Breaching the Boardroom
Breaching the Boardroom is a high-level podcast designed to explore the intersection of leadership, growth, and technology. Each episode brings industry leaders, experts, and innovators together for candid conversations on how to navigate the evolving tech landscape while driving business success. Weβre on a mission to simplify complex topics like AI, cyber threats, and IT strategy, making them accessible and actionable for executives in mid-market businesses.
Breaching the Boardroom
Leadership & Cyber Warfare
ποΈ Leadership and Cyber Warfare with Jeremy Harlan & Bruce McDonald
In this episode of Breaching the Boardroom, host Ashley Sebastian sits down with Jeremy Harlan, Security Analyst at NetGain Technologies, and Bruce McDonald, Client Success Manager, to explore the invaluable leadership lessons they've carried from the military into the world of cybersecurity.
Together, they discuss pivotal moments from their military careers, insights from NCO school, and how electronic warfare training has shaped their approach to cybersecurity leadership today.
π‘ What Youβll Learn:
- How military leadership principles translate to cybersecurity
- The role of servant leadership and mentorship in building strong teams
- Strategies for handling cybersecurity incidents under pressure
- The importance of humility and learning from failure
- How cybersecurity analysts stay ahead of constantly evolving threats
π Ready to strengthen your security posture?
Discover how NetGain Technologies' cybersecurity services can help your business stay secure and resilient.
π Connect with Us:
Ashley Sebastian β Host of Breaching the Boardroom
Jeremy Harlan β Security Analyst, NetGain Technologies
Bruce McDonald β Client Success Manager, NetGain Technologies
π Resources Mentioned:
- NetGain Technologies' Cybersecurity Public Service Initiative
- The 7 Habits of Highly Effective People - Steven R. Covey
- Staying Safe Online: Tips from a Cybersecurity Analyst- Jeremy Harlan
π Who Are We?
NetGain Technologies is a leading managed IT and security service provider with over 40 years of experience helping small to mid-sized businesses succeed. π»β¨ Specializing in IT management, cybersecurity, and strategic consulting, we empower businesses in healthcare, finance, manufacturing, and beyond to turn technology into a competitive advantage. π
π Website: www.netgainit.com
πΌ LinkedIn: NetGain Technologies
π
Meet with Us: Schedule a Meeting
Meet Your Hosts
Ashley Sebastian (00:11) Hi everyone, welcome back to Breaching the Boardroom. I'm honored to be joined today by Jeremy Harlan and Bruce McDonald for a conversation about leadership and the incredible lessons they've carried from the military to cybersecurity. We're going to hear about pivotal moments in their military careers. insights they've gained from NCO school and their experiences in electronic warfare training. Plus, we're going to dive into their transition to cybersecurity. and the leadership traits like humility and learning from failure that have guided them along the way. So let's jump in. Jeremy and Bruce. Welcome to the podcast. I'm gonna start with asking for each of you to tell us a little bit about yourself. Bruce McDonald (01:04) Hi, Ashley and Jeremy. I'm Bruce McDonald. I'm a client success manager here at NetGain. I've been in the IT industry for a lot longer than people believe, about 35 years, because I started when I was 17 in the Marines. And so that's kind of my background, background of project management, service delivery, desktop support, systems administration. network support, just kind of everything over the last 35 years. Did some industrial automation as electrician for a while and just kind of been around technology a lot. Jeremy Harlan (01:40) Yeah, that's awesome, Bruce. And thank you, Ashley, for inviting us to the podcast. My name is Jeremy Harlan. I've been in the IT industry for, well, basically since I was 18 years old when I joined the Army. Transitioned to electronic warfare about midway in my career. a broad experience from everything from operations and management in a joint tactical environment to emergency management, even a little bit of welding experience. here at NetGain, I actually started out on the help desk and then moved over to security, which I am their security analyst doing forensics and keeping our clients secure. Ashley Sebastian (02:20) Awesome. Thank you. Tell me a little bit about your journey as a leader. Jeremy Harlan (02:27) My personal journey as a leader, it really didn't start out till about, see, I was about six years in the military. There is a big, well, it can be a long. long period of time where it takes you to grow, to find your space. that was when I was 25. On my birthday flying into Guatemala for a humanitarian mission. And I was in charge of communications. And that may seem broad, because it was. I had a I had two radio teams, a satellite team, and I had my... Networking team, excuse me, and I quickly learned that there's a difference in the kind of leadership that you have to do that you learn there's a position of authority and then you have rank which is Strange it can be a strange concept when rank is all you know in the military and so I had to learn what position of authority meant and I had lot of good mentorship there were some struggles But it was a great learning experience, six months in a foreign country, and you learn so much. From there, they sent me to NCO school, and I really got to understand the philosophy of what a leader is. And there was something that was really pivotal during that time was it was called servant leadership. And deep diving and understanding what that really means. As a leader, you're constantly serving. You're serving your team. And I like to quote a movie, Saving Private Ryan, where One of the main cast, it comes from Tom Hanks, talking about complaints as a leader. Complaints go up, not down. And what does that really mean though? And how does that, how do you approach that? How do you implicate that? So everybody complains. Like I can complain to my boss or my best friend or whoever. But if I'm complaining to leadership, those complaints should go up. And a good leader does never complain down. They mold, they develop procedures, they develop policies around those complaints. They always go up, never go down. So when I'm leading my troops, my complaints went up. If leadership complained, the buck stopped with me. They never heard complaints from leadership. And that's just kind of how I developed as a leader. Bruce McDonald (05:29) I think Jeremy's on onto some great stuff there. and you know, some of my earliest experiences in leadership, whereas an NCO in the Marines, and it was interesting for me because leadership at the time in the Marine Corps was, changing a lot. you do things like the, Franklin Covey, it was Stephen Covey's seven habits at the time. And, you know, there were corporate people in the world that were We're trying really hard to get into that and here the Marine Corps gave it to us. So there was a lot of innovation happening and the military has been around for a long time, but then also is constantly evolving and changing and growing and adapting to anything that they can incorporate into being better. And for me, being in a technology role and being in an office role, It was funny because leadership was geared toward the infantry and designed around the infantry. And so, you know, it started with the small unit leadership at like the fire team level and then squad and platoon and company and battalion and regiment level leadership. so one of things that I learned there was like kind of the rule of threes where, you know, you can be in charge of three things. You can be one of three things that somebody's in charge of. And the way that that has translated throughout my, my, know, 28 years since I left the Marine Corps, it's been interesting because I've been able to use that in business a lot. You know, the different leadership skills that I learned that really were infantry leadership skills, even though I wasn't in the infantry and how to apply those in an office role or in a technology role. Jeremy Harlan (07:05) Yeah, no, that's great that you mentioned that. You know, the most impact that I've seen from myself as a leader was at the platoon level and down. You you're interacting with your Joes. You know them on a personal level. You're their mentor. When you're a leader, you're a mentor. They look to you as that single point of, hey, I can come to this person for anything, advice, where in my career should I go? What decisions should I make? You're that wisdom. And I think it's important, especially in the business role, that people should have that outlook. You are not just a leader, but a mentor. Bruce McDonald (07:44) something. Yeah, something I really respect about our company is, it, it's something that I experienced in the military. And I always said, you know, anything you could do the person in charge, you could do. and, and it was very much leadership by example. And we have some people here at NetGain in leadership who can get on their, you know, get on their tools, I like to say, and go and do the work that their engineers are doing. Jeremy Harlan (08:01) Mm-hmm. Bruce McDonald (08:15) for our clients and that's just fantastic to see leadership people who still engage at a technical level and are able to participate in technical endeavors, especially when we have an event. So if a cybersecurity event comes to us, maybe somebody comes out, reaches out to us and says, hey, my company had a cybersecurity event. Jeremy Harlan (08:16) I agree. Bruce McDonald (08:38) we're not a client, but we want your help. And then, you know, I see people pitch in and dig in. It's fantastic. That leadership by example and, you know, being able to do what your engineers do and teach them and coach them that I see here, it's fantastic. Jeremy Harlan (08:55) Absolutely, when I ever said I agree with that, you know, and as a leader, know, throughout the years, never ask anyone that you're not willing to do yourself. Ashley Sebastian (09:09) I love that mindset. It reminds me of when I was managing restaurants right after college. There were times when I had to jump behind the dishwasher into the dish pit myself because I believed in leading by example. I've always thought that if I'm going to ask somebody to do something, I should be willing to do it too. I think that's a really important lesson for employees or really anyone that looks up to you to see in action. Jeremy Harlan (09:39) Yeah, and I think it's important that a couple of things to mention is, you know, have a little humility as a leader and be okay with failure. You're never going to get it right the first time. I could go on and on about how many times I tried, you know, X, Y, Z to solve X problem or, you know, gave the wrong advice and had to go, you know, be like, hey, I was wrong. I'm sorry. But this is the right info. Just being a good human being and having empathy, it works. Ashley Sebastian (10:20) I can definitely agree with that and how the leadership team here is at NET GAIN at least. They are a testament to what you just described. Jeremy Harlan (10:31) Yeah, absolutely. Ashley Sebastian (10:32) Let's hop over to a little bit more about your experience in cybersecurity. Tell me, Jeremy, why did you become a cybersecurity analyst? What led you to that? I know you mentioned the military, so. Jeremy Harlan (10:48) Well, so what's funny about that? My journey kind of began a little bit younger than that. I have a very fond memory. I was 12 years old, built my first computer with my uncle. But I treated it as a cool thing. During that era, you had the rise of the Xbox and all that. So gaming was a thing. turned 18, tried to do college, didn't work out. Then I had a dad from a buddy I graduated with kind of introduced me to the guard. And he was like, you need to be a 25 Bravo, which is a information technology specialist. So I was like, OK, why not? I needed direction in my life at that point and a job. And, you know, I turned out to love it. It was something that I was good at. come back trying to find a job. Because with the Guard, you're due one week in a month, two weeks in the summer. It was incredibly difficult to find a job with just Army experience. know, as 25 Bravo, it was basic included. I was gone from January to about mid-August. So that was a long time to learn information technology at that time. And so I kind of gave up almost and was like, well, I gotta find a job to make a living, right? So went into welding and then a little bit of electrician. And then I got a job full-time with the guard. working at a joint operation center and I Had a good NCO That basically said if I had any downtime That I needed to learn something He was like you stay busy and that kind of stuck with me and so I started I actually started college online and it's changed the net its name a few times but It was basically cybersecurity. I think at that time it was information system security. And I was like, all right, cool. This seems stuff I kind of already knew, kind already did. And then about 2017, I was given the option to go to a school. At the time, it was called 29 Echo, electronic warfare specialist in good old Fort Sill, Oklahoma. It was nine weeks. And about two weeks in, I was like, wow, this is cool. They taught me how to do a lot of things and taught me the science behind it. What is electric warfare? Basically, I can do anything a hacker can do on the internet with radio signals, GPS, microwaves, infrared, anything on the electromagnetic spectrum. And that was cool. And that really took off in my interest in cybersecurity. I built my own home lab shortly after that. I started learning and just started, I became hungry for the knowledge. Ashley Sebastian (14:07) crazy. Jeremy Harlan (14:23) You know, YouTube, hack the box, try to hack me, reverse engineering, all that. And then when I got out the military, I was fortunate enough to work for NetGain and just worked my butt off until I got on the security team, because that's what I wanted to do. Ashley Sebastian (14:48) So cool. I love to hear that. You mentioned this with your NCO telling you that you needed to learn something. Like you needed to specialize in something. It's time like pushing you forward. I've had bad leaders in my life and good leaders in my life. I will say the good ones are the ones that want you to learn and grow professionally and personally. They're the ones that will have that quote unquote come to Jesus moment with you to like, hey, it's time for you to flourish. Let's do this thing and, you know, helps you get there. Jeremy Harlan (15:27) Yeah, he, I can say he was my first real leader slash mentor. He always checked up on our progress, where we were at in our military career and our personal lives, where we were growing, where we needed help. And he would do his best to, know, guide us where we wanted to be. And I have so much respect for him. He's retired now, or almost retired. Bruce McDonald (16:02) Jeremy, something that you talked about was when you came to net gain, I know you were in the, Ashley Sebastian (16:06) you Bruce McDonald (16:09) support role for a while before you moved over into the cybersecurity role. And what, from a client perspective, what can our clients expect would be a different interaction? Like how is the interaction different with you as a cybersecurity analyst than it is, than it was when you were a technician? Jeremy Harlan (16:28) I honestly wouldn't say the interactions too much different. instead of, Bruce McDonald (16:33) What types of things are you doing for them now that you are different than what you did for clients before? Jeremy Harlan (16:40) Well, it's not really what I'm doing for them, it's what I'm looking for. Let's say we have an incident where we get an alert for an account compromise. Well, I'm immediately asking a series of questions. know, have you been traveling? Are you using a VPN? Bruce McDonald (16:48) Right. Jeremy Harlan (16:55) Have you noticed anything suspicious? Have you gotten a weird email? Have you gone to a weird website? You know those types of questions because I need to find You know the needle right? I'm looking for that for that gotcha And a lot of times you have to arrange those questions where people can understand what you're asking for. And I think that's key is that communication and understanding your client and understanding the person. Because not everybody is techie or understands the lingo or the jargon. So you're going to have to use plain language, which I find is best when communicating with anyone. Ashley Sebastian (17:26) All Jeremy Harlan (17:36) And so once I get those answers from the client, I start digging. First is when I find, when it first happened, I have to go back in time. And that can be a challenge sometimes, depending on the incident. Ashley Sebastian (17:53) Jeremy, what's the average time, it's something crazy. What is the average time that a bad actor is in your system before it gets noticed? Jeremy Harlan (18:04) See, that is... Ashley Sebastian (18:05) It's like 300 days or something crazy like that. Jeremy Harlan (18:09) I haven't heard that, but I have seen, and we use a variety of tools that benefit us now, but I have seen prior use from not using those tools before, six months. You know, okay, and what why here's the why is they're doing to they're doing it's for two reasons They're making small movements. They're collecting data and they're trying to evade EDR Any kind of antivirus or any kind of you know ITDR, you know solutions Try not to get detected And that's why the length of time is so long, because they want to make those small changes where it looks like the system where a user is doing it over a long period of time. Or you the long waiting game types, and then you have the fast, I'm going to exploit this, run my scripts, get in, get out. Ashley Sebastian (19:17) I guess they're just waiting in there, like, for you to, somebody at your company to click on that, that link in that email or something. Just like waiting for their opportunity to get in further. Jeremy Harlan (19:30) Yeah, is, you would be amazed how easy it is to set up a bot and get a list of emails and just make that bot blast out, you know, 5,000 different emails, all generated, templated. And if they do it right, it doesn't look spammy. or or the and the english is good that Ashley Sebastian (19:56) Yeah, and with AI like they can translate into English plain English It's frustrating because these people aren't Jeremy Harlan (20:02) I was actually just reading something about AI and cybersecurity. There is a ransomware actor that they have been able to debug and decode some of the ransomware, the actual code base. And they actually, when they analyze it, they said 90 % of it has been generated by AI. And they say that because the comments in the code were in perfect English from where this group is located and where they don't commonly see perfect English in your coding comments. Now I thought that was expected. mean, we know, know, is a tool and I use AI. Ashley Sebastian (20:46) Interesting. Jeremy Harlan (20:57) But I use it as a tool. I write programs. I write tools to help me do automation. So it's pretty accurate. I'm not going to sit here and say, no. No, it's accurate. I mean, it's not perfect. But between Google and AI, chat GPT, Microsoft Copilot, Google Gemini, and all the other bunch of AI that's out there now, you could do anything. Ashley Sebastian (21:28) I think with the power, all that power comes a lot of responsibility and you need to, you need to use, you need to be educated about how to use it in order to use it as a productive tool. Jeremy Harlan (21:36) That's a Spider-Man quote. Bruce McDonald (21:38) Yeah. Yeah. Tools could be used for good or for bad, right? And some of the tools that Jeremy's using that he's doing detection with are breaking down the anatomy of a cyber attack to watch for exfiltration of data, to watch for erratic behavior in email, like somebody sends an email and deletes it immediately a bunch of times. Just, you know, all of the behaviors that threat actors are using. Jeremy has tools that is available to use. then, but then, then some of that's AI tools that, you know, crawl through log files and things or whatever, and analyze them. But then it takes a human being, cybersecurity analyst like Jeremy to say, okay, based on the data and how the data has been summarized and boiled down, you know, this is a potential threat attack that we need to investigate further or not. And that's where that cyber. a security analyst comes in. And a lot of it's his intuition. A lot of it's his experience. A lot of it is being able to get his reads right, you know, and see in the matrix of the data, what he's looking for as he's threat hunting. that, that I see Jeremy lighten up already. And you know, those are the things that cybersecurity analysts really enjoy doing. And a lot of it's not client facing. A lot of it is not client interactive. And it's sitting at a console watching the matrix of numbers go by and finding the data that you need to act on and then knowing what actions to take. Jeremy Harlan (23:17) I love how you said intuition, because that actually has come in handy on a few accounts. Even before I was on the security team, got a couple of weird tickets and I got that Spidey sentence that doesn't look right. And sure enough, I was spot on. But yeah. It's actually harder to be a security analyst. What we would call in the cybersecurity world a blue team member, which is we're defending, constantly defending. Red team, it's easy. They only have to be right once. Ashley Sebastian (23:46) Mm-hmm. Bruce McDonald (23:53) That's right. Jeremy Harlan (23:54) Now, yeah, they only have to be right once. We have to be right all the time. So the pressure's there and that's fine. But we just have to be very vigilant all the time. And we use those tools as aids to help defend our clients. And then like Bruce said, we take those... We take that output from those tools and then we do that human investigation. Peace. Ashley Sebastian (24:25) think that's why partnering with an MSSP is so important because you get that like 24-7 eyes on glass and it's not just you're not just using a tool to do it for you in the background. You actually have somebody like doing the forensic work. Jeremy Harlan (24:38) That's right. Absolutely. Ashley Sebastian (24:46) Leadership skills. Are you bringing from the military into your security analyst job today? I know you guys work Really well as a team security team at not gain here is I know that they're a strong Unit together. So can you tell me a little bit about that? Jeremy Harlan (25:06) empathy. Empathy is probably and it's not really taught in the military. You kind of have to learn that but also being able to as a as you know being effective in chaos because when you have incidents, know, you're getting a Number of alerts, you know rapid fire and then crap. We just got three zero days you know, all in one day and no, you you got two business email compromises happen. You have to learn to delegate, work well under pressure and know your team and know what they're capable of and understanding what they can handle. I think that's some of the skills that I brought over to the team is being able to, you know, understanding who I'm working with and what their capabilities are and check in when they're, if you haven't heard from your team member in an hour, it's about time to check in and be like, Hey, are you okay? Is there anything I can do? It's important. It's people first. We'll get the incident solved. We'll get it remediated, but we got to take care of our people and make sure their hit space is good. Ashley Sebastian (26:27) That's awesome. I agree. Bruce, how about you? Bruce McDonald (26:31) It's all about accepting. Go ahead. Yeah, I think for me, it's about accepting the chaos. I love that Jeremy said empathy. I had thought about the Marine Corps has 14 leadership traits and there's an acronym for them all that to remember them and all that. And so the ones that I've always thought were kind of self-reflective and I've focused on were endurance, enthusiasm and integrity. All the engineers that I've ever had in my charge when I have, or as peers, I've always said, you know, you've got two brands that you're working on. You've got the company that you work for and, you know, your own name. And both of those will carry you through industry, you know, and as you promote both of those, it's through the integrity that you bring to it. You know, what is it that your organization does and that you can do? And Jeremy talking about the, the chaos, right. And, and, know, accepting that you can't control the chaos and focusing on, controlling the things you can impact and can control, to improve, the, situation or environment so that, you know, the client is taken care of, it's so critical and, and, you know, delegating, and, Something that Jeremy touched on earlier, you talked about authority versus rank. and that's, that's, you know, the, the, the lighthouse and the ship, right? You know, and, the, the guy says, you know, Hey, I'm a private, you need to turn. And the ship's captain's like, I'm a captain and you need to turn. the private's, know, like, Hey, I'm, I'm a lighthouse. okay. The captain will turn. Right. That's authority over, over rank. and so, you know, that, that's so true about a cybersecurity, situation where, know, as a secure cybersecurity analysts like Jeremy, knows, what is happening may need to tell a leadership person at a client, like you need to do these things. You need to tell your people to do these things, you know, and, and that leadership person needs to have the wisdom to listen to someone who has some authority about what they're talking about. Right. So if we're, if we're talking about breaching the boardroom and a cybersecurity analyst says, you know, Hey, CFO, need you to do these things. We need to listen. That's, that's a place where, authority, overpowers rank. Right. and for a very important reason, cause because Jeremy is the expert and he's the one who's able to see out on the battlefield of technology, what the cyber actor, threat actor is doing and how we can implement countermeasures to stop it and start restoring the environment for the business to continue. Cause that's the downtime is the biggest expense. It's always the biggest expense. Jeremy Harlan (29:25) Mm-hmm. And the tactics and the landscape constantly changes. And it's, it's like when I said it was harder to be blue team, we have to learn everything a hacker hacker learns. have to learn it. Bruce McDonald (29:32) That's right. Ashley Sebastian (29:42) And I feel like the knowledge that you need is constantly changing. So you are probably learning a lot. Continuing education is just normal for a student. Jeremy Harlan (29:49) It is. It is a norm and our world is a norm. You have to be on the bleeding edge. Ashley Sebastian (30:03) Well, thank you guys so much for joining me today. I really enjoyed our conversation about leadership and your experience. And it's kind of brought to life things that I've experienced in the past and picking out good and bad. There's bad leadership skills too. Anyway, thank you all so much. Jeremy Harlan (30:30) Well, thank you for having us. Ashley Sebastian (30:31) Yeah, yeah, we'll definitely have you all on again very soon. Jeremy Harlan (30:36) Perfect. Bruce McDonald (30:37) Jeremy, I'm glad to be on this journey with you. Ashley, thank you so much for coordinating all of discussion. Jeremy Harlan (30:39) Yeah, you too, Bruce. Ashley Sebastian (30:42) Yeah, absolutely. Bruce McDonald (30:44) it's Jeremy Harlan (30:44) Thank you. Bruce McDonald (30:44) the coolest part of IT. Breaching the Boardroom (30:46) Thanks for joining us on Breaching the Boardroom. Join me in my pursuit of growth anywhere you listen to your podcast. For technology tips and tricks and leadership hacks, find me on LinkedIn. And don't forget to send me a DM or leave a comment on a topic you want me to cover next. This podcast is powered by NetGain Technologies, a top 250 internationally ranked managed security services provider headquartered in Lexington, Kentucky, with offices across the Southeast and Midwest.