Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | TuneIn | RSS | More
Welcome to episode 134 of the Nerd Journey Podcast [@NerdJourney]! We’re John White (@vJourneyman) and Nick Korte (@NetworkNerd_), two Pre-Sales Technical Engineers who are hoping to bring you the IT career advice that we wish we’d been given earlier in our careers. In today’s episode we share part two of our interview with Donovan Farrow. Donovan shares his experience as a business owner, a board member, and some great advice for getting into the cybersecurity industry.
Original Recording Date: 06-30-2021
Donovan Farrow is CEO and founder of Alias, a digital forensics and cybersecurity company based in Oklahoma City. Go back and listen to part 1 of the interview with Donovan in Episode 133.
Topics – Advice for Getting into Security, Mentorship, Running Your Own Company, Deciding Correct Services to Offer, Board of Directors, Closing Thoughts.
2:18 – Advice for Those Investigating Getting into Security
- Donovan describes the type of person who would find it interesting.
- If you’re someone who is sitting at home at night tinkering in your lab trying to figure out how things work, you may be right for this industry.
- Ethical Hacking vs. Pen Testing
- Pen testers "break stuff." Pen testing is a formal contract to break into a company.
- Ethical hacking is something you can do on the internet. Finding an exploit and reporting it without changing anything is ethical hacking.
- Bug bounties to harden your products
- Donovan shares a great story about DefCon and car manufacturers awarding money to hack into a specific car model.
- DefCon is no joke. Attend with caution so you don’t get hacked.
- The types of skills needed for the industry
- Certification path requires Knowledge and experience
- How can you break into a computer if you don’t know how it works? There are many building blocks, and some of the best hackers know about building computers, firewalls, networking, and Active Directory.
- A good hacker has background knowledge.
- Transitioning from an IT generalist? Yes!
- And give Donovan a call if that is what you want to do!
- Generalists are overlooked. If Donovan can talk to someone like this about exploits, metasploits, and lateral movement…they will be great penetration testers.
- The market is super thin for folks like this.
- Building the community
- We want to make the community stronger by teaching people how to get into it.
- Antennas and proximity cards
- Donovan’s team, when they go home, does research and development. They are junkies when it comes to the technology.
- They can duplicate a proxy card easily within 4 feet when hired to break into a company.
- Red flags during interviews
- Some people have a god complex and love power (love being in charge, etc.) and control. These folks may withold information.
- The good guy wants to break in but has to let the client know. They want to fix the situation and provide the client with a better solution to prevent this from happening in the future.
- Donovan and team also do deep background checks for new employees.
13:10 – Mentorship
- Donovan was lacking it coming into the industry and never really had anyone to help him.
- He hated figuring out things on his own.
- Donovan never wants someone to be alone if they are trying to do something better for humanity.
- Legacy vs. money
- If one person was impacted by the help Donovan provided, it means more than anything else.
- Legacies get passed down and never watered down.
- Donovan hopes part of his legacy will be making jobs for people in cybersecurity in Oklahoma and Texas.
- "Legends never die." – The Sandlot
- Giving back is the biggest reward
- Whether it be money or time, if you have been given a gift, it is your duty to give back.
- Donovan mentors a number of people for free and asks them to pay it forward to others.
17:11 – Running Your Own Company
- There was a need to fill according to Donovan. There are IT folks who specialize in databases, servers, etc. Then there are forensics folks. You don’t want the forensics people treating your cold, for example.
- Cybersecurity was once an afterthought. Now it’s consistently in the news.
- Making mistakes
- This started as a hobby and came as a company. Being responsible for the employees and their families is kind of a panic moment. You get used to it after a while.
- Operating debt-free
- Donovan only operates through cash. Even through COVID, they grew and didn’t let any employees go.
- Saving vs. spending
- If you don’t need the money, don’t spend it. Donovan worked two jobs for a long time.
- Buckle in, and let others live it up with fancy vacations and exquisite things. You don’t have to spend all of your money.
- You have to start at the bottom. Don’t think you’re going to get rich quick.
- Donovan saved a full year of salaries to start Alias.
- Major debt can cause stress and other issues.
- Investing in the company
- When people tell Donovan they gave themselves a raise as business owners, he questions their motivations and why they would not want to invest it back into the company.
23:46 – Deciding Correct Services to Offer
- Transition from Alias "Forensics"
- There was forensics and also incident response. From that point, clients started asking about security.
- Pen testing services were driven by customer need.
- You have to move with the time and what is necessary.
- How do you let the world know you’ve added a new focus?
- One of the most important parts of the business is marketing.
- It took a couple of years to communicate that Alias did Security as well as forensics. They grew a community without changing the name.
- Check out the Secure AF Podcast run by Donovan’s company.
- Moving into a new market
- The company moved into Dallas. During COVID was the right time to change the name to just Alias, and it ended up growing the company.
- They kept the logo and rebranded a little. Everyone in Oklahoma knows who the company is.
- Personal focus can work the same way
- If you are not going to make your work look good, don’t do it.
- You have about 1/8 of a second to get someone’s attention on LinkedIn. Make sure whatever you put out there is something you would want to look at too.
- Piecing together a body of work
- Most of the things customers needed came in the form of "can you do this?" Donovan had the experience in the industry to explain how he would go about it even if he hadn’t done that exact thing.
- There’s almost too much information out there for us to learn a niche because we get lazy, or things on YouTube might not seem unique enough.
31:09 – Being on a Board of Directors
- Tax dollars supporting Oklahoma companies instead of out-of-state companies
- Donovan is on the board for OITA.
- Donovan’s goal for a long time has been supporting Oklahoma jobs and tax base, and increasing talent in the security/forensics industry.
- There’s a sense of pride in where you’re from here. Donovan was born and raised in Oklahoma and wants to make it better for his children and future generations.
- Supporting those battling imposter syndrome
- Many in our industry have this issue.
- Anyone can do IT, but can they? Are they? If you’re doing it and taking the next step is doing more than someone else.
- Donovan realized he was "special enough" to help advise the state and make it better. He had impostor syndrome heavily.
- If you think you are just some person doing this, you’re probably wrong. Take a look in the mirror, realize what you are doing, and that means more than the person telling you that you are not worth it.
- "The impostor is proof that we are creating, innovating, and leading." – Seth Godin, The Practice
- Time commitment of a Board depends on the cause
- Typically it is once per quarter. Donovan has some that meet monthly and some that meet bi-annually.
- Board seat vs Board advisor
- Donovan was recruited to be on boards or be an advisor to boards of directors.
- It’s a way to meet a lot of smart people with different perspectives. Donovan seeks to learn from the wisdom of those with greater experience.
- Difference from owning a company – the strategic view
- Owning a company is gunslinging, moving revenue, etc.
- Donovan uses the illustration of analyzing a painting to explain what being on a board is like. It’s methodical, and you can really digest the company, see how it is moving, look at the revenue without being in a hurry to make money, etc. It’s like looking at a forest from outside the forest.
- You’re trying to take the blinders off for somoene like a CEO.
41:18 – Closing Thoughts
- How do you decide what’s next?
- Invest to build wealth so one day you don’t have to work.
- Watch this space!
- There is a point where you can only take it so far by yourself. Donovan references the book Scaling Up.
- What’s the best and worst career advice you’ve ever received?
- The worst advice was from a former boss that said Donovan would never go anywhere without a degree. He’s not against degrees but proved that to be wrong.
- Never forget where you came from. Don’t get too big. If you get too big, you overrate yourself and burn out. If you get too big, you lose track of how you got to where you are. The people surrounding you and trusted you helped you get to where you wanted to go.
- Donovan is on LinkedIn Donovan Farrow if you want to contact him.
- It may take time for him to respond, and he chooses to give people his full attention so interactions are quality interactions.