In this episode, our host and Banyan’s Chief Security Officer Den Jones speaks with his old pal and longtime colleague Carlos Martinez. Carlos and Den lead Zero Trust initiatives at Adobe and Cisco before both joining Banyan. They share insights, horror stories, and lessons from their well-trodden path together. We invite you to grab a cold drink, sit back, and enjoy this first live episode of the podcast with Carlos Martinez.
View Transcript
Speaker 1:
Hello and welcome to a special episode of Get it Started. Get it Done, the Banyan Security Podcast, covering the security industry and beyond. In this episode, our host and Banyan’s Chief Security Officer Den Jones speaks with his old pal and longtime colleague Carlos Martinez. Carlos and Den led Zero Trust initiatives at Adobe and Cisco before both joining Banyan. They share insights, horror stories, and lessons from their well-trodden path together. We invite you to grab a cold drink, sit back and enjoy this first live episode of the podcast with Carlos Martinez.
Den Jones:
Well Carlos, how are you man?
Carlos Martinez:
I’m doing good, man. Thanks for inviting me. Clearly you’re scraping from the bottom of the barrel, if you got me on board.
Den Jones:
No, there was a battle, but I think we are. So yeah, welcome to a live episode of Get It Started. Get It Done. I’m your host, Den Jones. We try and bring in some great guests, and my theory is if we are shit at selling software, then maybe we’d rely on podcasting and our five listeners will do a GoFundMe or something.
Carlos Martinez:
Whatever works.
Den Jones:
I don’t know. So first of all, cheers Carlos. Welcome to the show.
Carlos Martinez:
Cheers man.
Den Jones:
Hopefully the microphone catches that. Now, so our thought today right, is we’re just going to shoot the ship. We’re going to talk about some crazy stories over the years. Maybe leave some nuggets for people to learn from. So, let’s start it off. How about share where did we first met? How long ago was that? Do you even remember that far back?
Carlos Martinez:
Oh, man. I remember, I think the first time I remember seeing you was I was at Adobe at the Network Operation Center, so the NOC. There was some commotion, something was going on, and some guy in his soccer shirt shows up. Clearly you had been playing or maybe that was just your-
Den Jones:
Maybe what I wore.
Carlos Martinez:
… what you wore. And so, I remember you coming in and just chatting up to everyone, man. And just from there, I think we had, my colleague Sarah and you had a friendship. So that’s how we started interacting. This was just, we met there, but we started kind of having a conversation. You knew my brother so there was that relationship. I think you knew other Martinezes in the Martinez clan before you met me.
Den Jones:
Yeah, there was that clan.
Carlos Martinez:
So yeah, I mean think through there, you became quickly part of the Martinez family. My mom quickly cooked, I think invited you to the house where we had either a quinceanera or some birthday party or something.
Den Jones:
A baby shower, maybe. There was a baby shower. I remember your wife doing chocolate stuff on a diaper that kind of looked like shit. Really. But later I found that it wasn’t nutty poop, it was probably some Snickers bar melted.
Carlos Martinez:
That’s right. Oh man, the standard baby shower games, at least in our family. So all of the drinking from a baby bottle, all that. But 16 years ago plus I think we’ve known each other.
Den Jones:
And what’s interesting and funny because you talk about Sarah. Sarah’s now CEO of her own company TenisiTech. She’s been on the show as well. So big up to Sarah and she’ll be back.
Back in those days, it’s funny, I came over from Scotland in 2001 and I remember telling my friends back home I’d go to work in shorts and t-shirt and flip flops. They just didn’t give a shit.
Carlos Martinez:
Yeah, man.
Den Jones:
I was like some young arrogant 20 something year old. I worked in the same team as your brother for the longest time.
Carlos Martinez:
That’s right.
Den Jones:
So roll over the years, explain a little bit about the kind of work you’ve done for Adobe. I kind of think back to architecture for MDM and mobile devices and stuff like that.
Carlos Martinez:
So I ended up working, so I ran our mail systems, so all of our send mail servers, our relay servers, our exchange infrastructure that we migrated to eventually, so all of our mail systems and calendaring system and all that good stuff. And that’s because we had migrated as part of, and I’m dating myself, part of the Macromedia acquisition. We said, “Hey, we need to modernize our mail system, so let’s move to Exchange.”
Den Jones:
We were on Sun.
Carlos Martinez:
Sun ONE messaging.
Den Jones:
Sun ONE messaging, yeah.
Carlos Martinez:
Solid product. And having the Unix background, I loved it. We were a little hesitant with Exchange, but it was either that or Lotus.
Den Jones:
That’s true. Those are the choices.
Carlos Martinez:
Those were the choices. So fast forward with Exchange came the mobile devices, so mobility. And I was resistant. I was happy to manage the backend server infrastructure, all of that stuff. There were a couple guys that were sort of pushing, “Hey, we have direct push or Exchange active sync so you can get mail on your phones, you can get this and that.” And so as a part-time job, I ended up managing our Blackberry system or back then, and again I’m dating myself-
Den Jones:
The BES server.
Carlos Martinez:
Yeah, the BES and these trio 650s way back when. We’re going back. And so eventually these iPhones came out and I was forced. I fought tooth and nail to resist these iPhones coming into our environment.
Den Jones:
Because they weren’t safe.
Carlos Martinez:
They weren’t safe. They didn’t support any policies. Again with Exchange active sync, you had a few capabilities. I quickly found out that the whole consumerization, I learned that word, of your users are going to push that. Eventually we ended up working closely with Apple, one of the few companies that helped shape their iOS version too, blah blah blah. I was knee deep in that. That was pretty exciting. So mobility was kind of in my, I got to see something.
Den Jones:
Let’s pause on that one for a second. It’s a change, right? So you were a young kid and you’re being forced. I was a young kid and I was a Novell guy and I was forced to migrate everything from Novell to either Windows or SUN. We had file servers that were Novell that done support for Mac, Windows, and Unix, and we were told, “Hey, you got to do it.” And I was fighting tooth and nail. So share a little bit about the mindset as a young kid being forced to make a change that you don’t believe in. And then how did you handle that then?
Carlos Martinez:
By the way, even then I knew my job, if I don’t voice, that’s part of my job, is to explain why my leadership is not as smart as I am. I’m going to give my opinions and at the end of the day, just kind of okay, that’s it, and I will follow suit. And so, I remember I did a presentation on explaining, this is BES, this is the security you get with Blackberry Server, this is what you get with this other good mobile messaging or whatever the case may be. And then you have this thing called the iPhone that is-
Den Jones:
You get none of it.
Carlos Martinez:
… really, they’re not even supporting active sync. They’re supporting IMAP or POP and you’re telling me to support that? I’m going to go backwards. And so presented, there were enough fanboys, I think Apple fanboys, that decided-
Den Jones:
It didn’t matter.
Carlos Martinez:
It didn’t matter. Leadership wanted this. And guess what? The decision was made and we figured out how to do it. So it got to the point where we had these, again, i-proxies that we deployed. We limited it down to we knew what sort of site arranges we’re tied to, AT&T’s network. We did all of this thing just to support to support-
Den Jones:
Make it more secure.
Carlos Martinez:
To make it more secure. And you know what? You fast forward. I’m glad we did it. I’m glad the experience we got and the end that we got to Apple to help shape the product from an enterprise perspective. It was well worth it.
Den Jones:
It’s funny because I remember going to the Acrobat team. Me and your brother John actually, and we’d be like, “Okay, do you like your files more of a Windows or more of a Mac?” Because if you like your files in a Windows, we’re going to move them over to a Windows server. And remember they just had their server called SD Acrobat. They didn’t care and they had volumes of data that could be accessed regardless of your endpoint.
Carlos Martinez:
That’s right.
Den Jones:
Then we’d have to have this conversation. One of my buddies, Greg Christopher, he’s like, “Oh god, Denny, that’s a backward step.” I remember same as you, it was like, “I want to explain why I think you guys are full of shit. Then if you don’t agree with me, I will not execute your bidding because you’re the boss.” And I felt in my career. Most of the time where my role in my career is to say, “Let me educate” … or not educate, “Let me share my perspective. It may or may not be an education, maybe I need educated, but let me share the perspective.” You can then, armed with more information maybe, and make a different decision or stick with the decision you’ve already made, and then you can tell me what it will do.
Carlos Martinez:
That’s right.
Den Jones:
If I’m a mid-level person on down, quite often that’s how it works. And what’s funny with me in my career, I’ve went through my career now being the asshole at the other side where people are coming in and they’re like, “You’re crazy. You’re crazy.” Let me tell you, you just don’t know a better. And then sometimes I would change a decision, but very rarely, very rarely.
Carlos Martinez:
Well, we all … I mean, and that’s the thing. Now that was earlier, early on in my career. Nowadays, a little bit more of to say, as I moved from Adobe to Cisco, people are listening to what are your experiences and this and that. And you still have leadership that you have to convince. You will never, and that’s a good sort of skill to sharpen of present facts, Don’t be biased, but also listen. Listen to folks within that core group, folks, the stakeholders, the pessimists that you may call pessimists. But you want to hear from everyone to ultimately be ready to persuade either yourself or leadership. There’s been a few times, I know, I’ve been in meetings with you where you’re very direct in like, “This is what we want to do and let’s move faster. Let’s get it done.”
Den Jones:
This is the way and I’m going to win.
Carlos Martinez:
This is the way.
Den Jones:
[inaudible 00:11:40]
Carlos Martinez:
And the force be with you. But the thing is then how do you convince or persuade leadership otherwise? And so, I’ve been in the room where it may not be, I remember with you then. I remember when we were talking about some of the ZEN stuff and there was no manual on how to do this shit. It was like, all right, this is what we’re going to do. Man, you gave me a few ulcers. I think I told you, I named some after, but it was rewarding. At the time that I didn’t agree with you, I remember having the conversation afterwards like, “Let me just leave these facts and this is why I don’t think.” And I remember you going, “You know what? That convinced me. Let’s go in that direction.” And so, the facts do matter.
Den Jones:
And so, for people out there that’s worked with me before, see, there has been at least one occasion that someone managed to convince me to change my mind.
Carlos Martinez:
Once.
Den Jones:
At least once.
Carlos Martinez:
Once, yeah.
Den Jones:
At least once. Oh wait, maybe say twice because Benzi was the one that convinced me to-
Carlos Martinez:
That’s right.
Den Jones:
… to relate the ZEN project. So at Adobe 2017-ish, we started this thing that we called ZEN.
Carlos Martinez:
Correct.
Den Jones:
Now extra points, if you can remember the other stupid acronym names that we came up with.
Carlos Martinez:
Oh man, I couldn’t tell you dude.
Den Jones:
I can’t remember either. But they were all bullshit and some of them made me laugh and some of them I think after a lot of alcohol, then you could make them work. But at least ZEN was Zero-Trust Enterprise Network. It kind of made some sense.
Carlos Martinez:
It stuck. I mean, Cisco was sort of the thing there was borderless. Netflix had some cool, I mean Google had BeyondCorp. And so yeah, I think some of the guys we were talking to back then before we started the project, you had to have a cool name for it.
Den Jones:
Now, I’m going to flip the record. So believe it or not, we’re playing vinyl too. So when we started that project, so what do you think the goal was? The original reason? Why did we want to start and kickoff with some zero trust nonsense?
Carlos Martinez:
The way I heard it, and I wasn’t part of the initial group, I was the one kid that, again, in my little world, I was unifying the endpoint management landscape. I believed in, hey, the lines are blurred between mobile and desktop and all that. I was all into that world. Then I found out that there’s this group out there that they’re these traditional perimeters. I remember hearing that the traditional perimeters were no longer relevant. We were looking to allow access without VPN and all of that good stuff. And from a mobility side, I knew that I was already knee deep in how do you connect these two enterprise systems? And so, I’m like, “I know Den. Den is leading this effort.” So I met with you guys and what I understood it was, how do you gain device telemetry and require strong user authentication to allow access to corporate resources? Those were the three sort of components that you guys were looking at. And so, I sort of forced myself on that. But that was how I heard of it this point.
Den Jones:
When you think of the device angle, because I mean we assembled the team of the directory people, so with directory and all; and then we had people that could do load balance or firewalling, diversity proxy business. But the device thing was key. That was really important. What in your mind made that important?
Carlos Martinez:
I mean, the big thing was everyone had their own CMDB, they had their own inventory. But for me it was, number one, how do you create this device inventory database? Kind of like, again, Google and with BeyondCorp, their white paper, sort of outlined some of this. But how do you use that to ultimately define policy at the time of access? So how do you build this inventory that can be used, can be dynamically defined, or you’re collecting, all the time and ultimately impact access? At the time, nowadays, fast forward to 2023, there’s a million solutions that do that. What I wanted to do was I wanted to unify our endpoint management solution because there was now our database of devices in any given state based on the ongoing checks that we were doing to influence access. That to me was powerful, man.
Den Jones:
It’s funny. So you get these two angles. There’s a user expedience angle, which we would always like, “Hey, passwordless and no VPN and a better experience.” Then the security angle is, if you really think about it, you don’t buy a device unless that device can be used to access applications and services.
Carlos Martinez:
Absolutely.
Den Jones:
So a device that doesn’t access your data is not a device that is something I worry about. Because it doesn’t have access to the, right?
Carlos Martinez:
Yep, yep.
Den Jones:
Now you can say, yeah, but it can attack other things on your network. It’s like, well turn your network into a guest network and then it can, right?
Carlos Martinez:
That’s right.
Den Jones:
So there’s other defense and depth strategies and some we’ve blogged about and some we’ve talked at conferences. Fast forward, we were doing this project, we met Banyan 2019.
Carlos Martinez:
Right.
Den Jones:
I think one of our other architects own Banyan because I remember we had lunch with Tarun, the Mexican restaurant across from the marquee.
Carlos Martinez:
Tropisueno.
Den Jones:
That’s all I really remember about those guys. But you stayed with them longer and then worked with the engineers. So why did we jump with Banyan? I thought they were shit, but tell me about it.
Carlos Martinez:
And we were already seeing from a buzzword bingo perspective zero trusts was already out there. We had already deployed our sort of solution where we stitched together different products like VMware with their endpoint solution, Okta, and our network infrastructure rider, F5’s or whatever APMs. And so, we had something, but we were looking to have something that was a little bit more-
Den Jones:
Cloud play, right?
Carlos Martinez:
That can scale, had a control plane, could help get us to that next sort of iteration. And all the same players were out there. I won’t name them, but we were starting to look at some of the common players out there. We had entertained this one lunch meeting. I remember I was like, “All right, well between this vendor meeting and this one we’ll just go and have lunch.”
Den Jones:
Have lunch with this young start off that we’ve never really heard of, right?
Carlos Martinez:
And I was blown away. I was blown away by how pure and simple the product was. Where, again, you have this device telemetry, this information that you can use to go and enforce and continuously enforce authorization based on the ever-shifting information you’re getting. And so for us, the second I heard them and I’m like, “All right, let’s go to your office.” We started white boarding and I really felt like this is exactly what we needed. We did not want a black box at Adobe. We just could not do that. We had too much of a varying landscape to support.
Den Jones:
I think the big thing for me was the architecture we had before Banyan was it was all the authentication workflow was always having to come back in the building. Even if the app was cloud and the user was in the cloud, they still had to come in to go out just because of that off workflow and the posture check was all internal to our craft that we built, which was funny for the first run at it. But Banyan for me felt like it was going to lead us into a pure cloud play where the only time you come into our environment is if you access an app or service that is inside.
Carlos Martinez:
That’s right.
Den Jones:
Otherwise, if you’re an Okta customer and a Banyan customer, you’re getting all of the cloud and it’s pretty good. Now this is a Banyan podcast, which means we eventually joined Banyan.
Carlos Martinez:
We did.
Den Jones:
So why did you join Banyan other than they offered you a job?
Carlos Martinez:
Again, they gave me … I’m a practitioner at heart. For me what lights me up, what gets me excited is you give me an initiative, you make a difference at an organization, make it more secure, but increase productivity. And so, I got to do that at Adobe and we saw people actually loved it. Post-COVID people were using this. They were super happy, and to get happy engineers, it’s a beautiful thing.
Den Jones:
It’s our thing.
Carlos Martinez:
Then we went to Cisco. We went together, there was a problem there of making, implementing some zero trust principles there. And you know what? We saw the same thing. And so, for me, I wasn’t looking for a job, but the second we had a conversation with Tarun and Jayanth, it was like, I get an opportunity to work with other practitioners and talk about their environment, what their objectives are. And that for me was like, I love it.
I love that opportunity and I get to go in and not really … we’re using the product, but I’m not a sales guy. I get to go in and okay, what is your objective? These are my lessons learned. Practitioners will know. We’re all dealing with the same challenges generally. And so, using some of that experience of the transition to that end state that you mentioned, we were talking earlier what is end state. We know what end state is, but how do you get there without breaking things along the way? And those are the things that I love and I’m doing now. So it’s that part of the job is fun. Super fun.
Den Jones:
Awesome. I joined because they said I could have a helicopter at some point. John, remember the helicopter? He was probably forgetful in his old age.
Carlos Martinez:
Got it.
Den Jones:
So let’s talk a couple of things. Horror stories. So as we were going through ZEN at Adobe, what’s the biggest hotter story you remember? What’s the biggest scary moment? Maybe it was caused by me. I don’t know.
Carlos Martinez:
I think, let me think, I mean, the ones that I can share. I remember, well, let’s talk about this project, this whole ZEN initiative where we had, I think my boss gave us a very unrealistic timeframe of, “You need to complete this within …” I think we said five, six months.
Den Jones:
Five, six months.
Carlos Martinez:
This project of we’re going to go live, our employees are now going to access corporate resources through this infrastructure that you guys are going to build. There was no product out there in the market to support this. So we were working with our security team to vet out this architecture. We were getting, trying to get all these pieces to work and work seamlessly. There was no browsers, scripts out there to suppress the cert prompts. We were like there was nothing.
Den Jones:
[inaudible 00:24:01].
Carlos Martinez:
But we were figuring things out. And we had a high bar from a user experience person. Anyway, long story short, I get a call, I remember, I don’t know where, I think I was in my at home, it was in the evening. Den calls me and said, “Hey, I’m going to let you know that …” I think you may have said good news or bad news. It’s like we’re moving forward.
Den Jones:
I have good news. Well, the first thing I learned in life is there’s no such thing as good news or bad news. It’s just news. You can interpretate it as good or bad, however you want. Now that was Master Shifu from Kung Fu Panda that said that. So I remembered that lesson. If you learn lessons. So I call in and goes, “Hey, good news, you can decide if it’s good or bad.”
Carlos Martinez:
Well, and the way I took it was, the good thing is we’ve got a use case that needs this, what we’re building. The bad news is we’ve got to deliver it in three, four weeks?
Den Jones:
It was four weeks. And it was an M&A. We acquired in a company that day of day one happens regardless of whether your project’s ready or not.
Carlos Martinez:
I think we hung up. My wife came in and was like, “What’s going on?” I was just shaking my head. I don’t know how we’re going to do this. It was the holy bleep moment.
Den Jones:
Holy fucking moment. You don’t need to bleep. It’s fine.
Carlos Martinez:
Do you curse? I didn’t know people about you. I didn’t know people knew that.
Den Jones:
Do I curse? Sometimes. I don’t curse very often.
Carlos Martinez:
So it was a holy shit moment and we were like, “I don’t know how we’re going to do this.” And we did it.
Den Jones:
We did it.
Carlos Martinez:
We did it.
Den Jones:
I didn’t do shit. You guys did it.
Carlos Martinez:
We did it and it was everyone. Everyone sort of [inaudible 00:25:53]
Den Jones:
They joined us later for drinks because this happy hour, we’ll stop recording at some point because It’ll go downhill from there. But he was the manager that came in and he reminded me, we were at his office in San Mateo and we onboarded like 400 people in a couple of days. But the whole company was about what, two and a half thousand people?
Carlos Martinez:
Yeah.
Den Jones:
And we’d done that in a week without joining their network to our network.
Carlos Martinez:
I don’t know if he reminded you of the part where, again, these were the learning sort of things. We were ripping out their MDM solution to use ours so that we can get that same posture enforcement. And as part of that, I remember even you getting on some machines. Den brought back his-
Den Jones:
You know when I’m touching someone’s computer, we get fucking problems, Houston.
Carlos Martinez:
And so Aaron and I were laughing about that because it was good to … I mean-
Den Jones:
So you guys were [inaudible 00:26:52].
Carlos Martinez:
You were looking for Novell icons, no network.
Den Jones:
[inaudible 00:26:59].
Carlos Martinez:
But I remember you getting in there. Again, we were learning through the fire.
Den Jones:
Back then that was funny. Because back then that was Adobe’s first month of ZEN which was pre-Banyan.
Carlos Martinez:
Pre-Banyan.
Den Jones:
And we had to have an MDM client.
Carlos Martinez:
That’s right. That’s right.
Den Jones:
Whereas again, with the Banyan solution, you don’t have to. You get anybody’s MDM or no MDM. So I think from that perspective, that’s probably a bonus for some companies. But for Adobe, I mean, they’re big on the old MDM business. But when you do a vendor use case or an M&A, sometimes MDMs aren’t possible.
Carlos Martinez:
And we learn that day that, you know what, MDM shouldn’t be the end all be all. We need to … and I have diagrams. I don’t know if you remember where I was like, this is managed device. We need to support unmanaged, but registered. Unknown is untrusted, but you can have this range of trust. That was the reason why, because we wanted to support other M&A’s. That’s when we saw the Banyan guys. It was like, it makes sense. You can support the range of.
Den Jones:
When you guys were talking with them in 2019, that was all part of the conversation.
Carlos Martinez:
Totally part of it.
Den Jones:
Okay, so that’s a bit of a horror story.
Carlos Martinez:
What about you? What are some of the-
Den Jones:
So in leadership, we’re in a position with the economy right now where there’s a lot of layoffs. So I’ve had to do a lot of them over the years. I’ve had to lay off people who are very close to me without me picking their names. So that’s been really hard. But in leadership, I think my worst event in leadership was we had an offsite and I had some people come in internationally, and one of the guys brought his wife and son, 18 months old son. During their visit we met the wife and son on the one day, the next day they went off and out for a drive, and they got in a car crash and she got killed. Then he was in hospital with brain injuries for … so this 18 month old baby in a hospital. So for me that was probably the toughest part of my leadership career where I felt a lot of guilt for years because I was the one that arranged the offsite. So that took a long time to kind of get over.
I think in leadership there’s times where you make decisions and you make them quickly with the information you’ve got. But I think the reality is that was a very personal situation, which was very hard for a lot of people. Not just me. I mean, it’s very hard for a lot of people, especially the poor guy who was in town and stuff.
I kind of look at the other stuff where you’re kind of making decisions. I think over the years, one of the big things in leadership is how do you make a decision where you can move the team quick, you can challenge the team. Kind of like that M&A story, like a lot of the things I’ve done in my career, the whole brand of me getting things done is because I challenge people with unrealistic deadlines. And what I’m really trying to do is remove the ability for someone to patch it, but then also I want them to come back and say, “No, that’s not possible because …” and then I work with them on the becauses. Because ultimately most of the becauses that happen inside corporate environment is this consensus driven, let’s talk more, let’s talk more. And people really, that are people in your organization, not just in my but people across companies, that are more than happy to do nothing, drag their heels, not be helpful.
We found that in Adobe when we’ve done ZEN. I remember getting my annual review of my boss not long after. He said he was surprised we pulled off the project in spite of the number of people in my own organizations who were fighting against me, which he visibly saw. That’s not to mention that other people in my peer’s organizations who were also fighting against us. The reality is, go back to the you and me early junior and career in change, a lot of people don’t like change. A lot of people don’t like change if it’s going to negatively impact their job.
I remember, God, the security reviews of people. They’re like, “Oh, but if you get Mimikatz on the box, then your certificate will be stolen.” They’re like, “Fuck, if you get Mimikatz on the box, then the box is compromised anyway.” It doesn’t matter. At least with the certificate, user experience is better and the security is a little better. So I think the reality is moving forward quicker with … I’d rather see this security better than it was last week. If so, let’s move forward. And every month or every week you’re trying to just incrementally improve it.
Carlos Martinez:
That’s true. It’s never good enough for me. What we deployed, I was like, okay, this is just one iteration, but we could do better.
Den Jones:
And we should.
Carlos Martinez:
But there were people like, “What is this? This isn’t …” But they don’t see that you’ve got to make some progress.
Den Jones:
I’ve done a conference talk in Silicon Valley a couple of months ago. After the talk the guy came up and he wanted to talk about this certificate stuff. He was like, “Well, 20 years from now I could probably get that certificate and da da da da da.” And I’m like, “Fuck, 20 years from now, I hope we are not using this same shit.”
Carlos Martinez:
That’s right.
Den Jones:
I hope we’re doing something marvelously miraculously better.
Carlos Martinez:
Yeah, absolutely.
Den Jones:
I mean, I think that’s the thing. Too many people get caught up on “Is this thing perfect?” rather than, “Is this thing better than what we had?” and “Is this thing better taking those in the direction we want it going?”
Carlos Martinez:
That’s it. That’s it.
Den Jones:
Now outside of work, Carlos, okay, so outside of work, let’s cut the bullshit about work for a minute. Because I finished my drink and I’m actually getting more. So outside of work, what do you for fun? What do you learn out in your personal life that you think benefits your professional life?
Carlos Martinez:
So I have three boys. They’re 16, 13, and soon to be 12. And so, they’re now at the age where we get to hang out. Before, it was like, I’ve got to drive them everywhere. Hopefully soon they’re going to be driving. But I spend time with the gang. They love fishing, I love fishing. They love the outdoors, going camping, hiking, we’re doing that. Going to Montana in July. We’re planning.
Den Jones:
You’re taking time off in July. Sorry people, Banyan’s going to go down. We’re going to shut down in July.
Carlos Martinez:
Oh, there’s internet there. So it’s like family and let’s do this and that like camping outdoors, fishing, all that good stuff, I love it. I’d be in nature. That’s my thing.
Den Jones:
Awesome. Are the boys getting into music?
Carlos Martinez:
They’re kind of.
Den Jones:
There’s that music guy [inaudible 00:34:46]
Carlos Martinez:
I haven’t brought them here because I don’t want Uncle Den to get them. This is a little out of my pay grade.
Den Jones:
This is a little out of my pay grade.
Carlos Martinez:
They just bought an 18 inch amp. They’ve got a gig. So they love music. They’re going to DJ. They’re going to DJ an eighth grade graduation. So they’re scared shitless on that. But it’s good. I mean, they’re into me. I’m the old man complaining. Right now, they’re breaking in. They told me that they have to break in the amp for two weeks. So they’ve been playing just bass.
Den Jones:
[inaudible 00:35:21].
Carlos Martinez:
I don’t know, but I’m the grumpy old dad now.
Den Jones:
You didn’t do that shit? You’re like, “Hey, wait a minute.” [inaudible 00:35:26] What do you mean?
Carlos Martinez:
I was just like, “Hey, I’ve got …” But family, that’s my thing. That’s kind of where I spend the bulk of my time and just hanging out. My wife owns my social calendar these days.
Den Jones:
That’s awesome. As she should.
Carlos Martinez:
Oh, we’re keeping busy.
Den Jones:
Otherwise we’d be doing this way more.
Carlos Martinez:
Yeah, no.
Den Jones:
And then you’d have a divorce lawyer. That’d probably way more expensive.
Carlos Martinez:
Probably. I’d bum you for like a cut or something here so I could sleep.
Den Jones:
Spare room or something. I would hate to disturb my music studio. Then when you think of things you’ve learned over the years, what do you think is one bit of advice you’d give someday blues in your shoes practitioner? Let’s do that whole, not about zero trust stuff, but just career in general. What’s a good career advice?
Carlos Martinez:
I was chatting with someone at RSA just last week. Again, I’m a seasoned, just a jaded practitioner. But some of the feedback that I gave is I’m still hungry-
Den Jones:
We’ll get food. Don’t worry, we’ll get food.
Carlos Martinez:
… to learn and getting out there, knowing how to work with people. It doesn’t matter where you’re at. You need to have that ability to listen to other viewpoints and know when to command your opinion. When to say, okay, this is what I feel, and move forward in that direction, really is one of the things that you have to learn. You have to know how to use your leaders. I use my leaders to go-
Den Jones:
I never fail you.
Carlos Martinez:
… like you used in the past. You have certain tools in your toolbox. Leadership is really what’s going to play that interference. It’s going to keep things honest us to move a certain direction.
Den Jones:
I’d say one thing as a leader, I’ve met a lot of leaders over the years that’ve done a really shitty job of cleaning the runway. For me, if you guys are going to move as fast as you can, you got to clear the runway so that by the time you have that conversation with somebody else that you need their support with, their boss is already saying, “Hey, support Carlos and that team.”
Carlos Martinez:
That’s it. Then the last piece is know how to work with your peers that are usually very opinionated and have their own way of doing things. Get them involved. That is what we’ve been able to do twice at two companies, honestly, is I work with the smartest guys in their domain and they believe in it. You have leadership, you have the right people that believe in something, and you convince … not convince, but you involve your users and let them see this is going to improve us in multiple ways. [inaudible 00:38:40]
Den Jones:
The funny thing is when we’ve done our zero trust stuff, but in general and generally, in general, when we do projects, if you can do a project and we were blessed in Adobe with ZEN because we could do this project without having to tell 40,000 people to change their behavior. They just saw that they were logging in less. They didn’t realize the password prompt was disappearing all of a sudden. They also didn’t realize they wouldn’t have to VPNN. I’ve told the story about the engineer that opened the security incident because he miraculously found the vulnerability that he’d accessed these internal apps without VPNN. Then you guys all investigated it and it’s like, “Oh yeah, you just used our shit.”
Carlos Martinez:
And the other thing, I mean the naysayers, we had a lot of smart security guys that poked shit. We did a bug bounty and people-
Den Jones:
An internal.
Carlos Martinez:
An internal. We also did, I think one of the vendors out there also did a pen test. But the bug bounty involved people. Get them involved. And I think those are all great things to do. Don’t be defensive because there’s always opportunities. But anyway, lots of good stuff.
Den Jones:
Awesome. Awesome. Well I know we can, we’ll go round in circles on to zero trust or not to zero trust I guess. In the end, I don’t give a shit what you call it to be honest. I mean, I’ll leave it with, there’s a lot of people that’ll pontificate and write about it and there’s a million bits of information out there on it. But in my mind there’s so much information now people are overloaded with information, which means they don’t really know how to start. Which I think for you a need, that was something that we think we cracked that nut on. We got it started, we got it done; hence, we called a bloody podcast some bullshit name, which we will probably rebrand at some point called We Don’t Give A Shit Any Longer podcast.
So guys, thank you very much for joining us. Carlos Martinez, thank you sir for being in town.
Carlos Martinez:
Of course.
Den Jones:
Den Jones, your host. Everyone be safe and take care. Thank you.
Speaker 1:
Thanks for listening. To learn more about Banyan Security and find future episodes of the podcast, please visit us at banyansecurity.io. Special thanks to Urban Punks for providing the music for this episode. You can find their track Summer Silk and all their music at urbanpunks.com.
Close Transcript
Free for 30 Days
Simple, secure, & free!
Quickly provide your workforce secure access to corporate resources and infrastructure.