Cyberattack—an ominous word that strikes fear in the hearts of nearly everyone, especially business owners, CEOs, and executives. With cyberattacks resulting in often devastating results, it’s no wonder executives hire the best and brightest of the IT world for protection.
But is that enough? What if the brightest aren’t always the best choice for protection?
In The Smartest Person in the Room, Christian Espinosa shows leaders how to leverage their company’s smartest minds, with lessons from Christian’s own journey from cybersecurity engineer to company CEO. He describes why a high IQ is a lost superpower when effective communication, true intelligence, and self-confidence are not embraced. He shows how readers can develop their team’s technical minds so they become better humans and strong leaders who excel in every role. I recently caught up with Christian to learn more about his new book: what inspired him to write, his favorite ideas in it, and how those ideas have shaped his life.
What happened that made you decide to write the book? What was the exact moment you realized these ideas needed to get out there?
About four years ago my team debriefed me how a penetration test review session went with a client. One of my highly technical staff members kept saying “they just don’t get it,” meaning, the client didn’t understand the seriousness of what we were telling them or the real cybersecurity risk. I had heard this “they just don’t get it” many times before, but something about this time was different and all the sudden hundreds of instances of intellectual bullying, posturing, and poor communication that I’ve experienced consistently in every job, every industry, throughout my cybersecurity career went through my head.
I could no longer unsee the absurdity of what was occurring on a massive scale in cybersecurity. It was my company’s job to ensure the client “got it.” I’m a fan of NLP (Neuro Linguistic Programming) and one of the NLP presuppositions is “The meaning of communication is the response you get.” My company was failing our clients. It is our responsibility to make sure our clients “get it”, otherwise they won’t improve their cybersecurity.
After that meeting, I focused on developing my team’s soft skills, such as awareness, mindset, communication, monotasking, and empathy. Our technical staff gradually improved their soft skills. These improvements resulted in better client experiences, more secure clients because they “got it,” more repeat clients, and more sales.
The exact moment I knew this book was needed was Thanksgiving 2019 in Hong Kong. I often travel to Hong Kong for an annual reflection and planning trip. In the 2019 trip, I reflected on my business (Alpine Security), my career, past employees, existing employees, relationships, and my own development. I thought about my journey as the owner and CEO of my company and all the things I’ve learned the hard way—by paying the “dumb tax.”
I also thought about the cybersecurity industry (which is not getting any better), where there’s a new major breach every day. In cybersecurity, the emphasis has always been on technology and almost every book out there is about using technology or following complicated frameworks. No one was addressing the elephant in the room: the soft skills of the highly technical staff. I decided I would address the issue, based on my experience and what I’ve learned.
What’s your favorite specific, actionable idea in the book?
My favorite actionable idea in the book is probably the concept of the “cookie jar.” I first heard of this concept from David Goggins. The idea is to reflect on your life and think about all the hard things you’ve done, all your accomplishments and failures, the times you’ve pulled through, etc. Write these items down and put them in a cookie jar or somewhere you can pull them out to review them again. These challenges you’ve overcome are your “cookies.”
We often forget what we are capable of. When our confidence is low or we are feeling sorry for ourselves, we can look back at all we’ve accomplished. Starting and running my business was the most challenging thing I’ve done and there were many times I felt like I was going to go bankrupt, lose my sanity, that I didn’t have it in me, etc. What got me through these times was looking at my own “cookies”—overcoming my childhood, completing 22 Ironman triathlons, graduating the Air Force Academy, etc. We are capable of more than we think we are. Sometimes we need a reminder of how badass we are to push through the next challenge.
What’s a story of how you’ve applied this lesson in your own life? What has this lesson done for you?
One of the lessons in the book is a growth-mindset. I believe in a growth-mindset and apply this concept to all aspects of my life. It’s a shift from “I’m just not good at this” to “I can improve and learn to master this concept.” I started Alpine Security in 2014 and thought growing a business would be simple. I was wrong. I faced challenge after challenge.
Each challenge had two real options: one was to give up, the other was to figure it out. Giving up would have been applying a fixed-mindset—that I just didn’t know what to do or that I didn’t already have the skills. Figuring it out, which is the path I consistently took, meant I needed to grow my knowledge, skills, and abilities. Part of a growth-mindset for me is an emphasis on the journey rather than merely an outcome. I often think “Ok, the worst that can happen is I’ll develop new skills or learn what not to do next time.” I’m a believer that if you want something in your life, you need to become a person capable of attracting that thing.
The growth-mindset has made me a more capable person. Without the growth-mindset I would have thrown in the towel for my company or never written this book. Thanks to the growth-mindset, I just sold my company in December and I’ve completed The Smartest Person in the Room! I’m grateful for learning about the growth-mindset from Carol Dweck.