a sudden my security system has made choices. So we'll just be done with that and we'll use this one.

I just don't have eyes. So everybody who's watched the podcast and only have giant monitors. So I don't have to cheat with glasses. I might have to hear, but we'll try not to anyway, getting back to the more important thing, which is what you were saying, right? I think that's really interesting because most organizations that I've worked with and in, they see security as a cost center, right?

And so it's really hard to do it. But you're talking about being able to tie it back to revenue, and how this is actually going to make us more profitable. Or at least, more revenue, right? Which matters because companies, in my experience, leadership only care about two things really. Make, improve my bottom line, lower my risk.

And a lot of times, lower my risk to improving my bottom line is really what they mean. Are you seeing more success in that? Devo has a giant budget now and we should all show up, all the vendors should show up and try to sell you a bunch of stuff because you're loaded with cash. 

Kayla WIlliams: Oh God, please don't do that.

AJ Nash: No, I'm just 

Kayla WIlliams: kidding. 

 My LinkedIn is a dumpster fire because of all the [00:08:00] vendors that reach out to me. Don't reach out to me on LinkedIn, please. No, I would say that brand reputation is super important when you talk to chief revenue officers, to CEOs, to CMOs and those teams. And if you don't, if you're not trusted, you don't have a brand, right?

You, there are companies that have gone through incidents who have survived. And that's because. They are otherwise competent and trustworthy. So security leads to those things. Security tends to be the most audited function in a company, whether it's through customer contracts, SOC2, ISO, FedRAMP, PCI, whatever.

So we tend to already have documentation and processes and are proven competent and that helps build your brand. 

AJ Nash: Yeah. And that makes good sense, right? So I like hearing that. It's nice to hear that you're having success with that message, right? Because again, not a lot of people come from that background, so it sounds like things are getting better.

Kayla WIlliams: You got to sell. You got to sell security. 

AJ Nash: You got to sell. It's true. Everybody, we're all salespeople. I had this discussion last night. Granted, it was at the bar after hours, but 

Kayla WIlliams: That's where the best conversations happen. 

AJ Nash: It's a hundred percent, but we're all selling something. You're either selling a product, you're [00:09:00] selling a service, you're selling a process, you're selling a, you're selling yourself.

Anybody who's here looking for a job, which a lot of people are, you're selling yourself, right? So we're all in sales, which is that communication piece. And it sounds your non-traditional way into CISO, this GRCP has probably set you up really well for that. And of course you understand the technologies, just because you can't write code doesn't mean you understand the tech.

You know how to build a program, clearly. 

Kayla WIlliams: Exactly, and enterprise risk, and having the experience of being, I was an auditor in a former life, and being able to look at Oh, 

you were so popular, I'm sure. 

Kayla WIlliams: You know it, but being able to understand the enterprise risk and how it ties back to security helps as well.

And I really think that GRC needs to be understood a bit better. Start always starts out in the CISO org, but I'm a champion of moving it out into a COO, making it enterprise wide and being able to capitalize it. But that is a different conversation for a different day. We'll 

AJ Nash: have you back when I'm back home in the studio and we have a whole hour to work with.

We'll definitely do that because I do want to talk more about that piece. But, jumping ahead. I heard that you and I actually have something in common, which sort of sets up the next question here. I think both of us have [00:10:00] concerns about how security organizations are structured. I wrote about that with Rise of the CINO, which I love to plug all the time because I'm very self-serving.

But talking about an intelligence organization, being elevated, right? But I heard you've got some thoughts on this too, is, where does the CISO fit? Or, who should the CISO report to? These are big questions people have. And I know you and I have some interesting thoughts.

Differences on how it currently goes. So where do you think the CISO belongs? 

Kayla WIlliams: So I found success reporting into the general counsel and that is It's more prevalent now, but it's definitely newer out of the organizational structures. I, the reason being is that your general counsel, chief legal officer, whatever the function might be, they understand customer contracts, vendor contracts, laws and regulations, which we're seeing with the rise of the SEC rules change your GDPR, AI laws coming out of EU as well, fines, et cetera, et cetera.

They are more equipped to understand where you're coming from, certain things that happen and plus they know your cyber insurance policies and they know what you can and can't get away with and that is definitely, if you're not going to [00:11:00] report into them, you must have a strategic partnership with them and they understand, they're probably going to be your closest allies in understanding risk management.

AJ Nash: That's really interesting, especially as we get into, you talked about some of the regulations and because of the requirements to publicly report things, right? And where that lands and how quickly that has to happen. I assume that also means you guys probably have a tie to your PR department. Not, you wouldn't report to them, of course, but your PR department, your marketing department for how those are gonna get done.

My handlers. Yeah, that's the right way. Yes, mine's right over there. Mine is yours. Yes, if it weren't for them neither of us would have made it here today. I'm quite certain So yeah, a good time to them. So do you run into any well, first of all, do you report to legal now? 

Kayla WIlliams: Yes, I do general good. 

AJ Nash: I didn't ask that one up front.

So it's a good thing. That was right. That's right. Yeah, which on the spot like a jerk? Do you run into challenges with that lawyers not to take shots at lawyers, but lawyers are very You Lawyer ease, right? They speak to a lawyer all the time. Is it other challenges that go with it as well? Or is it just really all the positives that you were just mentioning?

Kayla WIlliams: No, there's going to be structured debate because I interpret a contract differently than how they would. But [00:12:00] I turned that on to Ted and I asked the questions. Cause at the end of the day, they're the attorneys for the company. They're protecting the company. So if I'm reviewing a contract, I'll say, do you read this the same way I do?

Oh, okay. 

Kayla WIlliams: And I let them make the decision. Same with GDPR. I'm like, Hey. This is the process that we have in place. Does this meet the requirement? Cause if they give you it in writing, please document everything. If you have it in writing in an email or somewhere that you can point back to it no, no legal counsel, this is the, that's going to save you at the end of the day and they are better equipped with having that broader knowledge of what's acceptable and what's not, and they're a direct line into the board as well.

And if they're hearing things at the board level that you might not always be in tune with. It's a great collaborative relationship. Are there going to be downsides? Sure. But I try to always leverage them, especially if there's an incident. They're the only ones I can declare a breach for, from a DPO perspective, data protection officer.

But they're engaged and I say what do you think we should do? And I tend to follow their lead there because at the end of the day, I'm doing [00:13:00] it. They're the lawyers. 

AJ Nash: Keeps you safe, right? Exactly. You can't go to jail for doing what the lawyer told you to do, right? 

Kayla WIlliams: We're h

Hearing otherwise right now with SolarWinds, maybe, but it's a safer bet.

There will be conflict with an attorney. There's always going to be because it's all about interpretation, but if you can figure out how to leverage that Yeah, it will save your skin. How 

long are those meetings? 

Kayla WIlliams: No, I'm lucky the legal team that we have, they're so fantastic. And Slack helps too.

Cause I can like, we have a collaboration channel for all of us. Cauwe have a collaboration channel for and I can just pop in questions there and someone gets back to me and it's quick, vendor security, customer security, addendums laws, regulations, and things like that, we're constantly in contact anyway.

You might as well foster that relationship. Buy them beer. Or, insert appropriate drink here, because they don't drink, and that's okay, take them out. 

AJ Nash: Make it work. Slack gives you a record too. It gives you a running record of those conversations. It is. Again, I'm with you. I like documentation.

But I'm lazy, so I love documentation that takes care of itself. You have a conversation, and it's auto [00:14:00] documented. I'll save a lot of emails, and I don't have to document things later. Before I move to the last question, it's interesting. In Intel we run into this sometimes too. Legal pris really important in Intel. In Intel.

Because there are things you can cross. I had a team years ago, and we were really lucky. We had a lawyer, we had our own lawyer. He was part of the GC team, but he wasn't GC himself. We had our own lawyer. And I used to say, and I'm curious of your thoughts here, I used to say there's, to me, there's two kinds of lawyers.

There's lawyers that start with no and make you get themeAnd there's a lawyer who goes, that's interesting.Ng. Let me see how we can make that happen. And we were really lucky because I had the second kind of lawyer. John was fantastic. I won't give his last name and screw it up for him. But every time we asked a question, his answer, and it could be ridiculous.

He'd be like, if it was out and out illegal, he'd say no, but he'd be like, let's, let me check. Let's see how we get to yes. Have you run into those kinds of lawyers that some are more of a no and you got to prove your point or are they more collaborative and trying to get you there? 

Kayla WIlliams: It's a mix of both, but I think that's what CISOs are.

You have two types of CISOs. It's the absolutely not,not, no way we're going to chatGPT, we're going to shut off all AI and we're never going to use it. Or it's a no problem. And it's let's [00:15:00] document, let's figure out a way to be collaborative. So I think these are two very similar types of leaders that you run into in both general counsel and security and

In today's day and age, you are not going to survive if you constantly say no, because you can't innovate. You block innovation by saying no all the time. Sure. If something's illegal, go for it. Say no. But if it's something that's going to help benefit the business, find a way to yes. 

So you're one of those people.

I am one of those. 

Kayla WIlliams: Yeah. I would rather say and not be a hindrance. And then people are going to be more likely to collaborate. We can start building security in from the beginning instead of patching it on at the end where it's going to be flimsy and fall apart or cost more money. Yeah. So I think you have to be able to negotiate.

You have to be able to understand value and your corporate objectives and where you're going. Cause if you're always saying no, you're not going to have a job for long. 

AJ Nash: Yeah. And as you said, you're not going to have teammates for long, right? And this is a team game and you got to have people that like you.

And if people get to the point where they just don't like you, they'll work around you. That's how you get all that shadow. She's going to say no. Anyway, just go build the thing and we'll cover you later. If it goes bad, right? I'm [00:16:00] sure you'll love hearing of that kind of thing. So exciting. All right. So the third question we've got.

Haven't, for anybody at home. Listen, I normally read these off a screen. I'm stuck reading today. So you don't get the subtleties. I haven't been a CISO for a couple of years. Now, what do you think are the most important qualities people don't talk enough about when it comes to being successful in the role?

Now, I know we already talked about a couple, so we got a little ahead here, but what are those important qualities to be a CISO that people maybe don't talk enough about, they don't really highlight enough 

Kayla WIlliams: EQ. 

AJ Nash: Yeah, 

Kayla WIlliams: emotional intelligence is so important. In today's day and agein particular, where burnout rates are higher than ever..

AJ Nash: I know you're passionate about this. I am very passionate about it today, right? Yesterday at 

Kayla WIlliams: two 30 with cyberminds.org. Please stop by Devo's booth and we'll scan 10 donations. This isn't going to go live. Oh, that's right. I'm telling you then you can come stop by and we'll scan your badge.

AJ Nash: totallyAnd cyberminds.io is awesome.Wesome. By the way, not for profit, I definitely recommend them as well. 

Kayla WIlliams: Yes, and like being able to recognize, especially our teams are so disjointed now and global. If you know [00:17:00] someone is not themselves, if you're seeing that they're exhibiting signs of burnout or exhaustion or frustration.

Recognizing that and being like, Hey, do you need some time off? Can I take something off your plate? Let's talk. Because if they feel, if your employees feel like they're being looked after and they're being appreciated and understood as a leader, it's your job to do that. And, I've had people who are neurodivergent who all of a sudden like shy, calm, cool, collected, all of a sudden yelling, not at me, but just yelling about frustration.

I'm like, Oh, okay. Take some time. Go ahead. We'll take everything off your plate. So you don't just fit that person, right? No, you can't do that. They're humans. No, 

Kayla WIlliams: they're humans. And people, especially in security, where it's, you're on constantly in Slack and Teams and Zooms and whatever. , you need to be aware that people are, there's a blurred line between home and work now and most of the time.

Companies and the fiduciary responsibility, I think all security professionals feel to their companies, their customers, the market, you do feel that pressure. So it's important to, to have and lead with EQ and set the example, take time off yourself. I know when I start yelling at my kids and my husband and I'm like, ah, I'm [00:18:00] so stressed out.

And I'm from Boston. I swear a lot too. I'm like, okay. Probably need to take a day. 

AJ Nash: Yeah, that's great here So you're the kind of leader who gets that people are pJessica somebody flips out instead of going, let's get rid of them. It's hey, how do we help this person? I 

Kayla WIlliams: understand it.

Take care 

AJ Nash: of me 

Kayla WIlliams: And be flexible too, right? 

AJ Nash: It's a competitive market now for talent like people like you are the ones who are gonna attract talent and keep talent People who don't think that way are going to lose talent and there's not enough talent to go around so I'm, I love hearing that you're a communicator, you care about people you're actually focused on the work, but you're not all technical.

You've got all this documentation. It sounds like a really good CISO quite frankly. So if anybody's looking for a gig, Devo might be a good place to check out. I don't know if they're hiring or anything and I don't own any stock in Devo. So if anybody's wondering, this isn't self serving all right, we're running down on time a little bit.

So I want to get to the closing questions so we have time to dig into this one. And everybody knows the name of the show is Unspoken Security. And so with that in mind, I ask every guest the same question. Tell me something you haven't told people before, something that so far has been [00:19:00] unspoken.

Kayla WIlliams: So I've got two. 

AJ Nash: Oh, good. We got time for it. I actually gave us extra for this one on purpose. So my first one 

Kayla WIlliams: I've had four names, last names. I know. And I didn't even know about the first one. Are you 

AJ Nash: Like Bourne identity? Do you have passports for all these different people? That'd be cool. 

Kayla WIlliams: No. So I found out when I got my first passport that my mom had my name changed.

So I was raised by a single mom. So I was born with my dad's last name, Donovan. And when he decided to leave and do whatever it is that those people those to do my mom had my name changed to her last name, which is the Greek last name Jim Edie's I had that and then I got married when I was 20. I was an army wife So that was Richardson and then now I am a Williams and I'm Greek and Irish and I've got some Scottish in me. And I've ticked off the box. This is for all of those names.

All of my identities match my genetic makeup. How hard 

AJ Nash: Is that to get like the real ID now and have to track all that stuff back? Or, I know I'll just get a driver's license. It's 

Kayla WIlliams: horrific. And I'm not like one of those people . Oh, women shouldn't change their names when you have four, I have to get my birth certificate and then my name [00:20:00] change forms and going to all the town halls and stuff.

So like I have a name folder that I keep in my safe. 

AJ Nash: It's just 

Kayla WIlliams: Funny. That's so funny. Yeah. And I 

AJ Nash: admit, I grew up, I was one of those guys who's when I get married someday, I want my wife's going to change her name. I don't know why this guy do that.

Traditional. We'll say that we'll just leave it at that. But now I'm far enough along and I've seen it. I'm like, Yeah, I think I get it now. It is such 

Kayla WIlliams: a pain to change your credit cards and your visa stuff. Your social security number. That 

AJ Nash: social security caAt least I'll be checking I just go to the office now.

They're 

Kayla WIlliams: like, hey, Kayla, you're back. What's going on? You get a 

frequent flier. They punch your ticket. Yeah. Like, all right, three more names and you get a free one, right? But 

Kayla WIlliams: I don't think of it like a cool story. I wasn't like a bank robber or an international spy. Not that we know of. 

Not yet.

At least I'll be checking out Kayla later. We'll do some research on this. If anybody's out there, open source and Kayla Williams, she's a CISO Devo, start checking those names out. We'll find out if she's a spy, 

Kayla WIlliams: like sleeper words. I could be sad. I'm fine with that. Cucumber. No, it's very good. No.

Cucumber. I like gin. So a cucumber gym. 

AJ Nash: Yeah. All right. So what's your second one? You said you had two for us. 

Kayla WIlliams: [00:21:00] Yeah. So I'm actually an overachiever. 

AJ Nash: Sorry to interrupt. I 

Kayla WIlliams: I am. I'm type A, but This one I'm actually really proud of and I was an egg donor. Really? Yes. I heard that's 

AJ Nash: really painful. 

Kayla WIlliams: It wasn't fun.

I was super hormonal. But now I had my first daughter when I was 23 years old and I was like, okay, I'm done. I'm not going to have any more. Cause I got divorced. That's me, I'm one of the third name. And I was like, you know what? There's so many fabulous people and families out there that want to have children that can't.

One of my friends was working in infertility. She's like, why don't you go be an egg donor? And I was like, yes. So it's all anonymous and things like that. But here, but the great thing is about being in the United States is that you can sign paperwork that says I will never try to find the children, but if they want to find me, which, again, open door, not knowing my dad and having a child, like all the questions that you have to answer about your personal family health.

I was like, I want them to have the opportunity. 

Yeah. 

Kayla WIlliams: So I did that. And then the families, 'cause I never met them, but the families came back saying, would she be willing to do more so they can, I can have siblings. 

Oh, how cool. So I've done 

Kayla WIlliams: that a few times and then I ended up having a second child, so I'm a little too old now.

I don't [00:22:00] think I can do it. Geriatric pregnancy is not, I don't want that moniker. No, it is. Yeah. Geriatric. 

I was a geriatric comes at a really young number for this. So yeah, the medical community is great with that. 

Kayla WIlliams: It's super. But I think that's a really cool, fun fact that I'm obviously now telling the world, which is fine.

If you are an opportunity to do something like that, it's more common for men to be donors, but for women, please go and do it. It's such a wonderful thing 

for men. It's a, it's less painful, 

Kayla WIlliams: but it's such a great thing to be able to give a To give family to someone who's deserving. And it is so expensive and they'rThey've all been amazing. That one's they are investing in this. And it was one of those things that pulls at your heartstrings. And I'm really proud to say that I've been able to give someone family that's incredible 

AJ Nash: generosity. Like it's, I'm impressed. Like I've done a bunch of these now and I get a lot of people's things and I don't want to put down anybody.

They've all been amazing. That one's really impressive though. That's an amazing amount of generosity. And again, I'm aware that's not an easy process when guys say they've done it. Yeah. It's an easy process. Like we can donate. Yeah. I'm wearing, won't go into any details. Everybody who's [00:23:00] listening as an adult, understand they can 

Kayla WIlliams: look it up.

Yeah. 

AJ Nash: Nobody's cheering us on. Okay. And we're not doing anybody any favors. You did. That's a huge deal. And like you said it's expensive. It's time consuming. It's a lot of energy and effort on your part just to do something nice for people. You don't even know. I'd come work for you.

Just based on this alone. I totally, we, stuff that makes people want to really leaving. But, don't worry Maisie, my handler, who's always afraid I'm going to quit. I'm not going anywhere. But, yeah I would recommend anybody who can work for you. You just told me all I need to know about you.

You're a good person. You care about people. Your shit, obviously you're good at the job, but it's the rest of the stuff that makes people want to come to work places. So I'm impressed. I'm so happy we were able to do this. I appreciate it. We'll definitely do this. I'll have you come back on for a full episode.

We'll talk about other cool stuff. Yeah. But I think that wraps it up for this episode of Unspoken Security live here from RSA Conference. Thank you, Kayla Williams from Devo for coming and talking to us about some really cool stuff about your unique path to being a CISO and also some amazing stories about your personal life.

For that, I'm going to wrap it up here. We're going to get out. We'll do some post production. Hopefully get this thinepisode of Unspoken Security live [00:24:00].