Grab a note pad and check out this hour long chat with Ilya Umanskiy GRCP, RAMCAP, MA, an experienced security consultant who has advised security organizations and supported physical security, resilience, and investigative projects all over the world. Ilya shares with us the path that led him to his advisory role today, the seven domains of competence that are essential for flourishing as a security leader, and fun anecdotes that young and aspiring practitioners can learn from.
To learn more about Ilya’s projects supporting young and aspiring professionals in the security industry, follow him on LinkedIn and check out his learning platform, Sphere State.
Big Ideas from This Episode
- “Don’t think that ‘threat intelligence’ [or insert security niche topic] makes you a security practitioner.” You need to seek competence in broad areas to be a competent security practitioner.
There are 7 Domains of Competence that security practitioners must have a grasp of to be competent advisors for their clients:
- Professional Polish
- Operational Controls
- Technological Controls
- Physical Controls
- Incident Management
- Make an effort to understand how your individual tasks / projects as an individual contributor support the objectives of the organization.
- Praise your team members for their progress as a means of encouraging their growth…or as Dale Carnegie says, “Be hearty in your approbation and lavish in your praise.”
- Seek feedback from your leaders and peers at work.
- When you get a new job, ask “why” they chose you in particular. This is important to understand as a new team member.
- As a recent grad or new practitioner, there is no shame in seeking resume writing help from a reputable source — this is can be immensely beneficial for you.
- Ilya told a story where his boss / mentor recommended him to apply for a role at a new org (Kroll) after gaining his first several years of introductory experience at Prudential.
… (Go find a boss like that!) If you find someone like that, know that they are a special human being and among the Top 1% of legitimate security leaders out there!
Use CONTROL + F to search the transcript below if you want to learn more!
Transcript from this episode (#1)
*Note: this transcript was generated using automated software, and my not be a perfect transcription. But I hope you find it useful.
Travis 0:00 Ladies and gentlemen, the security student podcast Travis Lishok here with episode number one. For my very first real episode of the podcast, I knew there'd be no better person to interview than my colleague, Ilya Umanskiy, who has incredible experience in security consulting, who's supported amazing security projects in New York, Hong Kong, and all over Asia. And in this chat today, Ilya shared a great deal of info about challenges he faced early in his career, his advice for aspiring practitioners who also want to want to succeed as security consultants, and his broader thoughts on how listeners can navigate the security industry. I hope you enjoy the following conversation. And if you do, be sure to like the page on LinkedIn at the security student podcast business page, cheers. Ilya, thanks again, for joining me today. There's a lot of reasons that I wanted to have you on the podcast. Well, first, of course, you have diverse experience when it comes to consulting and advisory roles in security. Second, you've made an ongoing project out of coaching young and aspiring professionals in our industry. And I'm also one of them. So thank you. And then you're also someone who inspires discourse among peers in our industry, and you just generally have a different way of approaching security issues. So thanks for joining me today. I appreciate it. Ilya 1:36 Travis, it's a great privilege and really an honor to to join you once again. Thank you very much for the opportunity, Travis 1:47 of course. So before we jump into your background, and a little bit about your experience, I wanted to pose this question to you just so listeners can kind of understand where you're coming from and how you think when it comes to the security industry. And that was this. So imagine you have a magic wand. And you could change one thing about the security industry, what would you change? And why? Ilya 2:14 Well, it's a very tough question. And thank you for for starting out with with this. My belief is that like any other profession, our field deserves to be even more professionalized than it has been to date. So what I would change is, I would create a system of accrediting higher education institutions, for delivery of curriculum to educate the new cadre of young and aspiring practitioners so that they could really feel that there is both a more understandable way of getting into our industry, learning within our industry, and then being sought after, as relatively well educated, and I guess will prepare talent that will then carry the industry forward. So I'm sorry for the lengthy answer. But there it is. Travis 3:23 Oh, no, that's, that's great, because that was also something that I want to dive into later, just to pick your brain a little bit about some of the educational programs that exist today and how they set up security professionals for success like me, for example, for my undergrad, I got a bachelor's in political science, not to security focus. And many of my peers also study what like Homeland Security, criminal justice, counter terrorism. So I think that's something we could also dive into a little later. But I do love that answer. And, and that leads into my next question, which is, can you share a little bit about the role that you do today and what that looks like? Ilya 4:06 Interestingly, it's a hybrid of different skills. On the one hand, I'm an investigator, and on the other, I'm a compliance practitioner. Then I also work with clients directly on protection of assets. There's a significant community that we've been sporting over the years and also clients that come and go for shorter term projects, where I advise them on all things related to protection of their reputation of their, I guess, physical environments, or and everything else in between. And so I think today, it's very interesting to see how I may able to apply my skills that I've picked up over the years to a few different niches of our industry, having those opportunities that come from a variety of clients that they engage with. Travis 5:14 Yeah, it's very cool that you could be involved in such a broad range of activities from governance and compliance to resilience to investigations. So next, I was curious, what path led you there today? So like, how did you develop these skills along the way? And how did you come to be in the role that you're in today? Like, what did that path look like? Was it traditional wasn't less traditional? Did you have to call some audibles along the way? Ilya 5:41 So you know, it's actually a very good way to introduce your listeners to what exists today, because it's not much different from what I experienced several years ago, actually did about 20 years ago, degree in criminal justice went, that was my Bachelor's out of John Jay College of Criminal Justice, then I entered the the same program, but for a master's degree, also criminal justice policy analysis. And I was in the middle of that program, I was exceptionally lucky that I picked up somewhere along the way, a piece of advice to actually have a professional resume writer to have a look at my resume and enhance it. Okay, not giving myself all the credit for be having all the wherewithal as a person who really didn't understand corporate life or any any sort of like career track at that time. And I gave my very rinky dink resume to a resume writer, which they had really done very well. So. And I, again, was lucky that I lifted that the employment office at John Jay College, and it landed in the hands of Paul de Matias, who looked at the resume, and I could you know, I mean, it's really not my doing, but I am sure that it stood out from about 95% of the rest of the resumes, okay, it didn't start with the word objective. It didn't did it wasn't bland. The person who helped me with the resume did a very, very good job, even though she was not in our field. So but she interviewed me for a bid and Anywho. So that's, that's the resume part. And that's how it landed with Paul. And the rest of it is also, Travis 7:38 can I stop you for a second and ask a little bit about the resume? Like, what was it that you think made it stand out? Ilya 7:47 Well, so imagine a kid that's just in the last several years learn how to speak English, like, like, I was literally at it, you know, in a different level, mentally, I was different. In my perceptions, I was still learning how to be an English speaker. And imagine now, and I actually a year before, then, I learned how to properly use computers. Okay, so So think about that. I've, you know, most of my papers were told were made and typed up using a typewriter. Okay, I kid you not. And so think about now the skills that are needed, just in formatting alone, just in making sure that I can format the document properly using whatever version of Microsoft Word or, you know, some some word editor that was existing at the time, right. Needless to say, I lacked those basic skills to present a document that is, how shall I say, easy on the eyes? Okay, and so what what followed next was my inability to structure sentences properly, to be understand that key words matter to a reader. Okay, and keywords that are related to the position, I had no idea what that meant. So, to me, just the basics of how you format a document, first of all, what tools exist to even do that. Also, what what would be the construction of a resume because it did certainly not like your college paper. It's certainly not like anything else you have prepared. Okay, so I was lacking those skills. So, again, on advice of someone that I don't remember, but I'm infinitely grateful to, I turned to someone who knew how to do that. And that person took the time to actually, first of all explain to me that I was that I sucked as a resume writer. So she basically said to me, we gotta you need to stop up, this won't work because you're going to be just like the rest of the mediocrity that's just throwing some pieces of paper on the table in the employment office. And so she said to me that, you know, I need to weed out and, and pull out some very critical statements from you, because she says that I trust that you can explain to me what you're capable of. And once I was able to do that, however, poor my English was, at the time, it was getting much better, you know, by the time I entered graduate school, but still, right. So, you know, the ability to communicate, she actually took me through rounds of questions, where I was able to share with her everything that I was aspiring to accomplish, okay. And then she used her knowledge of how the corporate world world works, how the world of hiring managers works, right, and to introduce new language on my behalf in that document. Okay, imagine I've just spent what you know, to answer your follow up question, I just spent, what, a minute or two explaining that. Right. So, and there was much more entailed. So, yeah, it was really the help of that person to move me, first of all, from being overconfident in my own ability to create a resume or using those, you know, templates that were flooding at the time, some internet sites, or templates that employment offices and colleges had, because they also weren't all that great. And she tailored, she looked at my profile, she tailored my resume, specifically to the readers the the potential consumers of content about me. And again, that's that's kind of how it how it all moved from there. Travis 11:59 Yeah, and thank you for sharing so much about the resume part. Because that's so important in the work that we do, I feel like, over the years, I've read so many resumes from my peers, and it looks like a resume that they would submit to the DMV, or the US Patent Office or something where a computer would be reading it rather than a human. So I think we are, I think we tend to be remarkably, all of us tend to be remarkably bad at writing resumes. So I think it is great. If we could go out and seek help from someone, maybe it's an accounting office, maybe it's another peer, maybe it's someone who's working as a hiring manager today, I think it's definitely critical to get a second set of eyes on that and, and get it critiqued. So very often just Ilya 12:46 don't, and you know, what, as, as confident as we may be, because obviously, at that young age, everybody's being told just, you know, go and, you know, win everything, right, just be be a warrior be, you know, the present your best self. And that's true, it's okay to be sometimes, you know, feel feel like you're like you're, like punching above your weight, if you will. And that's perfectly fine. Because, you know, that shows ambition that shows drive, and that's understandable. But there are semantics there. Are there nuances of how to put a document together that today, I'm helping others to understand, because it's not very obvious. Okay. I do to this day, I read resumes that absolutely suck. And one of them, interestingly, was from a person who graduated from the London school school of economics of all places. So we're still we're still 20 years in, we're still suffering from inconsistency at the very minimum, in the way people approach resume writing. And, yeah, I mean, it's just, you need to be a little bit more humble. And ask someone, at least, like you said, the second set of eyes to just like me, I'll maybe take a look at it and maybe a person, again, to your point who maybe does hiring or or he's a involved in that process? I'm not sure just you know, just to kind of broaden the spectrum of, of who's helping you review your resume. Travis 14:25 Right. Yeah, that's one incredibly important point. And then, so please, continue. So you're graduating from John Jay applying for I think your first role? Ilya 14:36 Yeah. I did not apply. Was I had no, I had no idea. Do you understand what happened? So So I was actually thinking, I was looking through like, classified ads and things like that to job ads in newspapers like that. That's how trivial my search was, at the time it was there was no indeed you yet, or monster.we, I think monster.com was there. But like, I still like I wasn't sure what I was actually good, good at. Right? And so So that alone was taking me in places where I didn't even belong, like I applied for actuarial jobs. For example, I had no idea what an actuary did. But I think, you know, it's like, it's a New York, it's, you know, I might want to just get a get an interview out of this, I had no idea that, you know, you have to be very good Statistician in order to apply for actuarial jobs. But anyway, so I did not seek that particular position, because I wasn't sure what I wanted to do yet. And I was kind of stumbling just on different things. And because Paul was very directly associated with the school at the time, and he was actually actively working with different students in different capacities, and he was helping and so on, he reached out, he looked at the pile of resumes, mine probably looked at least a little bit better or different from the rest. And I got a call and find it funny. Funny enough, was a call to the call reached my mom. And she's like, well, somebody called me from an insurance company. And by the time I had worked for MetLife, and I'm like, I don't really seek positions in insurance. But like, but I figured, you know, what do I have to lose? Let me just make a call, right and return the call as a courtesy. Because that's what my mom taught me is that you return somebody's call that says, Actually, I can spend another two hours in like imploring my peers, our young and aspiring practitioners to always get back to someone who's seeking your attention. It's, it's, it's, it's of paramount importance. But anyway, so I, I returned the call, and the rest is history. I got an interview, I entered completely unprepared. I was asked a bunch of questions. What stood out, I think, was my ability to, I guess, apply analytical skills. I think that was all that was the minimum entry requirement. So I was able to demonstrate some of that I also produced maybe a couple of writing samples I had, by the time created what I still am very, very proud of I had done research on Ted Kaczynski as part of one of the classes at j&j. And it was, it was fascinating to me how he was, like being put in a box as a human. And I kind of didn't believe that. His manifesto was like a complete nonsense. Because amid that nonsense, people were missing very critical points of what he was trying to communicate. And I did a research, I studied a little bit of his background, I studied the case. And I think by that time, I had picked up some skills of being a decent paper writer. And I think that's what helped me impress Paul. And at the time, rich Sookie, who was the second person in the room, he was a worked for four presidential administrations and these see Secret Service, I believe, and yeah, so both of them, basically asked me a few questions, but they were looking for an entry level person. So kind of their barrier to entry was simply having good analytical skills and good writing skills. That was it. And that's, that's it. I mean, that's how simple it was a person took a chance on me. Travis 18:43 And I like how you mentioned, because there's one thing that I'm like, I'm doing several interviews this week. And one thing that I've done to also make myself stand out a little bit is to highlight some creative projects I've worked on because nearly any interviewer could could hire someone who has the basic skills to do whatever the job is, or someone that has the right attitude. But it's definitely something very useful that you can't necessarily put like a tangible, I don't know, like a rank or $1 amount on. But it's something that pays off in so many ways in the future, when you do hire people who can think creatively and address a business problem or a security issue in a way that all the people that have been there for 20 years are just not kind of looking at that same issue with those eyes, if that makes sense. Ilya 19:37 I couldn't agree more. Absolutely. And that's what also worked for me. I would also say that if you're demonstrating it as long as you can clearly articulate the why of the project, whatever like it was the purpose and also the outcome of the project. Like what were you What were you able to solve Right, what were you able to accomplish? Right? And this is another thing, going back to resumes. A lot of people talk about what duties they performed in past jobs instead of talking about what they've actually accomplished. I mean, to this day, I'm telling you 20 years ago, we were talking people out of putting their duties into resumes. We're telling them no, no, no, you actually need to demonstrate what you've accomplished. And guess what, 20 years past, and people still put duties as their main priority to describe describe positions that they help. And that just I find that mind boggling that the we're we exist in a fairly sophisticated Western environment where people still don't understand that you need to impress with what problems you solve, to your point, rather than what you what you did, because that doesn't really impress anyone. Travis 20:54 Yeah, that's an excellent point. It's like, it's like, you just copied and pasted the job description. And that's just not useful. Ilya 21:02 Well, you should align yourself I mean, to a degree, but you should, you should also demonstrate how you have been able to apply your personal video, like, variety of your personal skills to help people you've worked with or could currently work with, right, and organizations that you work for. I think that's, that's probably more important, because within that those explanations, people will see if you're able to articulate them properly, people will see elements of critical thinking, people will see elements of good good communication skills, people will understand how sometimes you need to persevere through different challenges. And yeah, there will be barriers. But how did you overcome those barriers? Right? How did you maybe come to a compromise of sorts, but still, were able to complete the job that you aligned that you were responsible for? Right? And I think those those things, I think, to this day, are a bit inconsistent, as I look at the talent that enters our industry and many other industries. Travis 22:20 Those are all good points. And then how did the interview go from there? Ilya 22:26 I got the job. Again, like I said, it was all a bit of a blur, because I wasn't really sure nobody. That's another thing that I do today with talent that I'm looking at, right. I always try to elaborate to them why we either hired them, or why we they were not selected. Unfortunately, at the time, whatever the reasons, Paul and the rich had, they didn't communicate to me very directly, like why I stood out more than others. However, that came from them a little bit after I started. So like, shortly within, I don't know, within a month, I started receiving very direct feedback. And luckily, again, for me, it was largely positive. There were so obviously a ton of things I needed to learn. But I liked how Paul really enriched for that matter, and a few other folks that I was working with that didn't really waste their time, starting to share with me positive things about how I was kind of doing in my early days in the in that position. But there was one, I think, misstep where I never received direct communication, even though I was offered a position obviously, that kind of makes me feel like yeah, you've kind of impressed people. But they never told me exactly why I impressed them. But shortly after I started, I started going I received those clues, if you will. Travis 23:59 Right. And that's awesome that you're surrounded by people who were interested in actively mentoring you giving you feedback, because oftentimes, that might not be the case. And honestly, I could think of roles that I've gotten into where I didn't. I didn't, like directly know why I was specifically being hired. So I think that's a really interesting question for people to ask when they are in the interview process. I think that's a great point. Ilya 24:28 Well, you always ask for feedback. So I was talking to a friend of mine recently, and he applied for a job and he's like, Well, you know, it wasn't a job that he that was ideal, in his estimation, but he was just, you know, going through rounds of interviews and what seemed like an interesting position. But it but but but what what struck me was that he just says, Well, you know, I kind of I figured they never called me back. I figured I just follow up and and I was told that I never got somebody else was promoted from within, and I'm like, wait a second, so they never told you like how you did that never told you what to improve on, like, in this day and age, and he works sort of, you know, at a very high end organization, right? And I'm like, how is that? How is that even possible? I mean, everybody talks a big game about how sophisticated these organizations are. And yet young talent capable, okay, very well educated and, and eager is left guessing about how well or how poorly they did on on an interview. I'm like, That's not fair. And probably the hiring manager in that position altogether weren't right for this particular person, they probably weren't, weren't going to be both happy and successful in that role. Travis 25:47 That's true. And that's a great signal for the person that's interviewing because they can learn a little more about how their culture is in HR and recruiting and retaining talent and seeking talent. So in a way that that's useful information for him to. Alright, and then. So now you're working in one of your very first roles. And how's your path continue from there on to where you are today? Ilya 26:13 So please remember that it was 2000. The year 2000. April of 2000. Okay, so we're just one year shy from 911. Okay, so, in about a month or two, I'm on a plane with ball headed to Mexico and Argentina. Now, I worked as a suit salesperson before I, you know, that was my job before I joined Prudential Financial, where I worked for Paul, right? I could dress to the nines. Okay, I could look the part no problem suit, tie shirt. allpress. Looking as spiffy as you can, you're good look, but I had nothing in etc. So imagine me, right, I'm scared to death. Going on a trip, where I'm not clear as to why I'm going. I'm not clear as to what I'm supposed to be doing there. Now, I'm having to like I'm given pretty much a test of how I'm going to be able to work my way around different situations, and still try to support Paul in whatever it is that he's doing. Now, of course, the trip was both like in support of Paul's efforts, because obviously, he was in the middle of like building an expanding a security program and Prudential and he was traveling through different regional offices. And so I was trying to both be the sponge that anyone in in their early days in their first or second job, or career position should be. And I was trying to absorb as much as possible, taking as many good notes as I could write, and then trying to process what is being discussed. What is the core issue or multiple issues that Paul is addressing with the local offices, right. And so Paul, also obviously, had a lot of side conversations with me, and, you know, it was pretty much trial by fire at the time. Now, it's a day, you know, the situation of describing sounds very trivial, because there's many other problems in organizations, even for young practitioners. But at the time, we didn't really have the variety of threats to MNCs other than crime, locally, kidnappings, we did have a slew of kidnappings. And, you know, in and around our offices, we had some concerns about some operational issues and stuff like that. And so the issues at the time were slightly different. But nonetheless, I knew nothing about anything. So I didn't know how to give protection advice, nor was I asked to luckily. Right. So I was listening to Paul, I was I was observing how other people were reacting to him. I was trying to kind of read situations. And there were moments of... ...lucidity when Paul was asking me questions I was able to answer and kind of say, Yeah, I got you. I understand what you were doing there. And there were moments of complete failure. Okay, the failure was, I think I remember we walked out of one office and Paul was like talking to them. It's like, oh, you know, you guys should consider expanding your systems, meaning electronic security systems and you probably should reinforce or change your doors and locks. You know, considering the crime situation around your office, blah, blah, blah. And some for some reason. I almost had an ear warm from the phrase and you need to reinforce your doorframes Okay. So Paul turns to me is this so what's your take on the on the conversation? I'm like, you know, naturally, Paul, it's reinforcement of doorframes. He looked at me like I had, like, I was just like, What planet are you from? Okay, we spent hours trying to negotiate the overall perspective on security. And here you are talking about doorframes. What's going on here? Right. But again, Paul, being Paul, ever optimistic, and also very kind to young talent. Right? He took it in as if nothing happened. He just basically said, no, no, no. Let me explain a little bit more about what we're doing here. And once he did, I felt very embarrassed. Right? I'm like, Ah, okay. Well, you know, I kind of took a very, they're important, but it was like a secondary or tertiary issue. And I elevated in my mind saying, this the main thing, right, but it wasn't the main thing at all. Right? So it's, he said, basically, yeah, so you have to understand prioritization, you have to understand, like, how to deal with these individual authors, representatives, as your clients, what kind of advice you're giving them. And that was what basically started my, I guess, awareness, not even education yet, though, still getting in the early days, but but awareness of like, both being a good, I guess, people's person and consultant, and trying to understand what the core issues were and articulating them to the clients, I think those those things were starting to take shape after that trip. And then we come back and pull changes gears. We did, like, obviously, there was some follow up, we had to write some reports and stuff like that, which writing was not an issue for me like and by then I was, I was happy to like form a documents, stuff like that. So I was relatively capable of that. And then he turned switches gears and he shoves a big volume of documents on to me and says, Okay, this, these are dire draft, check standards, check policies, meaning like physical check production and security of financial instruments. And he's like, Okay, we're gonna start rewriting. Those are like upgrading them, I need to start doing research and what needs to be done, and how do we need to rewrite them? And that seemed like, I don't know, some language from another country that I don't understand. But again, trial by fire, he threw a few things at me. And he said, Okay, let's see how he, you know, works in this unfamiliar situation. Right. And I was both, I think doing okay, processing a lot of very unfamiliar, strange content. And at the same time, one thing that helped me was poor, poor polls, open door policy, because I think I made a slight dent on his doorframe as I knocked maybe 3040 times a day. Okay. Now he is he's, he's a very patient man, as you can see. And luckily, he was also patient to coach because he knew what, what the higher education system was lacking at the time he was he taught at j&j, even though j&j had a Production Management Department both I think it was the bachelors level of master's degree, but they weren't teaching those skills. And Paul knew very well that, yeah, you know, basic analytical skills are fine. But when I throw something very technical at you, right, you need to understand what you're dealing with. And guess who's going to teach you full? Right? So he knew that I would show up. And he actually, I think, it was almost like necessary. He was he was expected of me to be there and ask questions and interrogate the situation and learn as much as possible. What wasn't appreciated is if we, if I were to repeat my same question, four or five times, you know, because you were supposed to, like, understand what's being said, maybe clarify, right? But if you come back with the same thing, four or five times, man, you're not analyzing, you're just kind of coasting. Okay. So I think I passed that as well. Because I guess within I don't remember exactly how long it took us. But it took a little bit of time to issue those new check standards and policies. But we did it. It was it was the bye bye the time. I feel very proud. Travis 34:53 Yeah, and I could definitely relate to your story being in one of your early security roles and being someone who Yeah, often, in your very first role, you're, of course going to be presented with problems and tasks and challenges issues that you've just never encountered before. It's not something that you do when you're getting a political science degree or when you're in the Marine Corps when you're doing any of this. So I could definitely relate when it comes to maybe projects that an EP manager would give me or maybe even like, interactions that I would have with, with like, a high net worth principle, when they asked me something. And in the back of my mind, I'm like, I just started here, I'm not quite sure how I'm supposed to handle this situation. Ilya 35:33 Yeah, totally. And what Paul did very well was that he connected the situation at hand with the actual problem and the objective. So he always told me earlier, let me take you to, we had an office in Manhattan, right? So we go to Manhattan, and he's like, Listen, I want to walk you by the Office, don't tell anybody. But I'm gonna walk you by the Office where, until recently, we've been finding $1 million checks, with maker numbers and everything ready to be cashed sitting on somebody's desk. And he says, we don't have controls, we didn't have controls a time that could prevent a fraudster from taking possession of the check and depositing it and then withdrawing the money. We didn't have those controls in place. Okay, so he articulated to articulate it to me In plain terms, okay. And like more like life experience type stuff, right? And then he told me all we're trying to change that we don't want to make it easy for fraudsters to steal our company's money, okay. And we also don't want our financial instruments and that, in that particular instance, physical checks, to be very vulnerable and susceptible to these types of fraud cases. So it was that information that helped me connect what I was doing with the volume of seemingly loose pieces of loose pieces of paper. And something that looked unfamiliar, it helped me understand what the ultimate objective was. And once I understood that, right, I knew that every improvement I was making, was helping achieve the objective and solve the problem. And the more I updated, Paul, would readers like, oh, yeah, this one looks good. Let's move on to the next, you know, policy section. Right. It was fantastic. I could see my own progress. I mean, I think a lot of young practitioners, working with their senior managers, I think they could benefit tremendously from receiving this incremental praise. Especially when they've understood the objective, and they need to see the fruits of their labor. Okay, to me, as a young kid, who was still trying to adjust to a new environment, those early little pieces of praise. I think they worked Magic Man. I mean, it didn't make me overconfident, I don't think but it really made me feel like I belonged. Like, I think it was my first career job. I didn't really know much about it. But I think I was making good effort. And I was I was showing good results. So yeah, and then Paul started throwing all sorts of other problems at me, many of them very unfamiliar. Travis 38:22 You mentioned praise. And I think that's one thing that's huge. That's like one of Dale Carnegie's top 10, top 10 key ideas, just small bits of praise for younger professionals can be huge. And you also mentioned being able to see, being able to see how the project progresses or like what the final product is. I think that's something that's so important in security for young professionals, because oftentimes, you're just, you're in the muck, and you're deeply immersed in day to day tasks. But you might not actually understand how each of those individual tasks contributes to whatever the objective is for the project that you're working on. So I think that's something that's also critical. Ilya 39:06 You're absolutely right. And they think that we're, for example, we're working on a very large litigation sport case now, right. And we, it was absolutely necessary for us to explain to our team, like both the volume of stuff they have to work on, but also what the objectives were, and how each step they were taking. And also literally as they took those steps and achieved some positive results, where we could tell Well, do you see what you just did here? How this helps us in the process and how this helps us reach our objective and and impress the client. Right? And so I think it's that structure of not only just saying, Hey, you did a good job, right? That's not enough. Okay. You need to explain where you did a good job with what and how that helped move the needle. if you will, toward meeting reaching the objectives, so that's, that was much more, I think, useful for me. Travis 40:09 Right? Yes, it's very important to understand, like the overall intent of management of leadership so that the end users, the people that are carrying out the work that they could do it to, like up to spec, and then to carry the conversation on. You touched on this just a little bit, but I want to explore it a little bit more, which was I wanted to hear, did you have any early influences are late influences that inspired you to be involved in security and risk? Ilya 40:44 You know, I wish I had, but no, those things were, I guess, a bit distant. For me. I wasn't sure what that was. I certainly wasn't sure what the private security world was. Because I almost got accepted into Secret Service. The only reason why I never made it to Secret Service was because of my eye exam. Okay, but I knew what the world of government was I wanted to work for the government that the time, right, and I was that's what I was the only idea that I was aligned with. Okay, I wasn't sure what else to do. I wasn't really aware of what what the world of asset protection and private sector was. And so it was much easier for me to see. Okay, FBI, Secret Service, Department of State, those things appealed to me at least they were understandable. Okay. I wish I wish our industry could could, you know, change its its story to be as understandable as the stories that we hear from the FBI, the Department of State and from, from Secret Service? Travis 41:59 Yeah, that's certainly one big area of improvement for our industry, for example, at career fairs, at at college, or where have you, I think, generally, a lot of the security risk management firms are not so well represented, you have every everything in finance, in information technology in software and design. But it seems like security at these events tends to be missing. So it's almost no wonder that a lot of programs out there don't cater to the practical needs of security professionals, since they tend to be less represented there. Ilya 42:38 I have been slightly out actually say, I haven't been to too many job fairs. The reason? I think is that early on for my master's degree program, I got hired and helps. Okay, then, through connections I got hired at Kroll. Okay, so Paul recommended me for a position at Kroll. Okay, again, thanks to my my one mentor, who basically stuck stuck around and helped me with multiple steps in my career. But I didn't really have that experience. Now, I did make a comment not so long ago about a design of career fairs. When I observed how John J did it. So the days of the table with the tablecloth, and a little banner behind, and the chair and a person sitting in that chair are long gone. This is we're talking about 1950s 60s. Okay, so that's not how you're going to impress talent, nor if that talent shows up at an event like that. They're not very good themselves. They're not very discerning. Okay. So I worry that when the job fairs are, and again, this was fairly recent, I must say, and John J is my alma mater. Okay. And it was sad to see how there was not a single reply to say, you know, good, good criticism. We appreciate it. We'll look into design of the stock now, who am I right, I'm not claiming to be a very important person for j&j, even though I taught there for four years and master's degree program and they built from scratch, a master's degree course for them. But anyway, so Okay, of course, but what was strange to me was that I was the only one who offered some criticism, and they basically glazed over it. Okay. Now, that, to me, indicates that not only is is the design already poor, inherently poor, right, because that's not impressing anyone, but also that they're not willing to accept the fact that things could be done better? And what what my point was that listen. Okay, John, Jay, why don't you turn to other industries? See how they do it, talk to PR people? How do they how do they do their affairs? How do legal practitioners or law firms, organized fairs for their for their young talent? How do they do it? Right? How do medical schools and anything else in between how do they attract talent? Right? Maybe you could learn a thing or two about, like, how do you impress? How do you demonstrate that it is a mature industry that you're that you're seeing here? Okay. But the little tables with banners, man? I mean, there's absolutely no way I would recommend for someone to go to go and do that. Because it first of all, it speaks poorly of the industry. Secondly, I feel like young talent today, they can see the niceties of larger organizations and what they're able to deliver. It's the problem is that they don't see it in our industry, or they don't see it as often as they do in others, like the industry of finance, right? What do you think everybody is vying for us? You know, for this for spots with Goldman Sachs? Not because Goldman Sachs is the it's the best most ethical organization on Earth. It's because the way of the way they attract talent. And it can because of the messaging, because of the PR because of the attractive design of their events, right. I'm sorry, we're just not there. Travis 46:39 Those are all excellent points. And talking about John Jay, that leads well into my next question, which was, so I was curious for someone like you who's very much a generalist when it comes to asset protection, resilience investigations. I was curious, are there any? Are there any big competencies that make one successful in a role like yours? Ilya 47:03 You know, I talk about the word generalist. And unfortunately, it seems to me that I'm misunderstood. Because when people think of the word generalist, they think about like, how did the how the how does the saying go? Basically, back Master of None, I forget what the beginning part of the phrase is, but but people assume, Oh, yeah, it's just, you know, superficial kind of, I don't know, some, some sort of a person that kind of picked up a couple things here and here, and, you know, just basically know how to say those things. And they, they basically operate with acronyms or with some technical knowledge, or technical terms, without in depth knowledge. That's not what a generalist is. And that's where there's a big misunderstanding in our industry, the generalist is actually the person with knowledge across multiple domains. And the generalist is actually deeply knowledgeable in each of those domains. The problem is, you can't be knowledgeable in just one domain and say, You're a security professional. And this is the biggest problem in our industry, the way I came up with, at least what what's apparent to me is seven domains of competence. And as you know, Travis, it's all clearly articulated hope clearly articulated in multiple podcasts videos, and on my platform, that's called skill domains. All that is clearly articulated the reasons for it, right? And the seven domains are professional skills, which we started with, interestingly, psychology design, and then there are four focus domains, which do address the core skills for any practitioner in our industry, do you need to understand security operations, okay, guarding policy, writing a strategy, and so on and so forth. Right threat intelligence, things like that. You do also need to understand three other things, three other domains of competence. One would be technology, you need to be as dangerous as possible when you discuss technology and its usefulness. Okay? Because a lot of technology is being bought, bought, unfortunately, doesn't work as intended, and some of it is designed so poorly, that unfortunately, it doesn't even it's a bad value, okay. So, you need to understand how it works and what what types of technology are available to the field of asset protection, then you need to understand physical protection like how do you withstand how does the building withstand the blast? What materials do Would you would you need to use in order to reinforce the structural reinforcement or reinforcement for openings and Windows? What have you right? How do you change the site's landscape? How do you do site selection? Right? What what does that mean? How does infrastructure work? Right? So those things need to be understood at a much deeper level. Then there's Incident Management, right? And incident management to me is the a lot of people are simply incident managed, like, for example, if you ask people in offices of emergency management, that's all they do. They're like, you know, a small integration of FEMA. Okay, it wasn't FEMA is the federal level, and then each state would have and then each municipality would have their own OEMs. Right. Now, of course, those people are in Incident Management, that is a I'd like to think of it as science, that there's a very deep base that is devoted specifically to research on risk management, or sorry, incident management. There's a significant psychological component, like there's psychology of trauma, psychology of operate behavior under duress. There's all sorts of crowds, psychology, all sorts of, luckily for us all sorts of research that's available. Now, I've just talked to you about seven domains of competence, right? That to me, if if a person can comfortably operate within those seven domains, that's a security practitioner. Travis 51:27 Yeah, I really liked those domains. And one that really stands out to me too, especially as we think about young professionals is technology, because so many, so many of the leaders in the security industry, of course, they're in their 40s, their 50s, their 60s, and I think many of them are less inclined to dive deep into learning about different aspects of technology, whether it's information security, whether it's physical security systems, whether it's software. So I think that's also one huge area where young people in the security industry can add significant value is by developing deep knowledge, especially in those technology areas. I Ilya 52:09 couldn't agree more, even though I'm I'm slightly careful when I discuss technology, with people who, who I interact with clients, or students or whoever else are my peers, right? The reason being is that technology for the, in the last 20 years, has been developing faster than we can understand. Okay, faster than brainpower. And unfortunately, if you simply refer back to work of Tristan Harris, and the Center for humane technology, you'll understand what I mean, okay, is that there's a ton of innovation, but is that innovation, largely improving our life, or some of that innovation is harmful. Or some of it, though some of that innovation is half baked, or not baked at all, right. And I've seen multiple examples where products technology products that were being sold to clients that I was advising, without me being in the in the mix like they were sold those products, I can tell you countless examples, just in the New York area alone, where people acquired clients acquired technology, and it was basically sold to them as basically the solution to all of their problems, all of their security problems. And it was a disaster. It was a fiasco. And unfortunately, what it led to was false sense of protection, false sense of security. And people didn't get any awareness of how that technology works. They thought it was all plug and play that there was no human intervention required or maintenance or any or any re calibration. And unfortunately, the current world of sophisticated asset protection tech can be best understood only by a very, very small cadre of practitioners in our industry, who can then advise clients, and there are a few teams in house that actually have a decent knowledge about asset protection technologies. But that's a drop in the bucket. Most of the community, unfortunately, is kind of their, their their learning, but they're not asking the hard questions about they're not matching the tech that's being presented at shows like ISC West and stuff like that. They're not asking a question like, how does that how is that going to work in the hands of a user? What will that look like? Can you demonstrate to me how that technology will be super useful to the user? I recently had presentation from from a guy that was giving us a run walkthrough for for a new discovery platform, right out of the gate, the guy starts with using, what language coding language they're using, and some other very techie terms that are only familiar to him. And I'm sitting there, I'm like, wait a second, did you like we're novices here? What do you what are you trying to explain to us? Can you can you explain it to us as five year olds, so that we can understand in simple, non exclusive language, what what is how your system works. And, you know, I feel like we still are not doing a good enough job addressing technology and matching it to user experience to user needs. Travis 55:39 Yeah, you make a great observation here. And this is something that I've also seen too, which is, there's, it's almost Amazing how strong the draw is for people in all industries, whether it's security, whether it's risk, whether it's HR, how strong, they're how strongly they're drawn to go purchase technology and software, without actually understanding how it gets implemented, and how it works simply so that they can go to their chief executive and say, hey, look, I implemented this new expensive piece of software, look at the great work we're doing when in reality, they don't necessarily understand the implications of using it implementation and how it affects the organization holistically. So I think, I think that's a great point. And this leads to the next thing that I want to ask you, which was, so we have so many young aspiring professionals listening today, I wanted to see what advice you have for them, especially when it comes to acquiring skills to be successful in the security industry. Ilya 56:46 Well, I would say, go back to my message about the seven domains of knowledge. The reason why it was apparent to me that those seven domains are critical, is because I see a lot of young and aspiring practitioners trying to lock themselves into niches. So for example, I see people that just say, Well, I'm gonna go do threat intelligence. Yeah, but threat intelligence is a piece of the puzzle, it's not the whole puzzle, if you don't understand the rest of the puzzle, then you'll forever be or for the most of your effort will be applied in a niche. And you want to understand the over arching strategic issues that are being addressed. The same goes for folks that strive to, again, let's say go to and only do let's say, integration of electronic asset protection system, electronic security systems, right. I cannot tell you how many times in recent days, not even months, I have given advice to my clients to be very cautious of integrators that were trying to upsell them, simply because they needed to make their profit on some sort of deck. They didn't know where and why what was the fit for purpose, if you will, right. They didn't have the vaguest understanding of how what assets are going to be protected by the tech. Okay. They had some just Yeah, okay, if you stick cameras, you know, around this building, or if you add some intrusion detection, right, but they couldn't articulate, like, how, how will all of that work in in in unison, and specifically address how those systems are going to be matched to the capability of the users and then how the capabilities of the users needed to be enhanced? Right. So that's a niche to me. That's not what I expect from a generalist with deeper knowledge across multiple domains. Because the puzzle is what's important, the the ability to articulate to clients that, hey, you're thinking about buying technology may be your first priority should be like, Why are we buying it? Like maybe do have you done? TV era? Have you figured out like, where your what your assets are, what the threats to those assets are? What are the loss scenarios? And what what what does that look like? What are what are attack vectors? Right? If you don't have answers to those questions, don't just buy sexy stuff, because it's not going to help you. It's good. It's good to look nice. But like we've seen multiple incidents, even at Google of all places, right? That it doesn't always work that way if you don't have deeper knowledge. So my advice after this long story, my advice is don't settle for just learning. finite volume of skills. Don't think that threat intelligence makes you a security practitioner. Don't think that executive protection makes you a security practitioner, don't think that integration of technologies make you makes you a security practitioner, because you will have missed if you choose to do that choose to believe that you will have missed other pieces of the puzzle. And as you miss them, so will your clients, the people that your advice, and that to me, I think, is a risk in and of itself. Travis 1:00:36 That's a great point. And that's something that I've seen more of, like over the past two years doing COVID as well, which was the importance of developing broad skills. And that's good for our own resilience as security practitioners. So I remember one conversation I had during the pandemic with a EP manager who said something to me to the effect of like, "I think since I did EP, I've, since I've focused so much on EP over the years, I've kind of pigeon holed myself in my career," because during COVID, EP teams were no longer traveling because executives were staying at home. So security was being cut within many organizations. So people who had very narrow skill sets essentially had to adapt in their organizations. And many of them had to come to terms with like, "oh, shoot... I really developed a very narrow skill set. So when times get tough in the economy, it may be more difficult for me to, to find work." And that's kind of something I'm trying to do today, in my own career, which was... I spent so much time with investigations and threat intelligence. Now I'm trying to gain more hands on experience when it comes to physical security. So that's something that definitely hits close to home for me as well. Ilya 1:01:54 And I appreciate you for that. That's, that's why we've been friends for such a long time. Because that's, I think that we have this similar passion of never stopping to learn, never kind of parking in a certain location and say, Okay, well, this is this is sufficient island for me, because there are no islands, unfortunately, you got these problems. They're so multifaceted. The larger the organization, the more multifaceted the problem, right? And so like, I have a very good friend of mine that was able to pivot from, for example, event security, to advising on protection of crypto assets. Not because like he imagined that he knew crypto, because he took the time to listen, learn, and then kind of insert himself with the right level of advice and with the right level of empathy for the problems that the organization had. Right. And he did phenomenally well. Travis 1:03:02 Their minds, we have a great phrase from Mark Cuban, who says something like, just read the manual, because so many, so few people are willing to dive deep into a subject. So it's almost easy to become an expert in a niche area, when other people are unwilling to dive deep into it. And Ilya 1:03:20 well, you know, I tell you what, just one last comment on this, I was recently delivering a presentation on door hardware to a large community that needed that level of advice. And then I built it up whatever I and I delivered it right. And I felt you know, and I covered quite a bit, you know, for people that don't understand much. And, you know, I was able to share quite a bit. And then the same organization, they said, Well, why don't we bring in a door hardware expert, who by the way I recommended, okay, so I'm like, Yeah, that's it, just go talk to her. She's amazing. You know, she'll do a presentation. And when I was listening to her presentation, what was what made me feel very happy was that she basically, her presentation looked almost identical to mine. And I'm like, You know what, she was a good mentor to me, I stayed, I listened, I parked my ego. I was humble. I learned. She was literally one of my mentors, like, won a big, big project. So and guess what, you know, I learned and I took my notes. And then I learned from other resources. And that's how it goes, you know, it was amazing. Travis 1:04:22 Yeah, and that's another great lesson for listeners, which is, you can really learn from anyone around you whether you're losing weather, you're learning the right thing to do the wrong thing to do or thinking of different ways to do it better. And Ilya 1:04:37 we always learn best from others. That's that's the other thing as is psychology teaches is that the best lessons we learn is by observation. Humans are amazing in their observation skills, sometimes they you know, they suck with inattention and attentional blindness and stuff like that, but that's more tactical, but we're actually good observers if we see that somebody is like hitting their head on the wall. Or like, maybe I shouldn't do this then I We remember those things, I think you strike a very good point for young and aspiring ones. Travis 1:05:05 That's a good point about observation too. As I wrap up the interview here, what? What closing thoughts do you have for aspiring professionals listening today? Ilya 1:05:17 Don't repeat mistakes of the practitioners today, like you mentioned something very important. You said that a lot of people in our industry, either don't have the time or choose not to spend the time to learn more deeply about the seven domains of competence. Don't repeat their mistakes, because I can tell you by through my personal experience, you know, I cannot. Well, I, I've assessed a great number of organizations and security programs. Okay. So I can assure you that people who ran those programs, that they also could benefit from a lot more learning. And yet, it seemed to me that in some of them not, of course, not all of them. In some of those assessments, I could see this lack of willingness, lack of like, just kind of coasting. Okay, don't Coast, if you coast, you're toast. Did I just come up with a catchphrase? Travis 1:06:21 I think he did. I think that's I think that's the perfect way to conclude our interview today. And Elia, I'm super appreciative for your time, we went over a great number of lessons for aspiring practitioners to dive deep into after our chat. And I'll be sure to link to a number of resources for how people can learn more about the projects that you're involved in how they can learn about some of the different resources that you mentioned today. And yeah, I think we'll get this published soon. So really appreciate your time Ilya Ilya 1:06:53 Travis, it's always a pleasure. And I'm very grateful that you give me this platform. Travis 1:06:59 And that concludes today's episode. Remember, show notes from today's chat can be found online at the security student.com, which includes a transcript, links to resources mentioned, and a quick summary of big ideas we touched on today. Final note, if you're finding my podcasts useful, and you want to help me in a very meaningful way, please go to the Apple podcasts app and write a quick review stating why you'd love the podcast.