Updated May 2026 to reflect current data. Original recording: 2025.

Tequila and Tech Talk was a virtual roundtable series co-hosted by Richard Lowe Jr. (The Writing King) and Natan Verkhovsky (Alura Creative Agency). It gathered cybersecurity executives, technical leaders, and a few wildcards for an off-the-cuff conversation, part symposium, part happy hour, on the issues facing technology leadership. This session brought together CISOs, a USC astronautical engineering instructor, an AI-in-healthcare strategist, a manufacturing COO, a copywriter, and a graduating computer science student to talk about the one problem every cybersecurity leader runs into: getting heard by the people who hold the budget.

The through line, and the reason Richard co-hosted, is that a book is the tool that translates technical authority into business language. Cyber leaders who can’t speak risk and ROI get tuned out. The ones who write a human book aimed at leaders bridge the gap.

Who Was in the Room

BOOK YOUR PRIVATE CONSULTATION

The Roundtable

Lightly edited for readability. Logistical chatter from the open has been trimmed; the substance of the discussion is preserved.

Opening the Room

Natan: So we’re going to give it a minute or two for everybody else to pop in because we had, I think, about 106 people register. Which is awesome sauce.

Richard: [to Ken] Yeah, he’s been my worst critic since 1981.

Ken Cureton: Also his best critic.

Richard: My best critic, yes.

Natan: Today, this is a chance to meet with The Writing King, a chance to share among cybersecurity and technology experts from around the world. We wanted to have a leadership roundtable discussion. It’s a tequila and tech talk. So if you have a little something to stay hydrated, do it. If that’s not your thing, that’s okay, make sure you at least have water.

Richard comes from decades of cybersecurity at the highest possible position, running operations for Trader Joe’s for at least two decades, and then pivoted to become The Writing King with more than a hundred books to his name, both his own and ghostwritten for others. A lot of people who come from cybersecurity and tech are able to leverage a ghostwritten book to go from VP up to C-suite, or to get out of the rat race and pull in some venture capital because they look like an expert and a hero. Richard, add a little meat to the bones.

Richard: Why a Cybersecurity Leader Needs a Book

Richard: Well, I’m Richard Lowe, The Writing King. What I do is I write books for executives and C-levels, as well as technical leaders, people who want to make a splash in their industry, who want to get TED Talks. It’s always good to have a book when you’re going for a TED Talk, to get venture capital, to get on the speaking circuit, to get a name in your industry. My clients have gotten TED Talks. They have gotten speaking engagements. They’ve gotten big promotions. That’s what a book does for people.

Now, in cybersecurity, what a book can do is set you apart from everybody else. That’s important, because if I’m a cybersecurity person, what makes me different from every other cybersecurity person? A book can tell people that. It doesn’t have to be a long book or a complicated book. We want it to be a human book rather than a technical book, because leaders and high-level execs read human books. They don’t read technical books. And they want it to be from the heart. What is the passion that you have? What is the importance of it?

I was in cybersecurity for 20 years. I designed and built the disaster recovery system for Trader Joe’s, and I was in charge of PCI compliance and cybersecurity as a whole. A peer, Jimmy James, was in charge of the network side of security. Thank God, because I hate dealing with routers. Especially in those days, wireless routers were terrible.

Meet the Room

Ken Cureton: I’m retired Boeing, Defense, Space and Security systems. I worked on the information attack side, so guess how much of that I can talk about. In parallel, I’ve been an instructor out at the University of Southern California, a master’s program in astronautical engineering. One of the things I can talk about is the space shuttle, the kind of computers it ran, and the kind of security required for it. My current classes get into network security, especially for cloud computing, artificial intelligence, and collaborative distributed systems.

Richard: And Ken, don’t you have to have natural intelligence before you have artificial intelligence?

Ken Cureton: That’s correct. There’s no such thing as artificial intelligence. There’s only natural intelligence, and even that’s in scarce supply.

Larry Whiteside: Larry Whiteside Jr., 33-year practitioner, ex-military officer. I resigned my commission, turned down major in 2002 when I got out of the military. My last four years was running information warfare at the Pentagon, prior to Cyber Command being a thing. I then jumped into the private sector. I’ve been an eight-time CISO across a number of different verticals, an advisor to probably over 60 companies at this point. I most recently started a VAR because the selling motion in cyber is broken, and I co-founded a not-for-profit back in 2014 with four close friends to try and close the diversity gap in cyber.

Gabriel Wolf: I’m Gabriel Wolf, from Cleveland, Ohio. I’m a senior computer science student at Case Western, graduating in May, but I’ve got about six years of part-time and internship experience in cybersecurity. I’ve interned on SOC teams, on data protection teams, and for Deloitte on their offensive security team.

Richard: And I must say, your hair is absolutely perfect. I don’t see a single hair out of place.

Royce Blake: I’ll go in case Doug’s crashing right now. I’m Royce. I have no cybersecurity credentials whatsoever because I’m a copywriter, and more importantly, a marketing strategist. So I’m the guy that complains to folks who build computers that the copy gets thought about the very last step, after they’ve developed some incredible apps.

Rick Jennings: Rick Jennings, Austin, Texas, COO of the Tirex Group. We’re all about manufacturing and testing in the United States and specifically in Texas. 35 years plus in business. The world’s changing so fast, it’s tough to stay up. You’ve got to be consuming information at all times, and that’s why I’m here.

Doug Hohulin: I worked for Motorola and Nokia for 33 years. System engineer by training. I worked on autonomous vehicle technology and was on the Kansas University Cybersecurity Advisory Board that got a National Security NSA grant. For the last three years, I’ve been focusing on AI and healthcare. Wrote a couple of books on that with my co-author, Harvey Castro, who’s an ER doctor by training. My goal is, in the next 20 years, 1.5 billion people will die according to the United Nations, and my goal is to use AI to avoid avoidable deaths. I believe we can save at least a billion of those people and help them live healthier lives.

Natan: Well, you picked a pretty small mission. Couldn’t you have bigged it up a bit?

Richard: Maybe we’ll need cybersecurity to protect ourselves against AI.

Doug Hohulin: Absolutely. That’s called GANs, generative adversarial networks. You need to make sure your AI is protecting you from the bad AIs.

Natan: Personally, I’ve been an elite energy coach for about 30 years. I started with Cirque du Soleil acrobats, Olympians, had about 15,000 people come through my hands, wrote a couple of best-selling books on energy. Then I came online during the pandemic and founded Alura Creative Agency as the only not-for-profit public relations house in the world. We focus on creating events like this, a symposium in the Greek sense, a gathering to share ideas, maybe a little wine, maybe a little tequila, where you come away bettered.

The Communication Gap Between Cyber and Leadership

Natan: Cybersecurity ghostwriting, if there was a bridge to cross between the two, Richard, where have you seen it, and where has it personally surprised you?

Richard: What surprised me the most when I was at Trader Joe’s was how little leadership, CEO on down, understands the need for cybersecurity. Everybody here can preach on that, trying to get budget. We didn’t speak the same language. We didn’t have the same goals. Their goal was ROI. They saw cybersecurity as a cost center, and a high cost center at that. Trying to sell them on the idea that they needed to pay more money for cybersecurity was tough and sometimes completely unsuccessful.

And the surprise is, I had a client who wrote a book on cybersecurity aimed at leaders. He was able to bridge that gap and get his leadership, and then other companies, to actually see the value of cybersecurity, because we used the leadership language to translate why cybersecurity is not necessarily a cost center. It’s more of a profit center in many ways. It saves you a lot of money. You get a breach, there’s reputation, all these things it protects against. It was a surprise that we could link the two together so well that leadership who didn’t have a clue before finally understood and approved budget.

Larry Whiteside’s Insurance Analogy

Larry Whiteside: The reason there’s been a chasm between executive leadership and cyber is because cyber was initially thought of as a technical discipline that supported IT. It was buried as an IT-based initiative just to enable IT to be more secure. It wasn’t until cyber executives were able to cross the divide and help executives see the value of cyber as a risk mitigation, a cost mitigation, and a value-added driver to the business.

My first global board of directors meeting in 2005, when I stood in front of the board asking for an additional $20 million in my budget, they all scoffed at it. My question to all of them was, who in here has auto insurance? Everybody raised their hand. Life insurance? Everybody raised their hand. Health insurance? Everybody raised their hand. Then I asked the follow-on: who plans on getting sick today? Nobody. Who plans on dying tomorrow? Nobody. Who plans on getting in a car accident? Nobody, surprisingly. And I said, well, why do you carry the insurance? It’s because it’s cheaper to pay for the insurance upfront than to pay for it after the incident happens. We are your insurance for your business. We’re not guaranteeing there won’t be an incident, but the protections and controls we put in place will mitigate the risk and the exposure to a point that it’s cheaper to pay for upfront than after the fact.

Richard: And that’s exactly the kind of thing we talked about in the book, what language do you use to convince them, to put it into their world. That’s the perfect analogy.

The Vulnerability Nobody Wants to Believe

Ken Cureton: The thing that always surprised me is the vulnerability of most systems. When I was at Boeing, one of the things I had to point out to the Chief Information Officer was that we were experiencing, on average, 10 attempts or attacks per second on the Boeing Enterprise Network. He said, it can’t be that high. Fortunately, I had a retired DISA lead with me who pointed out that it was orders of magnitude worse at the Department of Defense. My CIO blanched a little and said, apparently I need to pay attention to this.

Rick Jennings: I’ll echo Larry. From our perspective, when you look at the premiums for cyber insurance and some of the things we’ve implemented, it’s cheap on the front end if you make the investment on the front end. If you look at business interruption, the risk to all your customers, it’s staggering, the amount of money you can lose to be down a week, if not longer. And those premiums continue to go up and up.

When a Book Sells 5,000 Copies on Day One

Raven Ishman: My name is Raven Ishman. Currently I’m consulting with DTCC. I kind of fell into cybersecurity about 15 years ago in the IAM space and I’ve been moving and grooving ever since. My goal is to educate as many people as I can about cybersecurity, what that looks like from an end user perspective.

Natan: Literally the shortest form of authority is author. So if you wanted to educate people and get the word out and be very clear and specific, you are in the right place. Richard, have you had somebody who was really blown away, fingers crossed, let’s see if we can sell 12 copies, and they somehow sold a lot more?

Richard: I just had a client who published his book last Sunday. It was traditionally published, one of the big houses. He disappeared for a year and I was like, oh my God, did I write a terrible book? He was actually taking the time to find a traditional publisher. Then it hit the market and he sold like 5,000 copies on the first day. He’s super happy, and the book is achieving what he wants. In just a week he’s already getting offers for all kinds of things. It’s a book about digital transformation, which is semi-related to cybersecurity. He’s becoming known in a matter of a week. He did some promo in advance as the expert on the subject. He’s getting speaking engagements, job offers, and using it to show his bosses what digital transformation is and how it works. He’s happy as a pig in a poke.

The Age of Content Creators, Not Influencers

Natan: I was watching a show with some high-end people at a private group, and the guy speaking had an ad agency with about $200 million in spend. He said, we’re not in the age of influencers anymore. We’re now in the age of content creators. And everyone was nodding. In my mind I’m going, well, how did you get to be an influencer? You needed compelling content in the first place. Now you actually have to curate. Now you actually have to make content that matters. My favorite version of that is when you listen to Jay-Z and he says, I’m not a businessman, I’m a business, man.

Recession as Opportunity

Richard: Ken and I were having a conversation the other day about, well, what if a recession is coming? Companies tend to clamp down during a recession. That’s the wrong thing to do. Recession is the opportunity. If you look at the billionaires of the last century, a lot of them came out of the Great Depression. Why? Because they took advantage of the recession. They realized that’s the time to open up and do the marketing and do the building, because everybody else is clamping down, which means there are opportunities to expand while the market shrinks.

Cybersecurity is another opportunity to make things safer and healthier for us, and more private, and to get rid of these IoT devices that hackers can break into without even thinking about it. Your smart light bulbs and your smart TVs. I just shudder when I think of what my smart TV can do, and probably is doing right now that I don’t know about. This is the perfect opportunity for a book to fill that place, to market yourself and your message, what your ideas and beliefs are.

I remember a time at Trader Joe’s when I walked in proposing some stuff for the disaster recovery site, a couple million dollars. I spoke for about 5 minutes with my flip charts and all, really impressed with myself. The CEO turned to my boss and said, I want him to leave the room. Because I wasn’t talking his language. My boss finished the conversation, and I learned something big there. Talk in the language of the audience you’re talking to. That leader didn’t know what PCI compliance terms meant, didn’t know what I was talking about with disaster recovery and RPOs. I learned a valuable lesson that day.

Why Cybersecurity Should Report to the Business, Not IT

Larry Whiteside: It’s changing even more since then. Today, every cyber executive is trying to figure out how to speak risk, and whether to do quantitative or qualitative calculations to determine risk, because the ROI question has never been answered. When they look at technology and see something that says risk, they’re asking, how did you come up with that risk? What’s the mathematical calculation? Knowing how to read a 10-K, an 8-K, and how to speak in financial terms instead of the ones and zeros and bits and bytes we used to speak in the early 2000s. There’s a 40 to 50% shelfware problem happening across the cyber ecosystem because of the overlap in technologies.

Richard: One thing I learned recently writing one of the books for my clients is the cybersecurity person should not be under IT. It’s basically a business function. When it’s a business function and you put cybersecurity on the board, it spreads through the whole company instead of just being an IT function. IT is frequently looked down upon because we speak the wrong language and we tend to be a little arrogant. I know from experience. If you take cybersecurity and move it into the business, then there’s much more incentive to speak in business terms, because they have to. They have to start worrying about accounting and HR and all the other things.

Larry Whiteside: Yes, and you have to have the right person in place who can do that. There aren’t many training programs CISOs can go to outside of getting an MBA. There’s a small percentage of cyber executives who have done the personal work. Many of us started out as geeks, and many decided to stay geeks, which isn’t a bad thing. There are organizations where a deeply technical cyber leader is what they need. But for the vast majority of businesses, that transition from technical geek into business enabler is driving the industry. Right now there are 37 to 40 Fortune 500 companies that have not hired another CISO after the last one left. We haven’t figured out the why yet, but those positions haven’t been posted.

Richard: I know of a couple off the top of my head. One got fired, one left, and those positions are not even being filled. They apparently don’t think they need a CISO. Why? That’s a whole different discussion.

Rick Jennings: As soon as they get hacked or hit with ransomware, they’ll learn.

Richard: After the fact is often when companies learn, but that’s generally not when you want to learn. And the landscape’s becoming more hostile. We’ve got wars going on all over the world, and they’re doing all kinds of cyber attacks, some more subtle than others.

Rick Jennings: One thing, show the board the data logs from your firewall. How often you’re getting pounded. Every single day, 24/7. Hey look, we may not be a big company, what do you think the big companies are getting hit with?

Locking Down the Smart Home

Larry Whiteside: If you’re connected to the internet, whether you’re at home or a corporation, it doesn’t matter. Richard, you said you’re scared of the IoT devices in your house. I’d implore you, don’t use just the Wi-Fi router given to you by your carrier. Buy something separate you can control and monitor. I’ve got a segmented network in my house, so I get to live out my geekdom. My devices, my wife’s, the kids’ all on one network, then all the IoT devices, all my security cameras on their own network, then all the Alexa-enabled stuff on its own.

Richard: I do put all of my IoT under the guest network. I put my own stuff on the main network, mostly because the IoT devices don’t support WPA3 yet. They only support WPA2, and WPA3 is stronger security. And I bought my own router because I want to control it. I don’t have control of the cable router.

Larry Whiteside: Well, it’s not going to matter once quantum becomes more mainstream.

Richard: Oh, quantum, when it hits, these hacking things become a lot easier.

Larry Whiteside: We’re not far from it. I’ve already seen some real-world examples of it happening in certain threat actor groups.

Richard: Especially the nation states. I’m sure they can afford a quantum computer. The average person may not be able to, but nation states and organized crime, yeah, it’s common.

Remote Work and the Bring-Your-Own-Device Problem

Richard: You mentioned having teams all over the world. That introduces a whole new layer of cybersecurity problems. The pandemic made some of those come to life. When you have bring-your-own-device, where the person brings his own laptop, that may not be secure. Probably isn’t, actually. So how do you ensure that laptop someone bought off eBay is secure enough to get into your network? That’s a whole other level of security problems introduced by remote workers.

Larry Whiteside: That’s where the entire browser security ecosystem came from. Talon and Island and these companies came out of that, saying Citrix sucks and it’s too expensive. They decided to use the Chromium-based browser as a mechanism to create controls on the endpoint rather than the whole VPN thing. Most of the business is in the cloud, you’re using SaaS tools, so put something in the browser, give them a static browser that controls what they can and can’t do. You can lock down them pasting data into it.

Social Engineering and the Carbon-Based Problem

Richard: I think the biggest threat is still social engineering. We had a problem in a past job where people dressed in uniforms would come in with point-of-sale terminals, the ones you slide your card on, and replace the ones that were there with their own. They didn’t work for us. They were hackers. That let them get credit card data as you swiped it. It’d still come through to the bank, but also go to the hacker. They got very good at this. So social engineering is still a big problem, and that requires human engineering on our side to understand it.

Larry Whiteside: The carbon-based life form is always going to be the largest problem in technology. As people, we have this psyche of what’s the easiest path to my destination. If you’re walking through a door and there’s somebody walking behind you, your nature is not to confront them. You’ve been taught to be courteous. Come on in. Not realizing it may be somebody who doesn’t work there. Somebody walks up to your desk, even if you don’t know who they are, and their hand is near the back of your computer as they lean over, your initial instinct isn’t to think, are they plugging a key fob into the back of my USB to capture keystrokes? Your initial instinct is to just have the dialogue, because the person is being nice.

There’s a social construct that has us want to be naturally nice to people. This is why I think diversity is so important. Everybody comes from a different background. My wife and I get into this dialogue a lot. For me, I am skeptical of everything. I’ve got cameras on every corner of my house, even though we live in a safe neighborhood. For her, she’s much more free-thinking. When we’re trying to educate end users to think a little bit more like we do, it’s a tough thing. Which is why they say, when you’re educating people about cyber, you have to put it in terms they can apply in their home life. Because everybody wants their home life to be safe and secure. When you put it in context they can take home and apply, it sticks more.

Closing Thoughts

Rick Jennings: I think these things are great. I never would have met Ken and Larry probably any other way. Raven, love what you’re doing. I’m a girl dad, I keep my girls pushing into the technology world.

Larry Whiteside: I don’t do these things for views. I do them for community and engagement. I’m a firm believer that sharing and learning are two of the most pivotal things we as cyber practitioners need to do. We all come from different backgrounds, different experiences, different lenses. As a collective, that’s how we get better and try to get better faster than the enemies threatening our organizations.

Doug Hohulin: Just appreciate the opportunity to meet some great people. Richard, I appreciate being on your podcast too, it was a really great experience.

Ken Cureton: I just wanted to observe that I’m really old. My idea of cybersecurity is keeping my card decks with all my COBOL code in a safe. No, it’s much better than that. The point is, there’s a lot of modern stuff I learn in these webinars that I present in my classes to keep me from being the old fogey that I am.

Gabriel Wolf: I’m a bit different than you guys. I’m not a CEO, I’m not a CISO. I’m only 21, graduating in May, looking for my first full-time cybersecurity opportunity. I’m more on the technical side, the one who performs as a penetration tester. But I still found this interesting and I enjoyed it.

Raven Ishman: Richard, we kind of randomly ran into each other on LinkedIn. What grabbed my attention first was Trader Joe’s. I’m a fan. Reading his profile and some of the work that’s been done, I said I’m going to go join the meeting just to see what it’s about. Like everyone else, I like networking and connecting with people who can sit around and talk about cybersecurity like myself. This was definitely informative.

Royce Blake: This has been incredible, so much great info. I realize how important the whole topic is, but how many different angles you have to come at it from. Even as a neophyte, I thought it was extremely valuable.

Richard: Before we close, I do a Leaders and Their Stories podcast. It’s daily. You’re all leaders, so if anybody wants to be on it, hit me up. And if you want to be on there twice and you’ve already been on, hit me up again. Ken and I have a series going, about once a month.

Natan: I want to thank everybody for coming. This is meant to literally have the tide raise all boats. We’re supposed to inspire each other, enlighten each other. I invite you to come back next month, the topics change, the people change. And book a quick one-on-one with Richard just to see what happens.

Richard: And all of you, connect with me on LinkedIn if you haven’t. If you want to be on my Leaders and Their Stories podcast, please do. I think all of you could appear and that would be fun.

Find Richard Lowe at TheWritingKing.com.

Notable quotes from this conversation

Common questions from this conversation