In This Episode

Explore the groundbreaking trends in application security with a focus on collaboration rather than isolation. Clea sheds light on how integrating security with development processes fosters empowerment rather than fear. The importance of pen testing, automation, and the need for seamless collaboration between security and development teams is emphasized, ensuring that security practices propel rather than impede progress. Discover how the landscape has shifted from seeing insider threats as invasive to opportunities for innovation and integration.

Tune into the audio version of this episode by clicking the player below:

Tune into the video version of this episode by clicking the YouTube player below:

About the Guest

Clea Ostendorf is the Co-Founder and CEO of Wolfpack Security.

She leads the company in vision and delivery and brings the ability to bridge tech and people into the AppSec consulting space. She has been in security and tech for 15 years playing roles in sales, delivery, advisory and product management.

Clea loves to get to the root cause of problems and find a win-win solution for everyone.

Prior to Wolfpack, Clea worked at Code42 as Field CISO where she helped build and develop data security solutions.

She has spoken at many conferences and podcasts including Blackhat, Open Source North, The CISO Series, Enterprise Sec Weekly and more.

She is active in the Women in Tech communities and continues to organize events nationwide.

Off the keyboard, Clea loves to cook, garden, draw and generally create beautiful things.

Full Episode Transcript

Jess Vachon: 0:33

Hey everyone, welcome to episode one of Voices of the Vigilant podcast. So happy to have you all here. I'm even happier to have my guest, Clea Ostendorf of Wolfpack Security. Clea is the CEO and co-founder of Wolfpack Security and rather than me tell you all about Clea and Wolfpack Security, I'm going to turn it over to Clea and let her tell you about herself and introduce herself. Clea, welcome.

Clea Ostendorf: 1:08

Thank you, Jess. I'm so excited to be here. I remember this starting from a conversation on a bench at RSA years ago, so it's really cool to see this coming to life. So I'm Clea Ostendorf, co-founder and CEO of Wolfpack Security. We're an application security consultancy. What that means is we are not going to be coming in to sell you a product. We are here to stop the bleeding and make your products more secure. So we do that through penetration testing, through consulting services, through helping in DevSec, ops optimization and whatever else somebody needs in the space.

Jess Vachon: 1:45

And how long has the company been in existence?

Clea Ostendorf: 1:54

So if anyone's ever started a company, it takes a lot longer than you expect. So we have been around about a year and a half and then we went live, you know, open for business last June. So we're coming up on a year.

Clea Ostendorf: 2:05

Nice and how are you feeling about everything I know previous to us going live? We talked a little bit about you know that level of responsibility, that that commitment that you're making. Can you talk a little bit about that for us?

Clea Ostendorf: 2:19

Oh, man, sure, I mean that I saw a video where somebody was saying living what life is living like? Living with a startup founder and it was this girl. Like dancing to techno music, so excited, life is so good, and then she's crying and then she's up and dancing. So that's how it's going. I mean, there's highs and lows, and like in anything, you just have to kind of and lows and like in anything, you just have to kind of mourn the losses quickly and then keep moving on, looking forward because time doesn't stop.

Jess Vachon: 2:51

Yea, building up that business is a lot of that work and it is a lot of the highs and lows like working on Vigilant Violet and Voices of the Vigilant myself it's been daunting sometimes and overwhelming at other times, but when you get to that day, when you go live, it makes it worth it. And then after that there's the highs and the lows. But I don't know about you. For me it's those little bright spots that start to add up, that make it all worth it. And I suspect, because you haven't folded up the tables and gone to do something else, that is happening for you. Would you agree?

Clea Ostendorf: 3:33

Oh yeah, absolutely. I mean we've we've seen great success with you, know the customers that we have and our story is resonating. And it's such a relief to know, when I speak to somebody, we're not we're here to help you, we're here to solve problems, period. This is not, you know, future state. We'll get there, but where are you bleeding today? Where can I help you today?

Clea Ostendorf: 3:56

And let's make some, some progress to, to support you, because I think, especially in security, we are all understaffed, we're overwhelmed, we're totally burnt out by alert fatigue and sometimes you just need somebody to help guide you through that noise and that mess so that you have a clear perspective on how to move forward. And that's what we're doing. So that's incredibly rewarding when you see the light through the trees and you get that feedback from your partners and customers and you know the team, it feels energized, that they're doing making a difference, because you know some people start a company to make money. Yes, we all, you know, need to live, but I think founders I can speak for myself you know we're doing this because we see a gap and we want to make that difference. So we think we can. So it drives me.

Jess Vachon: 4:47

So I have to ask a lot of companies have limited budgets, right, and as we look out at you know the posts that we're seeing on LinkedIn or just watching the tech news a lot of companies now half um, ostensibly because of shareholder value or limited funds that they can put towards information security, and specifically, appsec. Are you finding that change in the marketplace or that dynamic, is working in favor of your company? So, when I asked that question, are you finding that more companies are choosing to go out and partner with a managed services provider or a supplemental type staffing arrangement? Is that what you're finding for your company?

Clea Ostendorf: 5:39

Yeah, yeah, I mean, of course it depends right, that's always going to be the answer. But we are seeing that because teams have been cut and the noise is not reducing right. And I can almost equate it to the mistakes I made when I was. I remodeled my kitchen when we first moved into this house and I thought, I mean, I think I have good design sense, I can do all this, I can, you know, design the kitchen. I know where things go, you know I'm good enough, but when it gets down to the level of detail that's needed to actually complete the project, I was way out of my league.

Clea Ostendorf: 6:13

And I think that happens to a lot of teams where you know application security is not the same mindset and it's not the same deliverables.

Clea Ostendorf: 6:23

And the same people that you work with we'll say, on network security or the perimeter, or, you know, securing from the outside, these are your internal employees, your peers, that you have to shift their mindset on how to be more efficient in building secure products. So it's more, I think it's more challenging than you know just a contractor coming in and fixing everything. It has to be a partnership across the board and we have found people who are receptive to that. Now the first parts of the project 100% are we are stopping the bleeding, we are triaging alerts, we are assigning it to the teams, and then you build trust and then you can start to say okay, well, how is this process broken? Let's talk about that. Let's empower the engineering team to make the right decisions based on the information that we have and the things that we've been working on together to fix this. So I mean, it's incredibly rewarding because it's not a checkbox and walk away.

Jess Vachon: 7:23

I love that approach and that cooperation that you speak of is. In my experience, that's always the tricky part to figure out. Right is that trust, relationship and what does you know Wolfpack do? And what does the customer's team do? And that first engagement where the internal team is saying, well, what about our jobs? Like, are we being replaced? And then you and your team coming in saying, no, you know, we're kind of the cavalry coming to save you. I mean, how do you overcome that piece of the dynamic?

Clea Ostendorf: 8:02

I think it has to do with trust and, like anything, communication. So for our, our partnerships, we're often on a slack channel with with the team, and that just helps put us where the messages are happening, right. So we're hearing the communication. We're we're hearing like hey, I don't know how to, what's going on with this? This build isn isn't working. I'm getting blocked by this security control. What's happening? And then we can jump in and say, hey, have you thought about this? What about rerouting how you're consuming this information? Here's another option, and it's not telling somebody to do something. It's more like I'm here to help you. We're here to brainstorm. This has worked in other places. I'm going to help you. We're here to brainstorm. You know this has worked in other places. I'm going to give you that option. You know, it's just somebody to help guide you in a non-assuming way.

Jess Vachon: 8:54

I love it. I love that approach. I want to change up the discussion just a little bit so people who are just getting to know you and listen to you right now they need to understand that you just didn't wake up one day and say I want to start this company and I want to pursue AppSec as my new direction in my career. Can you tell us, like, how did you get to where you are today? Like, what was your career path to this point?

Clea Ostendorf: 9:24

Very roundabout. So my career career started. First of all, I studied international affairs because I thought I wanted to be a diplomat. Um, that did not happen. And so, like a natural progression, I went into technology sales, because those two are so connected. Um, but it, but it really, I mean it opened up my eyes to a whole nother world. I remember when I first started I was like what is Java? I feel like you know, like Googling, what Java is, what is this, you know? So I learned a lot on the fly.

Clea Ostendorf: 9:55

I'm naturally inquisitive, which I think is both a positive and a negative. Most times it's usually positive. So I just kept digging in and asking questions about processes. And you know why this, why this problem exists in the first place. And what are you doing that's not working? What are you doing that you think could work? And that led me into security. Because I would ask my, my customers OK, yes, I can help you with this technology role asked my customers okay, yes, I can help you with this technology role, but what do you really need help with? And they said cybersecurity.

Clea Ostendorf: 10:30

So this was 15 years ago and I said, oh, okay, I'll look into security. What is security? And then I totally became enamored because it's this battle of good and evil and we're all fighting against the same kind of attackers and this incredible community and incredibly smart people who are thinking outside of the box to secure all of us and I just I really felt like it was part of a greater good. The security community so moved into another sales role at a consulting firm, helped do a product, launch a product for them. We were a little ahead of our time but it was a really cool application security developer training product.

Clea Ostendorf: 11:11

And then I joined Code42 where I did customer implementation, program building and then ultimately left as field CISO, which was a fantastic role, allowed me to do a lot of research and talk to you know all different walks of people and understand you know what makes them tick problems. They were having help solution with them. And then one of my old co-workers reached out to me and said, hey, I have some investors who want to start a security company. And I said, oh, okay, I have some investors who want to start a security company. And I said, oh, okay, let's talk. And then this, this came about and it was really, it's been an incredible journey. It's a huge learning curve but you know, at the end of the day, it's the fundamentals that we have to run through, which is listening, asking questions, understanding problem pain points and coming to the table saying can we help you or not? And if we can't then let's recommend somebody else who can. So, again, it's sort of coming back to what I love to do, which is learn and solve problems, help people.

Jess Vachon: 12:19

Love it. So when we first met a few years ago, you were working in insider risk, insider threat management, and what I found interesting was, when we were talking about it, I was approaching it as almost an adversarial type program where I'm watching people and making sure they're not doing wrong and then, if they are, slap them on the wrist. You opened my eyes and said, no, that's not the approach that you want. You want one of collaboration, you want one of understanding, you want one of education, which completely changed how I thought about the relationship, not just in security, but with peers across an organization. We have to have more respect for the people we're working with.

Jess Vachon: 13:08

Those of us in information security can't approach anything we do with this thought process that our coworkers are the enemy, they're the threat, right? How did you get yourself to that point? You learned information security or you you kind of grew into that role? How did you get yourself into that mindset um, so early in your career? Was there anything in particular that happened, or is it just because of the values that you live as a person?

Clea Ostendorf: 13:40

I mean it was a combination of both. You know, working for Code42 and with the Insider product it was named Insider. Right, we were talking Insider Threat and the market really pushed back on that, the market being, we'll say, technology companies and the commercial sector really pushed back on that. You know, anyone coming from government or more military background really understood Insider Threat. Government or more military background really understood insider threat. That didn't scare them. But when we were taking it to market, the general consensus was this is scary, this is big brother, this is against our culture. We're not allowing this. So we as a company had to shift pretty quickly to redirect how we were framing this and that where the more collaborative approach came from. But truly, I believe that you know, you if you and I think it's a shift of mindset and how security kind of used to be versus where it's going today.

Clea Ostendorf: 14:36

Right Back in the day you kind of you didn't tell anyone what you're doing, you kept your guard up, you didn't collaborate, you were at a you know hole in the basement. There was no communication across organization, what you're seeing right, it was just we protect, we don't discover, we keep this clandestine world. And now it's much more collaborative, because who's at the front line? It's your employees, it's your peers, right? Who's clicking on the emails? Who's exposing your organization? So if you're not going to collaborate with them and empower them, then I think you're kind of doomed to fail. And you know, people want to do the right thing. They don't want to put their job at risk. They don't want to, you know, hurt their peers. They just need a little coaching and training. And if you do it in a way that's framed as helpful you know we're here to support you and help you then I think people are much more receptive than do this, or you're, you know, going to be written up by HR.

Jess Vachon: 15:37

Yeah, I can see how that part of your experience, that part of your career, is a strength in your role now working with dev teams, because it's so much has to be hand in hand right. It absolutely can't be adversarial. It has to be let's, let's go in the same direction, let's educate each other, let's make sure that we're doing security but keeping the business going, Because, as we talked about prior to going live, that that development cycle is so fast now that we, as security people, can't simply say stop, do it my way. We have to sprint catch up to them, run alongside them and say hey, I see what you're doing, it's a good idea, but I have some suggestions on how to do it better, and it sounds like that's the focus of your company and that's the approach you were taking. Would you agree with that?

Clea Ostendorf: 16:39

100%, 100%. I mean, you know our core service is a pen test right, there's a dime a dozen for pen testing companies.

Clea Ostendorf: 16:43

What I want to do is say, okay, we found these things. This tells you a lot about what's going on in your development environment. Why don't we work to address them? Yes, we, as Wolfpack, we will help you fix the current vulnerabilities. We will close those gaps. We will support you in that sense.

Clea Ostendorf: 16:57

But now let's go one layer deeper and figure out why they're manifesting. Right, Because there's broken processes and things are not sinking somewhere upstream that we can help with. Right. And it's a lot of communication. It's a lot of, again, empowerment, right. If you build the guidelines and framework on how you want the checks and balances that you want in the development lifecycle, give that to the engineering team to work into their daily workflows, make it natural for them, let them own that, and then you come back and evaluate Are we getting better?

Clea Ostendorf: 17:32

Are we getting worse? Do we need more? Do we need more? Do we need less? What is the feedback? It has to be dynamic and I think really I mean I mentioned this before, but I feel like, in application security, coming back into this world after a five-year hiatus, we have just tried to buy our way secure, right. There are so many tools and there's so many things that are constantly going on. And who's buying this? It's security, buying it for developers who are like I don't know how to use this, I don't know how to tune this, no one is checking on this. This doesn't make sense to me. I don't know how to fix this. I have another priority, and so they ignore it. Um, and now we've gotten ourself in, you know, a mess, I think, um, and we're slowly trying to, you know, unwind ourselves from that.

Jess Vachon: 18:18

I can only assume that there's gonna be a ton of comments after we've finished recording this for everyone, saying absolutely that's exactly what it's like stop just buying tools, not talking to us. Show up with us, work with us. I want to talk about it.

Jess Vachon: 18:33

So earlier today, you had a post on LinkedIn about an article, State of Application Security Workflow by Kodum Security. I saw that post, I went out and was reading through document. So, the key findings that really stood out for me is that 78% of organizations report fragmentation in toolsets . Right, we just kind of touched upon that. 62% of organizations report remediation as the largest bottleneck. So we're getting all the tools. Now we don't have time to fix the issues that we're finding with the tools.

Jess Vachon: 19:14

Thinking about the pace, 84% of organizations are pushing for automation because, as I was just mentioning, dev is moving way too fast for security to keep up and we don't have enough cycles for people to manually be patching these vulnerabilities.

Jess Vachon: 19:30

How do we leverage automation? Which, hello, if you're a CISO in 2025 and you're not thinking automation, get on the bandwagon because otherwise you're getting left behind. And then 75% of organizations say managing security across CI/CD, and prod environments are the top operational challenges. I think you just touched upon all of that. Do you think these statistics are accurate and how do you influence the reduction in those risks and the automation for your customers?

Clea Ostendorf: 20:11

Yes, I think they're absolutely accurate. I'm looking, I have lots of notes here and I was having an amazing brainstorming session with somebody a few weeks ago and we were talking. I was like just break down the DevSecOps world and he listed probably 45 tools that are part of this right that are both developers using or SecOps or security. We'll just say 40 tools. 40 tools are floating around in there giving output at all times. How are you supposed to consume that? How are you supposed to understand that it is tuned correctly, it's working, it's this is my source of truth. It's completely overwhelming. So, yeah, I think this is basically a universal problem. How do we get out of it? I don't. I think security is there to guide, sort of like. As a CISO, you're not actually well, some are, some are not. So in your role, you're not actually in the weeds tuning things right. You are getting the information and you are making decisions and you're communicating that to the business for them to make more decisions right.

Clea Ostendorf: 21:19

On a very simplistic level, why can't we do the same thing in application security? Engineers, this is the framework from which we want you to work within. These are the security controls that we are thinking about. How do you want to get there? You choose the tools, you choose the products, you choose the output, you choose the communication. This is what we need to have from you in order to maintain our standards and our frameworks and keep our customers happy. How do you want to get there? And I think for so long it's been. Security is pushing things down to development, and development is, you know, trying to consume everything and, you know, do their job at the same time, and it's just created this riff that we've, we're, we're living in. So how do we fix it? Partnership.

Jess Vachon: 22:09

Okay, I'm trying to think of how to phrase this question, so it's not like I'm handing a grenade to you after I've pulled the pin. So we've outlined the problems. If things don't change, what do you see the future of AppSec security looking like? What do you see the products, the security of products being developed? What do you see that looking like if things don't change.

Clea Ostendorf: 22:43

Well, I will say this I think most new products being developed are secure or more secure than they ever have been. Right, the right checks and balances are in place for new development. That's not always the concern. The concern is all the legacy stuff that exists that has those grenades in them right, log4j is such an easy one to pick on because we all experienced it right. If there was better visibility and version control and logging, we would have had faster resolution to closing that huge gap. Right, but most places don't want to do that because it's hard and it's messy and it's like legacy boring stuff. No one wants to touch that. But that is where I see a huge gap. It will continue to be there and you know we have to think about that with our eyes wide open.

Jess Vachon: 23:43

Okay, we talked about automation earlier. Let's talk about artificial intelligence. How do you see artificial intelligence as a play, positive or negative?

Clea Ostendorf: 23:58

in AppSec. It will be positive, and it could be negative too. I mean, just in like every other case. So positive, I'm seeing the adoption of real-time remediation happening in code. So in runtime code, somebody will write something maybe they have a cross-site scripting, which is a very common vulnerability. Instead of letting that pass, the AI will immediately remediate it, or give it a flag and say, hey, fix it this way, right? So it's stopping these vulnerabilities from making it upstream Okay. So I think that's very positive. I think it also and just in like how we all consume it the information we can't just take for for the truth. We have to also test it logically. So I I hope that these tools remove the low hanging fruit, but there's still the integrity to test things with our brains from a logical perspective. That's where I see this.

Jess Vachon: 25:05

I like that answer. Do you see any tools out there now that leverage AI that you think are bringing value today, or do you think that it's a couple more years until we start to see the real value of having AI added into those tools?

Clea Ostendorf: 25:23

I personally haven't touched them, but I know Korgia is doing runtime, ai recommendations and dry run security. Those are two that I think they're competitors, but you know they're. They're getting a lot of really good traction. So you know, I would say they're interesting to look at. I know all the big players are putting AI on top of everything. The big players are putting AI on top of everything Great.

Clea Ostendorf: 25:58

But you know again, you got to use it with a grain of salt at this point at least.

Jess Vachon: 26:06

Okay, I know you as a leader. You're always looking for talent in AppSec. What are you looking for today in potential staff for your team, and what would you recommend to someone looking to get into AppSec that they should have for background, whether it's formal education or hands-on experience?

Clea Ostendorf: 26:27

So for our team, we always try and hire former developers who moved into security, and that's very intentional, not only in the work that they're doing, but in the way that they communicate with their customers, ie the teams that they're delivering reports to or they're working with. I think understanding just small nuances like instead of saying a vulnerability, you say a bug that makes a difference in gaining trust and understanding amongst teams. So we look for that. My next hires. I'm looking for people who you know have really lived in the trenches of a strong or not strong DevSecOps environment, who can really go in there and understand the strategy and bigger picture of what's being trying to be done and then get into the weeds to actually help fix things that are broken. So that's where we are looking for, you know, future state for Wolfpack. You know really taking the hands-on pen testing and then really also diving deeper back into the processes that got us there in the first place. So that's, you know, if you know anyone we're talking.

Jess Vachon: 27:43

Yeah, if I know anyone, I'm keeping them for myself, right now, I know I know a few people too.

Clea Ostendorf: 27:49

If you know, maybe you're going to hire them first.

Jess Vachon: 27:52

Yeah, I think we have to have a no poaching rule between ourselves deal um, well, thank you for that, uh, so I want to.

Jess Vachon: 28:03

I want to change up the conversation a little bit. We've talked a lot about app sack and we've talked a lot about, um, your company. I want to move towards the more what I call the more human side of what we do, who we are and how we operate and what our kind of belief systems are that we bring forward. One conversation that I've seen going on that I've found very interesting centers around what it means to be a woman in a professional space.

Jess Vachon: 28:34

In the past, a lot of conversation has suggested that we have to give things up in order to be successful in our professional lives. In the last year or so, I've seen that conversation shift where more women are saying we don't have to give up anything. We're not asking men what they have to give up. Men will tell you, they're not giving up anything. That conversation is very interesting to me, and one of the things I like to ask other women is how do you view the conversation? Do you find any truth in it? Or do you just show up as a person who's living your life and doing your, running your company, and then is a parent or a spouse or, you know, has a million other things that you do outside of work. Give me your perspective on that.

Clea Ostendorf: 29:24

I kind of vacillate in my head between the two that, yes, you can do it all, you can have it all, and then think realistically Well, do you? I mean you. You know there's sacrifices. So I'm a mom of two, two boys, six and three, and so you know I get up early in the morning to have a little bit of me time you can see my yoga mat in the back like just a little 30 minutes just take care of yourself, and then it's mom mode, and then it's work mode, and then it's mom mode, and then I need to sleep, right.

Clea Ostendorf: 29:59

So where do you fit in your life outside of that? That's, that's been the challenge. And I'm really lucky. I have a lot of really great friends. But I was joking to my husband I'm like I'm not gonna have friends in 10 years because I don't have time for anyone. So that's where I start to get a little sad about it, because there's only so much time and you know, little kids are very demanding and I want to be present for them. But I also need to have time with my husband and I need to. You know, I need my like girl time with my friends. Where I can, just, you know, let loose. So it's. I think it's a balance and you know, each phase of the business and each phase of motherhood changes. I think I'm getting a few hours back each week now, so I'm hopeful that I'll have more. You know balance soon, but you never know. It's ongoing.

Jess Vachon: 30:50

I appreciate that candid answer and it's interesting because I'm a Buddhist and people think that enlightenment is a destination, but a Buddhist will tell you the destination, is the trip. That is the enlightenment piece. So being in the moment, being cognizant of each step that you're taking, is what it is all about, right, and what I just heard you talk about was each of those pieces. Like you sound very cognizant of each of those pieces. At the end of the day, do you? Do you feel like, yeah, this is what my life is about, this is the whole thing there's. So, even though you touched on, you have to give something up. Are we really giving anything up? Or is this, it Like all those elements? Is that fulfilling?

Clea Ostendorf: 31:44

That's such a great question. Yeah, I'm pretty happy. I mean I feel I love that I can be present for my kids. That's really important. I had a mom who she was not a stay at home mom, she worked full time but she was always around and always present and that really impacted me as a person to have that support and, um, you know, just somebody always cheering in your back corner. So I want to give that to my children. But I love to work. In fact I love, you know, monday mornings, that's my special, that's my, that's like me time. I'm like, all right, kids are gone, I could like sit at my computer and do my thing. Um, that's that, I love that. But you know, there's like I would also like to be able to paint again or travel my gosh for fun.

Jess Vachon: 32:38

Nice. So you paint ? Tell us about it .

Clea Ostendorf: 32:42

Yeah, I used to do a lot of oil painting landscapes and pets and you know I really enjoyed doing that.

Clea Ostendorf: 32:52

But right now now if I can scribble with a marker, I feel like, okay, yeah, we got a little creative energy out when, when you were younger, is that kind of the path you thought you were going to go in was to be an artist or be more on the creative side, not to suggest that what you're doing now isn't creative 100%.

Clea Ostendorf: 33:12

I wanted to be an actress or an artist and my parents were very practical and said you need to make money, like you need to, like we are not. They were both artists. They're like we're not supporting you, you know so I. So I saw, I saw the both the benefits of you know being around artists and that also you know the downside. Like I saw the both the benefits of you know being around artists and then also you know the downside, like let's pay bills and you know that sort of thing. Nice.

Jess Vachon: 33:39

So what kind of kid were you? Were you the, the good child or the wild child?

Clea Ostendorf: 33:46

I, I like to push boundaries. I still do. Um, you know, I am the type of if you don't tell me no, I assume it's yes. So and I would never I'm not ever malicious and would never hurt somebody but you know, I'd like to, I like to push boundaries. That's probably why I like cyber so much, because it is sort of always teetering on pushing boundaries. So, yeah, I was a little naughty, but I didn't get caught very often.

Clea Ostendorf: 34:17

Very often.

Clea Ostendorf: 34:18

Yeah, I did get caught a few times and then really regretted my choices, but for the most part I was under the radar.

Jess Vachon: 34:27

Do you see the influence of your parents and how you grew up as a strength in what you're doing now?

Clea Ostendorf: 34:43

Totally. They were always thinking outside of the box, always community driven. I mean, they were fantastic, fantastic parents. I'm super lucky and I think I attribute a lot of, and my sister too, who's incredibly accomplished. I think the way we were raised really allowed us to take chances but know we have a safety net and not I'm not saying a financial safety net, more like we're here to support you, like you always, will always support your choices, we believe in you. A lot of positive affirmation and that just built a shell around me like a confidence that I can do it and so far it's working. So better knock on some wood.

Jess Vachon: 35:24

Do you find that whole part of you that you just discussed, that you bring that to work and you coach that, or you bring that to work and you you coach that or you mentor that with your teams.

Clea Ostendorf: 35:42

I feel like for the first time since taking this role you know, starting Wolfpack I am trying to bring my whole self. I'm trying to not pretend I'm something, I'm trying to not, um, pretend I'm something, I'm not, or pretend I'm somebody, I'm not, I'm in it's. It's really refreshing, um, you know, to finally take off a shell and stop pretending that you are one way or another. You just show up as you are one way or another. You just show up as you are. I'm a newer manager.

Clea Ostendorf: 36:21

I don't know how to bring that out in people, so Jess, maybe I lean on you on how you bring out the best in people.

Jess Vachon: 36:29

It's interesting because I've found and you just touched upon it, I've found that being vulnerable, allowing people to see how I'm vulnerable, people will tell us it's a weakness. I've found it to be a strength because when you're vulnerable, others can be vulnerable and you're not spending all this energy trying to put up a front. That's, that's inauthentic, right, and so when we get that out of the way, then then we can work with each other and we can focus on the things that are important. So it's, I like to ask that question because I like to see what others think about that. And more and more when I ask that question, I'm hearing people say you know, I just prefer to be me, I prefer to be vulnerable and open.

Jess Vachon: 37:15

We all have a little line that we keep there because, for you know, human resource issues, legal issues we have to keep a little bit of a line and and there has to be a delineation of who's who's at the helm and who isn't at the helm. And I say that, and, as I say that, I reflect back to what we were talking about before we went live, where we have all these different people on our teams, right, and they're all leaders. And when I look at the teams I work with, they're all the experts and my job is just to get the problems out of the way for them, show them the direction we're going in, make sure that their voices are heard and they have the ability to manage up. I hear a lot of that in what you're saying. So it's it's interesting when you say you're a new manager, because I think you're bringing a lot of wisdom to the table, a lot of experience to the table, both your professional wisdom and experience and your intrinsic value.

Jess Vachon: 38:41

That you have, just as as you, Clea, uh, as the person who wanted to be the artist, uh who, who went into sales and then found themselves in AppSec running their own company. Do I have an accurate picture of you or you tell me? I don't want to tell your story.

Clea Ostendorf: 38:50

You summed it up yeah, there's a few bumps in between there, but more or less here we are. But, yeah, I've always found being not only makes you more human, it, I mean, it's relatable and you know, you start to build trust. Um, and I don't want to be around people who you can't, I don't want, I can't trust Right, I, I, I, I need to know that the people around me support me, right, and I will support them. So the vulnerability helps.

Jess Vachon: 39:21

When you think forward to that time when you've decided your career is closing . You want this to be done. You know you're moving on to something different. What legacy do you want to leave behind, or what do you hope that people will say about what you've contributed as a leader and in the security realm?

Clea Ostendorf: 39:47

What a great question.

Clea Ostendorf: 39:48

Hmm, I would hope that they would say that you know myself and Wolfpack. We broke down silos and allowed people to be vulnerable and share how they are hurting or where they need help and be okay asking for that help. I think so often as professionals especially highly paid professionals who are leading teams or in charge of things we're afraid to ask for help because it makes us look weak. But that shouldn't be the case. So I hope that our legacy is that we've bridged the silos and allowed people to feel okay saying I don't know.

Jess Vachon: 40:36

I love it. I love it. Okay, I am going to ask what I call an empowering question. I'm actually getting this from a deck of cards that were given to me a while back. It's not meant to embarrass you. It is meant to put you on the spot a little bit. I'm going to ask the question in terms of how you would be asking it to yourself, so just bear with me. I had three to choose from, and then I said I'll just mix them up and pick the first one. So I'm just going to read it and we'll go from there. Good luck.

Clea Ostendorf: 41:08

All right.

Jess Vachon: 41:09

All right. What are your most important values and how are they reflected in your life and your daily decisions?

Clea Ostendorf: 41:20

I had a coworker, Beth Miller, she said, did a whole exercise with me on values and it was about 40 cards and kept pulling them. So these are the ones that resonate for me Equality, and equality means we all are putting forth the same amount of effort when we can. Equality, you know, across roles, across gender. In my house, I mean, I'm definitely make my husband be 50-50 with me, otherwise I get really, I get really frustrated. So that's really important to me that we're all kind of like balancing this together, both personally and professionally. Three values, you know trust and honesty. I don't know if that's one or two, I'm going to roll that into one. You know, be honest so that you can trust each other. And then my third value kindness. You know, I really think if we all thought about others a little bit more, the world would be a better place.

Jess Vachon: 42:27

That's awesome. Thank you for sharing that and playing along with that part of the podcast. Oh, it's good, I appreciate it. So we're coming to the closing portion of the podcast. Right now, I want to give you an opportunity to tell us what you're going to be doing in the next month or so and also how people can find you, both at work and wherever else you are.

Clea Ostendorf: 42:51

All right, so the next. So first of all, you can find me on LinkedIn, Clea Ostendorf, Wolfpack Security. You can find our website, wolfpacksecurityco, and around town. I will be in Chicago this week at a WiCYS event, speaking amongst a great group of ladies. I will be in LA speaking at the Layer 8 conference in February and then in March I'll be in Milwaukee for another Women in Tech event, and if anyone is in any of those places, I would love to connect with you.

Jess Vachon: 43:27

I love it. No moss is growing on you. No, no, ma'am moss is growing on you. No, no, ma'am, thank you so much. This brings us to the end of this podcast. I'm so grateful that you were okay with being my inaugural guest. It means so much to me. Please, everyone, go check out Clea, check out Wolfpack, give them some love, and we'll be looking for your comments after we close this up. So thank you.

Clea Ostendorf: 43:55

Thank you so much, Jess.

Clea Ostendorf: 43:57

Bye.

Want to get notified when new episodes are released?

Click the button below to subscribe: