EPISODE 077 — What Security Leaders Do for Fun

Welcome to a special edition of the Agent of Influence podcast! In this episode, we step away from the usual cybersecurity deep dives to explore the personal side of security leaders, such as the hobbies, passions, and activities that keep them grounded and inspired outside the office. From adrenaline-fueled adventures to creative pursuits, you’ll discover what drives these leaders beyond their professional roles. 

Transcript 

Welcome to a special edition of Agent of Influence. I’m your host, Nabil Hannan, Field CISO at NetSPI. 

Over the course of this podcast, I’ve had the privilege of sitting down with some of the most brilliant minds in cybersecurity—CISOs, security leaders, innovators—people who are shaping the future of our industry. And while we spend most of our time diving deep into security strategies, emerging threats, and leadership philosophies, there’s something I’ve come to really appreciate about these conversations. 

Those final few minutes of each episode, when we step away from work conversations, and I get to ask: ‘What do you do for fun?’ 

Because here’s the thing: the best leaders in our field aren’t just defined by their technical expertise or their ability to navigate a board meeting. They’re real people with passions, hobbies, and interests that fuel their creativity, build their resilience, and often inform how they lead. 

So today, we’re doing something a little different. We’re taking you behind the scenes to share what some of our recent guests do outside of work: the hobbies and passions that make them human. 

From Spartan races to poker tournaments, culinary arts to community service, you’re about to discover a side of cybersecurity leaders you don’t often see. These hobbies remind us that taking time away from our screens isn’t just healthy, it’s essential. 

First up, let’s talk about someone who embodies the idea that great leadership requires constant curiosity. Alyssa Robinson is the CISO at HubSpot, where she’s responsible for securing one of the most widely-used CRM platforms in the world. But when she’s not thinking about passwordless authentication or data security, Alyssa is all about culinary creativity. 

Episode 071 – The Future of HubSpot is Passwordless with Alyssa Robinson, CISO at HubSpot

Nabil: I’m a firm believer that everything we go through in life shapes and molds us to be the leaders and practitioners that we are. You have a very unique background in the fact that you took a break during the tech crash and you went into the culinary arts. So can you share with us a little bit about some takeaways and lessons you had as you deviated in your journey for a little bit and took a detour, and how do you apply that to your leadership style and just your day-to-day career today?   

Alyssa: I think cooking is interesting. Like, I think it has applications in a lot of different places. I think there’s a few concepts that I think about when I think about how things relate. One of them is the idea you’ve probably heard this term in cooking. They call it mise en place. Plus, it’s like when you watch a cooking show on TV and they have all the little everything is ready to go.   

Nabil: I feel like cooking would be simple if someone did that for me.  

Alyssa: I know it’s so much faster all laid out.  

I think that’s a good metaphor; if you if you’ve got all the components in place, if you’re doing incident response, and you’ve got your processes in place, or you’ve really done good tabletops and things like that, people are ready. They’re much faster to go to, but I think another good one is, once you get good at cooking, like once you’ve practiced enough, you can really start to experiment. You know where to break the rules. That’s another good metaphor for life. You know you have to get good at the basics, so that you know when you don’t need the basics anymore.  

Nabil: What is your favorite dish to make?   

Alyssa: You know, I hate this question.   

Nabil: All right, what is your favorite to eat? Let me change that.  

Alyssa: I’m so bad at like, what is the favorite questions? Because I love all food, like I would be hard pressed to name a dish that I actually don’t like to eat. I’m much more of a savory cook than a baker, because I do like to experiment. I like to be able to mix things up. And the precision of baking doesn’t appeal to me as much. So I’d say, in general, I love savory cooking. I love anything that has less different spices and things like that. But I could not – I’m hard pressed to name a favorite.  

Nabil: So I joke with people, but it’s a fact. I didn’t build this figure by mistake. It’s because I love to eat, and I worked hard to make it happen. So the question, I’ll change it a little bit for you, is there a dish that you make, that others often request for you to make?   

Alyssa: Interesting, there’s a few like that, like my husband or my kids like a zucchini carbonara that we like to make, very simple, but carbonara is always so good. We call it the street cart chicken. It’s like The Halal Guys chicken, we make that. It’s always really good.   

Nabil: I love how Alyssa uses experimenting in the kitchen to stay creative outside of her role at HubSpot.  

Now, speaking of passion and competitive spirit, our next guest channels into something unexpected—the poker table. Rick McElroy, CEO of NeXasure, sees striking parallels between poker and cybersecurity. Both require reading the room, calculating probabilities, managing risk, and knowing when to go all in. 

Episode 073 – Chief Persuasion Officer: The New CISO Mindset with Rick McElroy, CEO at NeXasure

Nabil: Well, one thing we always like to talk about before we let any of our guests go is non-security related things that they like to do for fun when they’re not working in the security space. So what are some things you like to do when you’re not working on security?  

Rick: I have two amazing rescue dogs. I hang out with them. I’ve got a wonderful home life. I’ve been married 25 years, just amazing. But for my hobby, I play a lot of big tournament poker. So, if you’re into big data analytics and probabilities and risk, there’s a lot of parallels that you can draw to security programs. There’s telemetry you got to gather. When do you actually make the risk and take a chance on that risk? Because it’s your money, so I spent a lot of time on the weekends unplugging from cyber and strictly focused on probabilities and numbers at the table.   

Nabil: Are you a poker player online or a poker player in person?  

Rick: Both. Permeations of hands is really what it comes down to. So, everybody has the 10,000 hands. It’s more than that in poker, but you really can’t get there playing in person. You have to do it online and just know you’re gonna lose a lot before you get through all of the hands that you need to see to start making some better decisions, much like in security and mistakes that you make early in your career.  

Nabil: So, here’s a question for you, and this is controversial to many people, but if I classify poker as a game of skill versus a game of chance, what is the ratio of skill to chance to be successful?  

Rick: Much higher on the skill side. Do people get lucky? Yeah, I lost a hand the other day to someone with a .01 chance of winning by the river. I asked ChatGPT to give me an analogy for that, and it said that other player flipped the coin 10 times and it always landed on heads. So yes, you still lose to people who get lucky. But if you look at again, if you’re gathering the right telemetry and looking at over the lifetime of your play, you really have to understand that the probability puts itself on the side of making a good play, and sometimes that good play is not going to work out. The adversaries still get us, even with the best tech and the best teams. Sometimes it’s not going to work out, but over the long haul, it will. And so, as a big data poker player, that’s what you work out.  

Nabil: Rick’s insight that poker is much more skill than luck resonates deeply with how we approach security. Sometimes the adversary gets lucky, but over the long haul, good strategy and solid foundation wins. Plus, I have to say, if you can stay calm under pressure at a poker table, you can probably handle a boardroom just fine. 

Now, our next guest, Jeff Man, takes a very different approach to giving back. While Jeff has over 40 years in InfoSec, his passion project is all about the next generation. Through his work with Hack4Kidz, Jeff is opening doors for young people to discover the world of cybersecurity. 

Episode 074 – Step into a Cybersecurity Time Machine with Jeff Man, Sr. Information Security Consultant at OBS

Nabil: Now I want to shift gears. I love talking to our guests about what they do outside of security and their day jobs. You’ve done a lot with Hack4Kidz over the years. Can you share a little bit about that and why it’s something you’ve focused on? 

Jeff: Yeah. I got involved after meeting the organizers of Hack4Kidz some years ago. They heard about my background. Hack4Kidz is a nonprofit that teaches hacking skills to young people, usually adjacent to a larger hacker conference. So, hackers bring your kids, and we expose them to lock picking, tearing apart old hardware, crypto puzzles, math puzzles, all the things you’d see at a grown-up hacker con. I was invited to speak one year, to talk about cryptography. Right before COVID, they invited me to join the board. We discussed what my focus would be. I wanted to expand access to a more diverse group especially underserved communities. These conferences usually happen in cities, but the kids who attend tend to be the children of people coming in from the suburbs, not kids from the city itself. I wanted to reach those kids, those who have the same creativity, ambition, and potential, but fewer opportunities. That’s been my focus. I joined right before COVID, which sidelined things for a while. 

But the plan now is to launch “Hack4Kidz Urban,” a version of the event that’s tailored to underserved urban communities. I’m really trying to create a repeatable model. It needs to be organic, homegrown, run by people in the community. Not just bussing in kids from outside, but focusing locally. It’s in the works. We have a prototype planned. I live near Baltimore, in Maryland. I’ve got contacts now in the Maryland Department of Commerce. I’m also friends with Harry Coker Jr., the new Secretary of Commerce in Maryland, he used to be the National Cyber Director at the White House. He’s onboard with the vision, and he’s in a position to help us make it happen. So, the goal is to build a working model in Baltimore and then replicate it in other cities around the country. 

Nabil: I hate to do this to you, but does Hack4Kidz have a catchy jingle, like some of those other “for kids” groups? 

Jeff: Not that I know of, but we should work on that. 

Nabil: Jeff’s commitment to bringing cybersecurity education to kids who might not otherwise have access will have generational impact.  

Now, if you think advising on vuln management programs is intense, wait until you hear what Mark Goldenberg does to unwind.  

Mark, a Senior Security Solutions Advisor at Defy Security, doesn’t exactly take it easy on the weekends. In fact, he’s out there tackling Spartan races. 

Episode 075 – Why “Scan, Find, Patch” Is No Longer Enough with Mark Goldenberg, Sr. Security Solutions Advisor at Defy Security

Nabil: Before I let you go, I would love to know more about what you like to do outside of security and when you’re not working. So what are some things you enjoy doing in your free time?  

Mark: Over the last number of years, I’ve been into obstacle racing, so that’s been a passion of mine. Spartan races. In the Spartan land they have what’s known as the trifecta, so they have different levels of races, small, medium and large, goes from 5K all the way up to half marathon, and even beyond that if you want to.  

Really, my goal this year is achieve a double trifecta. That’s running two half marathons, two 10Ks and two 5Ks. And these are obstacle races, so it’s elevation, it’s hills, it’s carrying heavy things, throwing things, climbing things. So I’m really into that over the last couple years.   

Nabil: That’s awesome. What’s your target on when you want to accomplish that by this year?  

Mark: Well, I already have my first one done and in the books that was a half marathon I completed a couple weeks ago.  

Nabil: Awesome, congrats! 

Mark: And I got another one coming up in Monterey at the end of May this year.  

Nabil: Excellent.  

Mark: And I’m always trying to recruit security cohorts into the Spartan land, too, so we can create maybe a Spartan security group.  

Nabil: A double trifecta. Let that sink in. That means Mark is running multiple half marathons and 10Ks—not on smooth pavement, but through brutal terrain with obstacles at every turn. If that doesn’t build mental toughness, I don’t know what does. And honestly, it makes sense. The discipline required to excel in security is the same discipline that gets you through mile 10 of a Spartan race. 

Finally, let’s talk about our last guest, Dave Edminster from EVOTEK. Dave’s approach to balance is all about controlled intensity. 

He’s found his outlet in Brazilian Jiu Jitsu and lacrosse, two physically demanding activities that require focus, strategy, and the willingness to get comfortable being uncomfortable. 

Episode 076 – Translating Security for Your C-Suite with Dave Edminster, Practice Director of Cybersecurity Services at EVOTEK 

Nabil: We like to get to know our guests and what they like to do outside of security and their day-to-day jobs. Anything you want to share about what you like to do for fun outside of your work? 

Dave: I’ve been involved in Brazilian Jiu Jitsu for a few years now. 

I actually find that it’s kind of become my therapy and my meditation because once I’m there on the mat, I don’t have my phone with me, nobody who’s not in the school at that time can get a hold of me. I’ve got 3-4 hours where cybersecurity and the world’s crises can’t interrupt me. I can just focus. 

But also, for me, it’s a life lesson: get comfortable being uncomfortable. 

And Brazilian Jiu Jitsu will definitely do that to you. It will help you understand that you can endure more than you think you can physically at times. 

I’ve also been playing lacrosse for about the last 10 years, both indoor and outdoor lacrosse. I think I kind of focus on some physical activities when I’m not doing work because it’s a very different use of my mind and body when I get the chance to do that. 

Nabil: Love that. Well, thank you so much for being here. It certainly was great having you and hopefully we get to hang out again sometime soon. 

Dave: Yeah, I look forward to it. Thanks for having me. 

Nabil: What I love about these stories is that they remind us of something essential: the best security leaders aren’t one-dimensional. They’re well-rounded people with rich lives outside of work. And those outside pursuits? They make them better at what they do. 

So whether you’re hitting the trail, the poker table, the golf course, or the dojo, keep investing in yourself beyond the screen. 

Thanks for listening to this special edition of Agent of Influence. Subscribe, share, and we’ll see you next time. 

Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence. If you want to be a guest or want to recommend someone, please fill out this short form to submit your interest.