Why Security Leaders Must Think Like Tech CEOs with Emilio Escobar

Transcript

[00:00:01] Emilio: When you hire somebody, it’s always a bet, and you have to make bets. And a lot of times, an organization isn’t ready for a particular hire or a particular hire isn’t ready for organization. It has happened in both ways for me in my career, especially in security because security, you have to hire people that bring an energy and a DNA that, a, aligns with the DNA of the company, but can be foreign enough to introduce the change that you’re trying to bring. And that’s always very difficult to drive. And, yeah, sure, I’ve had my share of flat hires, but ultimately ends up being about what does organization need? What are we trying to achieve?

[00:00:35] Intro: Welcome to Signal to Noise by Riviera Partners, the podcast where leading executives share how they cut through the noise and act on what matters most. We go beyond the headlines to explore the pivotal decisions, opportunities, and inflection points that define their careers and shape the future of the companies they led. It’s time to cut through the noise and get to the signal.

[00:00:58] Ali: Welcome to Signal to Noise. This is a special occasion for us here at Riviera. We have a past placement who agreed to join us today, and it is none other than Emilio Escobar, rock star CISO of Datadog. And Emilio has an incredible background, and we take a lot of pride in his experience. Emilio is twenty sixteen when we placed you at Hulu as a director of security, and it’s been amazing to see your career grow. And so happy to have you today.

[00:01:34] Emilio: Thanks for having me. It’s been quite a while.

[00:01:36] Ali: Time flies. Yeah. Well, just jumping into it, Emilio. Lots going on right now in security, a lot going on in tech. You’re at the forefront of a ton of interesting conversations. Right now, what signals are you paying attention to, and what noise are you trying to block out? Definitely.

[00:01:59] Emilio: So a lot going on, and I think security has always had that element of being able to filter out the things that you don’t necessarily care for because there’s just so much into it, especially in the vendor landscape. But the signal that I’m actually keeping a close look into and and tuning into is it’s, I mean, I’ll I’ll be remiss to say if I didn’t say AI. I think there’s definitely a lot with it. It’s also a signal that I’m also tuning out, uh, and I can explain. So I will say AI for both. So why am I paying attention to it is is is a lot where the innovation is happening is there. Like I said, I think there’s a lot of promise in what AI can do specifically in in all elements of software development and and infrastructure and all of that and security. And I work for a company that is actively and heavily investing in AI as well, so I’ll I’ll be doing a disfavor to my day job if I wasn’t paying attention. However, I also think in security, there’s a lot of noise when it comes to AI. Things like I mean, bad actors are always gonna use everything available to them, but just a focus on bad actors using AI, not not a lot of focus on defenders using AI or AI security implementations that aren’t necessarily what I think are gonna make people tick and where their needs are. So it’s a little bit of both. It’s how much investment is being made in AI, what is growing, what is building, what are people using, what are people are trying to do, what gaps they are internally for my team or I talk to as we’re also building products? And then what are the things about AI that just don’t make sense right now to me? And I definitely don’t wanna keep or make myself busy with any of that.

[00:03:30] Ali: All makes sense. The topic of conversation with anyone in tech right now, the landscape’s changing so fast, especially in security. What in your backgrounds or what collection of experiences in your background has prepared you for this moment to be able to lead your teams and lead the industry as security pros figure out what’s important in this age of AI?

[00:03:54] Emilio: I don’t know if I can pinpoint a particular skill. I think listen. I think I think it starts with curiosity. So I’m an engineer as a background. I I I have a software development background. I don’t come from the traditional audit or IT space. I know that there’s anything wrong with it, but I I’ve always been curious about how things are built as I also have built software and still do. And whenever I have free time, I I have a few hobbies where I’ll work on an own little app here and there. So I think it’s been that curiosity that, a, got me into security, but, b, has kept me busy as an engineer and as I’ve grown as a leader. So that always desire to learn, get into the code and the bits and bytes of things, I think helps me a lot here at Datadog, but also just in general to stay close to what’s happening in the space. And I also try to or talk a lot to other people about how they’re seeing the problems and how they’re dealing with the problems. So having a network of CISOs has helped me, like minded and not like minded, has helped me understand how the world sees these problems and whether I can give feedback and go, uh-huh. This is where I think people are talking to. So I use that as a feedback loop internally for what we should build for, where we think people or problems are, and how we can help solve. But then, again, as a technology, it’s just curious about how people are struggling with technology and where these other companies are building things that align with those problems as well. So, you know, you see the the boom of things like Cloud Code and and Gemini and Cursor and all these things that are coming out of there is exciting that we are close enough to live in a world where the programming language that you need to know is your human language or whatever natural language it is, whatever language you speak. And even seeing companies that are getting funded that are building chatbots for non English speaking countries as well is really exciting to see. And I think what AI is causing is sort of that boom in technology everywhere in the world where before you will see it concentrated in The US and some parts of Asia and some parts of Europe. Now it’s sort of being developed across the entire world, so that’s super exciting.

[00:05:54] Ali: Switching gears just a bit, it’s obviously a pivotal moment in tech right now. But focusing back on you, what’s been a pivotal moment in your career, in your leadership journey? How did you navigate it, and what came from that pivotal moment?

[00:06:11] Emilio: You know, I think if I were to look back at a few pivotal moments of my career where it’s turned my the way I see the world or the way I carry myself and maybe have led to have become stepping stones for me in my career is I wanna go back to when people have given me honest and blunt feedback. Like, he said, you guys placed me at Hulu. Hulu was an interesting place to join. When I joined, it was a really small team. The program was pretty nascent, and Hulu was heavily investing and working on the live TV offering that they were working on on launching. And it’s, you know, one of the first things that any security leader should learn, and I I think I have a blog post about this is, what are you doing your first ninety, a hundred twenty days, and what have you? And I lived through that. Right? And it was the ideally, I learned the hard way that the best thing for and I just met with a cofounder of a company that I that asked me, like, what should I expect a CISO to do in the first couple months? And I’m like, the best performance indicator that I should expect from a CISO or a security leader to do in the first six, nine months or whatever is shut up and listen. And so I think one pivotal so Hulu had a bunch of pivotal moments and same thing at Datadog, but I remember a Hulu coming in hot. Right? I just got my first, you’re gonna lead the entire program role. You know, you might say I walked in with a chip on the shoulder, which was actually direct feedback that one of my who ended up ended up being my boss for a while, and then I grew and then ended up being a peer at Hulu gave me. And I remember committing Hana saying, well, we have all the security things that we need to do and that we need to work on. And and the CTO back then said, like, okay. What do you want? Tell me something I don’t know. Right? And I was like, woah. Like, what do you what do you mean? And that was, a, when I realized, like, okay. They hired me for a reason. Then then they hired me to just put their problems in front of them. But, b, I started thinking about, like, okay. What are the top problems that people are concerned about at this point? And security may not be it. Right? And that’s totally fine. That’s when I got to accept and realize that security may not be it. And there were a lot of things that at Huddl weren’t built that were needed, especially for a live TV offering, that then I started to think about, wait. But if I help build this, this is how the security program benefits indirectly or directly. So then I spent a lot of time and energy doing that. So I work with colleagues and partners on building things like monitoring of the environment, observability, visibility. Ironically, I ended up a Datadog after that, but right but it’s, um, problem management. How do we actually know when things are going bad? Like, how do we react to an outage and things of that nature that ultimately, I said, well, if stuff hits the fan in security and we’re not good at solving a reliability issue, we’re definitely not gonna be good at solving a security issue. So I started helping with that in whatever way I could. I remember being active on incidents that have nothing to do with security just to see how people were doing it and how the storm started to eventually how the things actually became a little bit smoother and calmer. And then I was like, okay. Here’s where I can interject security here and there. So I think that was one pivotal moment then followed by that direct feedback that I said of, like, you got a chip on your shoulder. You need to tone it down. And once I tone it down, it was more of a partnership model, then things sort of escalated for me there. They They did all getting promoted to VP and all of that. But, usually, what I think back is finding the people who are willing to give you the feedback and taking that feedback and actually internalizing it, not just dismiss it as as somebody who doesn’t like you or something like that. Same thing at Datadog where, again, it’s been five years already, but, um, when I joined the team and the function was much, much smaller, now it’s a lot bigger, and and we’ve combined SRE and security and all of that. Like, we’ve we’ve actually done some interesting things, but it’s been relying on people who I know are way smarter than me to tell me this is what we need to do, first of all, and also here’s where you can improve and being able to take on that. And realizing that at Hulu and at Datadog, every day has the day where I’ve done my function at the biggest scale ever in my career. Meaning, I don’t have all the answers, and and it’s okay to try things and make mistakes and and leading a function that has that mindset as well. But, again, goes back to somebody pulling me aside and saying, this is where you’re messing up. This is what I see and internalizing it.

[00:10:15] Ali: I mean, great segue into my next one for you. So Hulu and Datadog, fast paced, high scale, I’m sure high pressure environments in many different respects. How have you identified the right type of talent as you’ve scaled security programs exponentially at both places?

[00:10:36] Emilio: It’s actually, uh, one of those things where you can try things and fail and and learn. When you hire somebody, it’s always a bet. Right? Like, you you and you have to make bets. And a lot of times, an organization isn’t ready for a particular hire or a particular hire isn’t ready for organization. Right? It has happened in both ways for me in my career, especially in security because security, you have to hire people that bring an energy and a DNA that, a, aligns with the DNA of the company, but can be foreign enough to introduce a change that you’re trying to bring. And that’s always very difficult to drive. And and, yeah, sure. I’ve had my my share of of bad hires, but ultimately ends up being with about what does organization need, what are we trying to achieve, and who do I believe brings that DNA that’s gonna make it happen. Right? Execution is everything in my opinion. Like, right now in this podcast, I’m saying a lot of words, but at the end of the day, results are what matters in my opinion. So people will say a lot of things, can act one way on the interview. It’s always very difficult to know how somebody’s gonna act. Second to it is in these two companies where it’s hyperscale, high growth, you may be able to do work fine one year or two years, and after that, you know, you may not have the right person for the right role. Something I evaluated by myself, candidly speaking, of, like, am I the right CCO for this company at this point in time? And my opinion of myself has gone from no to yes to and then that’s I go go back to that feedback that I mentioned. But to me, ultimately, is are we delivering the right thing? Is this person being an element of change in the things that we need to? And is this the DNA that aligns well with the company? So example of that is my security leader right now at Datadog doesn’t have a twenty plus year career in security. She owned cloud infrastructure at scale and then recently had taken on cloud security recently when we hired because I knew that was a DNA that I needed for security. It was more of an an execution delivery arm versus an operation consultancy arm. And we need all of it. But at Datadog, what makes us successful is that delivery aspect, not the let me let me write a a checklist and send it to you and and hope that you do the things. And we wanted that DNA. So, again, going back to a bet, it was

[00:12:44] Ali: a bet that has been paying off pretty well. So looking back at your career, you did a little stint as an engineer for the government. You’ve been in consulting situations, Sony. Right? Go over to Hulu, now at Datadog. I mean, you’ve been in a lot of different types of businesses. And I think oftentimes in tech, we try to pigeonhole folks into one area or another. But what do you think about your experience has enabled you to move across these different types of businesses, and are there any lessons there for folks hiring in this industry?

[00:13:22] Emilio: The one thing that’s clear is that I haven’t had a career plan ever in my life, uh, and I respect people who do. I I I once had a a a direct employee of mine who had a five year career plan built out, and I always like, oh, man. Like, you know, you’re way better organized than I am. So I always saw the opportunity and took it, and that’s sort of how I’ve landed where I’ve landed, but I wasn’t necessarily looking for where I landed when I ended up landing there. That makes sense. So I think we’re going back to my career. It was like, what selfishly speaking, it was like what I thought was interesting at the time when I was doing it and the decision that I made. So I went to you know, got my computer science degree. The NSA was hiring. I thought, like, hey. This is kinda cool. I mean, I that I should just give it a shot. I did it as an intern, joined as a full time, did a couple years as a contractor. But, But, again, it was because the opportunities seem interest at the time that they were presented. And, eventually, I started doing more security than just straight out software development, and I kinda kinda, like, hey. This is this is interesting. And the way that it started is I had a friend who I was working with or colleague who I was working with ended up becoming a friend who knew somebody in a security consultancy company, and they knew they were looking for software developers who knew how to break code and break apps and help them with some assessment. So I started doing that as a subcontractor while also having a day job. And I’m like, hey. I’m getting a hang of this. I think I’m pretty good at it, and this is fun. Uh, you get to find things and then walk the customer through what you found and recommend solutions and things like that. It got a little disappointed when, like, a year later, you will find the same things, but that’s just part of the course. And then so there’s, like, hey. We’re actually looking to hire you full time. Are you interested? I’m like, yeah. I can see myself doing this for a while because you get to what I wanted out of my career was get exposed to all kinds of companies, and that’s what consultancy did. I had customers that were super large enterprises to 20 people startups. And I got to see how software development was done in all these different places and what their concerns were and how they were able to solve the problems. Right? Some places were, like, so much red tape to just get a line of code change even though this line of code was a thing that was, like, allow me to get a bunch of stuff that I shouldn’t have. While other places move too fast, well, then they were like, okay. We fixed it. No. You didn’t. We fixed it. No. You didn’t. So So then he kinda gave me an understanding of, like, is it better to wait six months for one fix, or is it better to try multiple things so fast that you were able to error, you know, course correct so quickly? And that was, like, my first exposure to to fast paced. Because the government is not fast paced. And consulting was fun, but then a lot of travel, you know, kinda got a little difficult, and I got to meet the PlayStation people through that. So then I decided to just join them because I knew the problems that they were dealing with and all of that. So it’s been, unfortunately, it’s been being at the right place at the right time, but also being open to that opportunity of, like, when kinda like when you guys reach out to me about the Hulu role, I wasn’t looking for, like, owning an entire security program. But I already knew that where I was at PlayStation, it’s like, hey. I’m kinda hitting a ceiling here, and I need to need to find we need to work in a way to find a bigger scope for me within PlayStation or I need to find something outside. And then sort of being at the right place at the right time, you’re you know, you guys reach out and and it’s like, hey. I actually didn’t consider this, but let’s just why not? Let’s have the conversation. And this is, like, career advice I give a lot of people who ask me they’re early in their career, like, what they should do. And I’m like, if the risk of doing an action isn’t something that’s gonna destroy you or kill the bank or, like, put you in a position that you wanna be, then take the risk. And the risk starts with, let’s have a conversation. Who knows? Like, conversations are free. That’s one advice that I give people. But but, yeah, I think every place has gotta give me an exposure of different things. Ironically, I left the fed government, joined Datadog to start working on FedRAMP. So it was like, I thought I left that world for a good reason, but then there’s good reason why I’m getting dragged back to that world. But then talk about two different worlds colliding, right, where a Datadog two weeks is a sprint, and the government, you don’t get anything done in two weeks. Right? So I remember one time I had interaction with a sponsor in the federal world that we were talking to, and they said, we’ll get back to you in two weeks. And Olivia asking me, like, can they move fast? And I’m like, do you don’t get it? This is them moving as fast as possible. So perspective matters a lot. Right? So I think it’s given me that perspective of different parts of industries that, uh, I think is I don’t know. Maybe it’s helped me where I am today.

[00:17:37] Ali: Yeah. And we’re seeing the CISO role evolve a lot. Right? And you’re talking to different companies all the time giving advice. Where do you see the CISO role headed? And folks who are getting to that step in their career, how do they need to be thinking about their skill set and what’s necessary to thrive in a role like this moving forward?

[00:18:00] Emilio: So, yeah, so the CECL role is definitely changing. I think one thing that companies are starting to realize is whether you like it or not, you’re a technology company regardless of what industry you’re in. Because without technology, you just can’t get the business done. Right? Whether you’re in manufacturing, health, whatever, you rely so much on technology that the CECO role is starting to shift more to that technology’s role. But you can’t just be a straight up technologies guru and not being able to talk other problems. Right? So there are two changes happening with the CISO role. One of them is, in my opinion, is shifting more towards, like, like, we want somebody, and this is what I see and and hear from founders and CEOs when they ask me for advice on on CISOs is they want somebody who can actually align really well and guide them, not speak bits and bites depending on where you are that may be needed, but mostly is advising the business what is a good technology strategy if you’re aligning with the c CIO, if there’s one, or the CTO for how do you carry forward this technology plan in a way that’s safe. Right? As as safe as it needs to be. I think it’s it’s really the caveat. Right? Because, you know, the safest thing is to not do anything, and then you don’t take on any risk. So there’s that’s a change happening where the profile of the CISO is going beyond the, hey. We you know, you you’ve been in compliance for so many years. You’re gonna lead it. I think the profile of LEO background is good, but I think there needs to be that technology element from what I’ve seen in my conversations. The second thing about the CISO that’s changing is you’re no longer just an IT leader. They’re looking for a partner. And this is one thing that I’ve maybe have an unpopular opinion about is for longest time, CISOs have actually been asking for, like, the c in front of CISO to actually matter and mean something, but yet they don’t understand or sort of push back when they realize what does it mean to actually have a seat at the table. And the perfect example of this was when the SEC came out with potential liability for CISOs, and there was a lot of uproar about it. Now granted the Fed did it in a way that the Fed did it, which wasn’t the best way to do it, and that’s how they operate. And they start here and then slowly start getting to where they need to be in time. But the biggest uproar that I saw was, like, this pushback against liability. And my conversation and my comments, which were not popular back then and probably still not is, well, welcome to the c suite. You know, the CFO is liable for accounting errors. So is the CEO. Why shouldn’t a CSO who’s part of the c suite also not be liable for negligent decisions on the risk management? I think that was a starting point of me realizing, uh, this is where the role is also going towards. But then internally, in my conversation with Datadog and then, like I said, when I talk to the CEOs, they’re looking for a partner. They’re not just looking for somebody to be like, you think about security and nobody else is. It’s from a security mindset, help us think about the business in general and how we should structure it, where should we drive it, how do we think about geographical expansions, and things like that is is becoming a huge part of the role as well.

[00:20:51] Ali: I keep saying to folks, this job is getting harder and harder as if it needed to be harder.

[00:20:56] Emilio: So my opinion of that is I don’t think my role is any any harder than than any of my other counterparts in the c suite. Every role has a level of complexity. I think the way that we had defined the or challenge that I’m seeing or maybe my opinion is, and I’m curious on what you think, is that the way that we had defined the seesaw role ten years ago was pigeonholed to a smaller role. And now we see the expansion to where it should be as a as a complexity element to it, but this is the complexity of the role that it should have been, not before. Because I think Olivia has a a way tougher job than I do. You know, he’s pretty humble about it, but if you’re a CEO of the company, every employee of your company is your boss, and then you have the word to worry about. Because anything that you do as a company and decide, the employees are gonna complain to the CEO. They’re not gonna come complain to me unless it’s something obvious from an IT security standpoint. But if we decide to make a business call and expand to a region where people are are not happy with, they’re gonna go to the CEO even though it was part of that decision as well. So I don’t think my role is any more difficult than theirs. It’s just that the way that we had defined the CISO prior was too pigeonholed to what it should have been. And maybe it’s just how it’s evolved, not a fault of anyone.

[00:22:04] Ali: And, uh, I think maybe the talent base has a little catching up to do to the new expectations because I think across the board, people want folks who are more technical than maybe the CISOs of seven, eight, ten years ago. They want folks, to your point, who are more connected to the business and more cross functional. So today’s CISO needs to understand how to navigate that. You don’t wanna be too siloed, but you still wanna be in the technical details. So I think there’s some catching up to do expectations wise.

[00:22:37] Emilio: No. Absolutely. And I think the there’s a lot there’s still a lot of complacency and comfort in the seasonal role as well. So what worked for me at Hoodoo is not the same thing that’s gonna work for me at Datadog, and I’ve always been open to that. There’s a lot of replaying the same playbook over and over and make up square peg fit in a round hole.

[00:22:54] Ali: How have you navigated fast growing organizations in terms of the security challenges changing? And what changes as the company grows as quickly as some of yours have?

[00:23:06] Emilio: So the one thing about working for a company that’s a hyperscale mode is that and I joke about this internally. And in fact, Alexei, our CTO, cofounder, that was one of the things that we aligned pretty early in my tenure at Datadog is strategy. We call it the s word. And that is because I can write in a Confluence or a Google Doc or whatever, like, where I think we’re gonna be in three years, and I will spend so much time editing that document that is it really a strategy document or is it just my journal as I learn new things. So I toss all that out. And second to it is which is very abnormal because security tends to be very top down. I’m one of the ones that I hire smart people to lead and and dictate the what we should do. So a lot of the things that we do at Datadog is very bottoms up. Uh, that was another thing where I think as a hyperscaler has worked for me. Same thing at Hulu where I didn’t tell my teams what to do. What, uh, I don’t think I even maybe if something was important enough for me to define priority, they would have already known about it, or it was just something that was decided that they had no clue that we were even in conversations with about. But you can ask my teams, well, the Google and Datadog is a lot of the planning comes from them. Like, they’re the ones that say, hey. Based on what we know, we’re deep in the fire. These are the things that we need to do. And then where I get involved is in the how we get done, what sort of feedback loops do we build, how do we know things are successful, like, all of that. Like, how are we thinking about it from, like, a big picture standpoint, but then what needs to be done? And this is a I find that a lot of people struggle with it when they when we get hired because they’re used to working in environments where the planning is very top down. So they’ll come to me and be like, hey. What do you think I should do? And I’m like, I don’t know. You told me what you should do. I don’t know. I don’t know your world. Right? I’m not the one doing what you do. Uh, or what do you think we’re gonna be in two years? And like I said, that’s like, yeah. Good luck. So I think being open to the fact that you just don’t know. And then you start looking for what you should do is start looking for the signals that inform you of what you should be aware of and what you should be focusing on. So a couple of things that I always emphasize has always been, like, I think security will spend you get more return. And I don’t think of people as resources or anything like that, but you get more return. People get more satisfaction. So that return of satisfaction and sort of self ratification at focusing on classes of problems. Security tends to focus on this one threat, this one thing, this vulnerabilities necessarily, and not that we shouldn’t care about vulnerabilities, but I always challenge my teams to think about if you had a magic wand, how will you get rid of the fact that we have to deal with so many vulnerabilities? Like, what would you do to make sure that this is not something you burn hours every day focusing on? All the things such as other web services app, uh, microservices type of concerns is what do you do? And they come back and say, well, I think if we build this whole thing and we have adoption from the developers and all these concerns are getting are taken care of for them, I don’t have to follow with individual engineers, individual teams to focus on that. I’m like, great. Then go do it. So I think for hyperscalers, you have to think about exactly that is, like, the fact that you have no strategy and it’s totally fine, that you should trust your teams. Otherwise, you’re hiring the wrong people or you’re the wrong person there, and that you should focus on classes of problems rather than individual specific problems as much as you can.

[00:26:17] Ali: Datadog, global role. Hulu, highly recognizable brand. Right? You’re running security for these groups. I mean, there’s some pressure there. Right? And then 2023, some stuff came out, uh, with the new regulations. There were some court cases. Like, yeah, how do you navigate the stress and the responsibility, honestly, that comes with these jobs?

[00:26:40] Emilio: Yeah. Uh, well, couple of things there. So I think the one thing that government actually gave me exposure to was that I got to deploy to some non friendly areas. So my self assessment of threat is different than most people. So if I can go to home and sleep on my bed at night, then I think I’m I’m doing well. But, you know, that’s a long time ago, and it’s a different kind of mindset. But, uh, I I think ultimately is, you know, I can only control what I can control. So what the fed is doing is like, okay. Well, we learn all of that. The second thing is and I don’t wanna speak to, like, specific cases or, you know, solo win, Cecil getting sued and things like that. I think there’s in my opinion, security or lack of is a lot of or or non business decisions that have led to separate outcomes. But going back to what I mentioned, if you are part of the c suite, then you’re a member of the business. So if it’s gonna rain in the company, then you’re gonna get wet. And I think, you know, that’s something that everyone has sort of realized. So it’s it’s working with your internal teams and your partners on, hey. How do we make sure we codify decisions that we’ve made? What’s the process for deciding on who makes a risk decision? At what point? When do we get escalated? So I did offer example, like, I’m lucky because I happen to be so aligned with Olivia and Alexei that if I don’t think something is good enough, most likely, you’re not gonna think it’s good enough. In fact, the only time I’ve gotten Trump at at Datadog was when I thought something was already good enough, and Olivia was like, that’s not enough. Which as a CISO, it’s like, okay. Fine. Then we’ll do what you say. I’m not gonna push back on it. But ultimately ended up being like, hey. We have a good relationship, and I think this is what I advise every CISO to do is don’t think of the specific because then you’re thinking about me. Only think about how does this actually apply to as a as a company, as a business. Because, again, if it’s gonna rain, then you’re all gonna get wet is work with your colleagues or who should be your coworkers and your leaders on, as a company, how do we actually make risk decisions? How do we codify them? So that if anything goes wrong, then, yeah, you all take the blame. It’s fine. But then there’s, like, the legal support, the insurance support, all that stuff. I yes. Absolutely. And in reality, if you’re not getting any of that support, when you stop thinking about my for yourself and you’re thinking about the business and you still feel like the support isn’t there, then that’s a good signal to say, oh, hey. Rivera Partners, what do you have going on? Because I need something else. For me, locally, it was like the fact that, hey. We all came together. Like, this regulation happened. This is how we’re gonna comply with, like, the tactical stuff. Putting the macro picture, this is how we think about the decisions that we make, how do we codify them, and if something goes wrong, this is how we’re gonna support each other. So that makes it less stress. And lastly, like I said, I always think of, like, I can only control what I can control, so I don’t spend too much time thinking about the things that I can’t control and then what could have, should have, would have, because then it’s just gonna be a waste of mental space and and not be able to come out any any place better. And then lastly, lastly, find hobbies that actually get you to relax that part of the brain and use other parts of the brain. So I road cycle. I’m a road cyclist, so I road cycle a lot. And that’s when then if I’m on a five hour ride, four hour ride, and this is where where I just put my headphones on, if any, or and just not think about anything, but, like, getting over whatever hill I’m trying to climb as fast as possible, but but also make sure that I get there alive. So this is where I spend a lot of my energy outside of work and and obviously with family and getting the support from family and all of that. But internally at work is you have to find that ecosystem of support and stop thinking about just you. I think that was a lot of the reactions that I saw from a lot of CISOs on the SEC is trying to do this to me rather than, like, the SEC is trying to do this to us, and that was unfortunate.

[00:30:20] Ali: So we have a lot of cyclists here. We have a strong California contingent at Riviera. For us, New Yorkers, you know, cycling sounds like a good way to get hit by a car.

[00:30:30] Emilio: There’s some cycling there. Right? You have to you have the West Highway Of The Hudson, and then you cross a bridge and go, but I know what you mean.

[00:30:36] Ali: I always like to ask, how did you find yourself getting into cycling?

[00:30:41] Emilio: There’s a candid answer to that, and that is, like, I’ve always been interested. I have a an uncle who lives in Spain who was. He’s still alive, but doesn’t I don’t think he does it anymore. He was a cyclist. So every time I will go visit him in Spain, we will watch it toward the France, and and that’s how I got connected to the actual pro cycling thing. But it always felt like so far for me to be able to do it. And I think it was one of those things where, like, can I even afford a road bike to, like, okay? Now I can, but the road bike I can afford isn’t gonna be the most comfortable road bike. So, ultimately, for me, ended up being, like, my wife actually also got into watching the Tour de France with me. We started watching the Tour on chain documentary on Netflix, but it’s always been in the back of my head of, like, something I wanna try. I grew up playing soccer, so endurance sports was always a thing. I got to the point where I couldn’t run as well as I could before. My knees and my ankles were were, like, hurting a lot. Now I could probably train to get better, but I I think for me, it’s like I broke my ankles a few times playing soccer that to the point where they would just give away pretty easily. So it was starting to be like, okay. I enjoy the sport, but I can see that this end of me being able to play the sport at a level that I’m comfortable with. I’m super competitive when it comes to sports. So if you put me in a soccer field and give me your ball, you’re gonna see an entirely different version of me. The first time my wife, back then girlfriend or not even girlfriend we were dating, saw me play soccer, I almost got into a fight with another guy. So it’s a different thing. Anyways, fast forward to, hey. Now I can actually afford a good bike. Uh, now it’s more accessible with things like Zwift and things like that, where where you can just get started in your garage before you’re comfortable getting on the bike. So I started with Zwift. I bought, like, a old used road bike that I used as my trainer bike for a long time until I felt like my cardio was at a point where I can actually go enjoy a ride outside, bought my first road bike, which was like an endurance bike. And now I got, uh, more than one bike, but it’s, uh, it’s it’s also a hobby that it’s expensive. And it’s also a lot of numbers, so that was also another thing too. So I was doing Peloton before I got into road cycling, and I started doing the zone training and understanding, like, the different zones. I’m not like I said, I play soccer, but I’m not a runner. So when I started getting into the numbers behind the metrics, that’s really when I got hooked. All the numbers that you have to process to look at your stats and and sort of seeing the progress in cycling is is is not as obvious as other sports. So being able to track all those stats and be like, okay. Now when I’m a numbers nerd. Right? So that’s really what ended up doing it. Plus the engineering that goes into the manufacturing of this bike is insane.

[00:33:07] Ali: Amazing. Well, uh, the last one I have for you is what’s a book or a framework or something you picked up somewhere that has helped you grow as a leader that you think others should be aware of?

[00:33:22] Emilio: I mean, I have a bunch of books behind me. I’ve I I I like to read. I actually I’ve been reading nothing but just fictional books lately. Again, a way to disconnect from what I deal with. You know, if if there’s one book that you ask if you ask me that I recommend to everyone that I think helped me a lot, maybe not consciously thinking about it, but just in general sort of align with how I see things and what sort of, like, I have validation is. Tell Carnegie’s how to win friends and influence people. It’s still very relevant to this day. I’ve read a lot of leadership books and things like that. The thing about leadership books that I’ve that I’ve sort of come to realize is it’s one’s opinions of what’s actually worked for them, which is great to and I’ve read a bunch just to see the different angles of things. But at the end of the day, I think every leader should come up with a framework that works for them and for the situation that they’re leading with. With. So I don’t recommend necessarily leadership books. There are two books that I recommend is is how to win friends and influence people and and the culture map if you work for an international company. That one was really interesting to see and just read the data on how different cultures communicate having already had to deal with and manage people from different cultures or teams in different. Especially at Datadog, when I worked for two French cofounders, it was, like, perfect. This is, like, straight up them in a book. And I’ve talked to them about it. But I think those two books I recommend, definitely, the Dale Carnegie one, uh, as a starting point. Awesome.

[00:34:41] Ali: Well, Emilio, this has been terrific. Thank you for joining. You certainly are a point of pride for us at Riviera seeing your career take off, and we appreciate you, uh, giving back to us and and all you do for the security community. So this has been a lot of fun. Thank you.

[00:34:55] Emilio: Yeah. No. Thanks for having me. And maybe we should talk about I’m guessing it’s in the Bay Area, setting up a few rides up there. I’ll bring my bike.

[00:35:02] Ali: Oh, yeah. We’ve got cyclist enthusiast galore here. So, uh, we’ll get you all set up. It it won’t be me, but someone here can help you.

[00:35:10] Emilio: Thanks.

[00:35:12] Signal to Noise is brought to you by Riviera Partners, leaders in executive search and the premier choice for tech talent. To learn more about how Riviera helps people and companies reach their full potential, visit rivierapartners.com. And don’t forget to search for Signal to Noise by Riviera Partners on Apple Podcasts, Spotify, or anywhere you listen to podcasts.