In this episode, we deep-dive into the strategic thinking required for effective cybersecurity leadership and discuss the evolving role of CISOs in adapting to new technologies and managing risks in an increasingly complex digital landscape. Additionally, our guest discusses Kevin Mitnick's in-person apology to him for Kevin's hacking transgressions. Tune in to this insightful conversation to gain valuable perspectives on technology, cybersecurity, operational leadership, and personal growth.
Guest: Petri Kuivala, CISO for Hoxhunt
On LinkedIn | https://www.linkedin.com/in/petrikuivala/
Website | https://hoxhunt.com
Host: Dr. Rebecca Wynn
On ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/rebecca-wynn
________________________________
This Episode’s Sponsors
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network
________________________________
Episode Description
In this episode of the Soulful CXO, host Dr. Rebecca Wynn sits down with Petri Kuivala, an acclaimed Chief Information Security Officer (CISO) with a rich background in companies like Microsoft, Qualcomm, NXP, Siemens, and Nokia. They discuss Petri's transition from working with industry giants to startups, highlighting the dynamic nature of the cybersecurity field, balancing technology/process/people, cybersecurity evolution and risk management, CISO burnout, educating young cybersecurity professionals, emerging technology and AI, practical leadership skills, and aligning with the business. Additionally, Petri discusses Kevin Mitnick's in-person apology to him for Kevin's hacking transgressions. Tune in to this insightful conversation to gain valuable perspectives on technology, cybersecurity, operational leadership, and personal growth.
________________________________
Resources
U.S. AI Safety Institute
https://www.nist.gov/artificial-intelligence-safety-institute
Diagnosing and Changing Organizational Culture, Third Edition: Based on the Competing Values Framework
https://a.co/d/bVwMG6J
Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future
https://a.co/d/ca5hgBw
ChatGPT vs. human phishing and social engineering study: Who's better?
https://www.hoxhunt.com/blog/chatgpt-vs-human-phishing-and-social-engineering-study-whos-better
________________________________
Support:
Buy Me a Coffee: https://www.buymeacoffee.com/soulfulcxo
________________________________
For more podcast stories from The Soulful CXO Podcast With Rebecca Wynn: https://www.itspmagazine.com/the-soulful-cxo-podcast
ITSPMagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
Winning Approach for Tech, Security, and Operations | A Conversation with Petri Kuivala | The Soulful CXO Podcast with Dr. Rebecca Wynn
[00:00:00] Dr. Rebecca Wynn: Welcome to the Soulful CXO. I'm your host, Dr. Rebecca Wynn. We are pleased to have with us today, Petri Kuivala. Petri is an acclaimed Chief Information Security Officer (CISO) and Board Director Advisor. He has considerable experience in mergers and acquisitions, having worked with companies such as Microsoft, Qualcomm, and Siemens.
Currently, he is the Chief Information Security Officer (CISO) for Hoxhunt, and is a Board Member for FIBRES Online, LAAVAT, Privaon Oy, just to name a few. His illustrious career includes serving as the CISO at NXP Semiconductors and Chief Security Officer (CSO) at Nokia, the Senior Director of Global Security at Microsoft, and Detective Sergeant of the Helsinki Police Department's IT Crime Unit.
Additionally, he's a highly sought after speaker at Peer Roundtables, ISACA, and Security World. And his articles have [00:01:00] appeared in CIO Influence, CIO Review, Cybercrime Magazine, SC Media, and Security Boulevard. His journey is a testament to the possibilities and the opportunities in the cybersecurity field.
Petri, it is so great to see you again. Welcome to the show.
[00:01:20] Petri Kuivala: It'd be good to be here. If the introduction, comes across as posh, I would like to be just a kind of a regular humble guy. So let's have a conversation instead of. Looking into their past too much.
[00:01:31] Dr. Rebecca Wynn: Yeah. And so I don't wanna look too much in the past either.
However, it's really interesting to have a person on the show that's been with Nokia, Qualcomm, Microsoft, and then is doing so much work right now with startups, not only as a CISO, but also as advising them. Tell us a little bit about that journey going from, working with the big boys to the people who were out starting up.
[00:01:55] Petri Kuivala: And thanks for asking that. Uh, as usually [00:02:00] has been a kind of, uh, some of lucky coincidence somewhere at the end of my career in the beginning of Microsoft . So, uh, the Hoxhunt, CEO Mika contacted me. He contacted me because I was handshaking Kevin Mitnick (American computer security consultant, author, and convicted hacker), uh, in the, uh, live, uh, TV at the evening news, end of evening news, here in Helsinki.
And I was handshaking Kevin Mitnick because he once breached Nokia and he wanted to have a kind of forgiveness and me as a CISO at the time being just to shake hands, which led me of having sushi with Mika and Mika was actually telling something about his ideas. And, and then over the sushi we brainstorm a bit more, and that was my entry into the startup world.
Since then, I've been kind of making myself familiar with, uh, some of the, uh, private equity, uh, companies and so on who have been using me as a DD (Data Domain) expert for different, uh, [00:03:00] cyber startup companies. And obviously over there when, uh, the opportunities have been raising, I've been joining them as a funder or as a kind of a pro bono guy.
I'm even currently working with six, seven startups, helping them possibly pro bono.
[00:03:18] Dr. Rebecca Wynn: What challenges do you find working with startups? I know that when I work with startups, a lot of times they want to be secure. However, they also are trying to make a viable product. As well, too. So sometimes I notice that I can't get all the security in that I like to get in. So how do you, how do you deal with that?
[00:03:38] Petri Kuivala: Working with the startups or even scale ups? It's always. Or even with the larger companies, it's, it's always a discussion about where do you focus your resources, even if you would be working for the Nokia or Qualcomm, you still need to actually focus to be able to execute your strategy.
The exact same applies to any startup that you [00:04:00] are kind of advising and being part of. Uh, when, when you are referring to the cybersecurity implementation of the startups, if you are working in the cybersecurity field as a startup. I don't think that you can make much compromise. You really need to invest in making your solution secure at the beginning because that's a kind of a matter of existence for them.
If you don't do that, well, you are just out of the game and then the game is over. On the other hand, if you're working for Another type of startup, of course, then it's a question that how much security do you need, which I think it's a balance of your kind of customer portfolio and sensitivity of your product and the content inside.
But it's always kind of a careful weighting of the different values and trying to find the best so that you stay alive, so that you make your customers delighted about your products. [00:05:00] Uh, and then. You are not totally too frustrated about the fact that you don't have all the competencies, all the money in the world.
[00:05:06] Dr. Rebecca Wynn: One thing I noticed too is you don't have to deal with legacy technology, which is really great because a lot of times you can go ahead and you can get on to the newer and better.
I'm going to say newer and better, but some of the ones that are the next gen way of handling things because you don't have to worry about, we have legacy systems, we have to run with like current operating state and trying to get to new state. You can get to new state quicker.
Most of the time in startups, they have a lot of younger, cyber security professionals and they might not know as much about identity management, about privilege level access, about thinking about the various attacks that can go on out there. How do you go about trying to educate them very quickly that attacks are real and they can happen at any point in time?
[00:05:52] Petri Kuivala: I'm an old dinosaur.
[00:05:54] Dr. Rebecca Wynn: No, I say that we're the advisors who've been there and done there. We've been in the trenches so we can try and help you [00:06:00] avoid the trenches or get out of the trenches quicker.
[00:06:02] Petri Kuivala: Yeah, but of course, of course, actually picking on what you said in the beginning, uh, cybersecurity is not difficult.
What makes cybersecurity difficult? And why do we have so many breaches is exactly that you made the point for, uh, of having the legacy when, when you are sitting in a kind of huge, uh, enterprise, let's just say, yeah. Enterprise with lots of OT space, I have seen spaces where you have technologies from 70s and running more than 60 different operating systems parallel.
It's a bloody damn nightmare of trying to make that secure, but where you can enter into the startup world, you can really play with the latest and greatest and focus and have only one technology that you are managing that makes it actually much more easier. Then we have question that, how do you make the younger guys, uh, believe and [00:07:00] understand that what are the, uh, difficulties and risks over there?
I have been going through, uh, in my past nation state attacks, uh, for example, that have been able to rule, uh, the IM systems. I have, uh, managed my first old security programs on 2006, uh, during the Nokia times and, and having this sort of, kind of very practical hands-on experiences and. Uh, using the storytelling capabilities, uh, I believe that that's the key, of course, not only the storytelling, but then helping them to understand what concretely actually, at least on a conceptual level needs to be done so that you are not going to be totally screwed.
[00:07:40] Dr. Rebecca Wynn: It's interesting, we have generative AI, um, so the newer version of AI, machine learning and different things, emerging technologies allow people to go ahead and to attack us from various reasons, ways, I should say, but I tell people those attacks still attacking the same thing. They're attacking that you [00:08:00] have weaknesses in your website.
They're attacking that you are not protecting your credentials. You know, people even talk about phishing , if you look at the Verizon reports or something along those lines, it's like, okay, 25 to 40 percent of attacks get in the exact same way that they've always been able to get in.
We're not using technology to actually thort it. We keep thinking that humans, for some reason, are not going to be humans. They're not going to click on something. They're not going to forget to shut down a port's protocol or service management. How do you think? People need to think things differently to be better in 2025 and 2030, because tell people the attacks, if you go back to 1960s, 1970s, even seems like it's the exact same attacks over and over again.
They're just, using technology in a smarter way to do it a little quicker.
[00:08:48] Petri Kuivala: Let me actually, a bit of reflection, I entered really into the cyber security world somewhere in the beginning of 2000 or so prior to that, of course, I had already investigated the stuff at the police [00:09:00] force. Uh, but my 1st case is, uh, with Nokia, actually, I saw that how the technology really can be hacked.
It was all about kind of technical vulnerabilities that had not been patched. It was all about not using SSL in the 1st place. It was not understood, actually. The, uh, uh, Active directory and its role in the game and you were kind of fully penetrated because of those sort of really, uh, elementary problems.
Since then, we have, on my opinion, traveled a huge way, uh, as, as an industry. We don't always admit or understand that, but we don't anymore have all of those basic things in place. I'm not saying that they are not total all of the problems of course, you still need to make sure that you take care of it.
Good care of your hygiene and you do all of those kind of appropriate things, but we are much ahead of those times since then. Of course, because the protections in the technology layer [00:10:00] has been increasing so much and for, for sure, for other reasons as well. People like Kevin Mitnick and so on. Teach us that human is going to stay as a human, we are not going to evolve as quickly as, as, as the technology. And that's why I've been always not only because of that, but for multiple other reasons, also in my background, I have always kind of kept my motto and mission to make sure that the people who are close to me, that they stay safe.
And that includes, of course, the systems, uh, but that also speaks to the thing that I want to be making the human side of the security much better. Uh, I have seen, of course, as we all, that it's easy to use, uh, the psychological ways of manipulating human minds of doing things that they shouldn't do. But I have also seen, uh, implementations where the uh, human communities have been made one of the strongest [00:11:00] asset of actually detecting, for example, the fishing, uh, uh, attacks and leading to the situation where the back ends of SOC (Securiy Operations Centers) projects are capable of reacting to the real attacks within a less than a minute or so. Uh, so I believe that, uh, in the future. It's going to be a balance really between the three aspects of technology processes and people. Where in the past,the people has been neglected it. We've been as an interest that we've been discussing about that topic a lot, but our activities. Have fallen short. They have fallen short for multiple reasons, but I believe that one of the reasons is that we have huge amount of technology specialist in our industry, but not too many psychologists, not too many police officers like me or or so who have been spending the day or whole professional life for understanding the humans.
Humans and then how to help them as [00:12:00] well.
[00:12:00] Dr. Rebecca Wynn: I usually talk quite a bit when I tell people, I think, you know, with all the, great things that AI machine learning can do for us, don't forget about humans are going to be humans. And then one of the things that were made very well is the critical thinking.
We're computer systems right now. I know people can talk about the breakouts, but they're not made to think. Like us, they have to be taught how we think. And so the one thing that I see is that, lacks quite a bit is people forgetting about the critical thinking skills that needs to be going on here.
Is that what you see too? That's where I relate to see that, that we can really make headway. Given that some of these, I'll call them lower line tasks can be done with some of these new, AI generative things that are emerging technology, take that out. So we can be using our brains a bit more. I should, or say a lot more.
[00:12:56] Petri Kuivala: Uh, that's a good question as well. So, [00:13:00] uh, I agree with you. It's, it's all about us using our brains for what we, what they are made for being creative, understanding actually out of the box. AI will. Release our brain capacity for doing that if we let it to do so, uh, we many times want to fight against the chains and, and, and, and keep on, on, uh, kind of grasping to the past, something that we know of, uh, we just need to, uh, trust on the fact that if we want to develop, and if we do develop constantly by ourselves, we are capable of finding our place in the ecosystem as such.
And as, as a kind of, I don't know. Uh, good example. I had to run the other night actually with a very good friend of mine who is a leading cybersecurity architect in a one large enterprise and we were discussing actually about the secure coding with him while while running and, uh, they had a kind of [00:14:00] thesis worker working for them, uh, testing that what does it actually mean to engage LLMs, uh, into the secure coding practices. And, and, and, uh, basically to make it crisp and short, uh, the outcomes of that study at that, that's, uh, this stage was that if you are asking a LLM to make code, uh, It is making lots of mistakes, hundreds of mistakes.
If you are having even a kind of decent size of, uh, application, if you, if you, uh, include into the prompt that make the code as well as secure about 70 percent of all the, uh, security issues will be gone. But if you are then asking at the end of that process, that can you investigate which security processes do you still have in the code?
And how do you fix them? You are capable of getting very close to 100%, [00:15:00] which then, of course, if you know how to prompt the LLM model with your co pilot or so, uh, it releases you to mostly actually, uh, do the thinking around the new code, new stuff that has not been made. You are not any more prisoner of the old maintenance stuff.
And so that's, that's one example of using the LLM. Another example for LLMs, for example, in my day job is that, uh, in the past, it has been kind of. Time taking, uh, taking over, uh, developing new learning solutions for different roles in the organization. Most of the organizations have had most probably only one, uh, cybersecurity learning program for all of the employees and one size doesn't just fit to everyone.
With the help of the AI, you're capable of actually tailoring your programs so that they are kind of really individualized, uh, in a mass [00:16:00] training. And you are capable of actually creating. Uh, really tailor made, uh, made, uh, curriculums for, uh, specific roles in no time at all. Uh, if you engage the help of the LLM extremely well.
So those are the kind of examples where I'm seeing lots of hope and light at the end of the tunnel, so to say. But we both know that it's also a whack the mole game. The other side of the coin, so to say, is kind of doing the same things. It's never ending story where we are kind of, we are becoming better.
They are coming, coming better. And, and then it's, it's a question that who of us will be faster just today.
[00:16:43] Dr. Rebecca Wynn: I agree. I think one of the things that it does allow us to, to speak other people's languages, for example. If, if you need to say Japanese or something like that, you can do that a lot quicker. I tell people you still have to validate.
Um, I had a person the other day who did a post and they didn't validate. I went and [00:17:00] validated and I'm like, did you know, did you really want to say that? They hit an AI and they just assumed it would be correct. You shouldn't assume, you shouldn't assume that the code is correct. It's a, it's a template.
It's kind of a starter. It's, you know, your crappy first draft. If you would say that might be. Better than, than your, your first draft that you might initially be able to do very quickly. But I think it's the blind accepting I'll say chat GPT, I'm not picking on them. Just as an example here on what it kicks out is the best thing.
And we do see that it's interesting whether you you're on LinkedIn or something like that, they'll say, Hey, do you want AI to write your article? And you're like, no. I want me to write my article. But that's where I see that people relying on it too much.
It's, it's almost like it's out there. So let's try it all over the place. And I think that's dangerous as an organization. It's very hard for us as CISOs to be able to watch every data stream that's either coming into the organization. That could be intellectual property, that could be code, that could be images, it could be things along that, it could [00:18:00] be songs.
Lawsuits are going to happen as well as, you know, 15 to 18 percent of your intellectual property or sensitive data is being streamed out and is going into a lot of these models. There's so many different places out there that data is getting out. Does that keep you up at night as a CISO? It does me cause I'm always in about being the greater good, but you have to like sit and think, is this greater good actually maybe having something else?
Behind the scenes and nefarious, not nefarious, but another way it's using the data that maybe you didn't intend.
[00:18:36] Petri Kuivala: My daughter is 19 21. It's not too long ago when they were learning walking. Was it looking scary? Did they hit their heads? Bloody hell, of course. I think that the role of CISO and CTOs and so on, they need to be the mothers and fathers [00:19:00] of the workforce. There is different ways of, of course, doing your kind of parenting.
You can be the parent who says no, no, no, no, no, and no. For everything, which I don't believe actually at all. I believe of enablement. I believe of helping the people, uh, is it kids or your workforce of doing, uh, the best version out of themselves. And, and that entails of making mistakes every now and then you shouldn't, of course, uh, make.
Cardinal mistakes. And that's what can keep CISOs up at night, which on my opinion, originates from something much more fundamental, uh, being a CISO, for example, a 33,000 employee company, like I was with NXP, uh, kind of feels daunting in the beginning because you don't understand all the different contexts of the company.
You do not know [00:20:00] how is the customer success managers working in China or Indonesia or whatever it is the country or whatever is, uh, is the function. And that's one of my opinion, also an area where. The new solutions, which are related to the human beings needs to bring the context or awareness of people's landscapes to the CISOs and CISO teams, because only then they can start to actually understand what sort of, uh, I wouldn't like to call them mistakes, but without a better kind of word, what sort of mistakes the people are making in different contexts of the companies so that I can be not the police officer, but much more kind of doctor and nurse.
Of helping them all of making things in a secure manner, and that's where we have been bloody damn worse in in in the past, we have been just enabling the blanket solutions with the technology and believing that all the people behave motivated [00:21:00] by the same goals. They are not, uh, so our, our job in the future needs to be much more close to the human beings so that you are capable of helping them.
Is it with the AI? Is it about any other new thing that they need to learn? Because if they don't learn, they will be the dinosaurs and someone else will be faster and will be kind of because of the market. Uh, market laws, they, they will be kind of bypassed and they will be the history. So I wouldn't like to see that happen to any other company, which I witnessed with Nokia long ago.
[00:21:35] Dr. Rebecca Wynn: Yeah, it's almost like we were going back to 2000, right? And we're like, Oh, are the computers going to destroy themselves or not? And then we just, we saw the evolution of cryptology and things like that were an another evolution. And one thing that I tell people, when you look at your enterprise risk management, you've always should have looked at cybersecurity, privacy, and compliance in the lens of, uh, Where does it fit within the enterprise risk management?
What is the [00:22:00] tolerance of the company? There's different ways to handle that risk. No company runs on zero risk. You really need to do that. In my opinion, for the AI and emerging technology today, you really need as a company going, what is our risk tolerance for these new technologies and to your point, Is our risk tolerance is going to be zero, better be coming up with a plan B, C and D, how are you still going to stay in business.
And I, I talked to CISOs that I mentor as well over and over again, they're not, they're not being part of that discussion. I'm like, you, You need to understand where the business is going and driving so you can do your job well, because our job is not to make sure the company has zero risk. And I think that's, that's a misconception on a company spot.
If they think that we can guarantee them to be zero risk because they don't run on zero risk. How do you, how do you manage that in your day to day? But how do you manage that? Cause I know that you mentor a lot of CISOs.
[00:22:53] Petri Kuivala: I think that you are kind of, uh, spotting a kind of really interesting piece of this, uh, whole puzzle here. We are a bit [00:23:00] lost on my opinion. You need to actually have extremely good relationship with the whole of your C level back with NXP, for example, when they, uh, LLM models were introduced, uh, we didn't understand actually that, uh, what, what it means to the, uh, company.
So I had. Few, one-on-ones with, uh, the CTO of the company, and we discuss about this topic and we made a decision that we block, uh, the usage of the ChatGPTs of this world. Uh, at least for a while before we understand it. And only when we understand it, we can start to open the, uh, gates again. So that was the decision in a company where, uh, security is really rooted into the DNA of the company itself.
Uh, you may have different type of decisions in a different type of company, but it all comes, uh, to the question that do you have good enough relationship with your C level so that they actually can work the same room, can have the conversation with them, [00:24:00] and then elaborate together that what are the risks?
What are the upsides? What are the possible downsides? And then you make your decisions. If you try to make them in a vacuum. Um, I don't know what you're going to be vacuum cleaner or something.
[00:24:12] Dr. Rebecca Wynn: Yeah, hopefully not vacuum cleaner. Right now we are in a time where CISOs are changing jobs very quickly. Either, you know, they're part of the layoff pool for some reason. They think the CTO can, can do our position or maybe the CIO position, or they're not allowing us to really have a chance to, to learn about the company.
They really want, tactical results from day one versus for you to really look and see what the company's doing. Think about the strategy to put the tactical in. And so it's, it's a results oriented right now. And so You, you're having CISOs really get burned out or they go ahead and like, I just can't help this company and you spin out.
What do you, what do you think is going to be the solution for us? Cause it seems like we're in a cusp where something's going to change. [00:25:00] Um, whether our titles are going to change, whether there's going to be an external facing CISO who deals with client and legal and privacy and compliance and then internal facing CISO, which is more of the day to day internal operations, SOC/SNOC and all that kind of stuff. How do you see that ? Cause it seems like to me that something has to change because the way it's working right now, holistically doesn't seem to work for a lot of CISOs.
[00:25:25] Petri Kuivala: It's a damn difficult position to be fully honest. I, I had the luxury of kind of growing into that position over two different decades. And that helped me to understand the internal and external side quite well, even then I always felt a bit short when discussing about the technology and the implementations there.
And that's why I wanted to always have kind of an excellent, uh, Operational security lead with me. Of course, what helped me also quite a lot is that because I'm not technologist by heart, but a kind of [00:26:00] trained police officer, I was always asking stupid questions, not so stupid after all, but that helped me to understand actually that what is effective.
That would be kind of my guidance for any CISOs who are feeling troubled at this stage. It's just kind of be yourself, ask the questions that you don't know the answer for. No one considers you stupid if you ask that, how do we make money? How do we protect our revenues? How do we protect our kind of, uh, long term competitive advantage, uh, in, in, in a specific market.
That's what I did, for example, with the NXP's CTO, uh, he educated me a lot about the, uh, automotive industry and our kind of capability of defending our, uh, innovation on a long term. I didn't have a clue for all of that. Of all of those kind of different topics that he brought into my attention. So that that's the first part, but what, what do, what, what [00:27:00] needs to happen to the position or for the industry?
That's even a wider question. And then maybe the symptom that you described is also related to the culture of the company. I was just reading actually about the book about competing value frameworks, which is basically saying that there is. Uh, four different types of, uh, possible company cultures out there, uh, which are quite different from each other.
And in some of the company cultures, it might be exactly. So, as you just said that the opposite management is really pushing you to deliver tactical, uh, stuff out. If you are happy with that and you push the tactical stuff out there and you make, make it happen. Okay, fine. But I think that you open yourself to a big risk.
If you don't understand the bigger, big picture, if you are not capable of communicating upwards that what does actually the holistic risk landscape look like in your specific business [00:28:00] line, you are going to be a kind of sitting duck when a breach happens. And that's why, in my opinion, it's actually up to you to lead upwards as well.
It is not you being just a subject who are being led. You need to be the person who helps them to understand not only the technicalities, but its linkage to the business itself. If you are incapable of doing that, I would just reconsider then that are you working in the correct industry or correct company.
Or, uh, correct size of a company. Uh, if, if you are in a too large company, too fast, you might be totally struggling and, and, uh, that may end up into the total failure. Uh, There. You, you might be lucky as well, and you may have the time to learn. I don't know what, what is the correct answer there, but I would be pointing out to CISOs that, uh, think about your landscape.
[00:29:00] What I, what I learned from a kind of great person, uh, uh, Bret Arsenault, who is uh, uh, or was the long term CISO for Microsoft, is that there is kind of, uh, three aspects that you always need to have perfect in your work. The work or the company mission is to be aligned with your mission. Uh, you need to actually be able to, uh, leave your family life or whatever kind of life at your free time.
Uh, in a very satisfying way, uh, when working, so you cannot sacrifice that that's the second pillar of it. And the third piece of the puzzle is that you need to have extremely good relationship with your manager, with whom we are working with. If, if that manager is actually covering your ass when you don't know the answers, yes, that that's a great place to be. But if your manager is the kind of guy who is whipping you up of [00:30:00] delivering the tactical stuff.
Again. Are you in the correct place? Not sure.
[00:30:05] Dr. Rebecca Wynn: I agree. It's okay to walk away when you're in a non win situation, there's no way to go ahead and turn it around. Your, your resilience and the rest of your life is not worth sacrificing. To be misaligned in a company around people who really don't energize you and don't make you really feel good about the work you're doing and about your, yourself at any given moment. It's okay to walk away is what I tell people all the time.
[00:30:35] Petri Kuivala: It's totally okay to walk away. Absolutely. It is. You need to need to find your match. With those 3 aspects, when you find your match, you will be developing actually where you want to be. But if you're compromising with any 1 of those 3 aspects, uh, you're not, you're going to be miserable.
You're going to be close to the burnout. There is going to be other possible side effects as well.
[00:30:56] Dr. Rebecca Wynn: Our time has totally flown by. I want to thank everybody for joining [00:31:00] us on this episode. I want to thank Petri for going ahead and joining us. Please go ahead and look at the descriptions. There will be other resources and also the contact information for him. Please go ahead and make sure you subscribe to the show as well the Soulful CXO Insights Newsletter. Comes out every other week, just like the show comes out every other week, and then I write a new article every other week. So every week there's something out there for you.
Petri, thank you again so much for sharing your insight and your wisdom and being on the show.
[00:31:30] Petri Kuivala: Excellent. Really good to be here, Rebecca. And anytime, happy to be here.