#230: LSU, NC A&T & SentinelOne on Student-Powered SOCs, Shadow AI Governance & Blocking Threats Before IT Calls

Episode Transcript

In this episode, Craig Woolley from LSU, Lizbeth Johnson from NC A&T, and Ron Ringgold from SentinelOne break down how a student-powered SOC model is scaling across 32+ institutions - and why the hardest part of cybersecurity leadership isn't the technology, it's the people.

Joe Toste: [00:00:00] Welcome to the Public Sector Show by TechTables. Super excited to have everyone on and returning guests, Craig from LSU. Craig, let's kick off with you. For those who don't know you, a little bit about yourself. 

Craig Woolley: I'm Craig Woolley. I'm the CIO at LSU. I've been there about five and a half years, and I've been in Higher Ed IT for about 35 years.

Joe Toste: Give us a little bit more. He came on last year, episode 1 97. With some other fabulous customers of Splunk. Tell us a little bit more about your intro. 

Craig Woolley: So we very much are looking at standing up SOCs and have stood up a SOC on LSU's campus and a public-private partnership with TechStream.

Craig Woolley: And our students are working hand in hand with TechStream doing managed detection and response services. 

Joe Toste: Lizbeth, for those who don't know you, give us a quick intro.

Lizbeth Johnson: My name is Lizbeth Johnson and I am the Interim Chief Information Officer and Vice Chancellor for Information Technology at North Carolina Agricultural and Technical State University in Greensboro, North Carolina. I'm relatively new to the [00:01:00] role. I've been at A&T for a little over a year, and I've been in this role for just over three months, I believe.

Joe Toste: Ron quick intro. 

Ron Ringgold: Yes. So my name is Ron Ringgold. I am the Public Sector Chief Information Security Officer at SentinelOne. Prior to coming to SentinelOne, I've spent about 17 years in the federal government the Department of Defense and the intelligence community in all things cyber. I'm also prior Army did IT and cyber in the Army as well.

Ron Ringgold: And so now I help State, Local, Higher Ed, Finance Sector, Health Sector, and Federal Government solve some cyber problems. 

Joe Toste: And you also. Part-time adjunct professor, 

Ron Ringgold: correct? Yes. I adjunct on the side as well. I teach a lot of cyber policy governance, risk compliance at University of Maryland global campus.

Joe Toste: I love that. Okay, so we'll kick off with part one with Craig. Last year we talked about the seven and a half million dollars reoccurring student SOC at the State of Louisiana. And the former governor champion, which is awesome. Walk us [00:02:00] through one specific thing today, it's been about 12 months.

Joe Toste: Tell us about that second SOC that you were telling me about off camera. 

Craig Woolley: Yeah, that's, so the process has worked so well. The model that we built did scale so well. We've got it at about 32 Higher Ed institutions in the State of Louisiana. That we decided why limit it to just State of Louisiana Institutions?

Craig Woolley: So we are opening up a second SOC, it's called Tiger SOC. And that will allow us to provide these services with students again in the middle of the process to Higher Ed, outside of the state of Louisiana or private industry. So we've got already nine private industry customers of Tiger SOC Students, again, are just working hand in hand with TechStream.

Craig Woolley: Students work during the day, Monday through Friday. TechStream is there watching them during the day, but also takes over fully at night and on weekends. So it makes it much easier for us to do this on a college campus where you don't really want students working 24 hours a day. 

Joe Toste: Lizbeth, you [00:03:00] mentioned that grief, which is really great. When technical experts move into leadership. That feeling of, losing like the the identity that, you were this technical expert and now you have to become this leader and you don't, they don't teach you leadership, they you're really great technically, but it's that kind of, that, that's tough. Tell us about the moment where you experienced that shift. What were you working on? What triggered that and what's the one thing that you wish someone would've told you before it happened? 

Lizbeth Johnson: I think I'll start from the second part of your question is what I wish someone would've told me, and it's just that exists.

Lizbeth Johnson: That there is going to be this moment of grief where you have to let go of maybe what you've built your career on in terms of being a technical expert or that being who you are, you kind of identify yourself career-wise like that. And then you have to give it away, that is what I was not told.

Lizbeth Johnson: I had to figure it out for myself or when it happened. [00:04:00] And so it was a couple of roles ago before I, I was in technology leadership before this role when I figured it out, but I was a hands-on leader. A lot of times when you have smaller teams. You get to touch it, you get to, upgrade the firmware and make sure that the server is on the right version of the operating system, et cetera.

Lizbeth Johnson: So I was doing that work even though I was a director of technology, 'cause I was on a smaller team. I, and so when I went to my next role, much larger team, much bigger scope of the responsibilities, much larger campus. So I had people on my team that were already doing those things, and so I realized I can't do that work because I'm taking their job.

Lizbeth Johnson: That's their job. And then plus, I don't have time because I have to be thinking about other things. And so that's when I realized, oh, I'm never gonna be technical again. Not really, not in my job. It's my team that is going to do the technical work and I've got to just direct it or guide it or maybe provide suggestions if they need [00:05:00] me.

Lizbeth Johnson: But the longer you do that, the less suggestions you're off, you're able to offer because you're so removed from the technology. And so that's when I realized, okay, I've gotta look at this technology role completely different. Now I'm not gonna be the technician, if you will, but rather the leader or the director.

Joe Toste: Yeah. I love that. I just wanna jump back to you Craig, is there, so I experienced this. I coach high school basketball. I talk about it on the podcast all the time. And one of the, probably the hardest thing for me is when you coach either the JV, typically the JV team, sometimes the frosh, but mainly the JV team, is that those players. Are only around for a year, and then you have to give them away.

Joe Toste: How have you been mentoring or coaching some of the of the student leaders to build that pipeline that you've been building? Can you just maybe talk about that coaching and mentorship? 

Craig Woolley: So it, that's part of the whole process we've put in place is to make it easier one, to onboard a student.

Craig Woolley: So we've put [00:06:00] in got it to where, when a student is hired. to the time in which they're on the front lines and fully trained is only six weeks because we know we're gonna have lots of turnover. If a student comes in as a senior, which is they have to have a full year left we at least can get them trained in those six weeks and get real experience for them over the next few months before we know they're gonna leave.

Craig Woolley: But there's always others in the pipeline and we've built it to where we want tons of students flowing through this process. Now, we would love them as a sophomore and freshman because I can't imagine a student three or four years in this program the skillset they'll have when they graduate and how, attractive they'll be to potential employers.

Craig Woolley: But a lot of it is the process and we do make sure that the students are working together, so they collaborate a lot in the SOC. So it's not them sitting in their screen just doing theirs. They're working together to build that teamwork and to build the ability for them to work [00:07:00] with others in the tech industry, which I think is very important.

Craig Woolley: 'cause a lot of people, if you come up to a technical side, you're used to just being by yourself. And then when you're thrust into a team environment, it's hard to adjust. 

Joe Toste: Yeah. That's actually one of the things that I love about sports so much is the teamwork. Probably communication is probably the biggest thing.

Joe Toste: At least like on the basketball court, like getting the high schoolers to talk, to communicate with each other when they're on the court. But that's what teams do. They have to communicate, right? And that's what great leaders do. 

Ron Ringgold: Real quick. Yeah. Can I ask quick a follow up question? So you mentioned the Tiger SOC that you guys are implementing and doing a man of service provider for other folks in private industry and other colleges.

Ron Ringgold: Is that, are you parachuting in and deploying your technology stack or does it bring your own technology as well and they can integrate with your SOC? 

Craig Woolley: So at the moment, we are bringing in our Splunk ES environment. That TechStream manages it all for the school. But there, there is opportunities for other technologies in, in the future, but right now it's standardized on Splunk.

Craig Woolley: And then the [00:08:00] processes are also relatively standardized when it comes to this is how we can do this at scale and bring it up quickly. So NJIT has joined this program, so they have a SOC now in New Jersey that mimics the ones we have in Louisiana. All again, trained the same way, brought up the same way, but then they have choices in the school.

Craig Woolley: They could pick what data sources they want what EDR they want to use, all that they have that option for. So it's, to me, it's the best of both worlds get you up and running quickly. You don't have to recreate the wheel at every school, but then you can individualize it to your taste after that.

Ron Ringgold: Awesome. And then from the EDR perspective. Are you guys also doing some of the forensics and incident response, or is that gonna fall on the school? 

Craig Woolley: That we still leave up to the school, so we'll do the detection. We do have some automation if the school allows us to do some automation for, disabling accounts and other things.

Craig Woolley: But once it comes to, hey, there's a real issue, we contact the school and they have to handle it from there. 

Ron Ringgold: Gotcha. Thank you. 

Joe Toste: So just to keep going with you, Ron. So we talked [00:09:00] about so you're teaching cyber policy at the University of Maryland, their global campus while being, can I go with Field CISO?

Ron Ringgold: Yeah, you could use Field CISO . 

Joe Toste: Just so short I highlight. It's just a short little phrase. So you both see the, both the academic theory and the brutal reality of cybersecurity. Tell us about, one student who completely surprised you, either, they came to class.

Joe Toste: Super unprepared and became exceptional, or they had performed perfectly like in the classroom or they were just struggling in real scenarios. How did you coach them or teach them or prepare them in the classroom for the real world? 

Ron Ringgold: That's a great question and I would say those students that come in not knowing are actually the best students.

Ron Ringgold: Because what I've seen is when you get people who actually have the practical experience in real world, whether they're working in the DOD or they're working in the federal government. And when they're coming into an academic class, they're bringing the bad habits that they've actually learned on the job.

Ron Ringgold: Because what you learn on the job is how to circumvent a lot of your compliance requirements, a lot of the government's requirements. And so [00:10:00] they bring that to the class and then they struggle with learning the textbook answer or how to respond from the way that they want you to do from actually the syllabus and the class structure.

Ron Ringgold: So I would say those folks that actually come in who've are either prior service or worked in the government as contractors or government employees. I've seen them actually struggle picking up some of the more textbook answers and answering it the way that they want you to with the curriculum versus what you do on the actual job.

Joe Toste: I've done a lot of different episodes on cybersecurity over the year. We've got 200 and something episodes out there. One of 'em I did was, I don't actually know if he's still with SentinelOne, Morgan Wright, we recorded, you're gonna laugh, three hour episode.

Joe Toste: Oh, wow. Three hour episode on going left of boom and really preparing for, getting out in front of, not just being on the response side. So anyways, if you wanna listen to a three hour episode it, it was a great one.

Joe Toste: So Elizabeth I like this, you called yourself when we were talking, you said you called yourself a change agent. So it's not a term that I have heard that [00:11:00] much, but I was actually on a phone call with the CIO for the city of Houston and she was telling me, Joe, you are a change agent. I was like, I'm not even in Public Sector.

Joe Toste: But I was like, then I was just talking to Lizbeth. And so right now every institution you've got faculty, students, researchers. Everyone's using all these AI tools right now, whether IT knows it or not. Shadow AI. Walk us through a real world example when someone on the campus was using AI.

Joe Toste: How did you find out about it and how did you turn that around into a governance conversation rather than a compliance crackdown? 

Lizbeth Johnson: Sure. I've got lots of those. Shadow AI or Shadow Tech really takes on many forms. Could be software, applications, hardware, sometimes even infrastructure.

Lizbeth Johnson: We've caught routers on our network somewhere. But in, specifically when I think about a specific incident regarding Shadow AI [00:12:00] in this particular case, the vendor told me. If you can believe that because vendors, sorry. Vendors usually want to get in there and sell their shiny object to our faculty or our staff and get it in there before IT knows anything about it.

Lizbeth Johnson: And at least this vendor considers themselves a little bit more of a partner. So they told me that they were working with one of the colleges on building an agent. And so I'm like, really? Thank you for telling me. It so happened that, this is the thing about IT and Ed and specifically about this sort of AI revolution is it's hard to get in front of it.

Lizbeth Johnson: There are so many things that are happening. It's moving so quickly, how do you get in front of it? So this vendor gave me an opportunity to get in front of it by letting me know that he was having these conversations with the dean of one of our colleges. So I went to the dean and I said hey, what is it that you're working on?

Lizbeth Johnson: Vendor told me that they'd been talk, having conversations with you about this. I'm interested in what it is that you want. What do [00:13:00] you need? What are you doing? What are your goals? So we had a conversation about it. She shared. I was like, I think this is something that. Your local IT group can handle, this is what we've got built out.

Lizbeth Johnson: This is what we're planning to do. How about you be the first one to try it out for us? And so now my team is working with the college to build out this agent,

Joe Toste: okay. 

Lizbeth Johnson: Yeah. 

Joe Toste: And do you now refer to that vendor as a partner or vendor? Partner? 

Lizbeth Johnson: This. 

Joe Toste: A baby 

Lizbeth Johnson: partner. A baby partner baby. There's one and many things that are going on.

Joe Toste: Baby partner. So Ron, go jumping back to you. So you transitioned from the Department of Commerce on the federal government side. That's gotta be a big undertaking to SentinelOne. And, but while you were at the Department of Commerce I think, and correct me if I get this wrong by the way, but.

Joe Toste: So you cut the cyber budget by an estimated 60% and then reallocated those funds. Is that right? 

Ron Ringgold: That's about right. 

Joe Toste: Yeah. Okay. Okay. So walk us through, week one on the job, what did the security stack look like [00:14:00] before? And then walk us through that s you know, scariest moment and in transition.

Joe Toste: Any time that you're making change it, it just makes people uncomfortable. I'm uncomfortable with change. Just take us back there and then walk us through the process that would be helpful for other folks listening in. 

Ron Ringgold: Yeah, absolutely. And it's, it started with the release of the executive order 14 0 28.

Ron Ringgold: And that was improving Nation's cybersecurity. And then out of that kind of detailed organizations moving toward a Zero Trust Architecture. And then OMB released OMB Memorandum 2209, which is the Federal Zero Trust Architecture. So once that happened, what my job was to do was take a look at commerce and its 13 bureaus and how do we standardize cybersecurity?

Ron Ringgold: Because what we had is we had all these little fiefdoms around commerce, between NOAA and U-S-P-T-O and Census and NIST. And they all had their own independent tool stack. And what that does is that cranks up your cyber budget. So if everyone is paying for their own individual tools, now you're paying a premium for each one of those tools.

Ron Ringgold: So what we initially did on say week zero is [00:15:00] we established a working group with the CISOs of all of our bureaus, and I don't wanna call it a gap assessment, but we looked at what each bureau was doing, and this was pre EDR boom, right? So EDR, prior to EDR, everyone was running some type of antivirus software.

Ron Ringgold: And it's not the best, but it's something, it helps us keep malware and stuff off our endpoints. So what we did was we built this working group and we brought all the CISOs together and said. We need to take a look at all of your cyber enabling tools from identity and network and device, and take a look at what you guys are doing and what is working well.

Ron Ringgold: And if something is working well, let's replicate it across the entire department. So within that working group, we did tons of bakeoffs and SentinelOne was actually part of that, that bake off that we did, and we actually ended up deploying them enterprise wide across commerce. And we did a bake off across all of our bureaus to see what is working well, what do we need to do and implement at the enterprise level.

Ron Ringgold: Because one thing that across Higher Ed, Public Sector, Federal, we're lacking oversight and [00:16:00] visibility. Our CIOs have no idea what's going on in each of their corners of their environments. So what we wanted to do was be able to bring that up to give our CIOs the risk picture they need to make informed decisions.

Ron Ringgold: So out of that working group. We got everybody on board. We did tool Bakeoffs on where we needed to go, and then out of that we made selections and procurements based on what we did in this working group. So the oh crap moment was when we are doing our procurements and we start working on deployment, and then I would have a bureau come to me and say, you know what?

Ron Ringgold: I really liked my fiefdom and I don't want to give you guys the visibility that you want, so we're gonna keep doing what we want to do. And so what we did is we had to work through that, right? So we had to bring CIOs together, CISOs together, Secretaries of departments together and say, look, I understand what you guys want to do, but one, we can use economies of scale.

Ron Ringgold: We can drive down cost. To your point about doing those MSP and those shared SOC services, now we can create a shared environment where we can help each other if something happens. So instead of you having one tool and you having another [00:17:00] tool, and I don't know how to use your tool, now we can come together in time of need and support each other.

Ron Ringgold: So after getting through that and building all those partnerships, we were able to get commerce on a common ecosystem from a cybersecurity perspective and fully develop a Zero Trust Architecture at Commerce. And working hand in hand with CISA. We were able to build that out and then actually help CISA a with some of their stuff that they're doing today as part of the CDM and ZTA programs.

Joe Toste: Okay. There's a technical component and then there's a human component. Yeah. Most of what I heard was actually a human component. Absolutely. Having to build partnerships, getting people on board. I'm sure people didn't want to get on board.

Joe Toste: How did you overcome some of those hurdles? How'd you, ultimately it's gonna be about all those relationships that you had to go build. How did you go out and go build those relationships? 

Ron Ringgold: So it was honestly doing just that, working with each of those bureaus to understand what their hesitation was and how can we work through it if it was not understanding what the tool stack was, getting them extra training, getting additional professional services, [00:18:00] having some of our other bureaus actually assist them if they were, say, short staffed.

Ron Ringgold: If say some of our larger bureaus had more IT professionals, we would then borrow some of them and help them with their deployment. So it was just giving them that level of comfort that we're not taking something away from them. We're actually going to increase your cyber maturity, give you better tools that are gonna cost less, do more, and be more efficient.

Ron Ringgold: And oh, by the way, we're not gonna leave you hanging and do it on your own. We're actually gonna help you. So it was bringing them into the fold, building those partnerships across the entire department, getting those CISOs and CIOs talking, and then actually working together to get those things deployed.

Joe Toste: Okay, so the last piece of that puzzle is getting the money. So that was great. So you gotta, now you gotta speak to business outcomes, you gotta speak to talk about that. 

Ron Ringgold: So it's a little bit different on the federal side. So getting the money for me was more so a doing a forecast of how much it would go, it was going to cost over the next three to five years.

Ron Ringgold: And then once I had that put together, working with all those vendors working with all those vendors, getting those budgetary [00:19:00] quotes. From there on the federal side, what you didn't have to do is get it improved internally. So make your case to the Secretaries of your department. And then from there, I then had to go sit in front of each chamber of Congress, pitch it to the Senate, pitch it to the House, and get them to approve that budget.

Ron Ringgold: And then so from there they did, they actually approved our entire budget to move toward a Zero Trust Architecture. And then we started carrying out. And right now at Commerce, I believe they're on year four of implementing their ZTA strategy. So the budget process is a little bit different in the federal side.

Ron Ringgold: It's a little bit more involved, a little bit more red tape to jump through. But we were able to do it, we were able to cable carry out those procurements, leveraging the CISA continuous diagnostics and monitoring, blanket purchase agreement through GSA which actually streamlined a lot of those procurements and we were able to start deploying.

Joe Toste: I love that. So I've got a story for you before we're gonna jump back to Craig. So I've actually been to the GSA building. Yeah. On the rooftop. It looks out on the White House. That's right. Hey, shout out to my guy, Samuel Navarro, who used to work. He used to work and lead a team at the GSA.

Ron Ringgold: So you probably saw the commerce building we're actually right across from the White House.

Joe Toste: Oh [00:20:00] nice. Yeah. Yeah, it was, it was, the rooftop was gorgeous to look out and you're like, oh, there's a sniper over there. And yeah, that's pretty, it's pretty cool. So Craig, you deliberately built the student powered model, not student run because the 27 24 by seven monitoring with college kids would probably be a nightmare.

Joe Toste: Having them run that. So tell us about a security incident that happened outside of business hours. How did the TechStream partnership handle it and what role did automation play? You've kinda mentioned a little bit about this, but and what would've happened if you had tried to staff that moment with students alone?

Craig Woolley: Yeah. So our model. Does have it to where TechStream is technically 24 7. So they do have people watching and helping us 24 hours a day, seven days a week. Where the model has its benefit and cost reduction is during the day when our students are working, TechStream lowers the amount of staff they've got, which then lowers our price.

Craig Woolley: 'cause they're expecting our students to do a lot of the work, which they have been. [00:21:00] Our hope was students would be able to do half the incidents that come in a day. In a 24 hour span and they're at 40 something percent right now that they're able to do. So if something happens at night, it's a TechStream analyst who's equivalent to what our student analysts are.

Craig Woolley: The on the ground people who are watching first. And then they see, they told me about once a week, they have incidents that they've got to do something about, and they might. Contact the school, they'll escalate it up higher up in TechStream, and then they contact the school to say you've got an issue.

Craig Woolley: And then when they find that, which we'll talk more about the Neighborhood Watch, but when they find that they're also looking across all the entities participating, including the ones out of state, to make sure they don't have that same risk in their environment, and then proactively reaching out to those schools if they do have that risk.

Craig Woolley: So that has worked well. After hours and during the day. Students, same thing. Students see something [00:22:00] that looks fishy, they can escalate up through TechStream during the day even to do that. So it the model has worked very well, still gets our students that experience, but for me, most importantly, it's reducing our cost to deliver this.

Craig Woolley: So not only training the students, but it does save us money by having them do it. Sometimes instead of TechStream. 

Joe Toste: Yeah, that's great. I just want to, in the words of my friend Ryan Murray, State CISO in Arizona, I got you Ryan. I wanna double click on what you said. The Neighborhood Watch tell us a little bit more about that across the 20 plus schools.

Craig Woolley: So the Neighborhood Watch is a concept again, we developed with TechStream using Splunk SOAR across all the entities. Even though each school gets their own Splunk ES stack, they're all connected via SOAR. And if a student, let's say NJIT now, who's participating in the program, if a student in New Jersey finds a threat that's attacking them within 10 minutes of them confirming that this [00:23:00] is an actual attack, it

Craig Woolley: can set off alarms across everybody to have everybody's firewall automatically block that threat without the school even having to know if they choose to have the automation, they can also just say, notify me. And we don't trust the automation yet, so just notify us that all happens. So the more we have in this program, the safer we make everybody, 'cause we're all looking out for each other at the end of the day and that has worked very well.

Joe Toste: So I guess I'm thinking there's, you've got automation and then I've gotta bring it up on every podcast I was paid to AI 

Craig Woolley: I knew you were gonna say that. I knew that was the next words outta 

Joe Toste: your mouth. So where is LSU on that journey? Is it real for you? Is it being deployed?

Joe Toste: Are you looking at it? Tell us a little bit more. 

Craig Woolley: You're talking in general or for the SOC? 

Joe Toste: Across the enterprise portfolio. 

Craig Woolley: So we are, they have asked me to chair a committee that we put together last spring to come up with ways to where AI might be able to help administratively across the institution.

Craig Woolley: That [00:24:00] was a great group. We wrote an 80 page report of ways in which AI could help, and we're now starting the process of looking at what are the low hanging fruits to where they're easier to implement and give us the most bang for the buck. Because the hard thing with AI that I have seen is how you actually realize ROI, you could spend, and you've got schools spending millions of dollars on AI solutions that they feel like they have to do.

Craig Woolley: Which I agree. I think you gotta do something. But then how are you recouping that few million dollars? If you're saving some time for some people, how much is that worth? That's the hard part. So we're looking for things that. Really do have an ROI as our first leap. 

Joe Toste: Wow. Okay. You have no idea what just happened.

Joe Toste: We had this crazy malfunction yesterday, so we actually had to stop the podcast, but we're back in nine now. We're inside the carousel booth. So we're gonna pick up the conversation right now. We're gonna finish out with building great teams. We'd love to hear from these leaders here on [00:25:00] really on how they have built great teams.

Joe Toste: And let's kick off with Craig. Craig. Can you just walk us through how you think about building great teams at LSU? 

Craig Woolley: I think first and foremost I try to gain everybody's trust. I'm very big into trust, gaining, showing empathy, and really caring about the folks that work in my department.

Craig Woolley: And the hope is that they. Then return that favor and try to build trust up the chain. But showing them that I care and showing them that I give them flexibility to do what they need to do and know when they can come to me. I think over time that just works out really well and my team gets stronger and stronger.

Craig Woolley: I'm big on interpersonal relationships and treating each other with respect. And when Sometimes you'll have a lot of infighting because you're one department and you've got different verticals in that department, I watch for that closely and want them treating each other as if they're customers of each other.

Craig Woolley: 'cause in a lot of [00:26:00] cases, in an IT department, your networking team is a customer of my workstation support team because they run workstations and need help. So they need to treat each other with respect. And that starts still to build more confidence in your teams and more confidence in each other.

Joe Toste: One of the things I found is that it's, there's not necessarily a technology problem. Usually. It's a, there's a human problem, there's a communication problem. I coach, I have mentioned this before, coaching high school basketball. It's usually a communication problem. 

Craig Woolley: The technology is always the easy part.

Craig Woolley: It's the people. Yeah. That can make it difficult. Yeah. So learning how to deal with people. Showing them the respect they deserve. And creating a customer service attitude across the organization, both internal and external is a key to that. 

Joe Toste: Were there mentors or books you read? How did this kind of help shape your own leadership philosophy?

Craig Woolley: To be honest, I think there's not really books. I read I've had some bosses in the past that I watched and said. I [00:27:00] don't want to do it that way. 'cause I watch the reaction that people have to certain leadership styles. And so I've tried to form my style based upon what I see gets positive reactions from folks versus negative.

Craig Woolley: So a lot of it is they, a lot of people taught me what not to do. 

Joe Toste: Yeah. And this is the best leadership lessons sometimes too. Awesome. Ron, 

Ron Ringgold: Building on what Craig said, I think the other part of that is also empowering your folks. So I think you touched on it a little bit about giving them the flexibility.

Ron Ringgold: So the first thing that I do is try to learn my team, understand their strengths, their weaknesses, where they need some coaching, some mentorship, and then giving them that, that empowerment to, to make decisions on their own. Now, if there's extremely large decisions that might have budgetary considerations or that would impact the entire organization, of course I would like to be consulted, but giving them the autonomy to carry out their roles and their responsibilities.

Ron Ringgold: And giving them that responsibility to own, and as we talked about before, owning their problem and figuring out how to solve it. I think that helps build those teams and [00:28:00] allows them to own it and take responsibility. 

Joe Toste: When you came into the Department of Commerce, whenever there's a new leader that comes on board, it can be a tough transition for some of the existing folks.

Joe Toste: Can you talk about how you've built those bridges to the team members to get the buy-in that you needed? 

Ron Ringgold: Absolutely. I was in an interesting situation when I came over to Commerce. My office didn't exist, so when I came over to Commerce, we built out the Cybersecurity Architecture Division.

Ron Ringgold: So I actually had the, I had the luck to be able to build out my own team. So I actually went out and I was able to hire some folks that one were highly respected in the industry. Two, a lot of ex-military guys. I'm ex-military myself, so I know the type of leadership and commitment that they exhibit.

Ron Ringgold: And so I was able to cherry pick my team and bring them on based on their strengths and then put them in the areas that they needed to be in. But reaching across the aisle to my counterparts in cyber operations and in compliance and governance I was able to build those bridges because it all works together, right?

Ron Ringgold: From an architecture perspective and that cyber operations perspective. And then you got your compliance. So working with those different directors and those [00:29:00] leaders, we were able to make build bridges. So we worked together instead of working in silos. ' cause I don't have to tell you guys. If you start pushing forward with deploying IT without taking compliance into account or tying into your cyber operations folks, you end up in that silo and then you're not working across each functional area.

Ron Ringgold: So making sure that we're incorporating each other's skill sets in areas whenever we're doing something, I found that worked better. Instead of trying to bolt it on, you're building it in and it was more seamless that way. 

Joe Toste: How much has did your military experience influence your leadership coming out?

Ron Ringgold: I would say I've learned a lot about leadership from my military time. Within the military you're thrown a lot at you in a short period of time. A lot of the, a lot of the soldiers or service members they're very young. And they will be given tons of responsibility very early on in their career.

Ron Ringgold: And I hate to say it's sink or swim. But it really is. So it's, you're given responsibility and it's figured out, figure out how to run with it. And I think that really helped me [00:30:00] in my leadership style because going back to owning the problem or having that responsibility, you really don't have anyone to lean on and you really have to figure it out yourself.

Ron Ringgold: Because if you go up and you're trying to get someone to help you, they have their own problems and responsibilities they're worrying about. So you do get some mentorship, but it's, Hey, this is your problem. I need you to figure this out. And I think that helped guide me in my leadership style. Now I do more coaching and mentorship with my people because I don't want them to fall into the same pitfalls that I had.

Ron Ringgold: So I've learned from my mistakes, and then I try to pass that on to the younger generation or the folks that are trying to come up in their career. 

Joe Toste: Yeah, no, I love that. Last follow up question. Were there any, like any books that you read or anything like that around mentorship, leadership coaching that you know, really influenced you?

Ron Ringgold: Going back to what Craig said, now, I was basically just on the job. So I took what I've liked from leaders that I've had in the past and incorporated that into my style. And as Craig mentioned, those leaders that I had, that I didn't really like their style or didn't think that their approach worked, I took that out of my toolkit.

Ron Ringgold: [00:31:00] So I learned from the good leaders and the bad leaders and used that to shape who I am today. 

Joe Toste: Lizbeth, as we close out on in leadership building, great teams, just love to hear what you're building at N-C-A-N-T. I get that. 

Lizbeth Johnson: You did very good. It's hard to say anything vastly different from what was already said because trust is foundational.

Lizbeth Johnson: To building out a good team and, getting to know your team and the flexibility, all of the things that have already been said. It's pretty foundational to building a team. So I think what I'd like to drill down on is how do we do these things? How do we build that trust and how do we listen?

Lizbeth Johnson: The other sort of foundational piece would be communication if how this is done. That's the vector that you can use to implement or to gain the trust and to listening. And when I'm building out a team, I really focus on many areas around communication. So there's the transparency part.

Lizbeth Johnson: [00:32:00] Where you communicate information to your team. And so when you communicate what's happening and what's going on, so they're not left in the dark, they're in the know, if you will. They know what things, what's happening, and they don't feel blindsided by decisions that have been made. So keeping them informed is one way that I've used communication to build trust with the team.

Lizbeth Johnson: Another thing is listening, so I don't have to say that again, but, making sure that it's like I'm a, I have an open door, open calendar policy. I tell my team, Hey, if I have a time on my calendar that's available, feel free to take it. That's how we schedule meetings these days anyway, is through, using our calendars.

Lizbeth Johnson: So open door, open calendar sort of policy. So I make sure my team knows that they can come and talk to me when they need to. So that is another way of communication and another way is transfer of ownership. And it goes a little bit to what you were saying about enabling and empowering your [00:33:00] team. My meetings, my one-on-ones, the agenda is not mine.

Lizbeth Johnson: The agenda is theirs. And so it might start out being my agenda just to build the muscles of having an agenda and having the meeting. But then gradually I expect that my direct report will take over that agenda and it becomes theirs. So that is like empowering them. To be the owners of that meeting.

Lizbeth Johnson: We're meeting, but really this is your meeting. This is not my meeting. This is for you to get the guidance, the coaching, to ask questions so that they can do their jobs. I have mine, they have theirs, and so to empower them to be able to do their jobs the best that they can do.

Craig Woolley: So I have a question for you on the open door policy. 'cause I'm curious on how you handle this. 'cause I agree too. I like having an open door policy and I say anybody. In the organization can come talk to me. How do you handle when you've got somebody, maybe a layer or two down in the organization who's skipping some levels of [00:34:00] management to come talk directly to you?

Craig Woolley: Have you had, because that does ruffle some feathers and has in my past where managers say I don't like that they're talk. Why are they not going through me? And I'm curious on how you've dealt with that, if you've had to deal with that. 

Lizbeth Johnson: So I have two comments. One, I don't have a lot of people coming to me skipping a level because they're complaining.

Lizbeth Johnson: No, that's not really why people come to me. It's to complain. It's for some other reason. Or they just want to talk or they want some more information, or they're just checking in or informing me of the things that they're working on. But couple of occasions where it does feel like it's skipping, it's I just say to them you'll have to talk

Lizbeth Johnson: about that with your supervisor, thank you for sharing it with me. Talk about it with your supervisor first, and then if it needs to be escalated, then we can escalate it. But just trying to make sure that the supervisor is looped in and that the staff member knows that it's the supervisor who has like ownership over [00:35:00] whatever the grievance is, as opposed to me having that ownership.

Lizbeth Johnson: So it is tough, luckily I don't get a lot of people that come to me with complaints about 

Craig Woolley: interaction. Yeah. And I think I've had it a similar situation. If they do skip levels of management, I do say, can I bring this to, I wanna bring it to your supervisor. Unless what you want though is everyone wants to be able to feel like they've been heard, and if they've got some issues that they're bringing to their supervisor who's not then bringing it up

Craig Woolley: the chain and they feel like it's not going anywhere, and they feel like they have valid points. That's the reason for having it in place, is you do wanna give everybody that opportunity. 

Lizbeth Johnson: And in those cases, you can say I'm gonna bring this up with your supervisor at our next meeting, is that okay with you?

Lizbeth Johnson: Or things like that. Sometimes some of these things just happen when they happened. You can't plan for them, you can't train for them because these situations are unique and all of the things that we've been talking about in terms of how we're leaders and how we build good teams. So those are the skills that just translate [00:36:00] into these situations that are unexpected.

Lizbeth Johnson: You already have the foundation of what it is to be a good leader or how to lead a team, and so you just have to rely on that when you get these situations that you haven't seen before. So yeah, I just think it's the skills of their leader. 

Ron Ringgold: So I've actually had that happen to me before. So I've dealt with it in two different ways.

Ron Ringgold: One where I would have some subordinates that were under another leader. Come ask me if they could talk to me. And my first question always to them is, have you talked to your supervisor about this? And if the answer is yes, then it's okay, well then if there's some follow up that you need, then yes, we can talk about it.

Ron Ringgold: If the answer is no, then it's you need to start with your immediate supervisor before you, you bring it to me. But I've also had it where someone has skipped me and gone to my boss and then it comes back down. And then that's where some training comes in with Hey, the way the communication, yes, we all have open door policies.

Ron Ringgold: But if you're not following that chain of command and bringing the problem to the right person first, that right level and you're skipping levels to bring up a problem that maybe your immediate supervisor can solve. Then let's talk about this. Let's get you some [00:37:00] training on how we can help you and empower you to solve that problem before you skip a couple levels and take it all the way up to the top.

Lizbeth Johnson: And by the way, I don't want you to be out there on your own. That's happened to me also where someone has skipped me to, to, forge a complaint about something. So you're not on your own on that one. 

Joe Toste: And I think too having alignment with your boss makes it really easy. And even with, like in marriage, my 7-year-old, he'll start to test. He'll be like, oh. He maybe talk to Mom. Mom says, no, comes to me. And I'm like, yeah, sounds good. And she's Jamie, my wife will be like, no I told him no.

Joe Toste: And, or he'll do it other way around and it's the same thing. It's Jack cannot, Mom and I are aligned. You need to know that. There's not any back door like, I want to get this Lego set so bad. But it just applies everywhere. And but I think it's a great opportunity to coach, to mentor.

Joe Toste: Both on the alignment. I think too not everyone uses like military language, but like the chain of command. That really resonates with me. I've read a bunch of military history and books and I think there's so many great lessons in there that apply to IT. ' Cause if the team isn't together, [00:38:00] it's just gonna fall apart pretty quickly.

Joe Toste: And then things get messy. And so that's why leadership is so important. And we talked about this on the podcast all the time, and I tell leaders I just don't like gloss over it. Like you say communication and you're like, oh, we talk about communication all the time, but I'm like, no.

Joe Toste: It's like really difficult to do when communication breaks down. People's feathers are ruffled. How do you handle that? I'm a big Jocko fan, so now I've gotta submit my ego and my, I could go on forever.

Joe Toste: I love leadership. I think it's a great I love seeing it played out with high school kids and then adults too. 

Lizbeth Johnson: Oh, yeah. So I think adults are just older versions of high school kids. And I would say elementary, sometimes, or middle for sure. And all of the above. 

Joe Toste: I would say adults are harder.

Joe Toste: Adults are much, much harder. I think the kids, we didn't talk about this, but kids are pretty much pretty, pretty teachable, which is great. So we sometimes lose that as an adult. So anyways, thank you all for coming on the Public Sector Show by TechTables and I'm gonna see you next month, which is so awesome, 

Lizbeth Johnson: so excited, 

Joe Toste: In Raleigh, North Carolina.

Joe Toste: Thank [00:39:00] you for coming on the show. 

Ron Ringgold: Absolutely. 

Craig Woolley: Thank 

Lizbeth Johnson: you. Absolutely. Thanks for having us. Thank 

Ron Ringgold: you.