Mick Leach: Hello and welcome to SOC Unlocked, Tales From the Cybersecurity Frontline. I'm Mick Leach, your host and guide on an exciting journey into the SOC universe. In each episode, I chat with various cybersecurity professionals about the latest in industry news, emerging threats, practical strategies to keep your organization safe, and more. And this week we are excited to have an old dear friend of mine, Nikki Milburn. Nikki, welcome to the podcast.
Nikki Milburn: I appreciate the invite.
Mick Leach: Absolutely. Well, listen, you guys know our long-time listeners. First, we like to unpack and learn a little bit about Nikki and her journey into cybersecurity. It's an interesting one. I'll just tell you that upfront. Then we'll kind of dig into the past, the present, and the future of security operations. Then we'll move on to some career guidance, and figure out what Nikki thinks we should be doing to get into the break into cybersecurity.
And then lastly, we'll kind of do our one last thing. with that, Nikki, tell us about yourself. Tell us your current role and how you got here.
Nikki Milburn: A total fluke that I ended up in cyber. So I graduated from a rural high school. President of the FFA was going to go to OSU to become an agricultural science teacher. Over the summer, I got a summer gig before school started and it was taking phone orders. People would call in from a magazine, they'd want to order stuff, and you try to sell them things. Turns out I'm not a salesperson.
Mick Leach: Haha, you and me both.
Nikki Milburn: Yeah. But I was really good at the computer side of it, to be able to search for things, put things in a contextual format for others to be able to find what they're looking for. So what had actually happened is they said, Hey, you are not good at sales. How about you actually start running our phone system for our telemarketing department, which was reel-to-reel leads.
Mick Leach: My goodness.
Nikki Milburn: So we would get giant reels of leads from credit card companies and they would have to sit there and unload all of those leads into the system, make sure it's up and running. It was a wrong switch. It doesn't get much older than that. Back off a little bit.
Mick Leach: How is this even possible? You are not old. You're not even older than me, I don't think. Like, how is this possible?
Nikki Milburn: Late nineties, that's what they were running, little data tapes for backups every night. So yeah, I kind of progressed through there, did a lot on their computer systems and worked there, went to Nationwide, learned a lot. PCI came along and it's like, boy, access control. I was on the financial side to start with, so it was, how are we securing those interactions? Do we have the appropriate access control in there?
Mick Leach: My goodness. I remember.
Nikki Milburn: Are we compliant? Went from there to, I call it Nationwide proper, but the fuller Nationwide working on security projects. Security resonated with me. It made sense. I get it. So implementing projects there. So left there, went to L Brands on the retail side doing engineering in the identity space, which I do kind of geek out on identity.
I do love that one. Of all the security domains, that one to me is nearest and dearest to my heart. It's hard to break something without an identity. It's hard to deploy something without an identity. So it's kind of core to a lot of things. And then a huge opportunity opened up for me to come to Franklin County to build a security program. It is not often in our careers that we have the opportunity to walk into an organization and build a program. Kind of starting from scratch where we're doing some firewall and then patching an antivirus was what we did. Now we kind of do the full stack, all pillars and we've grown from me plus two to me plus 14.
Mick Leach: Wow, that's fantastic, what a growth.
Nikki Milburn: Well, six years, six years to grow that and I'm looking at new capabilities in the coming year. It's that opportunity has opened my eyes a lot to a lot of different things and what's really, really cool about it is I have the opportunity to do something I'm passionate about. Love security, love doing it for the right reasons, but I do it for the community. So everything I do is to ensure that the services for the agencies are available to the people. So 911 works. To be able to ensure that the 911 system is up and they can do dispatching and election is secure. These are huge things to be able to contribute to the community. So it's been a massive opportunity.
Mick Leach: Yeah, so I want to double click into that because something you said there just really triggered, especially right now, right? So the election, it falls under like all of the things that go around the election system, the voting and the systems and machines, all of that is under your purview there at Franklin County Data Center.
Nikki Milburn: It is within the data center. do all of their hosting. The machines they use have to be off-network completely. They don't get to touch the network at all. So those stored lock keys, Republican and Democrat keys, the security around an election and not just the physical, but cyber side of it is pretty intense. But in the state of Ohio, every county is responsible for the election equipment and the software that they use the process that day. Now, the Secretary of State has authority over those and putting those guidance and directives out there, but each county is responsible to adhering to those.
Mick Leach: Fascinating. Man, you really are on the front lines of like protecting freedom. I love it. And so Nikki, what is your current role? You said you're at the Franklin County Data Center. What do you do there?
Nikki Milburn: I am the Chief Information Security Officer for the county and the Chief Privacy Officer.
Mick Leach: And keep me honest here, the Franklin County, it's bigger than just that one county. So Franklin County, for those listeners not familiar with the middle of flyover country in Ohio, Franklin County is where Columbus, Ohio, is the capital of Ohio. So Franklin County is kind of the most, the kind of the busiest and most important of the counties in terms of networking and all of those kinds of things. but it's more than that too, isn't it?
Nikki Milburn: Yet for us, like you said, it is the largest county in Ohio. We provide services to 1.3 million people. So when you look at our customer base, putting it in kind of private sector terms, it's 1.3 million that we are offering services to across 44 different agencies. It could be the Office of the Veterans Service, Animal control, elections, commissioner, auditor, treasurer, all of those in the sheriff. So there's 44 different agencies and boards that we provide that to. We do cross lines, our town and do collaboration with other counties. So when you look at an election and somebody lives in this weird little town, where half the town is in one county and half is in the other county, we are the primary county and their reporting comes up through us and then goes to the state.
So we do kind of blur lines there. The municipalities within here are all separate, but they can call on us at any time just as, we need help doing something. Can you help us and provide expertise? Because we do have a decent amount of resources. The state is right outside our door. So if we need anything from the state of Ohio and their agencies, we can easily call on them. Yeah, it's a little different. It's like being a giant MSP.
Mick Leach: Yes. Yes, that's wild. That's why, you know, we often don't think about how state and local governments operate in that sort of MSP kind of a, of a role where you're actually providing services, security services in your case to a wide variety of smaller agencies within the County. And, and I think when I popped by, in January to visit you guys and speak with your team, I think you said that you also provide certain services even to other counties because you have expertise in-house that they simply don't have available. Is that right too? How many counties do you support?
Nikki Milburn: It’s really on an as-needed basis that we will support them. we've had some of the other counties directly located beside us that have reached out and said, Hey, we have this going on. Can we borrow some resources? Absolutely. Here's the expertise. We may not be hands-on keyboards, but we will walk you through it just to kind of keep that line in there of it is your stuff, but we can tell you how, but I'm not going to do it for you just from a liability standpoint.
Mick Leach: That makes sense. Makes sense. what a great service to be able to offer to other counties. Man, I love it. I love it. So what a great journey. I mean, from being on phones and realizing sales isn't your thing. It's definitely not my thing either. My own sales department would tell me that as well. Good security guy, terrible salesman. So I love that you grew from that, found your way into security and then getting the opportunity to build you know, build a program from the ground up that you're right. That is a rare privilege that we, we just maybe get once or twice in an entire career and, you know, getting a chance to do that. Yeah. Yeah.
Nikki Milburn: Yeah, timing is huge of where you're at in your career and the opportunity that presents itself. It's like the stars aligning.
Mick Leach: Absolutely, absolutely. Well, and then fine in the challenge with that I mean, I think there are a lot of opportunities there to do those things but getting the ones where you're going to get the support from leadership to come in and actually build the program right, you know, bringing the technologies that you need, bringing the people that you need. Too often, I see folks get a similar opportunity call, and they kind of dig into it during the interview process. They find out, well, you know, there's not a lot of budget for it. They there's not a lot of desire to increase headcount. So, basically, what we're hiring you to do is come in and be like a one-person or two-person security shop. And that's just a really, really challenging situation to go into.
Nikki Milburn: Yeah, was definitely a challenge. I didn't know what to expect coming in, but knew that if we make the right case and it's not through fear or anything, but it's enabling them to do their jobs better, to service the people better, faster, more securely, rather than, my gosh, you're going to be breached. That doesn't work. But if we tell them, this is how we can make it better for your constituents, this is how we can make your workforce more efficient.
They don't have to do these things anymore because we did single sign-on. You got one set of credentials. MFA, we made it easy for you. So being able to tell the story in business terms has been huge. That has garnered more success than any fear that I could ever put into people to get money or to get resources. It's here what we're doing.
Mick Leach: Leaders, I hope you're listening out there because this is growing from a practitioner into a leader and now helping, you know, an organization understand how this benefits them. I love that. I think that is the right way to make the case. Having data driven decisions, helping to bring data to the table to help folks understand what we're up against.
So, and then like you said, helping people understand how this is gonna actually make their lives easier. We've for years been known as sort of the department of no insecurity. No, you can't do that. No, you can't do that either. What I think we need to be doing, and I think you would agree, Nikki, is that we need to be offering solutions, not just, no, you can't do that. Instead be saying, well, I like what you're trying to do. Here's a way I think we can do that in a really secure way or a way that empowers the business and yet, you know, protects it at the same time.
Nikki Milburn: That is kind of one of those stances we've taken with the different agencies. Bring us your problems. What are you trying to accomplish? Don't bring me this as the solution you think you need. Tell us what your issue is. We'll bring the right infrastructure, the app dev team to the table, and the security team to the table, and we'll start putting together this a really good secure solution that is extremely usable, reliable, and stable for you. Let us help you by doing that. Give the burden of technology to those who love and relish in it, as opposed to those who say, let me go shop for some software. It kind of does what we need. No, let us do what we do best and thoroughly enjoy to deliver something to you. And you can say, wow, that does meet all of my needs, plus some future needs. Fantastic. Let's deploy this. We've already made it through the security, the technical side, the development side. This is what will actually enable you to do your business better.
Mick Leach: Yeah, so what I think I'm hearing you say is talking about bringing requirements to the table and then letting the security professionals choose the right solution that meets the business requirements. What an impactful idea, what a novel idea. It is, and I laugh because like you, I happened to have worked at Nationwide and it was at Nationwide where I really saw that kind of come to fruition best, where we had some teams that would buy solutions by software and then just sort of throw it over the fence to the engineering and operations teams and say, hey, we bought this, you're welcome. If you could just have that going, that'd be great. And we're like, what is this? What problem were you trying to solve? Did you realize we already had you know, a different solution in place that might meet 70 % of our needs here. And then maybe we tack on something smaller that helps fill the gap. But yeah, I love the idea that we start with the problem we're trying to solve, wrapping business requirements around that problem, and then finding solutions lastly that meet those requirements. How powerful is that? So awesome.
Well, listen, what an amazing journey to go from kind of a practitioner, well, really just, you know, well outside of the security realm, then eventually becoming into a practitioner, becoming an IM engineer, and then, you know, reaching sort of the mountain top, if you will, in terms of our role structures, you know, as a CISO. that's fantastic. What a journey. Yeah.
Nikki Milburn: Thank you. It's definitely been an exciting journey, and I have met a lot of really cool folks along the way and still work within those relationships and bounce questions off people. I think the relationship-building that you do in your career can last a lifetime, and it can be invaluable.
Mick Leach: Yeah, yeah, mean, shoot, this podcast is an example of that. mean, you know, many of the folks that we have had the opportunity to chat with, I came up in security with these folks, including Nikki, right? We were cutting our teeth at the same time, learning and making mistakes and learning some more and breaking things and going fast and having to slow down and fix things. Yeah, you know, but you're right. It is those relationships that are so important. There are still people to this day that if I get into a situation where I'm like, man, I need someone who is just an expert in Python to help me just understand what I'm looking at here. know, Stephen Newmolt is going to get that call, right? You know, I'm going to reach out to Nikki for all kinds of things. And likewise, right? There's lots of folks. Cultivate those relationships and then keep them because they will last long after you move through different roles. You leave companies, you come back. These people will be the people that you call on for your entire career.
Nikki Milburn: And I think that's true of even our relationship. We haven't worked together in over 10 years.
Mick Leach: No, no, we haven't yet. still stay in touch, right? On LinkedIn. I know you would, you would reach out to me to ask me to come speak to your department. In fact, I've had a couple times, a couple opportunities to do that. And I'm grateful for that. And, and then reached out, I reached out to you and offered help some, not long ago. I have a dear friend who's part of a ransomware company. And there was an issue with not your organization, but something adjacent that we thought might be able to help with. you know, that's what community is about.
Nikki Milburn: Yeah, and we're not in competition with each other. Any of us in the security realm, we are not competing with each other. It's we have to foster and help each other as best we can because we're all fighting the same fight. Regardless of the public, entity doesn't matter. You don't wish it upon anyone. So there's nothing competitive there. It really is just community of bad guys.
Mick Leach: I love it. I love it. Yeah. Yeah. I mean, even if we're in competing organizations, right? Like my company could be in the same industry as yours. And yes, our companies kind of compete against one another. However, there is no reason why we cannot share intelligence back and forth, because if I can make you safer some today in the future, you may be able to share Intel that protects me from an emerging threat that we just don't even know about. I I think that's what the concept of the ISACs was all about. Creating like, know, FS-ISAC and H-ISAC, the Health-ISAC, and there's a bunch of them and they are great organizations that everyone should be a member of and then contribute. I love it.
Nikki Milburn: Yep. Yeah, for us here at the county, is MS-ISAC, so multi-state, and then EI-ISAC, so election infrastructure. Sharing across each of those of things that are hitting the local government and then things that are specific to elections will come through there as well.
Mick Leach: See, I'm learning. I love it. I'm learning. did not know that either one of those existed. fantastic. All right, well, let's dive right in. I think we're cruising right along in terms of timing. Sorry to get passionate about this stuff, especially with old friends. But into the past, the present, and future. So Nikki, can you share? you don't, please, I don't want to get sued. I don't want you to get sued. I don't want anybody to get fired, right? So, change the names to protect the innocent or not-so-innocent. But can you share maybe a story about an attack or, you know, investigation or something along those lines that was interesting that you've performed over the years and how your team handled it?
Nikki Milburn: I think a lot of the kudos to anything we've done has always gone to my team. Has there been times where there were attacks on the websites? Absolutely. Is it, it carries a lot of impact when something happens to a government website. If it is not available, people are creating their own stories of what is going on. So anybody that's like, my gosh, they're doing this. They're keeping us out. They're not informing us. It's like, actually it's just an outage. This isn't that big of a deal. But other times, we have to act quickly. Our timeline and communications have to be very different than in the private sector. So, a lot of the research, investigation, and forensics goes onto my team. Unfortunately, I spend more of my time talking and educating on what is going on. Here are our next steps. This is what you can expect. And being a government entity, we have a lot of acronyms that we have to work with when something does happen. So we have a great relationship with our local FBI, which most people don't get that opportunity.
And then you have the Secretary of State's office. They have a vested interest in our website because it houses election information. CISA gets involved. So we have kind of the whole gamut and we are doing a lot of the communications. Every time something comes up, okay, here's new information. We have to rally everyone together and do the communication. So a lot of that falls upon myself and just to provide the head cover for my team to do their job.
There are, as a government entity in Ohio, there is the Ohio Cyber Reserve that you can call upon should you get into trouble. And a lot of municipalities and counties with an Ohio don't know they can. Now granted, you have to go through your local EMA to get them deployed, but it goes all the way up to the governor. They sign their orders. They show up within, we put them off to 24 hours, but they wanted to be on site within two. I'm like, okay guys, it's not that big a deal. And it's a Sunday. My team is not going to be on site. So a lot of it is the orchestration around it and the team doing what they do. One of the weirdest things that we have seen is somebody will just keep putting in, who am I? Okay, that tells us you're an amateur. If you have to keep putting in who am I, you're kind of new. But they can because it's easy.
You can buy code anywhere. AI can now write the code for you, so that is going to be a massive challenge going forward. It's how easy it is to buy ransomware, buy the code, and have it scanned. Our job is going to get a lot harder, a lot harder in the coming couple of months. It's not years, but it's moving so fast. It's going to be months.
Mick Leach: Yeah, yeah. Well, and what a great bridge then, because, you know, as we talk about the past, present, future, what do you think in your opinion, especially with the breadth that you are responsible for and the visibility that you have across a massive organization like the Franklin County Data Center? So what is the biggest challenge facing security operations today? In your opinion? Speed.
Nikki Milburn: Speed. Speed. Us having the time to do it and do it quickly because they're attacking all the time. They're looking for that one way and they're scanning ports. They're looking and they have code readily available to them that we've never seen. So our time to be able to determine what they're doing and stop it, restore all of that. The time is what's going to hurt us because everything is changing so fastly. So fast, it'll be difficult to keep up with it.
Mick Leach: Yeah, that's crazy. know, it's to your point, just a couple of weeks ago is out at in Las Vegas speaking at at Falcon, the CrowdStrike convention. And they shared that it's currently for this, I think it's last year, 62 minutes to break out from initial like a compromise to the ability to move laterally through the network where they've already escalated privileges, they're able to move around. It's 62 minutes to go. And the challenge there, to your point, is our ability to respond is typically, and they had some rough numbers, but they correspond with what my experience over the years, is that it's about four hours of dwell time for like an alert to sit in a SIM before an analyst will get to it. And that's a pretty average, pretty broad number, but still, and exfiltration happens on average in about six hours. So if it's 62 minutes to break out, and now we're moving laterally, we're getting to the actions on objective, they're getting to what they want.
It takes an analyst four hours to start the investigation. They're going to engage IRT, their incident response team, in about five hours. By the time we get the right folks involved, it's typically five and a half to close to six hours. At six, that's when we're actually seeing the exfiltration occur, which is kind of the game over. So from a timing perspective, it is really, really hard because the bad guys continue to shrink the time in terms of the attack.
Nikki Milburn: Yeah. it's definitely moving very quick. It would be difficult to respond. I think that's where partnerships with your vendors comes into play of how do we do this better and faster using the tools that we have or what's on your roadmap. And being able to provide input into that, we need fast automation. If you see this, we need it shut down. If you see this, it needs to be isolated immediately. Being able to have that working relationship with the vendors that you use because clearly you have an inherent amount of trust with them. You have their products. So clearly they're there for a reason. Leverage that relationship to guide kind of their roadmap here, the pain points we have. This is what I'm going to be facing. How can you help me? How can you decrease our time to respond? Or at least segment it off so that we have time to respond before it goes, why?
Mick Leach: Yeah, and you said something in there that I want to kind of dig a little bit more into is that the automation, the automated response, we've had, you and I both have had capabilities that offered automated response, but we didn't have the confidence in allowing the tools to do their job. They were way more capable than we would allow them to be. It would almost like be giving the keys to a Ferrari to a 16-year-old, you're like, go out and have fun. The car's way more capable than their skills will allow for them to take advantage of. And I think we have done that for years. How do we build the confidence and let the tools do what they're capable of doing? And let me give an example. I've seen solutions that can detect like an account takeover of like a web account, like an email account, you know, your Microsoft account. Threat actor logs in, they get through MFA, whatever they're in.
Now, bad actor in the wire, they're inside and we can detect that and yet most of the companies I've been at over the years have been too afraid to allow the automation to detect and respond. It'll detect an alert and then wait for an analyst to look at it. They'll confirm that which the tool accurately diagnosed from the beginning and then we'll manually take the remediation steps we could have done automatically. How do we build the confidence to let the tools do what we bought them to do?
Nikki Milburn: It's definitely a challenge and we are actually going through that right now with a solution that we're looking at as far as how far do I let this tool go? Do I let it isolate critical servers because it seems something odd? Or do I tell it yes to this point and then no there? And that is the balance that we're playing, but it really takes us getting comfortable with we don't know everything. We are not going to be as fast as that is to respond.
So, put it in a business context. If I isolate the server, what happens? Is it the CAD, like 911, that goes down? No? Okay, cool. Do my domain controllers, do they go down? No? Okay, cool. Have a ball. Isolate it, let it do what it does. Because what that's doing is stopping it from reaching those critical assets if you let it do its job.
So there is risk and reward and we need to look at it more from that aspect than we do, I know better than this tool does. Somebody's going to get mad. Like, you know what? They're going to be more mad if you let that run wild. So it's a risk decision that you have to make and be willing to stand behind and say, I'm willing to isolate this environment and have it sit there and not be available for so many hours to protect the rest of the environment from something that could be non-recoverable.
Mick Leach: Yeah, I love it. And I love what you said. It comes back to us being risk professionals, right? We are in the business of risk, measuring and managing it. So understanding and then being willing to break low-impact things, you know? And I think that'll get us there.
Nikki Milburn: Yeah. isolate an endpoint, have a ball. That's a hundred percent. I will deal with that all day long. servers, let's talk. There's a couple of them that, yeah, this could be very bad if it's a false positive. But if you let it run on the rest of them, boy, that's a big win. That's time to remediate, shrink significantly to where we're not looking at six hours for human eyes on it.
We are looking at minutes and it's done. And then the human eyes have time to respond to it, look at it, do their leg work in an environment that has been protected from everything else. So I no longer have to worry about, did they move over there? Did they move over there? Where are they at now? Searching through logs, looking for alert. Your time to respond decreases significantly. And I think that's important that we let them do what they do for that reason.
Mick Leach: Awesome. Well, look, looking forward, if I asked you to sort of bring your crystal ball out and gaze into it and tell me the future first start with, know, who's going to win the Super Bowl this year so we can can bet wisely. But no, I'm sorry. But in terms of in terms of the the cybersecurity landscape for security operations in particular, where do you think things are going? What are we? What's coming down the pipe?
Nikki Milburn: I would say in the foreseeable future, you'll see a lot more tools coming out claiming AI, but it's really just automation. But they're kind of using the buzzwords and it's stuff that's already been there, but they're putting a new lens on it to sell it to those who don't fully understand. Either way, I think it's a positive to have that automation built in. We'll probably see that, but it'll be under the guise of AI for some. But others truly will start integrating AI into it which is great if it can do some of the thinking we do, but it will never fully replace human eyes, it's a tool in the toolbox for some. So I would say we would see that coming. I don't know beyond that. think those are kind of the big ones.
Mick Leach: Yeah, I agree. I agree. And I too have seen this. There's been a lot. I mean, AI has been the sort of the keyword, the word, the phrase that pays for the last two years. before that, I was zero trust and you know, we, we talk about, you know, the hype cycle that's been around for quite some time. You and I have lived through many, many cycles of it over the years.
Nikki Milburn: Hey, earlier you said I'm not that old.
Mick Leach: Cybersecurity is a compressed timeframe. talked about that. Right. know, you don't have to have been around for, look, a lot has happened in a decade. You know, if you think about just even the last 10 years, it's crazy to think about, but, yeah, no fair point. So, so going kind of shifting gears a little bit here, if we have some listeners who are like, man, this sounds so cool. I would love to get into what you guys are talking about. Security operations sounds super cool. How do I get in? Do I need to take classes? Do I get certifications? Like what's the best way in? What advice would you give that person?
Nikki Milburn: It has to be a mix, start an IT somewhere, whether it's a help desk, an infrastructure team, get your feet wet while taking classes at the same time. That gives you not really a test bed, but a place where you can learn stuff in class and then also look at it. Now when I say class, I am probably one of those proponents. It doesn't have to be a four-year degree. Do something that is meaningful and relevant to the position you want to be in. I can do a lot with skills and abilities. And that carries way more weight and value and the experience that you've had. Yes, I've worked on servers, I've worked on endpoints, this is kind of how they behave. I have some network background. There's a lot that can be done with that. So I would say get a mix. I wouldn't focus on one and just say I'm going to do nothing but take certs.
Well, you still have to have some hands on. You have to touch the keyboard to be able to navigate and see what it is. Don't be afraid. Ask friends. Start somewhere and just kind of keep growing. Embrace challenges that are thrown at you. If somebody's like, my gosh, I can't get this to work. okay. Let's take a look at it and see, but always embrace challenge. Always embrace it.
Mick Leach: I agree. And I think that's where most of my growth has come over the years, right? Is when I have been thrown something that I had absolutely no idea what I was doing. You know, one of my very first examples, I was in the US Army and had been a war fighter. So was a cavalry scout. And so my job was to sneak and peek and retreat and then report on enemy troops and stuff. And so that was my job. But I ended up working in a different area. I worked in headquarters for a little while and then they moved me over to the Directorate of Information Management prior to getting out. And I was like, okay, yeah, I kind of know how to type. So I'm sure it'll be fine. And they handed me Microsoft SharePoint Portal Server in a box, right? Because back then software still came in boxes. You didn't download it. But they handed it to me in a box on like a CD-ROM and they were like, we would like for you to become the shirt SharePoint portal server administrator for the, the, the, the entire post. This is Fort Carson, Colorado. And I was like, sure, sure. Yeah, no problem. What's SharePoint? And they were like, okay, so we're gonna, we're going to send you to a class and then, and then you can do it. I was like, great. The class was like two days. I didn't understand almost any of it because they assumed a certain level of server administration knowledge that I did not have. And so I just nodded blankly for two days, came back, and then just, they gave me a server to play with, right?
At the risk of showing my age, it was Windows 2000 advanced server. Brand new, hot off the presses, and had to build that out from scratch and had absolutely no idea what I was doing. But I will tell you, I grew more in that timeframe because I had to struggle and learn. Like we had forums, like these forum posts where you go, bulletin boards, we called them way back. Like, goodness gracious, I sound like back in my day. So bad, but that's how things were, and you couldn't Google things. And so you did ask, ask, have to ask questions and call the Microsoft helpline and get someone to come and help you. Well, back then, you could. Yes. Yes. There was no chat program. Would you rather chat with us? No, not really, but no. And you're right. It is those times when you are thrown right into the deep end and it's sink or swim. And, like, we wouldn't be here if we were sinkers, right? We're swimmers. We're going to figure it out. And that, yeah, that's when I grew. Did you have a similar experience or two?
Nikki Milburn: I was handed SharePoint early on in my career and I was sent to training. It was in Vegas for three days.
Mick Leach: Did you make it to class?
Nikki Milburn: I did! I did! I took the tram every morning over to, I don't remember what hotel it was hosted at. But yeah.
Mick Leach: I have done a training course in Vegas before, and on day one, full class on day two, half class on day three, there were four people. Dave, you know, by the end, it's basically me and an instructor, and everybody else is downstairs in the casino. So, it's too funny.
Nikki Milburn: We had the ones that would not come back from lunch. Like they'd be there in the morning. They'd leave for lunch. Oddly, they never made it back. I was also, had one of my first bosses when I was doing the computer system. He was notorious for signing me up for stuff. Like, you need an absence tracking system. Yeah, she can build it. Like, she can what?
So I'm all right, let me see what I can do. So I built it, I tied it into our workforce management system where we track stuff there and it consumes it into a database and then feeds it to payroll. So I was like, all right, are we done here? He's like, no, guess what? Like, no. I'm gonna have you start training all the workforce teams around the world. You need to go to Tijuana in a couple of weeks. Like, I need to what? So yeah, that for as much as he signed me up for, that was probably what changed my mindset of, bring it, I'll figure it out. Or I know someone who can help me figure it out. But that mindset was ingrained very early.
Mick Leach: I love it. love it. Nikki, this has been an absolute blast. What a great conversation. Listen, if someone gets to this point in the podcast, first of all, well done. Secondly, if they're like, listen, you guys talked about it last time, I can only take one thing away from this. What would you have that be?
Nikki Milburn: Be curious. Always be curious about stuff and things that are going on, figuring things out. Keep a curiosity. Don't have the closed mindset that this is not by the book. How else can we do this? Keep an open mind and be curious about things.
Mick Leach: Awesome. So folks, be curious out there and dive into things you don't know what you're doing. It'll be OK. You'll figure it out.
Nikki Milburn: Absolutely.
Mick Leach: I love it. Well, Nikki, thank you so much for being on the podcast today. I really appreciate it. It's good to get together with you again.
Nikki Milburn: Thank you for having me. It's been fun.
Mick Leach: Awesome. Well, listen, folks, this has been SOC Unlocked, Tales from the Cybersecurity Frontline. I am your host, Mick Leach, reminding all you cyber defenders out there to keep fighting the good fight. You're the tip of the spear, so stay sharp. Thanks for tuning in. Don't forget to like and subscribe and check out our other SOC Unlocked episodes. We'll see you all next time. Thank you.
