Intro: 00:01

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.

Intro: 00:06

Welcome to the Privacy Pros Academy podcast by Kazient Privacy experts. The podcast to launch, progress and explore sell your career as a privacy pro.

Intro: 00:17

Hear about the latest news and developments in the world of privacy.

Intro: 00:22

Discover fascinating insights from leading global privacy

Intro: 00:25

Professionals, and hear real stories and top tips from the people who have been where you want to get to.

Intro: 00:32

We're an official IAPP training partner.

Intro: 00:36

We've trained people in over 137 countries and counting.

Intro: 00:41

So whether you're thinking about starting a career in data privacy or you are an experienced professional, this is the podcast for you.

Jamilla: 00:57

Hi, everyone, and welcome to the Privacy Pros Academy podcast. My name is Jamilla, and I'm a data privacy analyst at Kazient Privacy Experts. I'm primarily responsible for conducting research on current and upcoming legislation as well as any key developments and decisions by supervisory authorities. With me today as my cohost is Jamal Ahmed, Fellow of Information Privacy and CEO at Kazient Privacy Experts. Jamal is an established and comprehensively qualified privacy professional with a demonstrable track record solving enterprise wide data privacy and data security challenges for SMEs through complex global organisations. To date, he has provided privacy and GDPR compliance solutions to organisations across six continents and in 30 jurisdictions, helping to safeguard the personal data of over a billion data subjects worldwide. Hi, Jamal.

Jamal: 01:42

Hey, Jamilla. How's it going?

Jamilla: 01:44

Good, how are you?

Jamal: 01:45

Fantastic. And I'm always in such a great mood when we have another amazing guest on the podcast. Why don't you tell us who today's amazing guest is?

Jamilla: 01:55

he has been working in since: 1993

Curtis: 02:31

Happy to be here.

Jamilla: 02:32

Thank you. And as we always do, we start off with an icebreaker question. So it's Friday. What are you most looking forward to about the weekend?

Curtis: 02:40

I will get some time to work on my newest hobby, which is woodworking. So I'm officially in the stage that I'm just calling the paying stage, where I just keep paying for things and then trying to figure out where to put them. I have to finish that phase before I can move on to the actual doing something phase.

Jamilla: 03:03

What is your first big project that you want to make?

Curtis: 03:06

I'm going to make an end table for the family room. We actually have some new couches that are slightly less wide. I don't know. What skinnier? Would that be the right word? I don't know. Anyway, they've left room for some in tables, so that's going to be my first project as an end table. We'll see how that goes.

Jamilla: 03:26

Cool. Let us know. We can attach some links to the pictures in the description of the podcast.

Curtis: 03:33

I'll be as interested as you are.

Jamilla: 03:37

Is that a hobby you picked up.

Curtis: 03:38

During lockdown or it is on the list of lockdown hobbies. Yes. Unfortunately there are a few.

Jamilla: 03:46

I think most people have that.

Curtis: 03:48

This is only the latest. Yes.

Jamilla: 03:50

I wish you very good luck with it.

Curtis: 03:52

Thanks.

Jamilla: 03:52

I'm sure you'll be excellent at it. Moving on to our data hold on a second.

Jamal: 03:57

Hold on a second. What's your plan for the weekend?

Jamilla: 04:00

Saturday, I think I'm seeing some friends. On a Sunday? I volunteer at a homework club connected to the youth club and volunteer out. So helping kids who have missed school because of the pandemic. Helping them catch up. So shouting at kids, really? On a Sunday? That's what I do.

Jamal: 04:15

I was just about to say, that's really nice of you until I realized your true motivation now, is it training for when you're going to take over the country as Prime Minister?

Jamilla: 04:24

Obviously to help them learn to make sure they're on the right track, especially in the area of volunteer. It's quite a deprived area of Cardiff. So yeah, just helping them with homework. Trying to remember how many years ago? Twelve years ago when I sat my GCSE trying to remember what came up then. So, yeah, it should be interesting. It's always interesting. Every week.

Jamal: 04:48

Fantastic.

Jamilla: 04:49

What are you doing this weekend, Jamal?

Jamal: 04:50

This weekend I have the pleasure of training another bunch of group of mentees on the Certified Information Privacy Professional over Europe. So I'm really looking forward to that.

Jamilla: 05:00

Nice. Hope it goes well. It should be interesting. And what number cohort is this?

Jamal: 05:04

I have lost count of the cohorts. The cohort is not important. What's important is the 100% success rate, which we're still enjoying. And I'm keeping my fingers crossed to make sure that every single person in this cohort gets everything they came for and really goes and thrives with their career.

Jamilla: 05:21

Long may the 100% success rate continue.

Jamal: 05:24

Amen.

Jamilla: 05:24

Right, so, data questions. Curtis, as I mentioned in the introduction, you're known as Mr. Backup. How did you get that name?

Curtis: 05:32

You know, backup is an area that most people don't stay in very long. It's the job that we often give to junior people. Right now, he's the new guy. What are we going to give them while we give them backups? Because nobody wants to do the backups. Which, by the way, is a horrible idea. I hate that practice. But that is the practice. That is how I got my first job in it 30 years ago. And unlike most people, I just never got out of it. I started getting known for having a punch on tour that and I don't know really where it came, but basically, I was this weird person that actually liked backup. So everybody else just got out of it as quickly as they could. And the next thing I know, I was like, well, I might as well just go with what you know, and started marketing it.

Jamilla: 06:20

Nice.

Jamal: 06:20

So you found something about backing up data that you found quite inspiring or passionate, and you just say, you know what? I actually enjoy this, and I'm going to stick with it. And then you became the best at it.

Curtis: 06:32

I only know one or two other people that have spent their career specialising in this topic. Most people move around. And so it reminds me very much of something that my dad told me growing up, which was constantly. He would tell me that he didn't care what I became like in terms of choosing a profession. He's like, I don't care if you're digging ditches for a living. Just dig the best damn ditch that you can dig. Right? And honestly, backup is kind of the ditch digging of the IT industry. I'm just trying to do it as best as I can.

Jamal: 07:06

I love that those values that have embedded into you growing up from your father and may he be blessed, is one of the values that we really have in the academy. It's the value of excellence. And everything that we do at Kazient and everything we do at the Privacy Pros academy and the values that we try to instil in all of our mentees across the Accelerator program is that level of excellence. Everything you do do with excellence. So it's absolutely awesome to have such great person such as yourself, Mr. Back up here, talking about how it doesn't matter what the niche is, it doesn't matter what it is that you do. The most important thing is that you do it with excellence. So thank you for sharing that with us, Curtis.

Curtis: 07:46

Absolutely.

Jamal: 07:47

What are some of the common mistakes you see people doing that always makes you go or cringe?

Curtis: 07:53

Mistake number one is simply thinking that something doesn't need to be backed up. That's literally the one that I find myself arguing all the time. So it's in the cloud. It doesn't need to be backed up. It's a SaaS service. It doesn't need to be backed up. Or it's just my laptop, I think I could say most companies don't protect their endpoints. They don't back up their laptops. And yet a significant portion of those companies intellectual property at one point is residing on the laptop. And while you might not lose everything, you will lose the most recent version of important things that your people are working on. I'd say that's number one. And then the number two, and this really goes back to the ransomware thing, is storing your backups in such a way that they can't be attacked by the thing that will hurt your primary. So historically, that just meant sending it off site, right? So we're protecting from a hurricane or a flood or a fire, but now we have to make sure, and I'll just have to back up a little bit. Historically, it was easy to do that. You had a box of tapes, you handed it to a man in a van, right. And then he goes away and saves your tapes. Well, now most people are doing disk based backups. And unfortunately, those disk based backups, even if they're quote off site, they're possibly running in a cloud data centre that is still directly, electronically accessible. And so the number one thing that I see people, once they've gotten past that, I need to back up the data part. They get to this part where they do their best. They back up the data, they store it. They even create an off site copy. But that offsite copy is still directly accessible via the same things that would attack their data centre. And mainly what I'm talking about here is ransomware. Not only can ransomware just blindly attack your server just like it's any other server, but there are ransomware products and I hate saying that name, but that word, ransomware, I don't know what else to call them because they are making money. Right. There are ransomware tools that are specifically targeting backups, right. They're specifically targeting even specific vendors of backups. Right. They have specific attack methods for different vendors products. So you've got to store your backups in such a way that they can't be attacked by ransomware.

Jamal: 10:12

That's super useful to know. And I know speaking across the board with so many privacy professionals, with many organisations, you're right. The number one misconception they seem to have is, oh yeah, we're using AWS, we're using Google web servers, and it's fine. We don't need to back any of that up. It is, like you say, a big misconception. And one of the things that you've highlighted there is that it's actually still important to get it right. So what can companies do, or what can Privacy Pros do to advise their organisations, advise their clients to make sure that we get this right in the easiest way possible?

Curtis: 10:44

Well, you protected the information in two ways. One is you sort of have the traditional concept of privacy where you're protecting from inappropriate access. Right? That's sort of outside my purview, except to make sure that when you store backups, they are stored encrypted. And at this point, everybody should be encrypting their backups. But I know not everybody's encrypting their backups. So that's number one. And then number two if you're storing personal information on behalf of other people, that data this is also included in the GDPR, for example, is that data also needs to be protected from loss and so in the traditional backup and recovery sets. And so they just need to make sure that all of the data that they're creating or is created on their behalf is protected. I guess the biggest mistake that I'm seeing is that we used to have a negative assumption, meaning I assume that the data is not backed up unless someone proves it to me otherwise. What has happened when we've migrated to the cloud is that people have done the opposite. They assume that it's being protected unless someone proves them otherwise. I just wish they would stop that, right? So I'd like them to understand the basic concept of the three two one rule. Because if whatever you think qualifies as backup doesn't meet that most basic definition, then you do not have backup of that asset. Let me just use a perfect example. Microsoft 365. I think it's a great service. We use it at Druva for communication and they actually have some really good data protection type features that mimic backup, but they are not backup and really it stops at the two. Right? So we have the three two one rule. They have many versions, they have way more than three. I think the default number of versions for each file in OneDrive and SharePoint is 500. But are they storing it on two different devices that are separate? They don't, right? And someone might argue with me and say, well, that's not true. 365 uses they have a delayed replicas as part of their system, but that's for them, because of their service SLA, they want the service to stay up. They do have a delayed replication specifically for their service, but I've asked them directly whether or not I could use that delayed copy for my purposes, and the answer is an unequivocal no. So that doesn't count as a two. And then certainly if we don't have the two, we don't have the one. And so if you look at your service, any of the decent mainstream cloud providers, if you actually ask them the question, do I need to be backing this up? They will straight out just tell you, yes, that is your responsibility. They might provide tools to allow you to do so, but they're not doing it for you on your behalf. And 365 is absolutely not doing it on your behalf. Neither is G suite, neither is Salesforce, neither are most of these well known SaaS providers. So just research, stop that positive assumption that it's protected, start a negative assumption that it's not protected, and then just start asking that question.

Jamal: 13:44

Fantastic. That's been super valuable. And just for anyone who is still very new to data security and backing up, can we just break that three to one down just so that everyone is left with total clarity? So what is the three that we're looking for?

Curtis: 13:58

So at least we used to say three copies. I've updated that to be three versions. So three versions of the data over time. And so you have a spreadsheet. And so you're updating that spreadsheet every day. That means today's version of the spreadsheet, yesterday's version of spreadsheet, etc. And maybe it might be this morning's version, this afternoon's version, et cetera. It's just three versions of that thing over time.

Jamal: 14:23

The most up to date version, the version before those changes were made, and the version before that's.

Curtis: 14:28

Exactly. And to me, that is a bare minimum, and any decent backup system will give you way more than three.

Jamal: 14:35

Okay?

Curtis: 14:35

Okay. And then two meaning on two different media. So let me give you an example of what doesn't meet that. So do either of you use a Mac?

Jamal: 14:44

Yes.

Curtis: 14:45

Okay. You know Time Machine?

Jamal: 14:47

Yeah.

Curtis: 14:48

Okay, so Time Machine is the thing that you can use to back up a map. The way to use Time Machine is you connect a portable hard drive, right? And it will go, hey, there's a portable hard drive. Do you want us to use it to back it up? And you go, yes. And it will format it, and then it will send Time Machine backups to that hard drive. What you can also do is you can go into Disk utility, format your hard drive, the one on your laptop, into two different hard drives, right? And then Time Machine will ask you if you want to use that other hard drive to back up the first hard drive. You just backed up hard drive one to hard drive one. You didn't do anything, right? That's what the two is about. Make sure that you're storing it on something else. And then also an element of that too, is to make sure that as best as possible, you store it on something that has a different risk profile. So it became harder when we went to disk based backups because the primary is a disk and the secondary is a disk. So one example would be to go from a disk that's in your computer to a disk that's in a cloud service, which is a different kind of disk that's protected differently. So that's what the two is, to have it on two different kinds of things. And then the one is a lot easier to describe, which is just make sure that it is stored geographically apart from whatever it is that you're protecting. And again, it's always easier to show what isn't that I'm sure you're aware of the ORV file, that fire that happened first part of last year, the cloud provider in France where they lost this data centre due to this huge fire that the fire suppression system was unable to suppress. And there is a class action lawsuit right now from customers not that had data in OHV and failed to protect it and therefore lost data. They had data in OHV This is what they're claiming in the lawsuit. They had data in OHV that they paid for the OHV backup service. And OHV said that the data would be the backups would be physically separated or segregated or something like that from the things that they were backing up. Well, apparently physically separated meant we're going to put it over in the corner. But when this fire took over the data centre, it took out the backups as well as the primary. And so that's what that one is about, making sure that you're putting it far enough away. And mainly here we're talking about disasters, natural disasters and fires and floods and things like that, but also in the modern cloud world that needs to be far away. It's what we call an air gapped copy. It needs to be stored in such a way that whatever might do damage to your primary, which includes now ransomware attacks, can't spread to that copy.

Jamilla: 17:25

Hopefully that's puts it that was really informative. Thank you. And I was taking notes about what I need to do to back up the data that I have. So your role at Druva is a Chief Technical Evangelist. What does that entail?

Curtis: 17:39

This.

Jamilla: 17:40

Fair enough.

Curtis: 17:42

This is literally my job, explaining the very technical things of data protection to people that they're concerned about their data. They're not like me and they don't spend their life doing backup and recovery. Right. When I say things the way I say so, for example, when I talk about creating an air gap copy, all of the data that drew the customers, we are a SAS service that does data protection and data resilience. All of the data that they send to us is air gapped. So we meet the three, two, one basic definition. We had a lot of things on top of the three, two, one. But if you're an on premises data centre, you sort of have to manually create that process. If you use a service like Druva, you get that process and many other features just as part of the service.

Jamal: 18:28

Right. That sounds really helpful. Sounds like I can have grew up taking care of all of the backups for all of my clients and not have to worry about it. Because you're following the three to one. It's going to be at least three versions. We're going to have it across two different mediums and physically they're going to be in separate places. So even if we do have a fire, we saw like in Paris and the backups are separated in the corner, it's not going to be all deleted and forgotten about. People can have that reassurance. So tell me, Curtis, who does Druva help? What does your ideal customer look like?

Curtis: 19:01

So sort of our sweet spot is mid to large enterprise. Right. We're not a B2C product. Right. There are competitors that go after are you familiar with the term prosumer?

Jamal: 19:12

Yes.

Curtis: 19:12

and: 5500

Jamal: 19:12

That sounds super helpful. So let me see if I've got this right. If I'm a Privacy Pro and I'm listening to this. One of the things we've identified is we need a better solution. For our backups. One of the options, if I'm a business, has got around 250 employees. Anything from 25 you might actually be able to support, but it might not be the best fit. Anything from around 250 employees. Plus if I'm supporting one of those clients, it would actually make sense to come and have a look at the opportunities that Drive have so that we can outsource all of that over to you. I'll be confident that you have following the basic principles of the three to one in terms of you're going to take at least the last three versions of the document. I can be confident that you're going to follow the two, as in it's going to be kept in two different places, two different mediums, and it's going to be more than one physical location. You'll be using AWS. So we get the added security of knowing that Amazon Web services actually behind that. And what you're saying is because of the way the charging or the way businesses are charged in the market, a lot of companies will say, this is how much data you've got, this is the bill for it. What you're saying is you actually do is you actually have a look for anything, say, hey, you've got ten of the same files. You don't actually need ten of the same files. You just need this additional part to add to that and that will save you the space. And then when it comes to restoring it, you don't have to go through tons of duplicate data because you've got exactly what you need and you've taken care of all of that. Does that sound about right, Curtis?

Curtis: 23:15

Yeah, it sounds about right. I would add that the deduplication, it saves you in two ways. One is because we're reducing the amount of data that we're storing, we reduce your bill and then just why we can do this service, including all of the infrastructure at less cost than what a typical on premises backup system would cost. And then secondly, it also saves you because we do the data at the source side, at the client side. Why does that matter? It reduces by an order of magnitude or more the amount of bandwidth that you need to send us the data. And on top of all of this, we have all of these security layers that go three, two, one, is like the very basic definition of a backup. To that we add all of these security features, things like role based administration, the concept of least privilege, making sure that in your account you can specify who gets to do what so that no one person has the ability to destroy your environment. And we also add other protection features, such as if someone that is privileged in your environment goes rogue and deletes a bunch of backups. We actually have the concept of where we're actually able to go in and recover that data for you, even if they deleted your backups. Right. Think of it as a recycle bin for your backups, and then we're going to be adding additional features on top of that. Backups are all stored in a way so that you don't have to worry about ransomware attacking your backups. There's just no path, no route for them to get from A to B. And the beauty is, you get all of this design, all of this security, and all of the best practices without you having to worry about any of them.

Jamal: 24:58

Yeah, that sounds like you've taken a lot of pain away from my shoulders. So if I'm a private professional, I'm thinking about finding a solution that actually helps me to fulfill the obligations. And let's look at it from a GDPR lens. So one of the things that I have to do is to have to make sure that there is confidentiality, integrity and resilience, and it's actually available. So you're saying you have identity and access management in place, so you can restrict it to the people who are allowed to see it. And even then, you're saying if one of those people turns into a bad actor or make a mistake for whatever reason and something was to go wrong, you can actually be resilient against that, and you can actually recover against that because you have those measures already put in place. You're taking care of all of the security side of things. And in terms of actual international data transfers, I can actually specify if I need that information to stay in Europe, if I'm working with a client in Saudi Arabia, for example, and they need to make sure it stays local, we can actually specify it stays local as well. So we can actually pick and choose where we want that data to stay, so we don't have to worry about any additional security measures that we might have to do for sending it out of the boundaries of whatever the jurisdiction we're in.

Curtis: 26:04

Correct. We're in almost all of the full AWS regions. About the only one that I know that we have zero plans to move into is China, for obvious reasons. The government has requirements on services that run within the country, and we don't want to meet those requirements because one of our requirements is that all data is encrypted in such a way so that only the customer can see it, that even if someone got ultimate power, whatever that is, within the Druva environment, they would not be able to see a customer's data. And by the way, some of our competitors that offer services that isn't true of their products, and that's a requirement in China, right, is that the government has to be able to see data. And so we're not in that region, but we're in, I think, almost all the other ones. Yeah.

Jamal: 26:53

No, I'm familiar with the challenges that exist when trying to operate within the jurisdiction of China. Under the Chinese government. And there's a couple of interviews with the BBC about why Huawei was banned from the UK. It was because of all of these risks that you're saying, where the actual Chinese authorities insist they have to be able to see any access that goes across any kind of Chinese provider, whether it's in China or elsewhere. As long as it's one of those touch points that have something to do with China, then they have to be able to come and knock on the door and say, show me what you've got. Yeah.

Curtis: 27:25

Not very privacy friendly.

Jamal: 27:27

We can see that China is taking steps towards progressing and trying to meet the standards that have been set by other places of the world. They've recently introduced a very comprehensive piece of legislation to help them to come and join the rest of the world when it comes to protecting privacy and security. And I think they're thinking the right way. We obviously have to say they have been quite immature compared to some other countries that are a little bit more fortunate when it comes to privacy. But at least we can see they're starting to crawl and hopefully soon they'll learn to walk and maybe they'll start sprinting as well.

Curtis: 28:02

That'd be great. Yeah. It's certainly a great market, but we have zero interest in creating a service that allows people to see our customers data. Right. So as long as that's not a requirement, I can see us eventually doing that.

Jamal: 28:16

Absolutely. And as a data privacy professional, I completely respect that right to privacy. A customer has trusted you with something that's valuable to them. It should only be visible to them. They haven't given you something to put on show, to own a museum. Otherwise they would have just left it out for anyone to see, and their customers probably wouldn't appreciate that too. So I completely understand that and I respect that integrity. I have a question for you, Curtis. How did you actually get into data protection?

Curtis: 28:40

Well, literally, it was the only job I could get. Right. I was fresh out of the Navy, I was interested in computers, and my wife actually was working at what at that time was the second largest credit card company, MBNA, I think. I actually still have a presence over in the UK. I've seen the letters over there, but they had big banks with big data centres, and that looked amazing to me as a person who was interested in computers. And basically it was the job I could get, and it's amazing to me. It was a $35 billion company and they handed me the keys to the kingdom. I'd been there, like, a week. Right. We've addressed this issue, but historically, the backup person had the most power in the entire data centres. Why? They needed the root or admin password to every server and they needed the root or admin password to the backup server. So not only could they destroy all of the primary data, they had the ability to destroy the copy of all the primary data. Right. And I literally had that power within a week or two of joining the company. And this is why I'm saying it's a really bad idea. And just really all that happened is I went from being the backup guy to being the person in charge of the backup team. And then I left that company to go into consulting, and I got sent to the headquarters of a large oil and gas company, and it turns out and I was just sent to be a sysadmin. And when I got there, their backups were broken. In the beginning, it was literally happenstance, right. And then at some point, I did sort of realise, I think it was the point when I decided to write an article about a script that I had written to backup Oracle, and I published it in a publication called Unix Review, which was long since gone by the wayside. And I got letters, like 75 emails from around the world saying, oh, you've opened my eyes, and I caught the publishing bug. And it was shortly after that that I decided to write my first book.

Jamal: 30:50

And congratulations on all of your publications, by the way. Thanks. That leads me to my next question, actually. So you've someone that started pretty much fresh into back up. You remember the words that your father had given you. I don't care what you do, make me proud by doing whatever you do and become the best at it. And I can see that you really invested in yourself and you've grown and you've become missed the backup of the industry. Right. What led you to see the value in investing yourself to be the best you could possibly be, and how instrumental has a mentor being as part of that process of your growth?

Curtis: 31:28

Well, honestly, I guess it was just that work ethic that my father had taught me. He was a draftsman, a steel detailer, and everybody was an architect. Architect is sexier than a draftsman. Right. It's like, no, he's not an architect. He's this but he was really good at it, and it still is really good at it. He's still working, and the sort of the self determination, right. And then also there was I have a family, right? I met a wife. I live here in San Diego. I met her right after getting out of well, I met her while I was in the Navy, and we got married shortly thereafter. And then I had two kids, two beautiful daughters, now a granddaughter. Somebody's got to pay those bills, right? So worked my way forward. I would say the hardest thing to overcome, especially in the beginning, when you get into publishing, if you're going to publish something as an expert, will it better damn well be, right? I remember when I published my very first article, I was terrified that someone would call me on something, and then it was wrong. And amazingly, something was wrong in the very first article that it published. I had a common misconception about the way hot backups work in Oracle. But when I went to write the book, you discovered that there are plenty of people that will help be what they call technical reviewers. And so, like the book that I just came out with, I think we had something like 46 people read all or part of that book. So it was good.

Jamal: 33:08

Yeah, I remember when I had my first published as well, it was with one of the larger newspapers here in the UK. They did the digital version of it. There was lots of people coming and commenting on all sorts of comments. And I remember the first couple of hours I was reading the comments, and then one of my mentors said to me, he said, stop reading the comments. Don't read it. Don't worry about it. Do what you do. Go and focus on the next thing you've got to do. That's going to be great. Forget about all of this stuff. And you know what? That was the best piece of advice I could have listened to at the time. Because I think a lot of people, especially with all of these social media, whether they're publishing something or not, when people are posting on LinkedIn, where people are offering thought leadership, a lot of people are worried about what other people are going to say. And you know what? There's always going to be somebody that has something to say. And just recently, actually, I think it was earlier this week, I went and I wasn't part of a podcast and I was talking about cookies and forget the fact that I haven't actually charged and I've given up my time to come and share some stuff with people. There was somebody who took that podcast and I was like, oh, one of the guys in the podcast mentioned invasion of Privacy and it made me cringe. And it was cringe with a whole LinkedIn post about it. So, I mean, it doesn't matter what you do, people will always find something. But how have you as an author, how have you as a professional, how have you as somebody who's at the top of their field, had a resilient and strong mindset to overcome those things and still focus on doing what you do and make it motivate you to do even better?

Curtis: 34:34

Well, I think you have to separate what I'm going to call valid technical criticism. This thing that you said is incorrect. A perfect example, again, is what I said about the way Oracle hot backups work, right? I said that when you put Oracle in backup mode, the right stop to the database, that isn't the way they work. That was incorrect. When the guy contacted me, I was more than happy to take that valid technical criticism of something I said, and I will correct that. That is fine, right? In fact, on my podcast, I'm often stating emphatic things that are technically my opinion. They're based on my experience, but they're technically my opinion. Like, for example, SAS Systems must be back up. There are people who disagree with me. I would love for you to come on my podcast and disagree with me and talk to me about your stuff. And you know what? If I'm wrong, I'm wrong. I will change. You have to separate that from you're an idiot or you stink as a presenter. Or I would have said it this way, right? I remember having a heckler one time, like an actual heckler in a physical presentation, and he kept calling me out. It can be quite jarring, right? You're up there as the expert, you're presenting, and you have some guy over there that's yelling pants. And I remember he just kept saying things, and then at some point and I was trying to ignore him, at some point he said, after saying many other things, he said, well, if I was presenting, I would. And I just stopped and I said, well, you know what? When you're presenting, you are more than like, you're more than welcome to say whatever you say. But right now, I am presenting, so I would like to say what I want to say. What do you think? And it shut them up. Right? You have to separate that thing you are saying or writing is technically incorrect from you're. A, noob people attacking because there are also people that are jealous because you're presenting. They think that you're fully yourself, right? You have to separate those attacks on your personal character and whatnot that's the stuff that you really I agree with your mentor that said, don't read that type of stuff. I still read comments, but if I see a comment because I participated in Reddit, I mean, talk about comments. That's all it is, comments. I'll have a technical argument, but the moment an argument gets into an ad hominem attack, they are attacking my argument based on who I am as a person, then I'm just, okay, well, you've given up the fight, right? I'm done arguing with you. So I'd say that's my best advice is to separate those two things.

Jamal: 37:24

Thank you. Is that super helpful advice? Because I know so many Privacy Professionals, they actually do want to speak at webinars. They actually do want to write articles. They actually do want to write very useful LinkedIn post, reddit post, whichever platform they're using. But sometimes they find out they're holding themselves back because of this fear of criticism. And I've met people and I've met people who are brilliant and they have such amazing things to share, but they're holding themselves back because of the fear. And one of the things that you've actually helped them to overcome from listening to you speaking today is that, you know what, go ahead and do it anyway, but just separate the stuff. That is valid criticism because you're still a human, you can still make mistakes. You don't know everything. Nobody knows everything. So have a look where there is something to learn. Take the feedback, make the changes or improve it next time. But the moment they start attacking you as a person because they're jealous, because they're feeling inferior, because of whatever it is that's going on, just ignore that. Move on and find a way to overcome and be resilient. And sometimes you actually have to meet them head on a little bit like you did, and make sure that they understand that it's not appropriate. And if they are so clever and if they are so great, then maybe they can go ahead and do the same thing. It takes a lot of guts to stand up in front of people, to say something, to speak, to present on a webinar. It's easy to go and make criticisms afterwards.

Curtis: 38:45

I want to add it also matters when you're presenting to use lots of phrases like, in my experience, as far as I understand, what I've seen is this if you're going to say there is no way you can do A-B-C well, you're almost guaranteed there's going to be one way and then you're just wrong, right?

Jamal: 39:07

Absolutely.

Curtis: 39:08

But if you say, as far as I understand, there's no way you can cut your grass without a lawn mower, and then somebody goes, well, hey, here's this magic thing that makes your grass not grow. And you're like, well, good for you, right? That means you weren't wrong. It's just in your experience, you've never seen that thing. Right? I also, when I'm making comments about, especially if I'm commenting on groups of products, I always say the vast majority of or I try not to say all products do this. So you have to be careful of how you say things. There's that as well.

Jamal: 39:43

Thank you. That's been super helpful. And for anyone who's listening. Who has been holding themselves back. I'm hopeful that this having listened to your words of wisdom and advice. Will actually help them to go past that and starting to focus on the great things that could happen and how they can really make their careers thrive and how they can really go out and start making a valuable contribution to society so that together we can start empowering businesses to really adopt on its privacy practices. You mentioned your podcast a couple of times, and I know you're the host of a podcast called Restore it All. Tell me a little bit more about your podcast and who it's really ideal for.

Curtis: 40:17

It is basically a podcast dedicated to protecting data. It gets its name from a parody song that I wrote. It's actually a parody of Adele's rolling in the deep. You can actually find a YouTube video. My daughter actually is the singer on the song. She's actually a pretty good singer. Oh, wow. The phrase you remember in the song, you could have had it all in the Adele song so you could restore it all. So it's a song about a girl that gets her she deletes her data, and then she finds out that her company's backup system is ****, and so she doesn't get her back or data back, and so she's very angry. So that's what the song was, which actually preceded the podcast. So that's where the podcast name comes from. And it just comes from this idea of being able to protect and restore data. So we talk about obviously, we talk about backup and recovery a lot. We talk about ransomware a lot. We talk about privacy, we talk about cybersecurity and just anything that's on the periphery of that. And we just try to get interesting guests. My favourite guest of last year was we actually got Peter Probe, which is the author of a book called The **** Book. It's Digital Asset Management, and the first version of that book is where the term the three to one rule came from. So that was a good get. So we just do all of that. I try to explain things in non technical it's a technically leaning podcast, but I don't want to leave non technical people out. So I try to explain anything that's nontechnical. My co host is really good at calling me or another guest. If they throw out a TLA, write a three letter acronym and then don't define it. But it's really just about people that are concerned about backups and encryption and security and things like that.

Jamal: 41:57

Awesome. That's super helpful. Curtis, our time together is coming to an end. I know you're super busy, and you've got a lot of things to do. What we usually finish off with is the host gets asked a question, so you have the opportunity to ask me a question over to you if I.

Curtis: 42:11

Could say one thing and then ask you the question. One thing I forgot to mention is if people are interested in Druva, we do have a webpage Druva.com.podcast. They'll find something just for them there. My question for you, sir, is how many of those books behind you have you actually read?

Jamal: 42:29

So this behind me, if I'm honest, is not actually my bookshelf. Right. My bookshelf is back in my bookcase over there.

Curtis: 42:42

Got you.

Jamal: 42:43

I think I'm going to be honest from my current book collection. I've probably read about 40% of the books I have.

Curtis: 42:51

Yeah.

Jamal: 42:51

One of the challenges I have is I'm a prolific book buyer. So when I'm speaking to my mentors, when I'm speaking to people that I respect and recommending books to me, I will add them to my Amazon and I will buy them straight away, and I'll have them.

Curtis: 43:02

Oh, really?

Jamal: 43:03

The challenge is time is a big challenge. So I don't get through them as quickly as I would like. But I am an avid reader. I do love reading books, but one of the books I'm reading right now is actually super interesting.

Curtis: 43:15

It looks like you're looking at the

Jamal: 43:17

Bookshelf, it's called Tribal Mentors and it's by Tim Ferriss, the guy who wrote The Four Hour Workweek. And it's really interesting it's because it's a collection of the people that he's interviewed on his podcast and he's taken the best bits out. So you can pick the book up and you can actually read any story and it makes sense and you don't have to follow it cover to cover. So I find that when I haven't got time to read for about half an hour, an hour, as long as I pick that book up and I read a little bit of it, I can still tick the box off at the end of the day when I say, you know what, today I've actually added to my mental notes.

Curtis: 43:49

Yes, I actually like audiobooks and I find that I'm like if I buy an actual printed book, it often will sit there a long time. But an audio book, I can use it while I'm doing lots of other things. For example, woodworking I mentioned there, I can just listen to that. I find I get more content into my brain that way. But different people are different.

Jamal: 44:11

Yeah, exactly. Everybody has a different learning style and not many people, not everyone is like me. Many people like you can actually multitask. For me, I can only focus on one thing at a time. Like my wife will tell you, sometimes we are driving and I'm having a conversation with her and I miss my turn because I'm so fixated on the conversation. So for me, my learning style is I like to read very auditory for digital. And it's really interesting what you're saying because we started the Privacy Pros podcast and it went out as an audio file as all podcasts do. And recently I did a couple of polls on LinkedIn following some of the things I've been learning about how different people learn. So at the Privacy Pros Academy, one of the things I try to do is regardless of what preferred lead representation or learning system somebody prefers, I try to communicate to them in all ways so they get a fully enhanced learning. And whether you're someone who is visual, someone who is auditory or someone who is actually kinaesthetic, you will get the most out of the session and attach all the touch points. And one of the things that led us to come to was that, you know what, so many people are actually visual learners and they might not necessarily listen to the podcast, but they would actually watch a video of us talking. And that's why we also are putting these videos or these podcast recordings out as YouTube, which is why we have the cameras on I have done the.

Curtis: 45:27

Exact same thing as what you just described on the Restore It All podcast, literally as of a few weeks ago, for the same exact reason that you said that's amazing.

Jamal: 45:36

Curtis, it's been an absolute pleasure speaking with you today.

Curtis: 45:38

You as well.

Outro: 45:41

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.

Outro: 45:49

Remember to join the Privacy Pros Academy Facebook group where we answer your questions.

Outro: 45:54

Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class privacy pro.

Outro: 46:01

Please leave us a four or five star review.

Outro: 46:03

And if you'd like to appear on a future episode of our podcast, or.

Outro: 46:07

Have a suggestion for a topic you'd like to hear more about, please send.

Outro: 46:11

An email to team at Kazient.co.uk

Outro: 46:15

Until next time, peace be with you. Bye.