Paul Katzoff, Tech Support turned CEO of Data Privacy SaaS, shares why Data Privacy

is the hottest industry to get into right now.

Paul shares with you how he went from Tech Support to CEO of WhiteCanyon Software, his Secrets to Success and how you too can Launch, Progress and Excel your career as a PrivacyPro.

Paul has over 12 years experience in Data Privacy and more Fortune 100 companies use WipeDrive than any other solution.

Discover the importance of Data Deletion and some of the challenges organisations face from Pauls insightful experience.

Unearth what CEO’s look for when hiring Data Privacy Pros and why it really

pays to invest in training over learning how to pass an exam.

If you want to make it as a successful Privacy Pro and take your career to a new

level – You can’t afford to miss out on this episode!

Listen Now…

Connect with Jamal on LinkedIn:

Connect with Paul on LinkedIn:

Apply to Join the Privacy Pros Academy Facebook Group here:


Paul 0:02

But after a while you start to see the industry heat up, you know, sometimes if you're in retail or some other markets where you're going to, you know you're saying hey, this industry might close or might slow down let me hop somewhere else, data privacy is the opposite. You can feel the momentum you can feel the focus on it, and they're going to continue to and so the industry is going to continue to grow and you can just kind of feel that heat in that fever.

Jamal 0:28

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.

Rahena 0:33

Welcome to the PrivacyPros Academy podcast by Kazient Privacy Experts, the podcast to launch, progress and excel, your career as a Privacy Pro,

Jamal 0:44

Hear about the latest news and developments in the world of Privacy.

Rahena 0:48

Discover fascinating

Rahena 0:50

insights from leading global Privacy professionals

Jamal 0:53

And hear real stories and top tips from the people who've been where you want to get to.

Rahena 0:58

We are an official IAPP training partner.

Jamal 1:02

We've trained people in

Jamal 1:04

over 130 countries.

Rahena 1:07

So whether you're thinking about starting a career in data privacy,

Jamal 1:11

or you're an experienced professional.

Rahena 1:13

This is the podcast for you.

Jamilla 1:21

Hi everyone, and welcome to the Kazient Privacy Pros Academy podcast, my name is Jamila, and I'm a Data Privacy Analyst at Kazient Privacy Experts, I'm primarily responsible for conducting research on current and upcoming legislation as well as any key developments. With me today as my co host is Kazient's CEO, Jamal Ahmed. Jamal Ahmed is a Fellow of Information Privacy and CEO at Kazient Privacy Experts. He is a leading Global Privacy Professional, World Class Trainer and Lead Mentor at the PrivacyPros Academy,

Jamilla 1:50

Hi Jamal

Jamal 1:51

Hi Jamilla, how are you today?

Jamilla 1:53

I'm good thank you. How are you?

Jamal 1:54

I'm good. I'm really excited to speak to Paul, who's joining us all the way from the other side of the pond.

Jamilla 2:01

Yes. With us today is Paul Katzoff. He is the CEO of WhiteCanyon software, a premier provider of data erasure software for SSD hard drive and mobile device platforms to global organisations of all sizes. For over a decade, Paul has worked with technology companies seeking manageable growth and brand loyalty and expansion. He also works on White Drive which is the world leader in secure data destruction. It is the only wiping software in the world that meets EAL two plus security standards, and is approved by the NSA and the US Department of Defence. According to the NSA, data deleted with White Drive is permanently destroyed as to make any type of forensic data recovery impossible. Wow, and White Drive is used by more of the Fortune 100 than any other solution, and it has been the preferred solution for corporate and government customers for more than 20 years, carrying US and many international certifications. WhiteDrive complies with all major regulations and requirements of secure data destruction. Wow welcome Paul.

Paul 3:03

Thanks Jamilla. Thank you, Jamal thanks for having me here on Privacy Experts podcast I appreciate it.

Jamilla 3:09

Thank you. It's our pleasure.

Jamal 3:10

I think we need to learn more about White Drive and how we can bring that into the UK and Europe with all the amazing credentials and credibility behind it there.

Paul 3:19

Thank you. Yes, you know with White Drive we've been around for 23 years, so we do have some clients and exposure out there in the UK and Europe, but we're always looking for more. We've proven ourselves of course with our ability to forensically erase data, but also we've been around for a while we have a lot of those certifications and we look forward to, kind of some expansion if that's possible.

Jamilla 3:39

Yeah, definitely, definitely. So, as we always start off on this podcast with an icebreaker, and yours, if you had to create a slogan for your life, what would it be?

Paul 3:51

Oh, I would say that's a great question, I'd say, take time to enjoy the big moments. There are certain times both on our professional side and our personal side that you should take a breath and take a breather and just kind of enjoy that moment of what it's what happened when you achieved, and really let it sink in.

Jamilla 4:10

I like that. I like that. Take some time out to reflect on what's happened and give yourself an opportunity to celebrate as well.

Paul 4:18

I don't think we really take the time to really recognise what we achieved. Let's say it's a new job or a promotion, something like that or on the side, you know, maybe you're doing triathlons and you finish a big race, I don't think we take the time to kind of soak that in and kind of pat ourselves on the back and say hey look what I did. I'll worry about the next goal, tomorrow, but let's just soak in what I achieved and take it in today.

Jamal 4:39

Yeah, I really love that and that's one of the things that we tried to build into our students in the PrivacyPros Academy in the Accelerator programme is, every time they hit a milestone we ask them to reflect and look back and really just take some time to recognise and acknowledge what they've just achieved, and the work they've put in and just take a deep breath and just be grateful in that moment and enjoy it.

Paul 5:00

Yeah, absolutely.

Jamilla 5:01

Oh, first question to you, why is the Data Privacy, the industry to get into right now?

Paul 5:08

It is ho. So I've been in Data Privacy for 12 years, started back in, 08 just by chance right? Started here actually at Light Canyon in tech support. I tell you, with the collection of data and the ability of the large corporations to collect data and kind of analyse it with AI and other tools. The privacy aspect has grown. We all are aware of that, but also it's going to be, I mean, the future for Data Privacy is hotter and bigger than most other industries we don't even know where it's going to go to is all I can say on that.

Jamilla 5:42

You got in back in 08, I guess before it was kind of as big as it is now. Well have you kind of seen change over the time you've been in Data Privacy?

Paul 5:51

years, you know, this is:

Jamal 7:14

And in the States you have loads of new legislation, either being adopted or introduced so we recently we had the CCPA and now in Virginia, you have the privacy laws being introduced there, as well as so many other states as well. So it's only getting more and more important.

Paul 7:30

It is and, you know, the focus here lately has been on the federal data privacy law and when that will come out. We all know that it won't have the teeth that GDPR does CCPA will be kind of the de facto minimum for the federal data privacy law. But as this data privacy continues to evolve, we're going to have a federal data privacy law, probably the next two years, I know it's under a committee right now. But I think at some point they'll start to enact those financial penalties that we see with HIPAA and that we see with GDPR, and that's going to change more and more of the mindset here in the US. And just so you're aware, every state has a data breach notification law, they just haven't gotten to that point of how to protect consumer data. But that's coming as well for each state. Right.

Jamal 8:17

Exciting times. So Paul earlier you mentioned you joined the company as data tech support so by now you're the CEO. Wow, tell us about that journey,

Paul 8:28

Um, you know it's not a journey you plan for. I got my MBA back in 05. I did a couple different jobs and positions even prior to law school for an expensive semester. And, oh 7, 08 hit the big crash, jobs are scarce, I ended up getting a tech support job here wiping software for $12 An hour and I counted myself lucky at the time, and because of my skill set in my MBA programme in training. I moved up to Tech Support Manager, Enterprise Support Manager and after a while you get kind of, I don't know you want new challenges. So they asked me if I wanted to go into sales. After some consideration, you know most salespeople, you know, they talk too much, they exaggerate, they're always trying to sell you out, I don't really like that so I didn't think it'd be a good fit.

Paul 9:17

But after a while I thought let me take the challenge and I loved it, like technology sales is so different than used car sales and other types of sales out there. They're very consultative in depth sale. I really loved it. I was here for six years doing sales, decided to branch out, try my expertise and other software companies and I left back in five, four or five years ago, and it after a year or two they had a executive change, they called me up and said Hey Paul, we're great here, we'd love to. We'd love to have you come back as a CEO role, and think as anyone in my position would, I jumped and said, yeah, I'd love the opportunity, so I've been back here, almost three and a half years now.

Jamilla 9:58

And what made you kind of think that data privacy in particular was kind of the career for you?


As you go along your career in the very beginning I wasn't here for the data privacy, I enjoyed, you know, the security aspects and our little niche, you know we have large corporations call us over all the time or just, you know, a good sized company here in Utah, you know, but after a while you start to see the industry heat up and being an ego, you know what I need to stay here. You know sometimes if you're into retail or some other markets where you're going to, you know you're saying hey, this industry might close or might slow down let me hop somewhere else, data privacy is the opposite. You can feel the momentum you can feel the focus on it by individuals, corporations, government, military, everyone's focused heavily on data privacy, and they're going to continue to and so the industry is going to continue to grow and you can just kind of feel that heat in that fever right now so I count myself lucky to be in it. Definitely not looking to go anywhere else. I think it's the right place to be at least for the next five to 10 years if not longer. Yeah.


And Jamal would probably also agree with you there.

Jamal:ht now. And it's estimated by:Jamilla:

Paul we were talking before about that you're passionate about data and kids computers and data with people from working from home and how is kind of the pandemic impacted both of those things,


You know, great questions, and they'll good to both kind of in depth and just to kind of see our focus here in the US, it might be different than the UK, but here in the US, there is one computer for every five or 10 students was kind of a setup. The students would go into a classroom using computers, or the computers would be brought to their classroom, we have to use them for a day or so, all of a sudden all these students had to work from home, and it was up to the state to decide whether they're going to assign a laptop or just tell the kid tell the student they need to have their parents get a laptop or get access to the computer on their iPad.


And so seeing that big issue, a lot of states and you know what we just need to do a one for one type of programme, and they went out and found the lowest cost laptops or devices, either Chromebooks and they pretty much assigned 50 million Chromebooks or devices all within three or four months. So all these students took these devices home they all, you know, we heard the zoom, meetings and zoom calls with kindergarteners and second graders and so on, on our side second graders.


But what happens is these students, this creates a conundrum because these students have these devices at their home they're using them, then all sudden at the end of the year sometime between May or June or school year ends in August where the school year begins, those devices have to be processed, if there's bad keys or screens they have to be tested the diagnostics run on them, make sure they're usable for another year if not returned back to the vendor Neisser wherever they got them from a resolver they need to do. and then also there's data on those devices, and the big issue and big concern here in the US is you have an 11th grader hopping on a Chromebook, who knows what he's doing on that Chromebook or she's you're on that Chromebook and all sudden the next year it gets assigned to the first grader, and the first graders on there click something and opens up a folder, who knows what they get to see and interact with. And so there's a huge concern over here on this on just the data on these devices, making sure the students information is also kept private but also same time protecting other students from seeing information or data about items stored in the computer from someone else,


And similar things have been happening with working from home, I guess, and also be having to use their personal laptops for school or work and things like that, have you seen similar kind of challenges.


The work from home area is a little different I mean, you are using your personal laptops and, and you're not really have a risk of turning that back in and someone seeing the data on there. The big issue, a big risk there is you're working from home, all of a sudden you're an accountant or, you know, a tech support agent for a company and also and you're working from home you're excited this is great to new change, don't get assigned to work laptop and so at home you log in with your home network, your home computer and you jump in, you're downloading corporate files you're accessing the network through the VPN, while all these files and information are all coming on to your home network and onto your home computer.


And that brings up a huge security concern, you know, corporations have spent millions of dollars to protect their corporate networks and all sudden, all their information is out on their employees home networks which have a password of 123 password, and so on, or even a home computer that doesn't have a password on it, or the neighbour kids come over and hop on that same home computer, are they able to find those files, who has access to those files and end of life, when you have this laptop that you've used for. Has it been now a year of COVID might be a year and a half, two years of COVID.


Also, as a home user you go, you know what I'm going to go and, you know, resell this laptop on eBay. You go and sell it and someone get hops on it, purchases it recovers all the data off of that laptop and they found your corporate information, and is their healthcare information in there as their financial information, or is this a HIPAA breach? Is there financial penalties? There's all these big headaches for these corporations that quickly allowed everyone to work from home, and now they have to worry where their data is at, and that is Cummings. CSOs and other security officers have kind of started to see the big issue, they're trying to address it, but it's going to become more and more of an issue over the next year, year and a half.


So how is it that data can be permanently erased. Just put it in your recycling bin and click done?


We all wish it was that easy, windows, a lot of operating systems out there don't want to securely erase your data or be liable or responsible for security erasing your data that's why products like ourselves wipe drive and other third party products are out there, because the O S says hey, put it in a recycle bin, you click empty and all it's saying is on that drive, that space where that file is that can now be written over. That's it. So if, let's say from that moment on, you don't use a computer again, it's very easy to recover that tax document or video or picture, a corporate document whatever it is, and even if you have used your computer, they're so large, now you know terabyte of data that file may sit there on, you know unwritten or, You know not written over for years, and maybe a part of it's written over but you can still view the full picture view the full PDF, there's some issues there where the data can last forever. So on our side what we do is we address that drive we boot up in our own white tribal s, and we securely erase all the data we go through every bite bit every sector on that drive we erase all the data from that hard drive or SSD or NVMe drive, and we ensure when it's done with any forensic tool that you have out there, you can't recover any data from it,


And is it something that can be done remotely. So let's just say there's organisations here who don't have the resources weren't quick enough to get laptops out to each individual. And so people are using their own laptops maybe their spouses laptop. And then that's being borrowed by people around the house and being taken to school by somebody at the other end it causes huge concern, Especially for the CSO sitting there terrified about what may happen, how can they remotely, delete, or wipe or restrict access to this data.


Great question. So, um, the remote erasure is a side that we've kind of been in for a long time now as far as our deployments go. We are able to push out in a ratio file either an EFC, or ISO file to any computer out there, depending on the network and how it's set up for a lot of our work from home clients that are addressing this issue I TADS and other service providers. What they're doing is they're providing a link to their clients. And so corporation will turn around, say, here's all our work from home employees, when you come back into the office or when you're going to get rid of your device, here's a programme, you're going to run which is the Wipe Drive programme, they put on their network with a link to it, they can download, run it, it's going to reboot into Wipe Drive that's going to securely erase the computer with all the configurations and settings of that corporation once and it's going to save a report back to the database for the corporation so that they know all that data is gone, but also on the computer itself, which is kind of a nice little thing to have your pop up a nice QR code. So wherever that laptop goes whenever it's opened up and booted you're going to see this QR code you can scan it, it's going to tell you the report of what has erased, whether it's successful or not, how long it took, all that kind of information. So from then on you know that all the data on that drive in that computer is securely erased.


So what about people that are using their own devices and they've got their own memories on there, would it protect that or would that be collateral in the process?


It's collateral. Unfortunately, I mean we address the full drive. We do have some Secure File and Folder ratios, the issue with that is on SSDs, the data stored in so many places you're going to kind of wear down in essence the computer many file ratios and folder rates. So we kind of step away from that and say hey, just focus on the end of life, when you know you need to get rid of that device, that's when you want to run Wipe Drive, securely erase it and then you're safe from that moment on.


And are your drives and data landfill bound?


That is the other big issue on the sustainability side and in the circular economy side, you know, we have a lot of drives here in the US that are shredded. We estimate the US government shreds about 100 to and 130 million drives a year.




And that's ganttic Number, Sure, most of the rare metals and parts of that device are recycled, but a lot of isn't and it becomes e waste. And so on our side we're always arguing saying hey, you know we're providing you with the service and a tool that can securely erase that device. And then after that you can reallocate and resell it, whatever you need to do. You don't need to shred it you don't need to destroy it and fill up our, our landfills.


That's great, great for the environment then. So we mentioned earlier the EAL 2 plus certification and what does that mean?


That certification comes from the common criteria which is a group of, I think it's 14 countries and 27 total countries that go through and certified different software tools. And so we went through the steps to get certified by that organisation. What that means is anyone with within those 27 organ countries is allowed internally to use our software to erase their drives. Now other countries that aren't on that list can still use our software and can't kind of rely on the EDL two plus certification. But as far as those 27 countries go, we're certified for use by them. Most of the EU is part of that, US, North America and Asia quite a few countries are part of that, that group of Common Criteria countries.


Awesome. So it's internationally recognised standard, I guess, so companies can be confident that hey, this means that a minimum benchmark or this hits what's required therefore it's a safe investment.


That's right, that's right.


As you know this podcast is listened to by a lot of aspiring privacy professionals, and as a CEO, what is it that you look for when hiring a privacy professional?


The first off I think is the the certifications and then also the experience you know the data privacy side is kind of a new industry there are some certifications out there that you can get, but also the experience in the area, and being up to date with the latest regulations, latest mandates all of that, that's what you're looking for on my side is someone that's kind of up to date, knows where it's going, knows where it's headed and helps my organisation steer itself so that we're in the perfect place three, four or five years from now.


And with the US are there specific certifications that you look for?


There are, they're all acronyms, so I can't help you with it right now I know if I try and do them I know I'm going to miss the bat on them but there's four or five acronyms that I look for right now that are great, and if you have those, you're gonna jump to the top of the list on anyone's recruiting calendar,


And when you're hiring people. Some people will have the credentials, for example, some people might have the Certified Information Privacy Professional for the US for Europe for Canada, Certified Information Privacy Manager or Certified Information Privacy technologies, but some people prefer to go and learn how to pass an exam and read a book and pass, whereas others will actually opt to go for the full one training and really invest in themselves, as a CEO hiring, would you value someone who's learned how to pass an exam over someone who's actually made the investment to go and spend that time learning the actual training with a world recognised company?


Absolutely, the second option. I mean, like you said tests or tests that doesn't really mean you have the knowledge and the experience, the passion for it. When you find someone that's in the industry that stays up to speed on it, loves it, is passionate about it and get that training from outside sources, like yourself, that's what you're looking for as a CEO someone that's going to be there forever in that industry loves it, is going to bite it, you know bite into it, take care of it for you. That's our biggest headache as CEOs is finding, you know, HR and human resources that can go and have individuals that take over that responsibility and run with it. And when we find that, we hold on to it like nobody's business but it's it's rare to find something that this will grab on, take care of that, that area for you.


So going back to you and your career, what are some of the greatest challenges that you faced and how did you overcome them?


Challenges. I've faced quite a few I mean there's, I think just a comfortableness on my side on doing the sales area, you know, getting out there and talking to people and chatting with them, wasn't really my forte. I never pictured myself as a salesperson I never pictured myself up front, teaching or leading or pushing people through this kind of a sales process that was really new for me, I already had my MBA, so I, I knew how the MBA process work and the you know the leadership and the CEO roles. From the sales side I learned a whole bunch there of how to connect with individuals organisations, speak to their pain points speak to what they want to solve, and then give them the solution and the legitimacy of the solution you're providing so that they know on their side, they're buying from you, they're buying a great tool, it's going to solve their headache, which is what everyone wants when they buy a product right, the last thing you want to do is have a headache three months later and have to switch. So, I learned that you can kind of present yourself in a way that solves all those headaches deliver overtime as well. And then you have a client for the next 5-10 years, which is amazing for any organisation.


Yeah and that started with you getting out of your comfort zone and would that be something that you would advise to hiring


anyone really


not just privacy.




I mean when I was in tech support, no one wants to be a Tech Support Manager for years right I was there for two, two and a half years and the sales opportunity came up, and it was going to be a stretch it was going to be kind of would I fail? would I do great? How would it work? I think you come to a point sometimes in your career where you can choose one or the other, like I'm going to dive in and I'm going to go for it. And if I fail, I'll have to find something else right, I'll have to work something out, or if I have been successful, where does that take me to become what will my career become, and it can be a little kind of hesitant and a little cautious about those kind of big steps, but I think overall it's always proven that when you do that, you can step up to it, you are able to achieve it and then you're able to move on with that through your career.


Yeah, yeah, I love those two things you mentioned there well because two of the first things that we teach in our academy. Number one is about mindset having that growth mindset about going out and experiencing putting the effort in to make the achievements, but what we also teach is the art of communication, and as you've nailed it on the head there. When you are in sales, when you're engaging stakeholders as a Privacy Professional, you're constantly selling something. It might not be a product or a software that you're selling, but you're selling the idea that they somebody needs to buy into the Privacy Concerns and do something to identify and solve those privacy risks. So we really make the effort to make sure that all of our students are master communicators and they can communicate and really secure speaking the language of those stakeholders regardless of where they are in the organisation. Why is communication such a big deal for you to really get ahead?


In the privacy side, you're going to present ideas, and you know recommendations to your management and to your executive team, and you have to be able to communicate the need for it, the costs for it, and also the return on that investment. As well as any CEO or management or executive knows, you can spend your money anywhere, there's millions of ways, thousands of ways for you to spend your money every month, but to accurately address privacy issues, take your company to a better level where it's protected liability wise, you know, financially as well. And what that cost is I think on the, on the privacy side, employees in that realm, have a very high requirement to be able to communicate properly so they can present those issues to management and have those be approved and protect the organisation.


So, what would you say is the one thing you're most proud of


in your career, I


mean we spoke earlier about celebrating the big moments and thinking about those, but what would you say is kind of your number one?


For myself doing these podcasts has become really fun, like after every podcast I like to sit back and go, wow, this is great, you know, getting out there spreading the word, as far as achievements go, I remember the largest po got at the time was I think was like 65,000 or something like that you know and I had only been in sales a year, year and a half. And I got this nice large Po, and it was just kind of that moment where, you know, We talked about stepping out and trying something hard. And I was like, about a year and a half into it and I thought to myself, You know what, I think I'll be good at this sales area, this is kind of that stamp of approval. This is the return say Hey Paul, this is a good fit for you, way to take that step way to take that challenge and enjoy this moment, you know, relish it. Enjoy it and you're on a good track.


Absolutely. I love it.


I think we just have one last question for you. So Paul, if you could go back, 10 to 15 years ago and give yourself some advice, what would that be?


I think that is a really valuable advice for anyone looking to either start, launch or enhance the career is, you need to stay up to date whether it's data privacy or something else. Whatever it is, if you want to be really good at what you do, if you want to be valuable to organisations, if you want to contribute to the industry, then yeah, you really need to be on top of any upcoming changes. There's no point in thinking about how you do things, how you've always doen things, it's what's new? Technology is always shifting, new laws are coming in, new standards are being introduced every single day and you need to understand what is the forward way of thinking and what is the best way of thinking right now. So thank you for that Paul that was a really valuable advice.


Thanks Jamal , thanks to Jamilla.


I love the chance to be on here with you and discuss data privacy to me it's a passion, it's going to be a great area for the next five or 10 years and it's just amazing.


Great, thank you so much for joining us today Paul, we really enjoyed speaking with you.


Thank you Paul.


If you enjoyed this episode be sure to subscribe, like and share, so you're notified when a new episode is released. Remember to


Join the Privacy Pros Academy Facebook group where we answer your questions.


Thank you so much for listening. I hope you're leaving with some great things that will add value to your journey as a World Class PrivacyPro,


Please leave us a four or five star review.


And if you'd like to get on a future episode of our podcast,


or have a suggestion for a topic you'd like to hear more about,


please send an email to


Until next time. Peace be with you.

Leave a Reply

Your email address will not be published. Required fields are marked *