Nandita: 00:00

The thoughts and opinions expressed by guests on this podcast are solely their own and do not necessarily reflect the views of their employers or any other individual or organization.

Privacy is such an emerging field, and people encourage diversity, so you never know what your unique skill set would bring to the organization, and maybe that's what they're looking for. So just say yes to job opportunities, apply to speak at different conferences. Even if you don't think that you have a very compelling story, you are judging yourself more harshly than others are.

Intro: 00:26

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.

Intro: 00:31

Welcome to the Privacy Pros Academy podcast by Kazient Privacy Experts. The podcast to launch progress and excel your career as a privacy pro.

Intro: 00:42

Hear about the latest news and developments in the world of privacy. Discover fascinating insights from leading global privacy professionals, and hear real stories and top tips from the people who've been where you want to get to.

Intro: 01:01

We've trained people in over 137 countries and counting. So whether you're thinking about starting a career in data privacy or you're an experienced professional, this is the podcast for you.

Jamal: 01:22

Hi, and welcome to another episode of the Privacy Pros podcast. I'm your host, Jamal Ahmed, founder of the Privacy Pros Academy and author of the international bestseller now the Easy Peasy Guide to the GDPR. And I just want to say thank you to every single person who has already pre ordered the book and helped us rank as the number one hottest release on Amazon and also get us number one bestseller category in two of those bookselling categories. So thank you so much. And if you haven't got a clue what I'm talking about, and if you haven't got your hands on the book yet, then try before you buy. You can get hold of the first chapter for free. www.bestgdprook.com go in there, have a look, and you can download the first chapter for free. And if you love what you see, then you can go ahead and buy the rest of the book. If you don't, let me know what's missing and I'll make sure I add to it on the second edition. Either way, let's get to our guest today. We have an amazing guest today, someone that I'm super inspired by. She's so accomplished and at such a young age as well. And the thing is, she's so modest. She's very humble about all of her achievements, and she realized that she's got so much more to learn, and this is exactly the kind of mindset that we love. And that's what you see when you see people of excellence, is they're very humble and they're always aware of how much they have yet to know. And that's one of the curses, I guess, of learning, is the more you learn, the more you realize how little you know. But without further ado, let me introduce our amazing guest for today. Our guest is Nandita Rao Narla. She is the head of Technical and Privacy Governance at DoorDash where she leads the privacy engineering, privacy assurance and privacy operations teams. Previously, she was part of the founding team of NVISIONx.ai, a data profiling startup that classifies enterprise data to optimize security controls and solve privacy compliance challenges. As an advisory manager at EY, she focused to enhance privacy programs, scaling risk management functions, and driving data protection initiatives for Fortune 500 companies. Nandita currently serves on the advisory boards and committees for privacy and cybersecurity focused non-profits such as Extended Reality Safety Initiative, which most of us will know as XRSI, Institute of Operational Privacy by Design, NIST, Techno Security and Digital Forensics, and of course, the IAPP's Privacy Engineering Board too. Nandita holds an MS in Information Security from Carnegie Mellon University, a BTech in Computer Science from JNT University, and privacy and security certifications such as the Fellow of Information Privacy, the CIPP/US, the CIPT, the CIPM, CDPSE, CISM, CRISC, and the CISA. Oh, my days. Wow. Nandita, where have you found the time to get all of these accomplishments?

Nandita: 03:57

At least for the certification I had a personal learning goal that every year of my career I'm going to get a certification, I'm going to study for it and take the exam, and I put that in my learning goals with my managers. So that helped me stay on track and at least work towards something every year. So it was just like part of my learning program for the past twelve years.

Jamal: 04:19

Awesome. So every year you decided, you know what, every year I need to upscale, I need to grow, I can't stay stagnant. So every year I'm going to add a relevant certification so I can add more value and I can keep continuing to learn and grow.

Nandita: 04:30

Yeah, it's very difficult to do it all together, so just think of it as long-term learning strategy.

Jamal: 04:36

I love that. It's one of the things that a lot of people that come and join us at the Academy love to do. They say, look, I want to feel accomplished, I want to keep growing, I want to keep learning, I want to keep adding to my skill set. And that's one of the things that we really love, is people who are not happy just to sit there and say, yeah, I've done this and that's it, I'm done. But actually, I know there is so much more to learn, so much more to grow. And that's what gets you those top tier roles. And we can see you're in so many top tier roles serving some of the biggest companies across the world. And we'll get more into that. But before we get into that, before we get into that, I have a very important question for you. What is the strangest thing you've ever eaten?

Nandita: 05:10

That's a difficult question because I'm a very conservative eater in that sense. I'm a vegetarian and I was a vegan for a long time. I've accidentally tried meat, and I think that would be the most strangest thing.

Jamal: 05:23

I've what kind of meat was it?

Nandita: 05:25

It was crab meat. It did not feel like meat. Also, it was very tasty.

Jamal: 05:32

So the strangest thing you've had is something that you didn't know what it was, and it was actually quite tasty. Okay.

Nandita: 05:39

After I found out it was crab meat, it was meat, and I was like oops.

Jamal: 05:43

Oh no why did you have to tell me?

Nandita: 05:47

No, it was so good, it almost tasted like a potato patty.

Jamal: 05:53

So I'm getting hungry now, but before my belly starts slumbering, let's get through this podcast. So could you walk us through your journey of transitioning from a security engineer to privacy engineering? What was it specifically that sparked your interest in privacy in the first place as part of that transition?

Nandita: 06:08

I joined Carnegie Mellon in their Masters of Information Security program, which was a very interdisciplinary course, I think at Carnegie Mellon, when I was studying security, in addition to my security and engineering courses, I was given the opportunity to take courses from the School of Public Policy, Design and Business. That allowed me to just get a broader understanding of the different aspects of privacy. And I also worked on a capstone project, which was building a healthcare application for emergency medical services to use based on cloud. So that allowed me to understand there was so much that goes into building a healthcare application that you have to comply with so many laws. And that was my first introduction to let's build some products which respect privacy. And the third aspect, I think, at Carnegie Mellon was I was exposed to the privacy engineering research at CyLab, Lorrie Cranor’s lab and that really fascinated me. And I decided that this is what I want to do for the rest of my life at that time.

Jamal: 07:18

Big commitment. So what was it specifically that really energized you, that you were like, you know what? This is it. This is brilliant. This is what I'm going to spend the rest of my life focusing on?

Nandita: 07:26

Yeah, I think it was just building the product by myself, like building an application which had patient health data, which was very sensitive, and being able to talk to emergency medical services and first responders and understand this is very crucial, this needs to be built. But at the same time, regulation should not stop innovation, and we have to balance both building and innovating in the space at the same time, respecting privacy for patients, especially in the space where you're in a car crash or something, you're not going to like, privacy would be the top of mind at that point. But anything that you build and individuals who are in the space should bake privacy into whatever applications they're using.

Jamal: 08:14

I really like that. I like that mindset about privacy not being a blocker and actually more adding to the solution rather than preventing stuff. And so trying to figure out those complex challenges really got you buzzing and it was like, yes, this is what I want to do. I want to help businesses find innovative solutions whilst protecting the privacy, whilst upholding that trust that's been entrusted to them by patients or any other class of data subjects. And I'm going to make sure I dedicate the rest of my life to serving in that way.

Nandita: 08:40

Also, I think I was very naive at that point. I had never worked in industry before, so this was like, I'm still in school and I think now I would be hesitant to make such career choices that will I just do one project and decide this is something I want to do for the rest of my life? Maybe not, but at that time that I had a lot of conviction that yes, this is something that I would be happy doing.

Jamal: 09:04

Well, it seems to have been a good decision and it seemed to go be working out very well for you. So for those who are just starting their career or thinking about pivoting to privacy engineering, what steps would you recommend they take to gain that credibility and establish themselves in this industry?

Nandita: 09:18

I think for anybody who's trying to pivot from security engineering to privacy engineering, they should recognize that you already have a lot of skills that translate very well to privacy. So don't undersell yourself. There is a lot that can be leveraged like one to one in your privacy careers. For example, if you worked on an export control project, that's basically similar principles as data residency and data localization projects. If you've done architecture reviews, or if you're an app second professional, you have an edge already in translating those skills to privacy by design. If you've done threat modelling for security, you can translate those for privacy threat modelling. There are lots of examples I can give, like if you worked on frameworks for security and cybersecurity frameworks like ISO or NIST, there are complementary privacy frameworks where you can start off with. So a lot of people don't see the patterns and sort of say that I am a newbie and I've never done privacy before, which I would recommend against taking that approach and putting your best foot forward and leveraging the skills that you have is a good way to transition into privacy.

Jamal: 10:38

Thank you very much. Super advice. And this is similar advice to what I'm speaking about on a daily basis to lots of people on LinkedIn and even some people who join the academy is they say, look, I'm stuck in a toxic work culture, or I'm stuck in a place where I don't want to be anymore or I want something different from my career. And I think privacy is a thing for me. And they look at the opportunities available and they can see that this is just an industry that's just starting to grow, really. And they see like, if I get in now, it's a great time to be, but the thing that they're most worried about. I think it's a little bit of fear, a little bit of being scared, and it might be a little bit with this scarcity mindset, is they feel like they have to start again. And some people are like, I've got ten years of experience doing this, that the and the other I want a change, I want a new fulfilling role, I want new challenges, but I don't want to take a pay cut, I don't want to start again at the bottom. And one of the things I explain to people is, look, when you come and join the academy, you're not starting again from the bottom. What we do is we focus on the skills that you have, the transferable skills that you have, all of the things that you mentioned that are complementary to what you'll be doing as a privacy professional anyway. We build on those, and what we want to do is stack those skills and add now the technical expertise, the subject matter expertise, and the practical experience. So you become a more rounded, valuable person, because guess what? As part of your role, you're going to have to talk to different areas of the business. And if you already know different things about different areas of the business, you're going to be able to add great value because you understand their challenges. And if you can make people feel understood, then they're more willing to understand you and you can achieve better results faster, quicker than someone who just knows privacy or who's just done privacy for their career.

Nandita: 12:11

Absolutely. And in most companies, privacy engineering still reports to security. So it's the same team. They understand what you've done, they recognize your skill set, and it's not going to be starting from zero.

Jamal: 12:25

So, Nandita, you've had an amazing career. I'm sure there have been some challenges that you faced. Could you share one or two of the biggest challenges that you came across and then how you actually overcame them so others can do the same and learn from your experience?

Nandita: 12:38

I think the biggest challenge when I was starting out was there were no privacy engineering jobs. This was a long time ago, and I remember as a student, when I was looking at opportunities at the career fair, there were exactly four jobs which had the word privacy in it from like, hundreds of jobs that were available to students. So I applied to all four, and there weren't that many opportunities where you can get a diverse skill set. So I joined EY Consulting Firm, seemed like a best opportunity for me to learn more about the field while doing different things. So I would recommend that if somebody feels they need to learn more or they're just starting out, a consulting firm is a good idea to start, especially a larger consulting firm where you can get international exposure as well as very large clients. The second challenge I faced was like, getting interesting work. This was pre GDPR. There weren't a lot of companies doing proactive privacy by design or large privacy engineering projects. So the most of the work was pretty baseline, a HIPAA compliance, or a GLBA compliance audit, or like, privacy program assessments. So it was a challenge to find roles and projects where I could stretch and do more challenging things. Some of the ways I navigated around that was a I just said yes to every opportunity that seemed difficult to me, even if it was not directly related to privacy, just so that I could learn some hard skills like secure coding and architecture reviews, those I think I still use day to day. Another thing that I did at that time was joining rotational programs. There was an R&D team that was building frameworks and was building tools that other privacy professionals can used in other countries which had different privacy laws. So I volunteered to be part of that team, and I did a 20% rotation. So that gave me a lot of exposure and also access to really smart people who were working on very interesting projects, even if I wasn't working on that full time. So for anyone who's struggling to find good projects to work on, and if they're not in a privacy team yet, if they're in an adjacent field, whether it's in product management or design or security, I would recommend that they try to do like a 20% rotation with the privacy engineering team in their organization to learn more and get some hands on experience.

Jamal: 15:12

Wow, that was super valuable. And one of my mentors actually says to me, when you have two choices, you have the easy choice and the hard choice. Always take the hard choice, because that's what's going to help you to grow. And it reminds me of one of the things my other mentors actually taught me, was about using the difficulty. And I say that to a lot of my mentees, and they say, what do you mean by use the difficulty? And I say, look, my mentor said he got this from an actor, and the actor said he was basically auditioning for a theatre. It was improvisation. The guy ahead of him was speaking, and he picked up the chair, and he threw it. And when he threw the chair, he got stuck by the door. And so now it's his turn to come in and do his improvisation. And obviously he can't get in through the door. The chair is stuck in the door and he can’t get past the door. So the director shouts to him, use the difficulty. And he's like, what do you mean there's a chair stuck? He's like, use the difficulty. And he's like, I don't know what you mean. If it's a drama, pick up the chair and smash it to smithereens. If it's a comedy, fall over the chair and do a cartwheel or something. Whatever it is, use the difficulty. And I was like, wow, that actually makes sense. So now I'm always seeking for opportunities to put myself in difficult situations and then using that difficulty to learn and grow and to see what we can get out from you. And that's exactly what you've just explained to me in your own words, is how you used the difficulty and how you didn't just sit there waiting for stuff, but you actively took steps to seek out those exciting projects. And then you said, there's other things that you can do if you're fortunate enough to be part of an organization, is to actively go and say, I want to seek rotations and see if you can find some time, 20% of your time where you can go and actively help other departments and learn from them too.

Nandita: 16:42

Everybody likes to get some free labour. So if you go volunteer with the privacy team and tell them that you want to do this for free, extra time that you have, or you want to go and do some research or work on a side project, I think nobody's going to say no. And employers are generally very supportive of cross functional training and even supporting certifications or learning programs for individuals in related fields.

Jamal: 17:10

So you touched on certifications and learning programs. So as somebody who's got the whole alphabet after their name, for those people who are looking to educate themselves or to develop professionally, what specific certifications would you recommend to grow in privacy engineering?

Nandita: 17:26

For privacy engineering, because it's still an emerging field, there are not a lot of options out there. Nishant Bhajaria has an excellent book on privacy engineering, or privacy engineering run book for engineers. He's built a course around the book. It's on data protocol. Everybody can take it for free if you don't want the certification, like the course itself is free. I've also heard really good things about Carnegie Mellon's privacy engineering certification program. It tends to be on a little bit on the expensive side. So if you don't have employer support, it can be challenging to build the case to get that certification. But IAPP and ISACA have their CIPT, as well as the CDPSE certifications, which are more technical in nature. They're not focused on privacy engineering, but in general, the technical aspects of privacy professionals. So anybody who's trying to get into privacy engineering, those would be, I would say, starting points and some recognized programs that people can start with.

Jamal: 18:29

Great, thank you very much. So, guys, a whole host of resources available to you, even though you started off saying there isn't that many. You listed at least four different options that we have, and if we go by your standards, that's the next four years sorted for anyone who really wants to grow. And if you're interested in doing the CIPT, which is the Certified Information Privacy Technologist, we have helped countless people actually get those certifications, but not just get certifications. At the academy, we don't really focus on helping you pass the exams. That's not what we're about. So if that's what you're looking for, then we're not going to be a good fit for you. But if you're looking to go beyond the certification and really develop some clarity and confidence so you can be credible and you can really add value, then we're going to be a great fit for you. And I welcome all of you to get in touch to find out more about our programs. Now Nandita, impostor Syndrome seems to be a common issue for many professionals. As someone who's made a significant career transition, did you or do you and have you experienced this? And if you have, how do you deal with it, how do you overcome it? And what advice would you give to others experiencing the same thing?

Nandita: 19:30

Yeah, I think I am still working on my impostor syndrome. So especially being on podcasts or interviews like this, my instant reaction is to say, that what, you don't want to talk to me? Are you serious? What can I potentially offer? So it takes some courage from my end to even say yes to these opportunities. For imposter syndrome I think the worst time that it hit me was when I was working in my start-up and this was a founding team. We're a very small team. And every day was rejection because you're going to investors and potential clients, and you're like a team of five people and working very hard over the week to build something, and then you don't really get it. So this was like an everyday cycle where you pitch something and then it gets rejected. And that really hit my confidence a lot. And I was beginning to question whether I made a good decision by leaving a very established career and doing something challenging. Also, as a risk averse person, this was difficult for me. I think the first step to overcoming impostor syndrome is to acknowledge that you have impostor syndrome and just normalize it. That I think I read somewhere that about like 80% of professionals have impostor syndrome at some point in that career, especially if you're a minority, women, people of colour, immigrants, it hits them the hardest and just acknowledging that you have it will help you build strategies to overcome it. The second thing that I did for overcoming impostor syndrome was just adopting this 1% better mindset that you're not seeking perfection every month or every year, you're going to improve yourself a little bit. And that is what helped me to overcome it and just feel more confident that yes, okay, I don't know everything, but I'm learning. So it also gives you a little bit of confidence boost. I think the third thing is to just say yes to opportunity, even if you don't feel like you're 100% fit. And I think that goes more for applying for roles if you're looking for jobs, if you don't meet 100% of the job description, that's okay, you should still apply. Privacy is such an emerging field, and people encourage diversity, so you never know what your unique skill set would bring to the organization, and maybe that's what they're looking for. So just say yes to job opportunities. Apply to speak at different conferences. Even if you don't think that you have a very compelling story, you are judging yourself more harshly than others are. Apply to volunteer on projects at conferences, volunteer to review papers. And I think that's a really good opportunity to build some more confidence in the field.

Jamal: 22:18

Wow. Thank you for sharing some of those. And some of the things you said that really resonate with me. And one of the things that you mentioned was that people who are from a black or minority ethnic background, people who are second generation, people who are women specifically, tend to suffer from impostor syndrome more than counterparts who don't actually meet those descriptions that we've just described there. And this is especially true in the privacy industry. And I found that a lot of my mentees come and say we have these problems, and exactly what Nandita said is the same advice and the same process that we work through to overcome that. So impostor syndrome really takes place where somebody has lots of skill and experience, but they have low confidence, and that's all it is. And the reason we suffer from this low confidence at times is because of the high standards that we set ourselves. And we're always comparing ourselves against people who have accomplished so much more than us, instead of just taking a moment to appreciate just how far we've come from when we started our journey and just being grateful of that and knowing there is so much value we can add to someone who is just one step, two step or three steps behind us. We don't have to focus on being the front runner, the Olympian, the gold medallist in the industry, because there's still people that we can help along the way. We are one or two steps ahead of someone in something. I guarantee you that. And as long as we can help the people who are one or two steps behind us, then they will push us up to go to the next step. And the way we do that also is by seeking out those opportunities and putting ourselves in the unknown, taking yourself out of the comfort zone, because growth only comes outside of your comfort zone, and then you have a new challenge, and you have a new dimension. You're playing on a new level. And then that imposter syndrome kicks in again, and this is the thing you have to do it now. What Nandita said is, one of the things I teach my mentees is a problem well stated, is a problem half solved. So just by recognizing that you are suffering or you are experiencing impostor syndrome to begin with, you're halfway there to solving the problem.

Jamal: 24:04

And the second thing you said there, which I really love, is about getting 1% better every day, right? And that's all we teach at the academy, is progress over perfection. We don't wait for perfection, because if we sit there waiting for perfection, the world is going to leave us behind. And by the time you get something out there and you do something about it, it's going to become irrelevant. So we need to stay relevant. We need to stay in touch with the changing times. We need to see what's emerging in the markets. And if we just wait till we perfected our skills, perfected our knowledge, perfected our expertise in that, then it's never going to happen. Now, on my board, which you can't see, but there are two things at the top that I have, the first thing it says there, Nandita, you've read it, is, is this world class? So whenever I'm feeling like I shouldn't be doing this, who am I to talk about this? Who am I to create this? Who am I to write this? The first thing I said is, what I've created is it world class? And if it isn't, then I say, okay, what do I need to do to bring it up to a world class level? And if it is world class, okay, that's good enough. I don't compare it to what someone else has done. I don't compare it to what's out there. I just say, is this good enough? And good enough for me is world class. If it's world class, okay, that's great. If it's not, then that means I'm underselling myself and I need to do something to make it better. And the second thing I compare myself to is this number over here, 85%. So for me, that is the winning number. Progress over perfection. I give myself a whole 15% of margin for error, for growth, for anything. If I can hit 85%, for me, that's good enough. And I'm going to progress and I'm going to learn along the way, and I'm going to get 1% better every time I do this thing or every day as I grow in the different areas. And what you said there completely resonates with the reminder I give myself with everything that I do. And when it comes to imposter syndrome, trust me, guys, I've felt it more than I'd like to admit, actually.

Jamal: 25:38

And one of the things I mentioned to you at the beginning of this podcast is this book I wrote, the Easy Guide to GDPR. When you go and look at textbooks, law books and GDPR, you'll see every single book has been written by somebody who has been to some of the best academic institutions, got a law degree, got some more law qualifications after that. Maybe they've done a master's or a PhD or something and they're the people that put these kind of books out there. So when I was thinking, who am I? Son of an immigrant, not even a qualified lawyer, who didn't even go to one of the best universities here, who am I to put this book out there and ask the world to benefit from it? And I could have actually just stopped there and let my impostor syndrome get on top of me. But I didn't. I said, you know what? It doesn't matter. Why am I comparing myself to other people? I just need to compare myself to myself and be the best version of myself. And if I can create something that is world class, if I can create something that is 85% perfect and I know that I'm confident that it's going to add value because it makes things clear, it makes things easy and it gives people confidence. It helps people overcome the imposter syndrome, then I've got something valuable to share with the world. And actually, who am I kidding? When I gave thousands of similar copy out for free, everybody loved it. People were raving all about it. In fact, the reason we've turned it into a book was because people were telling me they was printing it off and keeping it on their desks.

Jamal: 26:56

So what I did, I took the old version I have, and some of you might have even downloaded it as the pragmatic guide to the GDPR. And then I took it to some of the people that you see on the podcast, the best people that I know in the privacy industry, the people who are really championing drive and excellence. And I said to them, hey, I've been giving this thing out. People love it, but I know it can be ten times better. I want you to have a look at it, rip it apart and tell me how I can make it even better. And I got lots of feedback from it. I took all of that feedback and then I turned it into now, The Easy Peasy Guide To The GDPR. And I'm so pleased with how it's actually being received. And the thing is, it's something that I can sit there and be proud of because I didn't let my impostor syndrome get in the way of me putting it out there. And I could have very easily said, you know what? Maybe Jamal, that's not for you. You just keep doing your consultancy, your training. Who are you to become an author? But if I did that, I wouldn't have got the opportunities that I'm getting now. I wouldn't have got the opportunity to put myself out there as an Amazon bestseller, as a best selling author. And that's opening up so many other doors and avenues and so many exciting opportunities are coming my way. And I probably wouldn't get an opportunity to speak to amazing people like you, Nandita if I let my impostor syndrome get in the way of me and say, who am I to create a Privacy Pros podcast?

Nandita: 28:09

So I think, Jamal, you admitting experiencing impostor syndrome is like a big step, and I would not have guessed that. You come across as such a confident person who's always been confident about his abilities. Thanks for sharing that. And I think this is a good time for me to ask. You've done such a good job at branding yourself in the space. That's something that I struggle with. And I've also had other women, especially like early career women, ask the question, okay, how do I brand myself in the privacy space? What tips do you have to offer?

Jamal: 28:40

That's a great question. I love that question. So one of the things that we actually teach on our accelerator program is there is a pillar. So there's five pillars on the accelerator program. The first is all about mindset, which we've spoken about, and you have a great mindset. The second is that subject matter expertise. The third is the credibility. That's where the certifications come from. That's where knowing how to talk the talk and walk the walk comes in. The fourth is practical experience. And the fifth is all about personal branding. So what is personal branding and why is it important? So with personal branding, you want your reputation, you want your brand to precede you. So when somebody across you before they come across you in person, they already have an idea of you. Now, whether you like it or not, people will look you up before they meet you, whether it's for a job interview, whether it's for some other thing. Even when you're going to date someone, they will do a Google search on you if you find them on an app, right? So the thing is, your personal brand, whether you actively choose to do something or not, is something that exists. So you can leave it up to chance for people to find whatever little is out there that some other people have put together or that's been created by some kind of social media algorithms or something that you like or not. Or you can decide to take control and be selective and choose how you want to be perceived out there, and you can stand for something. Now, the challenge is most people know exactly what to do. You know, you can write posts on LinkedIn. You know, you can talk about stuff that you've done, that you're working on problems that you're solving. The problem is people have this fear, this impostor syndrome, and they decide not to do it. And the reason they do that is because our minds are filled with negative thoughts. Automatically, we have negative thoughts because our subconscious always wants to protect us. And it's saying, hey, if you write this and you make a mistake, there are so many other people who might say this and they might say that. And remember that post that you read where somebody was getting slated for their opinion. Do you want that to happen to you? No. Exactly. Go and watch Netflix.

Jamal: 30:19

And that's the inner voice, your subconscious, that's telling you that because it knows nothing different. It thinks that it's trying to protect you. But there comes a time when our inner child needs to grow up and say, hey, I'm not that kid anymore in the playground. I'm actually a professional and I want to be a world class professional. So what do I need to do? So it means instead of saying, what would happen if I did this? And filling with negative answers, you rephrase the question and say, wouldn't it be great if and you fill in the blank. So you do something and you ask yourself, wouldn't it be great if and you write that five times. Once you've done that, you've rewired your brain to focus on positivity rather than the negative stuff that's going to throw you away. So that stops you from initially posting to begin with. So let's replace that first thought and question that we have in our head. If what if this happens? What if this happens? And let's replace it with wouldn't it be great if? Now that you've done that, the second thing you need to ask or the second thing you need to get away from is your ego. So what if someone comes and says something? So what if somebody doesn't like it? So what if you don't get any views? You're not doing it for that instant gratification. What you should be thinking about instead of, what can I get? Oh, can I get great comments? Can I get likes, forget about all that stuff. None of that actually matters. It's not going to pay your bills. What is going to pay your bills is when you create value for other people. And instead of asking, what can I get? The question I've always asked myself is, what can I give?

Jamal: 31:34

And the moment you start asking, what can I give? You start coming up with really valuable things that can help even just one person. But oftentimes you'll find that there's so many other people that are experiencing similar challenges to what you've overcome that by you sharing that value, by you explaining things in a way other people can understand. By you talking about your personal experiences, you're giving so much value. You're inspiring people that people will start messaging you, people will start commenting on you. You will start getting opportunities coming your way. And you did that because you put yourself out there. Instead of focusing on what can I get you? Focus on what can I give? The third problem people have is they say, I can't find my voice. And the reason they can't find their voice is because they're focusing on too many audiences. And what I mean by that is you write on LinkedIn, but they think, oh, sugar, what if my colleague sees this what if my manager sees this? Oh, what if my friend sees this? What if my old school teacher sees this? What if the people I used to work with see this? Okay, who am I writing to?

Jamal: 32:28

And they just get confused and they don't know who to write to and how to write to it. So what I teach my Mentees on the Accelerator program is, guys, whenever you create content, you're only ever going to write to one person. And this person you're going to write to is always going to be the same person. And I want you to think of who that person is going to be right now. And I make them do this in front of me. And if you're listening to this, bring out a piece of paper and a pen because Nandita asked a great question and you can get some great value for it. So I say think of a person or think of a few people in your life who have supported you and who have been there for you. Think of people who you love and you care about and who love and care about you back. And now tell me who they are and most of the time, somebody comes up with somebody in their family. It could be a spouse, it could be a mother, it could be a sibling, it could even be a nibbling. And when you think of who that person is, the person that loves you and you love back, that you respect. So you're going to have a warm tonality, you're going to have a kind tonality, and you want to make sure that they're not educated in the same thing that you do, because then you're going to get too geeky. So you find someone who meets all of those criteria, and now all you do is you write to them. Because now you're writing to one person, your tone is going to be consistent. You're writing to someone that you love and respect that is going to come across in the tonality that you use. And because they're not educated in what you're doing, you're going to be kind to them and you're going to explain things in the most simplest way, which means they're going to get it. And guess what? When other people read that, it gives them the clarity that they need. And that's the secret behind all of the content I create Nandita.

Jamal: 33:41

I always write to my eleven or she was eleven years old at the time I imagined it. And if you read The Easy Peasy Guide, it should feel like I'm having a conversation with her, but actually it's going to feel like I'm having a conversation with you because that's exactly how I wrote it. Because I was writing to one person. If I was thinking about all of the different people, legal counsel, privacy professionals, HR professionals, entrepreneurs, coaches, consultants, that all might be reading this book, I would be lost and stuck because I wouldn't know which tone of voice to use, what words to use, what not to use, what examples to use or not. But I kept it simple. I was like, I'm just going to write to my twelve-year-old niece and she's got no industry experience, so there isn't going to be any example that's going to be relevant to her. So I need to break things down in a way that even she can understand. And that's what's allowed me to create content, create training programs, create books, create amazing resources that people find, gives them amazing value. And there's one other thing that I'm going to give away here, which I normally reserve there's something called the KFC. No, don't worry, Nandita, it's not about chicken. You can still keep your vegetarian diet. That KFC, it's not the Colonel’s finger licking good chicken. It is basically, this is the question I ask myself before I start writing anything, is what is the KFC? And by KFC I mean what do I want my niece to know? How do I want her to feel? And what do I want her to commit to doing once she’s consumed or absorbed this piece of content?

Jamal: 34:56

So now I have total clarity. I don't get lost in going off tangent. I know what I want her to know, I know how I want her to feel, and then I know what I want her to do or commit to doing as a result. And that is the secret behind personal branding. The challenge is so many people are going to listen to this podcast, they want to do something about it and they do nothing about it. And I say it on every webinar, I say in every podcast, if you don't know what to write about, just talk about your takeaways on this podcast and out of the thousands of people that listen to it, we see maybe about 100 people doing it every week. They will tag you, they will tag me, and they will talk about their takeaways on the podcast. And you know what? That is amazing because they're now offering something which is their own analysis. They're creating content that is valuable because other people will see, oh, the great takeaways. I don't have to spend 45 minutes listening to the podcast. You've summarized it all for me or these are great takeaways. Now I know where to go and find this podcast that I didn't even know existed, and now I can listen from Nandita's experience. And then when me and you go and listen to it, we love to see that they're getting value from it. And we will add more contribution that exposes them to new networks and more opportunities start coming their way. So it's as simple as that. Find something that you like, even if it's his podcast, and go and share your takeaways. And we've got hundreds of episodes, so you've got enough content there for the next couple of years.

Nandita: 36:16

Thanks, Jamal. So, these are my takeaways. So I learned a lot about personal branding and I think at some point you should do a non privacy podcast too.

Jamal: 36:23

Why not? Say yes to everything? Let's do it.

Nandita: 36:28

Say yes. Let's do it. Thank you, Jamal. I did want to leave with a little bit of information. I'm hiring for two technical program manager roles in my team. So if anybody who is listening to this podcast is interesting in pivoting to a technical privacy program role or is interested in applying, feel free to reach out to me. You don't have to meet all of the criteria that's written on the job posting. Do apply and I will personally read every application.

Jamal: 36:49

And what are the three top qualities that you're looking for? Not the technical skills, but the people skills.

Nandita: 36:54

I think I'm looking for curiosity. So people who are generally interested in learning, people who have a strong bias for action. You will be presented with very difficult challenges and you just have to solve them. And I think we're just looking for people who are team players who just respect others and work with cross functional leaders in a respectful and inclusive manner.

Jamal: 37:19

Awesome. Thank you, Nandita, for sharing this opportunity. So, guys, if you're looking for an opportunity, Nandita is here. You've heard all about her story and you've heard exactly what she's looking for. And she knows that you can grow the technical skills, but it's the attitude and the soft skills that you can't teach someone and that's what top employers hire for because we know the skills can come after. So, guys, if you're listening and you're interested, reach out to Nandita on LinkedIn. Is there an application process or should they just reach out?

Nandita: 37:42

Yeah, I'm going to go and share the job posting on LinkedIn and feel free to message me on LinkedIn. Unfortunately, that's the only social media I'm on.

Jamal: 37:50

Find Nandita on LinkedIn. We're going to link her into the show notes anyway. So click on Nandita's link, go and find the post and then go and put yourself there. Mention you've listened to this podcast so then she can make sure that she looks out for your application, give you a little bit of special treatment.

Nandita: 38:04

Thanks, Jamal, for having me. It was great talking to you. We'll do this again.

Jamal: 38:09

So, Nandita, thank you so much for your time today. We had an amazing conversation about privacy engineering. We spoke about growth mindset, we spoke about the relevant certifications, and we also spoke about some of the things that might be holding us back. And we finished off with a masterclass on personal branding. It's been an absolute amazing session speaking with you. Thank you so much for coming to the Privacy Pros.

Outro: 38:30

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.

Outro: 38:38

Remember to join the Privacy Pros Academy Facebook group, where we answer your questions.

Outro: 38:43

Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class privacy pro.

Outro: 38:50

Please leave us a four or five star review and if you'd like to appear on a future episode of our podcast, or have a suggestion for a topic you'd like to hear more about, please send an email to team@kazient.co.uk

Outro: 39:05

Until next time, peace be with you.