Logins: The Last 4 of Your SSN

Name: Logins: The Last 4 of Your SSN
Uploaded: 2020-07-15T06:30:00.000Z
Duration: 30 min
Description: Sam Rhea hosts a casual fireside chat with special guests (to be announced) to learn how their careers got started — and where their newfound access took them.

Presented by: Sam Rhea, Simon Moore, Henry Heinemann

Originally aired on January 23, 2022 @ 5:00 PM - 5:30 PM EST

Sam Rhea hosts a casual fireside chat with special guests (to be announced) to learn how their careers got started — and where their newfound access took them.

English

Interviews

Transcript (Beta)

Hello and good morning. My name is Sam and you are watching Logins. Logins is a weekly show on Cloudflare TV where we interview members of the Cloudflare team to learn a bit more about their careers and their journeys all starting with the first job they had which required them to log into a system. Today I have two guests Henry Heinemann and Simon Moore. Starting last week this program moved to a European morning time zone and that has given us the opportunity to meet a lot more of our EMEA team in our London and Lisbon offices and we have both of those represented today and two people I get to work with a lot which is very exciting for me to actually have an opportunity to learn more about your careers and your journey. So just like our audience I'm excited to learn more about that today and thank you for being here. Thank you for watching. As always we start alphabetically so Henry is going to begin. Henry can you introduce yourself and what you do at Cloudflare? Absolutely. So I'm already glad that I've beaten Simon with my name. That was a tough one. So yeah my name is Henry Heinemann. I'm part of the new products go to market team at Cloudflare which sounds really elusive but I'll shine a little light on what that means in a sec. Normally I'm actually based in London but due to this whole pandemic thing that's going on right now I've decided to spend the last few months in Germany in Hamburg where I grew up working remotely. Yeah my team is very small. In fact I'm sort of the only one in Europe who's sort of you know doing what I do which sort of makes me responsible for all things around new products in EMEA and which is also why I get to work a lot with you Sam and even with Simon now which is sort of really exciting. And effectively what we do is we take new products when they're fresh off the factory floor and try to navigate their go to market journey. So you Sam as sort of the PM for Axis have kind of you know done a really similar thing and much more for a long time and Axis is a really good example of kind of what we do. When it first launched you know no one in sales really knew what it does right. It's really different from what Cloudflare does as a company. At the same time you know Axis was built as an internal tool to help us so we didn't actually spend that much time talking to our customers and figuring out you know what they want and how to sell this and how this whole thing actually works. So bridging this gap and kind of tightening this feedback loop between product sales and the customer that's kind of what I do on a day-to-day basis for a variety of products. Yeah and we are on the product team grateful for that. Like you mentioned, Axis started to solve an internal problem and then we had an opportunity to work with your group to start to map that to the problems we heard from our customers. So we're all relieved that that role exists. Going back in time a bit before you started in that role, before you started at Cloudflare, what was your first job, first paycheck? Yeah so in Germany the minimum age to work is 15 and because I'm a law-abiding citizen you know I had my first part-time job when I was 15 and it was actually really cool and I'm still very grateful for it. I actually got a job as sort of a front-end developer slash IT person at a local private university and you know I was sort of teaching myself how to code at the time so this was really exciting. In hindsight you know I was way more excited about it back then than I actually was. A lot of it included routine IT work like wiping hard drives and installing operating systems, setting up Outlook clients and that sort of stuff but some of it was also just front-end web development or web design should I say which was really fun. And I imagine kind of when you started that job you did have to log into a number of systems especially in that particular role. What was that experience like? I did, I mean so the thing that you know most excited me about this and we actually learned things right like you don't learn that much wiping hard drives, just kind of sit and wait for the zeros to come in but for the website stuff I obviously had to have access to the university's CMS right to kind of manage the content on the site and I think they were using Drupal if I remember it correctly. So I had access to that and yeah so back then it didn't really mean much to me I think you know like having access to the entire university's website at 15 you know not even knowing. It's a lot of responsibility. Yeah exactly it's a lot of responsibility but I totally didn't understand that right I was like oh yeah this is this is cool you know whatever. I also I'm not quite sure about this but I'm relatively certain they didn't have like like role-based access control or something like that like it was sort of all-in right like either you had access or you didn't so even though I only you know managed let's say the design of the blog or something I would have still been able to make edits on the students internal portal or something like that right so that was really interesting. What's also interesting and you know at Cloudflare we also deal not just with sort of access and login things but we also deal with a lot of firewall things and anyone who's sort of following like Internet security a bit knows about all the zero days that pop in for Drupal relatively frequently that thankfully at Cloudflare we patch with our firewall but back then I didn't know anything about that I just saw like you know that that we had to update Drupal every day and I was like wow this is very frequent and sort of being the you know sort of rebelling teenager that I was I noticed a lot of sort of SQL injection things that that were possible which is at the time very entertaining in hindsight obviously it's very immature you know you should play around with with that but it was a great learning experience let's put it that way. And you mentioned you know you didn't necessarily appreciate the sensitivity that some of those credentials had when was the first time you had a login to something that maybe intimidated you when you started realize you know hey I'm no longer 15 I now have permission to reach a system that I understand the repercussions and the consequences when was that and how did that evolve? Yeah so I think the sort of part of me being quite naive around this lasted for a fair bit so I just didn't realize that the power I had until I actually broke something right or until I learned that somebody else broke something on a system that I was working on. I did sort of my first proper full -time job it was still an internship but it was full-time also as a developer this time like property back-end web development and obviously I needed production access for that even as an intern because I was making sort of changes and I still you know I wasn't intimidated by it as you said because I just didn't realize what I had right I was like yeah this is this is fine you know that is until I sort of accidentally pushed my work in progress code to the wrong branch because you know I was 18 and you know I had never used git before so I just didn't really knew how to work to be quite frank and surprised the code didn't work in production and brought the entire site down and brought the life site down for you know a couple of hours until sort of my supervisor realized what I did and it was fine right like I was just the intern like whatever sort of thankfully there was no blame culture but that terrified me yeah for the remainder of my internship for sure and even now like whenever I use git I'm like okay you know I could really like seriously break things here so yeah I think that's that's still sort of mildly intimidating yeah it's something previous guests on the show speak to something very similar where when you are when an organization trusts you whether you're 15 years old or you know here at our stage in our careers when an organization trusts you with access to systems like that so much of the initial fear I think comes from what could go wrong if I mess up but that fear also I think evolves quite a bit into I'm not just afraid of messing something up instead I'm thinking about the responsibility this organization has put into me to keep this secure to keep this safe to be responsible with the credentials and the trust that I've been given so that that journey something I've heard a lot on this program when do you remember using 2FA for the first time ah that's a good question so weirdly I have sort of two very distinct memories one is when I first saw 2FA and one is when I actually used it I'll start with the using first so I think the first two factor type authentication I used was for my bank so in Germany and I don't actually know how popular this is outside of Germany a lot of banks used to use paper-based TANs a TAN is a transaction authentication number so they would basically print you know 50 or something like that one-time codes out on paper send your letter with it and whenever you wanted to make a transaction so importantly not to log in but to actually you know permit a transaction you would have to enter this this number and then whenever you used it on paper right you had a sheet of paper you would cross it out with a pen so you would be able to see which ones you had already used and you could use you could pick any of them um yeah yeah later on it told you like enter code x enter code y and so forth and instead of that you said it was the first time you had seen it but then there was a second opportunity the other way around the other way around so so this one I used um and obviously I didn't have a bank or bank account when I was like 10 but but at about that age or maybe it was 11 I have a weirdly distinct memory of visiting a family friend in New York and that was also my first time I've ever left Europe as a kid and this friend of my my father I think worked at a bank and he had an OTP token on the dinner table probably for VPN or something so this would have been like 2005 so like a long time ago um and I asked to play with it and got some very stern looks uh obviously I was told like do not touch this um you know because it's important uh but but back then I didn't really question why it's important I just saw there's a bunch of numbers on it and they changed every now and then and it's like okay this is really dumb like you know this is a really fun toy like something out of a Bond movie or something yeah right exactly it was really exciting um and yeah it took I guess another decade or so for me to understand why it was actually important and also how OTPs work um yeah it's a really random memory but somehow it stuck with me that's that's pretty funny I uh getting scolded as a kid I guess those lessons uh stick um fast -forwarding a bit from both when you were a child and when you're starting your career um to when you be joined Cloudflare when did you join the Cloudflare team and what brought you to the group um ironically I was uh actually cold messaged through LinkedIn um by by uh someone who's actually still with Cloudflare Alexandra Logan she's uh she's amazing so yeah thanks to her I'm here today and uh back then um I kind of architected my LinkedIn profile to sort of make it look like I had a lot of work experience already um which technically were all internships that I did part-time next to you know my degree but when the Cloudflare team reached out and said you know do you want to you know maybe work with us I was actually still halfway through my undergrad degree and kind of had to turn that down because I kind of needed that degree first um but then uh you know a year and a half later I graduated and uh the opportunity thankfully was still there um and and I joined which was actually I think exactly three years ago so I think it's my anniversary week and did you join for the current role that you have with new products or what did you join to another position yeah I actually properly joined in sales initially so so if the hybrid role that I'm doing now um came you know a little less than a year after I joined but initially I just did proper sales which was also really interesting um highly recommend anyone even if you're a developer whatever to to briefly work in sales even if it's just for half a year or a year you definitely learn a lot from it what were things that you learned that you take into the current role you have now um well just being really persistent I think is a quality that is essential to being a good salesperson um and it's it's something that can be trained and it's it's quite hard at the same time yeah um I do have a question that kind of hops back a couple uh when you got that cold message and then a year and a half later when you decided to join the team why did you respond why did you join the team why Cloudflare it's a really good question um at the same time I was thinking about starting my own business that was sort of the thing I was that Cloudflare was competing with um and I was actually pretty made up about that so Cloudflare like in percentages I would have said early on like there's a 10% chance I'll go for Cloudflare 90% I'll do my own thing um and yeah I have this sort of opinion that if someone offers you an interview you should go even if it's a company that you you know hate right like whatever if you're if you really don't like banks like and the bank offers an interview you should still go right like whatever happens you will learn something from it um and and that's sort of how I approached this as well and I ended up talking to you know Alex Logan who found out a bit about me initially and a bunch of other people from the Cloudflare team and I just really really enjoyed the interview process and um I just you know learned a lot about Cloudflare's technology even doing the interviews because obviously I I wanted to make a good impression sure and uh yeah that that process of just really accelerated learning about Internet technologies and seeing how you know just nice and welcoming and incredibly intelligent everyone was um really motivated me to go down that path where I'm you know part of yeah just a really smart group of people um who I can learn from right such as you Simon and Simon instead of just being on my own and having to figure everything out on my own um doing my own company and I think yeah this this has been an incredible journey for the last three years um and if I were to go back I would definitely make the same decision again for sure. It's a really special community I think probably everyone uh we we get to work with is a learning opportunity and I feel fortunate for that as well um you have been around long enough to have seen like you mentioned earlier when some of our products like access started as internal tools things that we were dogfooding before they became products um do you remember those dogfood days and is there advice you would give to other organizations about either dogfooding or rolling out um a product like access? I do actually um I think it was about three months into my job at Cloudflare if I remember correctly um so I was still in sales and back then I remember that I was very excited and as I mentioned before you know I really enjoy digging into new technologies and understanding them um so you know I just ran around really excited telling everyone in sales like hey guys this is really cool like you you gotta like get on this this is the new you know the new thing um so that was really exciting at the same time you know while I understood the concept and you know could sort of see the vision behind it um what was really not so fun was then to discover that actually internal security is a lot about compliance and um you know this sort of newly released dogfood version of access was so non-compliant with just about anything that we at the time couldn't even deploy it in front of most of our own internal applications at Cloudflare let alone you know going to our customers and telling them to do it um so that was really a bit frustrating and painful um I think we've we've definitely come a long way since then and you know obviously now we've secured just about anything internal at Cloudflare um as well as obviously millions of our customers including in really highly regulated industries like government and healthcare um but yeah in terms of dogfooding and sort of releasing new products that was just one thing I guess where we hadn't really thought about the sales side yet right like obviously if you have internal tools you can sort of to an extent do just about whatever you want unless it involves customer data um but you know when you then want to sell this the first question would be like are you compliant with you know policy so and so and what about this and what about that compliance thing and you're just like hold up like we didn't think about this um so I think like just thinking about the customer perspective first even if you're dogfooding things and I think it's great that we are but just keeping that in mind is hugely important yeah last question what advice would Henry Heinemann today give to that 15 year old um working on that university website what career advice would you go back in time and deliver um I actually wish I had started digging deeper into things earlier so I think I've always naturally been quite curious about things and you know trying to learn things and so forth but it's slightly different like it's a bit of a nuance from actually questioning them and getting a really deep understanding as opposed to you know just accepting that you know if you if you ask what is two -factor authentication and someone tells you it's important it keeps you secure like yes that's true and it's sort of a good answer but it's not good enough right so I understood why for example I needed my bank codes concept of 2FA makes sense even when I was 12 like it's it's not rocket science I also understood how to use them but I never bothered to understand how they were generated how this magic bond like OTP token might actually fulfill the same function as these codes on paper right like I didn't I didn't connect the dots so to speak because I never bothered to to question the tech behind it so I guess the advice would be to actually probe people you know on why things are important instead of just accepting it as a fact and also on figure out exactly how things work right so in this case my family friend is a really smart mathematician and if I had actually asked him I think he could have probably explained to me how the cryptography behind it worked but I never bothered to ask and I think that's sort of the advice that I would would give myself and everyone else right there's no shame in asking and just kind of digging deeper and trying to really understand how things work and you'll hopefully learn a great deal along the way that's great advice well Henry thank you for being here thank you for being on the program thank you for being part of the Cloudflare team I would definitely recommend Henry as well as the audience sticking around for our next guest Simon Moore who's here also in the Lisbon office Simon has I think one of the oldest tenured members of the Cloudflare team but we'll learn more about that so a lot of stories from Simon about Cloudflare and in its early days but Simon can you hear me I can hello hello welcome to the program thank you for being here oh thank you bon dia bon dia can you introduce yourself and what you do at Cloudflare so yeah my name is Simon I am the technical support manager for the EMEA region so that encompasses our office in Lisbon where I am right now Munich and also London and before you were at Cloudflare and before you were responsible for that whole region and what our support team does what was your very first job so it's interesting Henry mentioned that in Germany I think the legal age is 16 for starting work and I think it was the same I think it's the same in the UK my memory is super hazy I'm a lot older than Henry and my memory is terrible so actually as I think about this my first job was actually a paper round and it paid a pittance of like eight pounds a week and I used it to save up for a Sega Saturn that's how old I am. What paper would you deliver? By video games. Was it like a neighborhood periodical or what was that that you were in and out? So you had your morning and if you were if you wanted to earn that big money you would do a morning and an afternoon round so in the morning you would do your national papers so like you know the Guardian, the Daily Mail, The Sun, all of these British national newspapers and then in the afternoon you would do the local newspaper which was the Coventry Evening Telegraph and then on Wednesdays, Wednesdays was the worst day, Wednesday afternoon because Wednesday afternoon you got the property supplement which was added this much to every paper and that meant you were hauling this gigantic bag on your bike up a hill it was the worst and Saturdays were bad as well because again Saturdays in the UK come with all those glossy magazines and supplements. Did you get the Sega Saturn? I did get it, I did. Actually one of the worst Sega consoles. All of that suffering for that. Yeah I did have, so I had a Sega Mega Drive which was given to me I didn't have to earn that one when I was younger and then after that once by the time I actually started earning with real jobs I bought a Dreamcast which in my opinion is the greatest games console of all time so all of that hard work that I did on my paper round I think was really a waste of time. I'm sorry to hear that Simon but to the jobs that to the jobs that paid for the Dreamcast what was the first one that you remember having to log into something? Yeah so after that I took a job at Curry's when I was of legal age I took a job at Curry's which is a white goods store I guess an electrical store they sell TVs and all that type of stuff in the UK and I walked in there to Henry's point everyone should go into sales I walked in there thinking I'm going to go into sales like I'm going to be front of house and they took one at me and was like you should work in the warehouse so I was like okay okay so I went and worked in the warehouse and I had no access to any systems there so I just wanted to tell that story because it was very it was very damaging to my confidence. This has been a series of unfortunate events here. So my first job actually when I went I went to university I studied computer science and as part of that I had to take a placement in industry and I went and worked for a motor company in Coventry where I'm from which is full of motor companies and that was a big big big company big multinational and I probably had I had a login to their windows you know NT system there and they also had lots of old school mainframe systems as well. And was it that or was it another system where you were giving the keys or something for the first time you said oh no this is terrifying when was that moment? Yeah I mean I think getting a log getting a sort of everyday login to an IT system is like it's no thing but like as soon as you get access in my opinion anyway as soon as I get access to anything that's production that's when I start to get terrified and Henry I think is a much more confident person than me like he I think it sounded like he was looking up and and was you know didn't didn't know what he didn't know so it was like oh this sounds great but for me as soon as I had access to a system that I knew if I if I made a change to this file things were going to happen I got very worried and so my job at this at this motor company was in an internal facing web services department so probably the first thing I got access to would have been an FTP server for the internal web system so if I broke that I broke the internal web system which now sounds like nothing to me but back then was really terrifying. Yeah sweating bullets that's yeah when how did you get less terrified over time what what made that level of responsibility more and more comfortable? I think you get just you get more confidence in yourself right you you know you understand that you are capable of not messing up very often I'm not going to say that I've never messed up but we sure at some point as well but I think I think over time you just get more confident and that that's what really helps. And when did you join Clownflare? So I joined Clownflare seven years ago in almost seven years ago I think in 2013 so a long time ago. Why? So my first my first proper job the one I just talked about kind of set me on the path of web development and I moved into another web development role after that in a marketing agency we started using CDNs at that point but we were using some very very expensive CDNs which come with a lot of costs and a lot of strings attached for our big big clients right we started looking at Clownflare for smaller clients and that kind of turned me on to like what an amazing interesting disruptive company it was back then. How did you bridge that from hearing about it as a customer to joining the team in the early London office? So I think I had my fill of web development and marketing in particular and I was like I was I'm basically thinking about giving up tech entirely and then I saw that Clownflare were hiring for technical support and I always love solving problems always love troubleshooting diagnosing finding and fixing things and I was like this would be great like to get back to fixing lots of little small problems every day and helping customers so that's what I did and I told myself it would be the last job I would do in tech. And a lot like Simon's role those of us on the product team are so grateful for your team and you and what y'all do what what do you describe those kind of your role now that you're both solving still I know individual customer problems but also managing a team of support members how do you split your time how does that day look like? It's a lot of hiring um just coming from this growing so fast hiring and and mentoring and looking after the new people and helping bring them on that's probably like my biggest biggest focus the team roughly doubles in size every year so that means a lot of hiring and we're also expanding the scope of what the team does which means that we're promoting and developing people internally so not only are we hiring new people we're also replacing those people as they move up through the company and support has been one of the most successful teams moving people through the company so if you look in any team at Cloudflare there's a technical support person who has who is or has worked today. Yeah I y'all are a fantastic organization I really respect that kind of how you invest in team members a lot um speaking of investing in in team members maybe not the paper route but what advice would you go back in time and give yourself earlier in your career? What would you tell your younger Simon? Number one don't live edit FTP. Number two would be just trust yourself um I think it takes a long time for you to realize as an adult that actually everyone else is probably just as kind of confused as you are and everyone is really just reacting on the information you know the best information they have at the time. Henry and Simon thank you so much for being here today thank you for telling us about your career journeys and the faux pas and the logins and the adventures that you had thank you for your time really appreciate it.