Communications consultant and podcaster Carole Theriault always loved radio and through her career dabbled in many areas .She landed in a communications and podcasting role where she helps technical firms create audio and digital content. In fact, Carole is the CyberWire's UK Correspondent. She says cybersecurity is good place to go because of the many different avenues available and "you don't even have to be a tech head" (though Carole has quite a technical pedigree). Our thanks to Carole for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
(music) You're listening to the Cyberwire Network, powered by N2K. (music) (music) Identity architects and engineers simplify your identity management with Strata. Securely integrate non-standard apps with any IDP, apply modern MFA, and ensure seamless failover during outages. Strata helps you avoid app refactoring and reduces legacy tech debt, making your identity systems more robust and efficient. Strata does it better and at a better price. Experience stress-free identity management and join industry leaders in transforming their identity architecture with Strata. Visit strata.io/cyberwire, share your identity challenge, and get a free set of AirPods Pro. Revolutionize your identity infrastructure now. Visit strata.io/cyberwire and our thanks to Strata for being a longtime friend and supporter of this podcast. (music) My name is Carol Terrio. I am a woman, also a founder and director of TikTok Social, which is a consultancy in the UK. And I also co-host and produce the smashing security podcast. (music) I was in love with radio, isn't that outrageous? And no, I do podcasts, but I was in love with talk radio. Oh my God, love talk radio. So I dreamed of being a radio host, especially late night radio. The idea where people can call up and really give their problems and you could really get into it. So that's what I really wanted to do. So I did loads of jobs, right? I wanted to go to university and that took a lot of money to do, and I wanted to go out of province or far away as I could from home, just to stretch my wings, I think. So I did everything, waitressing, looked after horses, worked in chain restaurants, worked in clubs, school photographer, all that stuff. And then I got into the University of Waterloo, and that had a huge impact on me getting into tech because it's a serious tech university. And I think I actually chose it because I had a really strong reputation, but also it was the furthest from Montreal where I grew up. And then, of course, I wanted to travel. (music) So I'm not in Montreal anymore, I'm in England where I ended up because I managed to convince this company called Sophos to sponsor me as a visa to come over and work at their firm in the UK. I mean, I was applying for all sorts of jobs, but really tech firms were the ones looking for different skill sets that were pretty high caliber. And I suspect Sophos probably noticed me because of my university background where I went to university. So, yeah, I think they were interested in me. I was certainly interested in them. I was interested in being near Oxford and just living here and working here. So that turned out to be Serendipitous, and I took a year to get done. But then there I was. I was working at this company, and it was run by these two PhD University of Oxford graduates who they were just incredible. It felt like almost a university still. They still wanted to explore, and I loved all that. I loved the atmosphere, and I fell a hook line and sinker and did tons of different jobs there. You know, bosses make or break everything, don't they? And so do company direction. And, you know, over 15 years, I was working for an entirely different, much more senior group of people. And also the company had become much more focused in its goals and where it was going, which had changed drastically in 15 years. And also at the end of that stretch, I had been editor-in-chief of a blog called Naked Security, which was, you know, we, Graham, my colleague, and now my co-host on the Smashing Security Podcast, we both started it together, and we really worked our everything off to make that a success. And we really did. We did an amazing job, but I think we got burnt out as well. I think after doing that for five years, we just got exhausted. And the company wanted more and more of us, and we just had nothing left to give. So it was time to go. It was 15 years. And I thought about maybe coming back or taking a sabbatical or going off and working at another corporation. But actually, the very next day, the day after I left, I opened up my own company, the very next day. I only decided to do it in a whim, and I still run it today. I am a podcast host. And if they don't know what a podcast is, it's like as a radio host. It's focused on security, and I see my job as trying to educate people on what the devices that we use every day can do, should do, and shouldn't do, and how we can try and be aware of that and do as best we can to try and avoid the pitfalls. The one great thing about cybersecurity is, like, let's compare it to selling, you know, I don't know, selling furniture, right? The most exciting thing you can look forward to is, oh, hey, the new sofas come in and look at the new color swatches. In our world, it changes so fast, so it's high pace, high stakes, and can take a lot out of you, but it gives you a lot back. You're constantly challenged. You're constantly learning new things. And I found that fascinating. I don't know how I would have stayed in a job. I don't know if my character would have allowed me to stay in a job that didn't change very quickly. I'm sure I would have ended up in media somewhere, or something that was really bouncy. It fits my role, so I think you got that character and you're hungry to learn more. It's a good place to go, because there's so many different avenues, and you don't even have to be a tech ed. Like, I have no tech background. I didn't study tech in university, but I know a lot more now, just through osmosis of 20 years being around folks that really, really know their stuff. When you work in a company, you feel, you know, you feel you understand everything that's going on within that company, but actually, you're in the fishbowl. And you can't get out of that fishbowl. You're just inside it. And unless you're running that company, you have a very blinded view as to what's going on or what the company's goals are or what they're trying to do. And that can lead to a lot of frustration, so I think my advice now is to chill. And I also thought I understood how everything worked, and only after I started running my own company did I kind of go, "Oh, God, I was so blind." You know, I thought my job was the most important thing, but actually, I wasn't the navel of the company by any stretch. So not having a boss and not having a company goal that's different from what my personal company goal is, is very satisfying. So I've worked really hard towards getting that, and so far, I'm in a really good place, and long may it continue. Question. Do your end users always work on company-owned devices and IT-approved apps? If the answer is no, then my next question is, how do you keep company data safe on all those unmanaged apps and devices? One password has an answer to this question, extended access management. One password, extended access management, helps you secure every sign-in for every app on every device, because it solves the problem traditional IAM and MDM can't touch. Check it out at 1Password.com/xam. That's 1Password.com/xam. [MUSIC] (gentle music)
