Human Element

Maltego
  • 5.0 (3)
  • TECHNOLOGY

Welcome to Human Element, a podcast by Ben April, CTO at Maltego, focused on exploring the experiences and perspectives that shape cybersecurity leadership. In each episode, we speak with industry leaders to uncover the challenges they’ve encountered, the pivotal decisions that have influenced their careers, and the human dynamics that continue to shape the cybersecurity landscape beyond the technical domain.

  1. Evershed Sutherland's Patrick Gilman on How Revenue Follows Purpose Instead of Driving It

    3D AGO

    Evershed Sutherland's Patrick Gilman on How Revenue Follows Purpose Instead of Driving It

    Patrick Gilman, Lawyer, Partner, & Co-Head of National Security Practice at Eversheds Sutherland, points to a disconnect between how professional services firms measure success and what actually drives sustainable team performance. Instead of P&L and billable hours, Patrick focuses on whether his team receives diverse, challenging work that develops broad problem-solving capabilities across multiple legal domains rather than creating narrow subject matter experts. Patrick discusses the structural reasons lawyers fail at leadership. They transition from team member to team leader without formal training, law schools provide no leadership curriculum, and revenue pressure makes team development secondary to billing. He also explains his framework for difficult decisions through second- and third-order effects analysis, why he stopped reactive management behaviors after recognizing they produced no useful outcomes, and how he empowers junior associates to screen and approve hiring candidates before they join the team. Stories We’re Telling Today:  Why competitive professional environments create poor leaders by teaching individual performance without transition frameworks Defining success through team utilization, skill diversity, and sense of purpose to create sustainable performance The framework for evaluating difficult decisions by mapping second- and third-order effects rather than optimizing for immediate outcomes  Why empowering junior team members to screen, interview, and approve hiring candidates creates stronger team cohesion How removing misaligned team members prevents ripple effects that destroy team dynamics Building trust through radical transparency and honest communication even when it's uncomfortable  Why crisis-focused practices make daily routines ineffective and demand different operational frameworks Formal mentorship programs vs. mentorship through regular feedback, honest assessment, and helping individuals understand their failures Too busy; didn’t listen:  Law and other professional programs don't teach team management, leaving professionals to transition from individual contributor to team leader without understanding the fundamental shift in roles. Defining success by team utilization, skill diversity, and sense of purpose rather than billable hours or P&L; when those elements align properly, traditional metrics become trailing indicators. Mapping second- and third-order effects for decisions, empowering junior staff to control hiring decisions, and immediately removing misaligned team members to protect cohesion. Preparation prevents disaster, and the distinction between difficult and easy decisions compresses with experience. Skip to the Highlight of the episode:  [4:15-4:40] “But the difference between the two is lawyers, when they're operating, they're not brought up to operate a team. They're brought up to be a part, as a junior lawyer, to be part of a team. And as you grow through the ranks, you go from being a part of a team to leading a team without really understanding the transition and the roles and responsibilities of doing that.”  Listen to more episodes:  Apple  Spotify  YouTube Website

    42 min
  2. ConnectWise's Bryson Medlock on Leading without a Universal Playbook

    DEC 16

    ConnectWise's Bryson Medlock on Leading without a Universal Playbook

    Bryson Medlock's path to Threat Intelligence Evangelism Director, CW Research Unit at ConnectWise positioned him to address what actually creates high-performing security teams: treating people as individuals, maintaining psychological safety during crises, and building systems that eliminate months of manual work. Bryson shares how his leadership philosophy draws from a bit of nerdiness, including nearly two decades of running D&D campaigns where managing group dynamics requires constant attention to who's speaking and who needs encouragement to contribute. These frameworks translate directly into security team management, where recognizing that a fresh graduate needs hands-on guidance while a 15-year veteran needs autonomy and trust determines whether teams thrive or fracture. The conversation explores how Bryson transformed ConnectWise's threat intelligence operations from months of manual spreadsheet work into automated systems that generate insights instantly. He also touches on conducting difficult conversations by focusing on observable facts rather than assumed intentions, building trust through recognizing individual needs rather than applying uniform management styles, and why panic accomplishes nothing in security operations where most situations aren't actually life-or-death. Stories We’re Telling Today:  Why the most important step after any failure is simply the next one, and how this shapes hiring decisions for people who return after rejection Transforming threat intelligence operations from months of manual spreadsheet work into automated systems Building trust by recognizing individual experience levels and adjusting management style accordingly Conducting difficult conversations by focusing on observable facts and giving people the benefit of the doubt regarding their intentions Why curiosity about why systems work matters more than memorizing commands or collecting certifications How running D&D campaigns teaches essential leadership skills, including managing group dynamics Creating psychological safety during security emergencies by recognizing that panic doesn’t help unless it’s life or death Why kindness isn't soft but rather creates competitive advantage through better team performance and reduced turnover Too busy; didn’t listen:  The most important step after any failure is the next one; some of Bryson's best hires were people initially rejected who demonstrated growth and returned changed. Effective leadership requires treating team members according to their individual experience levels, not applying uniform management styles. Curiosity about why systems work separates career-long security professionals from those who plateau. Building trust involves conducting difficult conversations by focusing on observable facts rather than assumed intentions, then giving people the benefit of the doubt. Kindness in leadership creates competitive advantage through better team performance, reduced turnover, and environments where people actually want to contribute their best work Skip to the Highlight of the episode:  [13:44-13:58] “You have got to be able to know when to trust, and when to delegate. I think a lot of it comes down to just recognizing that what it means to be a human, everybody is an individual. Everybody's got individual needs and wants and desires” Listen to more episodes:  Apple  Spotify  YouTube Website

    39 min
  3. CPPS' Jameson Ritter on Why 98% of Violence Prevention Starts with Human Behavior

    DEC 9

    CPPS' Jameson Ritter on Why 98% of Violence Prevention Starts with Human Behavior

    The biggest security failures don't happen because teams miss warning signs in the data; they happen because no one reported the warning signs in the first place. Jameson Ritter, Director of Behavioral Threat Assessment and Management at CPPS, discovered this truth after years responding to terrorism events and workplace violence as a law enforcement officer. His transition from the Joint Terrorism Task Force to corporate security revealed a consistent pattern: in nearly every tragedy, people knew something was wrong but never reported it. The gap wasn't in security infrastructure or threat assessment capabilities, it was in organizational culture and human behavior. Jameson’s background also shaped his approach to building violence prevention programs that actually work. He discusses why 98% of effective prevention happens in the human sphere rather than through physical security measures, how to create multidisciplinary teams that leverage diverse perspectives, and why leaders need to embrace the "80% solution" when dealing with imperfect information about human behavior. He also explores the challenges of maintaining team mental health in a field that deals with tragedy and the importance of building trusted professional networks. Stories We’re Telling Today:  Transitioning from a response-focused mindset to a prevention-first approach reveals the true gaps in violence prevention Building threat assessment teams that integrate HR, legal, mental health, and security perspectives to understand human behavior The "80% solution" framework for making informed decisions with imperfect information, then evolving as new data emerges Investing in behavioral change delivers better prevention outcomes for physical security infrastructure than technology alone Creating organizational cultures where reporting warning signs becomes natural rather than relying on "see something, say something"  Embracing contrarian voices and red team thinking to prevent groupthink and identify blind spots that could lead to tragedy Maintaining mental health for threat assessment teams that regularly deal with difficult subject matter and organizational tragedies Leveraging professional networks to solve high-risk cases by accessing diverse expertise and geographic knowledge Why passion and authenticity drive organizational buy-in more effectively than fear-based messaging or compliance requirements Too busy; didn’t listen:  Violence prevention is 98% human behavior and organizational culture, not physical security infrastructure. The "80% solution" framework means making the best decision with available information now, then evolving as you learn more. Building multidisciplinary threat assessment teams with HR, legal, mental health, and security perspectives prevents blind spots.  Welcoming contrarian voices stops the groupthink that causes teams to miss critical warning signs. Most tragedies don't happen because teams failed to act but because they never knew there was a problem. Skip to the Highlight of the episode:  [24:44-25:07] “I think they use the word passionate and that's not patting myself on the back, but I wear it on my sleeve. When I talked about the common thread line for me is this thread line of service. And now I've settled into this role of violence prevention and threat assessment. If you can speak authentically to things that you're passionate about and be knowledgeable on it, but also passionate, and that comes through in how you talk and engage with other people.” Listen to more episodes:  Apple  Spotify  YouTube Website

    45 min
  4. N-able's Kevin O'Connor on Why Hiring Smarter Than Yourself Scales Security Teams

    DEC 4

    N-able's Kevin O'Connor on Why Hiring Smarter Than Yourself Scales Security Teams

    Kevin O’Connor's decade at the NSA taught him that the path to effective security leadership runs counter to most instincts: hire people smarter than yourself, let experts drive decisions in their domains, and focus on empowering careers beyond your team rather than confirming what you already believe. As Director of Threat Research at N-able, Kevin now applies this bottom-up approach to protecting small and medium businesses.  Ben and Kevin explore how mission-driven environments shape leadership styles that prioritize purpose over compensation, why mistakes become valuable only when you own the outcome and manage the recovery process, and how the transition from individual contributor to team leader represents the most challenging shift in any security career. Kevin also shares his framework for turning organizational roadblocks into opportunities, why project management skills separate effective leaders from those who struggle under competing priorities, and how to build team cultures where people actually want to spend time together beyond work obligations. Stories We’re Telling Today:  How mission-driven environments shape leadership approaches that prioritize empowering experts over top-down command structures Why hiring people smarter than yourself accelerates team growth and organizational capability Taking immediate ownership, keeping leadership informed of evolving risks, and focusing on impact reduction rather than blame avoidance Transforming organizational nos into yeses by identifying the real issue, providing education, and demonstrating mission-critical value Why project management and organizational skills matter more than technical expertise once you move into leadership positions Managing the transition from individual contributor to team leader and establishing appropriate boundaries with former peers Too busy; didn’t listen:  Kevin O'Connor's leadership philosophy centers on hiring people smarter than himself and letting domain experts drive decisions, an approach developed during a decade at the NSA where mission mattered more than compensation. Effective mistake management focuses on how you stick the landing: take ownership immediately, keep leadership informed of evolving risks, and reduce impact rather than hide problems. Small and medium businesses now face the same threat surface as large enterprises due to cloud services and third-party integrations, making them increasingly attractive targets for E-crime actors seeking multiple smaller ransoms. The transition from individual contributor to team leader represents the hardest shift in security careers, requiring new boundaries with former peers and learning to empower rather than execute. Foundational skills like networking remain critical despite AI advances, while daily news consumption and strong professional networks provide the currency that keeps security leaders relevant. Skip to the Highlight of the episode:  [2:51-3:15] “And then I think also just being around that top talent, the people who were just so smart, I'm not the smartest guy in the room, but I'm pretty quick. But some of the guys I worked with, the guys and girls, they were just next level, next tier. And that always just drove me to make sure that I was never the smartest person in the room. That's the way you grow. If you're hiring to confirm what you're thinking or your mindset, you're never going to get anywhere.”  Listen to more episodes:  Apple  Spotify  YouTube Website

    37 min
  5. GetReal's Tom Cross on Goal Orientation That Sabotages First-Time Managers

    NOV 25

    GetReal's Tom Cross on Goal Orientation That Sabotages First-Time Managers

    The transition from individual contributor to manager destroys more promising security leaders than any technical challenge they'll face. Tom Cross, Head of Threat Research at GetReal, learned this while managing IBM's X-Force Research team, where his instinct to achieve goals directly conflicted with his responsibility to develop people until he harnessed that perspective. Tom reflects on why vulnerability researchers need dedicated time for self-directed projects independent of business priorities, and how that balance creates environments where people give 120% because they're doing what they love. Tom and Ben also explore how Dunning-Kruger effects create friction between security teams and IT organizations, and how professional networks built over 25 years become almost everything about senior leadership opportunities. Stories We’re Telling Today:  The incompatibility between manager time and maker time in software engineering organizations. Why vulnerability researchers require structured time for personal projects independent of business priorities to maintain engagement. How distributed team management demands deliberate communication structures to replace information osmosis, including weekly one-on-ones and context-rich updates. Transitioning from individual contributor to manager requires abandoning goal achievement orientation in favor of coaching people. How Dunning-Kruger effects create persistent friction where IT professionals overestimate their security understanding. Recognizing when people aren't aligned with their roles and creating mutual agreement about misalignment before off-boarding. Emotional detachment from organizational bureaucracy as a critical survival skill for security leaders dealing with constant obstacles. Too busy; didn’t listen:  Technical managers who hire people smarter than themselves build more powerful organizations; those who maintain authority through expertise create weaker teams. Software engineering productivity requires uninterrupted “maker time.” A 30-minute meeting can destroy an entire afternoon because the cognitive reload is so expensive. The transition from individual contributor to manager demands abandoning goal achievement orientation for people coaching, accepting that work won't be done as well or as quickly as you would do it yourself. Professional networks built across 25 years of security leadership become almost everything about senior opportunities, with alumni relationships from early career positions creating recruiting pipelines decades later. Skip to the Highlight of the episode:  [37:58-38:27] “You end up in this management role, but you still have this goal orientation where you want to see the work get done and you have these people that you delegate the work to who may not be as good as you are at achieving those goals. And it's really hard to shift your mindset from focusing on achieving the goal to focusing on coaching the person that's there to the point where they achieve the goal.” Listen to more episodes:  Apple  Spotify  YouTube Website

    41 min
  6. Fortified Health Security's T.J. Ramsey on Screening For Team Dynamics over Certifications

    NOV 19

    Fortified Health Security's T.J. Ramsey on Screening For Team Dynamics over Certifications

    The transition from technical excellence to leadership excellence often requires unlearning the habits that made you successful. T.J. Ramsey, Sr. Director of Threat Operations at Fortified Health Security, learned this lesson first in Iraq when incomplete analysis nearly endangered troops, then climbing from vulnerability analyst to director by mastering every service line he now oversees. His approach to building security teams reveals why some organizations maintain elite performance with lean resources while others struggle despite heavy investment. T.J. discusses his framework for making rapid decisions under incomplete information, why he screens for personality traits before technical skills, and why the hardest career transition isn't learning new skills but learning when to stop using old ones. He also offers his approach to differentiating mentorship for CISO tracks versus business leadership paths, and why monthly one-on-ones with every team member reveal what annual reviews never will. Stories We’re Telling Today:  How incomplete analysis under time pressure can have life-or-death consequences that demand exhausting all available information before providing answers Challenging the stereotype that technical excellence alone qualifies someone for management roles in security Building teams around desired outcomes rather than filling predetermined roles Multi-stage interview processes where the final conversation focuses on emotional intelligence and self-awareness rather than technical acumen Why the transition from manager to director represents the hardest career step for most security professionals The principle that 80% answers delivered on time beat 100% perfect answers delivered too late — and ensuring you actually possess that 80% threshold Differentiated mentorship approaches for team members pursuing career tracks Why healthcare security demands reframing from data protection to patient safety, making security failures not just compliance issues but direct threats to human welfare How monthly one-on-one meetings with every team member reveal career aspirations and enable targeted development conversations Too busy; didn’t listen:  T.J. Ramsey's military intelligence background taught him that incomplete analysis under pressure can endanger lives, which now shapes his decision-making framework of ensuring 80% confidence before acting rather than waiting for perfect information that arrives too late. T.J.’s hiring philosophy prioritizes screening for personality traits and self-management capabilities over technical certifications, recognizing that technical skills can be taught but toxic traits or dependency on supervision cannot be fixed. The hardest leadership transition is moving from manager to director, especially going from the person who ensures success to the person who trusts others to deliver results. Security in healthcare isn't just data protection. It's patient safety, fundamentally changing how security leaders frame risk, prioritize resources, and measure the impact of their programs beyond compliance metrics. Monthly one-on-one meetings with every team member enable leadership to differentiate mentorship approaches for those pursuing CISO roles versus business leadership tracks, recognizing these paths require different developmental strategies. Skip to the Highlight of the episode:  [13:02-13:16] “They present themselves like a rock star, but when the rubber meets the road, they turn tail and run. Literally. It's incredibly disappointing. So I learned to really understand what it means to take a resume with a grain of salt.”  Listen to more episodes:  Apple  Spotify  YouTube Website

    41 min
  7. Tokio Marine’s Alex Bovicelli on Building Purpose over ROI

    NOV 11

    Tokio Marine’s Alex Bovicelli on Building Purpose over ROI

    Managing threat intelligence for 20,000 companies reveals patterns invisible to most security leaders. Alex Bovicelli, Senior Director of Threat Intelligence at Tokio Marine HCC, sees hundreds of ransomware events monthly, giving him a perspective that challenges industry assumptions about modern threats. The sophisticated attacks making headlines aren't what's devastating smaller organizations. It's groups like Akira Ransomware perfecting SSL VPN brute forcing over years, targeting predictable gaps in authentication controls. Alex and Ben discuss how cyber insurance shifted from paper applications to technical risk assessment as ransomware as a service exploded, why Alex’s team focuses on native tools and simple configurations rather than threat feeds with obsolete IoCs, and what happens when you alert thousands of companies simultaneously about the same vulnerability. Alex shares his framework for extracting expertise from team members as you lose technical depth in leadership, and emphasizes that emotional intelligence matters more than maintaining hands-on skills. Stories We’re Telling Today:  How cyber insurance evolved from paper risk assessments to technical threat intelligence teams as ransomware-as-a-service changed the threat landscape Why most ransomware events targeting smaller companies involve brute forcing rather than sophisticated techniques that make headlines The strategic evolution of groups like Akira Ransomware spending years optimizing specific attack vectors against particular appliances Building security programs around native tools and simple configurations that smaller teams can implement without enterprise budgets or dedicated security staff Why threat intelligence teams must understand operational constraints before recommending configurations or expecting system rebuilds Creating team cultures where ego is removed from the equation and diverse skillsets contribute to program success Leveraging free resources and community editions of commercial tools for organizations with limited resources Why transparency about program direction helps individual contributors participate strategically rather than just executing tasks The transition from individual contributor to manager, requiring emotional intelligence over technical skill maintenance Building mentorship programs around understanding why people want to work in security rather than just teaching technical capabilities Screening for the hunter's mindset and trustworthiness during hiring rather than specific tool expertise or certification counts   Too busy; didn’t listen:  Visibility across 20,000+ companies reveals most breaches come from SSL VPN brute forcing and weak authentication, not sophisticated attacks that make headlines. Effective security leadership means removing ego and extracting team expertise as you lose technical depth, not pretending to be the smartest person in the room. Alex's team uses simple configurations with native tools and free resources, partnering with startups that support smaller budgets instead of enterprise-only solutions. The transition from technical contributor to manager requires emotional intelligence and understanding individual motivations more than maintaining hands-on technical skills. Purpose-driven programs where teams believe they're protecting organizations at scale outperform programs driven by ROI metrics or ego. Skip to the Highlight of the episode:  [32:39-33:15] I think it is critical for leadership to be very clear in the overall path of the program and the company so that those individual contributors can actually feel like they're participating in a strategic manner. I think the other thing that I find to be an issue that I've noticed is that as an industry we are expecting these kids to get out of school and just have 17 certifications, a master's in whatever, you know, and, we've actually lost touch with the fact that maybe, like, older generations, we understood it was a craft” Listen to more episodes:  Apple  Spotify  YouTube Website

    48 min
  8. DTCC’s Scott Scher on Structured Disagreement and Intellectual Humility in CTI Leadership

    NOV 4

    DTCC’s Scott Scher on Structured Disagreement and Intellectual Humility in CTI Leadership

    Scott Scher, Associate Director - Cyber Threat Intelligence, DTCC has built his career on a counterintuitive premise: effective intelligence teams provide justification for security decisions rather than predictions about future threats. This reframing shifts CTI from being blamed for "unforeseen events” towards being recognized as a core  function that builds defensible risk management frameworks across entire security organizations.  Scott discusses managing upward to leadership that lacks CTI expertise while maintaining technical rigor, the transition from tactical analyst to strategic leader, and why intelligence teams must proactively define AI integration rather than having it imposed by vendors promising to automate analysis workflows. His perspective on team culture emphasizes empowerment through transparency, creating psychological safety where challenging leadership demonstrates engagement rather than insubordination, and hiring for thinking process rather than technical credentials.  Stories We’re Telling Today:  Intelligence as organizational justification creating defensible risk decisions rather than attempting to predict future threat actor behavior Structured analytic techniques and admiralty coding turning subjective assessments into methodology-backed frameworks Using structured disagreement where leaders deliberately argue opposing positions to stress-test analysis and eliminate groupthink Managing upward to senior leadership lacking CTI expertise who make decisions based on informal channels rather than formal intelligence assessments AI's capability to replicate core intelligence functions and why teams must proactively define integration approaches Hiring for thinking process and intellectual curiosity rather than technical credentials alone Creating psychological safety where team members can challenge leadership decisions, demonstrating engagement, not insubordination Process documentation and structured methodologies serving as essential scaffolding that enables consistency, training, and institutional knowledge retention Too busy; didn’t listen:  Scott Scher positions CTI as organizational justification for security decisions rather than prediction, creating defensible frameworks. Structured analytic techniques, source reliability coding, and documented methodologies elevate subjective analysis into quantifiable risk management that withstands executive scrutiny. Effective intelligence leadership requires building team cultures where challenging leadership demonstrates intellectual engagement. AI can already replicate core intelligence functions, making it imperative that CTI teams define integration approaches before vendors impose automation from above. The transition to senior leadership involves managing upward to executives who lack CTI expertise, balancing technical skill maintenance with strategic stakeholder relationship building. Skip to the Highlight of the episode:  [14:51 - 15:11] Diversity of thought is probably the most important thing you can have. Diversity in other areas as well is equally as important. And that brings different perspectives. Diversity of life experiences. Diversity of socioeconomic experience, things like that. Difference in education, all of that. I think that's all super important because it brings all those perspectives, because that's what you need.  Listen to more episodes:  Apple  Spotify  YouTube Website

    51 min
See All (21)

Ratings & Reviews

5
out of 5
3 Ratings

About

Welcome to Human Element, a podcast by Ben April, CTO at Maltego, focused on exploring the experiences and perspectives that shape cybersecurity leadership. In each episode, we speak with industry leaders to uncover the challenges they’ve encountered, the pivotal decisions that have influenced their careers, and the human dynamics that continue to shape the cybersecurity landscape beyond the technical domain.

Information

  • Creator
    Maltego
  • Years Active
    2K
  • Episodes
    21
  • Rating
    Clean
  • Copyright
    © Copyright 2025 All rights reserved.
  • Show Website
    Human Element