Welcome to Episode 12 of the Building a Life and Career in Security Podcast.
Today’s guest is Dan Manley. Dan started his career working at a help desk. That experience set the foundation for his path to chief information security officer at Allstate Insurance. Dan takes a number of points from my book — he actually read it before appearing on the podcast, so that wasn’t exactly fair — and provides a lot of great advice.
[powerpress] Links Mentioned In This Episode:
[content_toggle style=”1” label=”Show%20Episode%20Transcript” hide_label=”Hide”]
Dan Manley: We don’t just do technology for the sake that it’s fun. We do security and technology because it adds value to the business. Speaker 2: From the JaySchulman.com studio, this is the Building a Life and Career in Security Podcast. Now, your host, Jay Schulman. Jay Schulman: Hey, it’s Jay. This is not just another episode of Building a Life and Career in Security Podcast. It is actually the last episode of season one of Building a Life and Career in Security Podcast, the podcast that lets you see how others grew their information security career. This is it. It’s the end of season one. I’ve tried to make these like school semesters. I guess I could call it the end of semester one. This is the twelfth episode, so we’ve done this for twelve weeks. We’re going to take a little bit of a break and then come back in the spring to do a spring semester again. If you’d like to be a part of the podcast, absolutely reach out to me, firstname.lastname@example.org. Love to interview you and love to have you on the podcast. Of course, now that you’re listening to an episode, you know exactly how it works. I’d love to have you on. Just let me know. Today’s guest is Dan Manley. Dan started his career working at a help desk. That experience set the foundation for his path to chief information security officer at Allstate Insurance. Dan takes a number of points from my book … he actually read it before appearing on the podcast, so that wasn’t exactly fair … and provides a lot of great advice. Here’s Dan’s career journey in his own words. Dan Manley: My career took a very nontraditional path to security. I came from a very large family in a small farming community, so I joined the military in order to get money for college. As I went into the military, I looked for the first job that had the word “computer” in it. Being from a small farm community, I didn’t get a lot of access to computers, and so I wanted to really find a job working with computers, because it just seemed fun and interesting. As I entered that path in the United States Air Force, I ended up as a project manager, which afforded me the opportunity to work with just a variety of technologies. Not just simple computers, but I had the opportunity to manage the installation of encryption equipment and long-haul circuits between locations, as well as just helping folks really understand how to define the requirements of what they needed, putting in basic terms not what they thought they needed but being able to walk them through specifically the functions they were trying to get completed, the timeline [in which 00 = 02 = 27] they needed it for, so that I could help them put a solution in place to meet that need. As I moved down that path in the Air Force for about seven years, it really afforded me the opportunity to also help think about how, as practitioners, we drive change into large, complex, slow-moving organizations. The ability to deal with human behavior and how they adopt change, how they receive communications, was really fascinating, if you’re a people watcher and you go to the mall and look at how people just walk down the mall and pause to look at strange happenings. Working as a project manager really helped me to be able to get acclimated to that. It also really started to introduce me to the notion of security standardization, policies, and standards, and how those mechanisms, as they’re deployed [in an 00 = 03 = 19] organization, they’re not there to be able to tell people no, but are really designed more to provide people guidelines around what is permissible and how [through 00 = 03 = 28] a notion of standardization, we can really help simplify our overall technology architectures. As I decided to get out of the Air Force, having gotten married along the way, I looked for, quite honestly, the first job I could find that would build on my skills and capabilities. I ended up working as a help desk representative for Diebold in Ohio. In that capacity, I would get calls from customers, software engineers who really didn’t know how technology worked in an integrated network environment. This was back in the mid ’90s, and network [inaudible 00 = 04 = 05] was just coming to fruition. We’d get people call in and say, “I have a simple message of duplicate IP address on the network. There must be something wrong with our software.” We had to go back and help them understand, “No, that’s not the product we’re deploying, but is really more about how the network is configured [and 00 = 04 = 24] the client you’re working with.” Again, it afforded me the opportunity to put problem-solving solutions in place to be able to help people achieve their desired outcome. While I was at Diebold working in that environment, I also got some awesome training [really about 00 = 04 = 39] problem solving and really recognizing that there are structured methodologies you can use on how to solve problems. The simple formula of W6H2, which is really, if you think about it, the simple notion of asking questions like what, where, why, when, how often, how much, can really help you when you’re trying to define a problem in terms of how security needs to fit into an organization, but can also benefit you, when you’re in the midst of an incident or crisis, really help [inaudible 00 = 05 = 13] where are the root causes that you need to go look at based on the fact patterns you’re seeing [on any of the diagnostic 00 = 05 = 19] equipment you may have in place. As I made that jump from project management to sitting at a help desk taking technical calls and helping people work through their solution, it really forced me to grow the depth of my security and technical expertise. The boss that I worked with at the time would frequently come in and say, “Manley, we got a training class next week that somebody can’t go to. Are you interested in going?” I would always take it up and take the offer. My boss looked at me at one point and said, “You know, Manley, I don’t think you’ve ever told me no to a training class.” I pointed out to him the company was paying for me to go learn something. In that capacity, it turned out to be the foundation of my career that I was able to continue to build on. It also helped me to understand those things that I feel like I’m really passionate about, which is problem solving and leadership. I think that change from the Air Force, where I was very much directed in what I needed to do, to go into an environment where I was supporting others and giving them direction on how to install software, how to configure security controllers, how to run diagnostics on a network sniffer, really helped shift my perspective on what the things were I wanted to do in my career. Those are skills and capabilities I bring with me to this day. Almost any meeting I walk into, whether it’s an after-action problem resolution call or a discussion from a strategic perspective about what are the things we want to do three years from now related to our security architecture, those fundamental capabilities of being able to define requirements and ask probing questions to get to a root cause have really served me well. The other aspect I would highlight in going through that is that it really helped to accelerate my capabilities. Because I did not go directly into college, it gave me some of the skills I needed to really begin to advance in my career while I pursued college. I think along the way, those training courses really gave me some of the skills that as I was trying to build up my resume and look for my next job, helped me to offset the fact that I was taking the slow and steady path to my degree, and really helped open opportunities for me as I looked at other positions that might be of interest to me. For some personal reasons, I then left that help desk position to be able to go work for a bank down in Florida that was ultimately bought by Bank of America. What was really cool about that role was I had the opportunity to work through a merger and acquisition. As we were bought by what is today Bank of America, I got to see how large companies come in [and can 00 = 08 = 09] really convert infrastructure and technology very rapidly. We went from at the time what was an OS2 token-ring network to a Windows-based Ethernet network with integrated call center applications, all within a matter of about six months. In doing that, it also opened me up to, how do you start to design some of those access control issues, access control systems that relate to a call center agent being able to log on to voice and data systems simultaneously for an integrated delivery package, while also working through the notion of, how do I provide access capabilities for a [remote administrator 00 = 08 = 50] administrator to come into our telephone switch and be able to help us configure call flows. From that position, I then looked at, what did I want to do next? I had the opportunity to go into consulting. I had that for a total of fifteen years. It was very mind blowing to me to see how consulting is so much different than the role I had working for a company in industry. I found that within less than two years, … I was just thirty at the time … I was sitting in a room with a partner from the consultancy, speaking to a CIO about what he needed to communicate to the board of directors around his security and disaster recovery program. It was fascinating to put it in the context of the business to understand there are things you want to openly put into a document. There are things you may not want to include in the document but you want to speak to, because of the potential that those elements could be disclosable and could ultimately affect shareholder price. In moving into that new role, it really helped me think about how the work we do in security, whether it’s assessing an infrastructure system, designing the system, actually helping to push it out, or ultimately coming in to do follow-up review and monitoring of that program, the work that we do on a day-in day-out basis has value to the goals and objectives of a corporation, and that we need to think about how we communicate things, in words or in email, because they ultimately can have a direct impact on the success of a company’s share price, but also how they can negatively impact potentially regulatory standing and things of that nature. Working for the consultancy, I also had the opportunity to learn how to go in and audit IT systems and be able to communicate the importance of control and how they relate to the business in ways that the business could understand. I think that was a skill that I was really lacking until I got into that world. The example I would share is at one point, I did an assessment of a company that had no tape backups on their servers. I was just flabbergasted by that. When I went to the manager at the time to review my findings, I said, “Hey, they don’t do tape backups.” He grinned at me, and he said, “So?” I was just shocked to say, “We always do tape backups. You want to be able to do that.” He continued to challenge me until I was able to articulate failure to do tape backups means that in the event of a disaster recovery, you’re not able to restore the systems to the original state, and that in the context of the business, if you can’t restore system configurations and ultimately data, you can negatively impact the business’s ability to go on as a successful entity. I think what I took away from that total experience is the importance of understanding how, as technologists, it’s very easy for us sometimes to talk in terms of bits, bytes, version numbers, and the like. We lose sight of the fact that we don’t just do technology for the sake that it’s fun. We do security and technology because it adds value to the business. If we can’t articulate that, we’re going to struggle in our careers and our ability to move ahead. Communication skills I think have served me well since I learned that lesson, and it’s something that I will take with me forward in my career. As I was in KPMG, the other aspect that really was helpful to me is, as I’ve walked through my career, you probably hear that I spent a lot of time with folks on technology in the security space. Working for Diebold, we dealt with a lot of electronic security systems. Working in banking, obviously there’s a lot of security controls around authenticating customers and users. As I worked at KPMG, I felt like I really started to align with the security industry in general. Part of the reason for that is I think it felt like home to me. As I got into the notion of my career starting in the Air Force, which was very structured in terms of policy and standard, security felt very comfortable for me, as I started to look at ISO standards that were being defined, and being able to go in and understand in very clear and concise terms how you could break down the [domains of ISO 00 = 13 = 22] and you could look at the individual controls that supported that. In my mind, the way I look at problems and the way I break those down, that was a very logical construct for me. Then as I coupled that with my ability to go talk to the business and put those terms in phrases that were meaningful to the business they were trying to provide for their customer, it was just very helpful to me. It encouraged me to go down multiple paths even in security. Even as I began to specialize, I didn’t feel like I was pigeonholed to only be an access control individual. Security [inaudible 00 = 13 = 57] notion of confidentiality, integrity, and availability opens up your world that if you want to do things that are very technically focused, like network configurations and firewalls, you can do that, but you can also expand your horizons to focus on the notion of disaster recovery and availability management. I very much enjoyed that. Where I progressed to, though, was also really to become more of a risk management type individual, being able to identify potential points of failure and communicate risk in ways that are more constructive than just saying, “That’s risky. You don’t want to do that.” The consulting activity really helped me to be able to come in and quantify that and be able to say, “That’s high risk for these three reasons. It’s not allowed by regulatory matters. It could present reputational impact. Operationally, you’re positioned for a greater likelihood of fraud.” I think that that has helped me how my career progressed over those fifteen years, from starting out as just a technologist who focused in the security space to starting to become more specialized in the security world, to now I feel like I’m a security leader, and it’s incumbent upon me to really take that notion of risk management out to the other parts of the business to help them understand how the work that we do within a security organization is very important to their broader business objectives. About two years ago, I realized it was becoming time for me to leave consulting and go back into industry. A number of reasons that contributed to that. As I looked for what my ideal role was, it really required that I do some soul searching to say, “What’s the work that you like to do? What is your brand, and what is the position that you want to have if you leave consulting and you go to industry?” It made me take inventory of my career. It helped me understand that the things that I’m really good and passionate about are being a problem solver, a change agent, and being a people leader in the world of security. It really helped me to understand that the type of position that I was looking for was perhaps less about being a manager of firewall teams and less about being a security architect, and is probably more about being a leader of security organizations. I have found that my career is currently moving down the path of being a security leader. As a result, as I left consulting and I’m now with Allstate, I’m really enjoying that world. It’s an opportunity for me to start setting the strategy and vision of where Allstate’s security program needs to go, helping to educate the business on what that looks like, and helping to build a team of practitioners that will enable us to be, as an organization, to be able to meet that strategy and vision. I’m really having a great time doing that. I also [take stock in 00 = 16 = 56] the fact that my career has a lot of years [yet 00 = 17 = 00] to go in it. As I’m looking at the work I’m doing today, I still have an eye towards the future to say, “What are the things I want to do? What are the skills and capabilities I need to keep honed so that I’m very marketable as I look forward?” In preparing to talk with you, one of the things that occurred to me was when I look back [at where 00 = 17 = 21] my career started in 1987, not to age myself, but clearly cell phones didn’t exist, networks didn’t exist, a lot of the security constructs and products that exist today, like identity and access management tools, were not really even contemplated yet. Looking back over that career, it makes me [inaudible 00 = 17 = 43] where are we going to in the future [and 00 = 17 = 47] how do I make sure that I’m positioned to be able to keep moving that forward. Along the lines, I’ve had some really great mentors that helped me learn from my mistakes, but have also helped to make me very self-aware of what my capabilities are and what I’m passionate about. I think it’s important as I look at my career, and I would pass along to others, important that you find those mentors that you can look to and learn from. It’s not a factor of you need to have one mentor at any given time. I’ve found that I’ve had multiple mentors at any point in my career that I’ve relied on in different situations and scenarios. I think in the world of security, we need to rely on each other for advice and counsel sometimes, whether it’s, “How do I position this in business terms?”, or “Can I consult with you and just benchmark on how are you guys running your firewalls?”, so I make sure that I’m keeping pace with what others in the industry are doing. As I look back on my career and how I got to where I am, I thought it’s important to make [note knowledge 00 = 18 = 52] that I’ve only been successful in my career because those people that have gone before me have helped give me good counsel and advice in how I handle situations. With that, I’ve been able to successfully complete my degree, going the slow and steady route. I’ve also been able to achieve several security certifications that I think have benefited me well. [Inaudible 00 = 19 = 15] look at how I’ll grow my careers and experience moving forward. Jay Schulman: Fascinating background. Underlying throughout your entire story is this idea of education, and so I have a couple questions on education. Going all the way back to, I think it was Diebold that you said, where you never turned down a training class. Did you know that that was going to be valuable, of taking this wide variety of training classes, or was it just really interesting? What made you always say yes to those training courses? Dan Manley: I had no idea how valuable it would be at the time, admittedly. I just liked to learn things. I’m curious by nature. Some of the courses that I had the opportunity to go to were everything from how do you [run 00 = 20 = 00] twisted-pair cable [to 00 = 20 = 02] support a security controller, to how do you really start to decode and troubleshoot software [inaudible 00 = 20 = 08] using a software that’s actually no longer used in the industry. For me, I just enjoyed learning new things. I suspect at the time, it was probably an opportunity for me to just get away from answering the telephone on the help desk that I worked on. As I reflected back, I found that skills and experience I got really helped me to be proficient at what it is I do. The example I would share with you is that I worked with certain individuals who had achieved their Windows NT certification at the time. The majority of those individuals which we hired directly into our department really didn’t even know how to install and configure Windows NT, but they had the certification, as opposed to me. I didn’t have the certification, but I’d gone through the training and done the practice on my own in labs and at home that I was quite proficient at it. It became readily apparent as performance feedback on how I was doing day-in day-out that I was more effective and more efficient than some of my peers, because I didn’t look at it as just trying to get the certification. I really wanted to learn it, understand it, be able to put it into practice. I feel very fortunate that over the multiple years I was at Diebold, I think I went back and calculated that over three years, I had the opportunity to go to about thirty different training classes that were all a week to two week long. It’s given me capabilities that I still rely on today. Jay Schulman: That’s what’s so important. I think one of the reasons that I do the podcast is that you didn’t know at the time how valuable it would become. All of the people early on in their career right now who are presented with a training class may be far outside of what they want to do or what they do on a daily basis turn those trainings down, not really thinking about the long-term impact. Shifting a little bit to your delayed degree. You talk about how security has changed since 1987. I think the education world has changed, as well. You go back to school to get your degree throughout your career while working. Thinking through how the education market is today with things like Coursera and edX and all of these ways to learn without getting a degree, do you think you’d do it differently? Would you just self-learn, or do you think you’d still go back and get that college degree? Dan Manley: For me, I think college [inaudible 00 = 22 = 29] beneficial. It’s only that in certain points, having a bachelor’s degree or an associate’s degree is something that differentiates you from your peer group. At the time I started out in my professional career, there were not specific disciplines focused on security. However, today, I see kids exposed to so much technology. I think it’s going to become increasingly challenging for individuals to really differentiate themselves from their peer group. The importance of whether it’s having an associate’s, a bachelor’s degree, or having certifications, those forms of education are going to help to demonstrate your proficiency and your ability to complete a [inaudible 00 = 23 = 15] objective. The example I would share with you there is I have an eleven-year-old daughter. She’s in middle school. At age ten, she obtained an iPad … her day-to-day curriculum. Fast forward ten years from now. When she’s out of high school and she’s progressing through college … of her peers will have had that same amount of access and exposure to technology platforms. Folks that are starting their career today really need to make sure that they can demonstrate that they haven’t just picked up some of those skills from playing with computers at their home, but they have some degree of formal education around constructs, if they really want to continue to progress within their career. To some extent, that’s going to be a personal choice of how far and how fast you want to move through your career. That’s really what I’ve used to inform the type of education program you go for. For me, I learned pretty early on that I wanted to move down a path of leadership and moving up as a senior executive. It became readily apparent to me that I would need at least a bachelor’s degree supplemented with those other certifications to demonstrate my ability to lead teams and organizations within my particular field. Jay Schulman: Just to bring up something you said at the very end of your career journey that you just brought up again, you mentioned three things that you’re really good at that make you a great security executive, and none of those things had anything to do with security. How throughout your career have you been able to pick up your problem-solving, your managing-people skills? How have you been able to do that when that hasn’t necessarily been part of your day-to-day job? Dan Manley: That’s a great question. For me, when I worked at Diebold on the help desk, I actually picked up problem-solving skills, because if you think about when you answer that phone and say, “How can I help you?”, the first two to three minutes are people just [spouting 00 = 25 = 10] their emotion that this thing doesn’t work. You pick up interpersonal skills of helping people to calm down, let their emotion out, so that you can move past that emotion to get to the point of, “Let’s talk about what the facts are. What’s working? What’s not working? What happened just before it broke?” That portion of my education helped me to develop that [inaudible 00 = 25 = 34] process. As I interview people coming out of college, quite often that’s one of the questions I love to give them. “What’s your approach for solving problems?” [Inaudible 00 = 25 = 44] people’s response to that. “I’m really smart, and it comes intuitively,” or “I just try to figure it out,” or “I just start changing things without really a method or an approach, and it usually works out for me.” If you contemplate how in the security world as we can become more complex and more interconnected across enterprises, we’re going to have to be much more methodical and be able to define, “What’s the nature of the problem we saw? When did it develop? Where in the transaction flow did it occur? How do we make sure we rely on the tools and diagnostics we have available to us to be able to really troubleshoot problems in a very rapid fashion?” As a change agent, that’s really about being able to persuade people to your way of thinking and being able to do it in a way that people don’t always feel like you’ve influenced their thought process. Organizations moving forward, because so many people are becoming technology aware and technology savvy, more and more people have a view as to whether they’re a Mac person or a PC person. Do I want a kernel browser, or do I want an Explorer browser? Being able to work through which app is better. Am I an iPhone or a Samsung person or a Android person? I think our ability as individuals to be able to influence people on the pros and cons of whether a technology or an approach is really going to help you to be able to do the things you want to do within an organization. Those softer skills, while they don’t directly relate to security, they’re tools that are in my toolbox that I have to draw from pretty much every day when I answer the phone or when I walk into a meeting. Jay Schulman: That’s outstanding points and great foundational knowledge. Let’s transition a little bit. We ask everybody these two questions, and so we’ll start with the first question. Thinking back through all of the decisions that you’ve had to make with your career, is there one decision that you really agonized over, it was something you were really nervous about potentially, but in the end, man, it really worked out in your favor? Dan Manley: Yeah. I would say it was my decision to leave the Air Force. I was doing really well in the Air Force and thoroughly enjoyed the camaraderie of it. My decision was due in large part to my family commitments. I was being considered to, about to get shipped over to Korea for a year and a half without my spouse. As a newlywed, having been married less than a year, it didn’t really sound like a solid foundation for a long marriage. As I looked to leave that structure and that comfort of the US military, I moved into the commercial sector. The interview I had with Diebold was at the Excalibur Hotel in Las Vegas. I got to tell you, I feel like every question, I didn’t have the answer to. They were things as simple, “Have you ever worked with [S2 00 = 28 = 39]?” “No, but I would love to learn.” “Have you ever worked with FoxPro?” “[Inaudible 00 = 28 = 44] Microsoft Access.” As I really reflected on that decision to leave and as I completed some of the job interviews, I did not feel well prepared to enter the job market. I think that while I had good practical work experience as a project manager, I hadn’t done enough work really to build up my technical skill set for the position that I ultimately stepped into. I chalk it up to a little bit of luck and a really strong boss who was willing to take a chance on me that I got offered the position at Diebold. Then as I stepped into it, I gave it a hundred and ten percent. It really paid dividends, both in terms of me putting in the work effort and taking advantage of the opportunities that [were put out 00 = 29 = 29] in front of me. I really feel fortunate that I got the opportunity to go to work for Diebold. I’ve really tried to take full advantage of it, not only while I was there, but to continue to bring those skills forward in my career. Jay Schulman: I have found some of the most talented security people coming out of the military, but they often face a culture shock potentially or a pretty big difference in culture from the structure that you talk about in the military to a little bit less structure in the corporate world. Did you feel any of that culture shock? Dan Manley: I [absolutely 00 = 30 = 03] did. It was from things that are as silly as, in the military, you get up every day, you don’t [inaudible 00 = 30 = 09] wearing to work. In the Air Force, we had a dress uniform, and we had our fatigues. You get up, and that’s one less decision you have to make. Additionally, in a day-to-day activity, you don’t really have a lot of flexibility to go out and explore new technologies, take advantage of innovation, because they’re such a large organization. Those are concepts that are now I think just starting to permeate the environment, that they’ve got some room to experiment, innovate, and really raise your hand and say there’s a smarter, faster way to do this in a more secure fashion. As I left, those were all elements that I struggled with. Now, as I go into organizations, I’ve got a willingness to be almost a disruptive leader, to raise my hand and say, “There’s a better way to do that. Have we thought about doing this, that, and the other thing? I think it’ll pay dividends for us. It’ll be easier, faster, cheaper, less risk.” As you start to build your compelling argument, people are willing to listen to you. Jay Schulman: That’s great insight. Everything that you’ve talked about so far has been perfect. Nothing has gone wrong in your career so far. Let’s talk about that for a second. Is there a point in your career, is there something that in hindsight you’d love to do over again, and how would you do it? Dan Manley: For me, the theme throughout my career has very much been about education. I would say that I wish earlier in my career I had spent more time really reading and developing my writing skills. My ability to process information extremely quickly I think has been … I’m a slow reader, if I’m blunt, which means the ability to consume the volume of information we now see coming in through RSS sites you may sign up for, just being able to go consume the latest technical journals, I think your ability to read quickly and really process that information is important. I wish that earlier in my career, I’d spent more time really reading information to just get better at it. What goes right along with that is I wish I had taken a little bit more time to really focus on financial management and some of those accounting classes. Despite the fact that my consulting experience was with an accounting firm, I will profess through your podcast, Jay, that it took me three accounting classes before I passed. Now, as we build compelling business justification for the work we want to do in building new networks and going after procuring new systems, going through licensing agreements, those things are becoming more complex. My ability to understand the financials of that within the context of a large corporation are really important as I’ve chosen to go down this path of being a security leader. I think given that I chose to go down the path that I did, those are elements I think I wish that I had focused on more earlier in my career. The technical aspects of my job would still benefit of that, because again, as new trade journals come out or as new technology deploys, I’ve got to spend a lot of time reading up on that and doing research. Those same skills come in and would help me as I look to be more proficient at the aspects of the work that I do. I see this as the US government [inaudible 00 = 33 = 29] is trying to advance the notion of the NIST cybersecurity framework. As organizations and as practitioners, we’re going to be pushed to do a lot more documentation around how our systems are designed, how they’re operated, how they’re maintained. Even though I like to do technical security work and I want to go play around with the software and play around with the systems, I’m ultimately going to need to be very efficient in documenting that, so I can explain to regulators and auditors, or even my boss, how we have systems set up and configured. I go back to your question to try and sum it up. I wouldn’t undervalue the importance of your English classes, your business classes to help you be a successful security practitioner moving forward in your career. Even if you choose not to be a leader, but you want to go to maybe a mid-tier manager of a technical platform, you’re still going to need to do budgets for your team. You’re still going to need to do cost justifications for licensing of your products and services. If you want to put a new firewall, you want to move from what you had to a new Palo-Alto-based system, you’re going to need to be able to do a business justification for that. Having those skills early in your career putting [them 00 = 34 = 40] into practice will help you as you try to get to your ultimate goal and outcome. Jay Schulman: I can hear a teenager right now saying, “When am I ever going to use trigonometry in the real world?” There have been a bunch of people on the podcast that talk specifically about opportunities that they missed in their higher education where, I don’t want to say they blew off a class, but they weren’t really invested in it, and it came back to haunt them. As you point out, having those skill sets is so important that you’d never realize it. I think that that point is well taken, so thank you. That is it. Thank you very much for being on the podcast. Is there anything else that you want to add before we go today? Dan Manley: No. I just want to say thank you for having me. I’ve enjoyed listening to your podcast, and I’m excited and honored to be part of it. Jay Schulman: Thank you. Thanks to Dan for joining us today. I will pitch you once again, have we heard your career journey? Of course, if you’re one of the twelve guests that I’ve had on so far, you’re saying, “Yeah, Jay. I’ve already been on the podcast.” For everybody else, I’d love to have you on the podcast, especially in season two coming up in the spring. Please reach out to me at email@example.com. Send me an email. We’ll talk about it. We’ll schedule a time. You now know exactly what it’s going to be like to do it. For everybody else who does not want to be interviewed, I just wanted to thank you for listening to the first season. We’ve had an incredible journey here on the podcast, a lot of great guests. Thank you to all the guests and many, many listeners. I appreciate all of the positive feedback that I’ve heard here. Speaking of positive feedback, if you’ve found this podcast valuable, let me know by leaving a comment in iTunes. It’s really important to help others find this podcast is actually through the review program in iTunes. It helps bring this podcast right up to the top. To finish out season one, thanks for listening to this episode of Building a Life and Career in Security Podcast. If you are not already a subscriber, please subscribe to the podcast on iTunes or at jayschulman.com/podcast. Thanks again. Speaker 2: Thank you for listening to the Building a Life and Career in Security Podcast with Jay Schulman. For more information and to subscribe, go to jayschulman.com.