59:58
SUMMARY KEYWORDS
people, business, ron, goal, big, andrew, practical cyber security, cyber security, jacob, company, understand, supply chain, happened, protect, call, awesome, year, clients, pull, awareness, linkedin
SPEAKERS
Andrew Deutsch, Brad Smith, Damon Pistulka, Melissa Worrel, James Grandoff, Mary White, Troy Neihaus, Mike O’Connor, Ajay, Jacob Warren, Gabriel Friedlander, Andrew Cross, Dennis Bolger, Ron Craig, Kelly Robinson, Pete Alexander, Alexandre, Corey Hansen
00:01
We got to get.
00:04
So I’m back on
00:07
full mode. You know, I’d
00:10
like an admin,
00:12
where I didn’t I think so anyways,
00:14
I didn’t have that last week that
00:15
was really wake up.
Damon Pistulka 00:16
And Ron, I’m getting them on the stage and maybe pull them up again. So, Jacob and Ron, are you guys able to turn on your cameras and get on here?
00:25
You go.
00:29
No, you turn it off. I mean, maotai pulling the magic on me. You know, I’m not that great.
Damon Pistulka 00:34
Yeah. Yeah. Well, awesome. We’re getting started. I’m gonna get done live here on LinkedIn, and we will get going. Alright, everyone, Welcome again, once. Well, welcome, once again, to the exit your way round table. We do this every Thursday, and I get tongue tied every Thursday. And I’m glad that Andrew is here making fun because it’s always a great time. Today, we’re going to talk a little bit about practical cyber security got two people, I consider experts here, Ron Craig and Jacob Warren gonna talk about that a little bit later.
We’re running live on LinkedIn. So a few people are on LinkedIn. And you’re watching this. Now, one of the things I’m going to be doing here that I haven’t done before is drop a link in the chat on LinkedIn for remo. So you can get over here with us if you want to. If you haven’t already dropped your LinkedIn link in the chat so people can connect with you. And we’re going to get started.
So as it is normal. We have a tradition. We started here a while ago that that Andrew and I enjoy. And Andrew is going to start by bringing people on stage and we all get to do a real quick introductions of ourselves and what we do, and answer a question. So our question of the day, like last week, we said, what was your favorite band and music when you’re 18? And what is it now you know, we’re going to do these kind of things. But this one’s a professional one. So tell us what your your one big goal is for 2021? Personal professional doesn’t matter. But what were your your your like, the pinnacle goal? So lots of Troy great to see.
02:21
Hello, how
02:22
are you? Awesome.
Damon Pistulka 02:25
So the question of the day, after you ask you to tell us who you are first. Sorry.
Troy Neihaus 02:29
No worries, Troy niehaus. Hello, everyone. I am an advisor, a wealth advisor for Bernstein, Private Wealth here in Seattle. And let’s see, that’s a great question. You know, my, my biggest goal is to do deep discovery with all of my people that I work with. So my professional colleagues, my prospects and my clients. And that means getting to know as much about them as possible so that I can be as effective as possible. So I would say that’s my biggest goal is to really emphasize deep discovery.
03:10
Very cool.
Damon Pistulka 03:12
Very cool. Awesome.
James Grandoff 03:14
Thank you. Thanks, gentlemen. Ron, Ron Higgs, Morning, everyone, Ron Higgs, here in Seattle, looking for my next opportunity in operations, operations, management, something like that. As far as a goal for next year, since I’m looking for an opportunity, I would love to find one. Find one that’s gonna make me happy and find one that’s gonna carry me out through the rest of my working career. I would also like to I think I shared this with everyone before as since I’ve been unemployed every day. I have tried to meet someone new, learn something new and help someone. And I hope to continue that as well. Awesome. Awesome. Ron,
04:01
thank you so much. We got neck mandra.
04:07
Let’s see here. Hang on. Something’s going slow. on my computer, like Give me one second.
04:14
Maybe somebody that can help with that. Yeah. We do. All right.
04:21
We’re gonna go with a new person here. Alexandra, Alexander gray.
Damon Pistulka 04:28
Oh, Ron knows him. He might have to turn on the screen. There we go. coming up. Hey, Mike. How you doing today, Mike? Great. How’s it going today?
Alexandre 04:42
freaking off seems to be working.
04:44
Yeah. Oh, everybody.
Damon Pistulka 04:46
So Mike, you and your goal for 21
04:52
miles actually pretty simple. Bike consider fairly big. I want to get
Mike O’Connor 04:59
500,000 Members onto the Service Professionals Network this year. And I feel like I’m gonna do that with some of the changes Jacob did on the site, when making it faster, more secure, giving people the ability to write blogs directly on their profiles.
05:17
Lots of little things we want,
Damon Pistulka 05:20
but make it rank better. And we’re actually ranking on and all 195 countries. Nice. Nice. And that is they service professionals. network.com. Yeah, I’ll drop the link down there. Very good. Very good. Support. All right. Thank you. Good. Alexandra. Alexandra. Yes, me. So tell us a little bit about yourself and your goal for 2021?
Alexandre 05:51
Well, you me Okay. Yes, Joey. All right. So my goal is to continue what I started in the two previous year, it’s raising awareness on cybersecurity. And actually, there have been quite a recent change. On my side, as I just started with a new company called virus Corporation. You know, I’ve been sharing awareness and best practices and security for the last year, which got me like the LinkedIn top voice, it was already amazing. But I was just director of security of one SMB. And I felt I could do more.
So when I got the opportunity to john virus, it’s a managed security solution provider, I jumped on the opportunity, because now I can actually reach more to SMEs. I mean, we also the market trends and the news and the leaks and stuff. And I think there is not enough people skilled to provide support to organization, especially SMEs. And I think I can make a bigger difference joining a company that would provide services.
So I’m going to be like, you know, Alfa ends on and advising kind of and supporting the team in place, because they have already a lot of very skilled guys. And I think for the whole world and cyber world, it will make a better difference joining them than staying alone. grieux I’m actually very excited. I think 2021 is gonna be like crazy. And to be honest, despite the COVID stuff, which I’ve been some rough time for some people on my side, I’m very lucky. It has been one of my best years. I mean, grow contact knowledge. And it’s just I don’t know why, but I got the
07:26
power this year. Awesome. Awesome.
Damon Pistulka 07:30
Awesome. Awesome. So Pete, are you today? Tell us a little about yourself and answer our infamous question.
07:37
Sure. Hey,
Pete Alexander 07:38
guys, good morning. And Glen, looking forward to getting some great knowledge from a couple big experts in this in this field on. So I’m Pete Alexander, I do a lot of different things. One of the things I do is help leaders better protect their health and handle challenging situations with grace. So I have two two big ones that I’m looking at. One is rebranding my landscaping business, where investing in marketing versus some of our competitors who really retracted on that.
So what to do and some classical marketing stuff there that I haven’t been able to do as frequently as I have in the past. And then I’m also on the lookout for other podcast opportunities. I’m really enjoying being a podcast host. And so occasionally I’ll see opportunities for that. And so I’ve been inquiring on those to see if I can do do a hosting for somebody else as well. Ah,
Damon Pistulka 08:41
oh, cool. Cool. Yeah. Awesome. Pete. You bet. Thanks. Melissa, how are you today?
08:49
And Thea?
Melissa Worrel 08:51
Hey, good to see you too. Thanks for having me. Hi, Andrew. excited to hear Jacob and Ron’s informational presentation in a bit. So for me, a leadership coach, I am looking forward to continuing to build my practice in 2021. I am in the works of announcing with an organization in Iowa, a elevating leaders 15 month development program for leaders that want to take their leadership to the next level and make sure they have that solid foundation. So that’s a big goal for 2021 to get that ramped up, checked off and in progress, and great question for today as we’re all winding down furiously 2020 and jumping into 2021. So thanks for being here. Thank you, Melissa.
Damon Pistulka 09:33
Wonderful to see it. Mary, how are you today?
Mary White 09:37
I am Wonderful. Thank you. I am Mary. My nickname is Kiki white. I’m from Syracuse, New York out in the snow here. Um, my big goal for next year is to really build and make my new blog system work. And we’re going to take it from just being a blog to some special scription materials to some training packages to some podcasts on each of the subjects that I’ve been already talking about. So I’m going to build my first course is going to be called get out of your own way. And that’s,
10:17
that’s cool. Okay.
Damon Pistulka 10:19
I think we’re, most of us are in our own way.
Mary White 10:22
Yes, absolutely.
Damon Pistulka 10:30
Thanks, Mary. Great to see you.
Mary White 10:32
Good to see you, too.
Damon Pistulka 10:33
All right, James. You’re up, man. First timer.
10:36
Yeah, man.
10:39
Welcome.
James Grandoff 10:40
Thank you. So I think for 2021 I have one real goal in mind. And it’s taking my company to the moon and making it probably the biggest offensive security one stop shop. possible. And, you know, we’re working tirelessly, you know, on marketing products, solutions, and trying to come out quarter one with a bang. So we’ve not been sleeping, you know, working nonstop to get to get this ball rolling. So we’re really excited. We’re not slowing down, especially with the holidays. We’re just working as hard as possible. not sleeping.
Damon Pistulka 11:13
Yeah. So James, what is the name of your company? So I got that zero security research labs, zero security research lab. All right.
11:22
Yeah.
11:22
I don’t know if you have already, James. But I would love to, if you drop your LinkedIn profile into the chat,
Damon Pistulka 11:28
very happy to connect with you that drop your website into there, because we save that chat and stuff, too. That’s awesome, man.
11:35
I appreciate it. Thank
Damon Pistulka 11:36
you. Thanks, James. Gabriel, awesome to see you today.
Gabriel Friedlander 11:41
Hi, guys. So um, I have this crazy vision. It’s an ongoing vision where people can serve the web without getting scammed. It’s going to probably take a lot of years. So 2021 is going to be you know, one step towards that goal. I’ve been fortunate enough to build wiser my company where we can both provide free training to people and also have businesses pay for some of it. So we have this platform where we’re trying to push it and where it’s doing it successfully to schools to you know, elderly people and really, my my mission is that online will become a basic life skill. And I really hopeful we’ll get there soon.
Damon Pistulka 12:34
That’s That’s cool. Gabriel, I like to write that down. online security will become a basic life skill. If you’re not using that you should. Awesome.
Gabriel Friedlander 12:45
visually see what they’re going through. You know, it’s something that is it’s just required today. This is sort of the virtual roads we’re crossing every day. Yeah, it should be taught and hopefully
Damon Pistulka 12:57
nearly every day, almost my wife gets us a phishing email of some sort. And she got caught last year on it and I mean, it is it is and as you guys you get older it gets worse. And my parents got got fished going to the website, the best buy website because they use the Geek Squad people that come on how somebody intercepted them in and got them to buy amazon gift cards of all thanks for the comment court, you know, and that how that all works, but
Gabriel Friedlander 13:29
why should crime you know why? Why bother, you know, pulling a gun if you can do it virtually. And? Yes,
Damon Pistulka 13:35
yeah. Hey, love your cars. Thanks so much for being here today. Sure. You had Dennis Bolger. Great to see you today.
Dennis Bolger 13:44
No, good morning. Good morning. I’m Dennis Bolger and we are insurance agents in Pentonville, Washington, just down the street from Damon. And literally, literally just down the street. And we’re independent agents. And so we have we have lots of carriers and lots lots of ways to help people protect themselves. My my goal this year is is I’m reading I’m branding the business and developing it into what it can be, and then protecting it so that
14:21
so that it’s protected from those folks that are trying to infiltrate and cause problems.
Dennis Bolger 14:31
And then one of my big dreams is to help my team realize their dreams. And the more I can do to help them, the better off they will be and they’ll have have more chances. But the the focus, of course is to always continue to protect those around us and those folks that don’t understand what insurance is therefore. Yeah, that’s your goal. That’s where we’re at
Damon Pistulka 14:59
Stop Dennis. Glad to see ya.
Corey Hansen 15:02
Thank you.
Damon Pistulka 15:03
All right, we
Corey Hansen 15:04
got Corey Hanson with us this morning. Good morning, Cory Hansen. I’m from near Seattle, Washington Bothell. And my business is hot 100 business and good to be here again, guys. And let’s see goals. So I work with companies that want to five x 10. x their business, typically one to $20 million. Next two, three years. And I’m sad because as a result of this year, I’ve only got one company that’s going to make the Inc 500 this Yeah, sure. So. So my goal, my goal as a result of next year would be to have at least five
Damon Pistulka 15:47
There you go. Awesome. Awesome. Good stuff, man. Good stuff, man. Helping business owners great value. Love it. Love it. All right, Kelly Robinson. Glad to see you today. Eric’s going cool.
Kelly Robinson 15:59
He’s cuz dad just run over to pick up a book really quick. So.
16:04
All right, awesome. Awesome.
Kelly Robinson 16:07
So we’re do I just popped up? We’re doing introductions?
Damon Pistulka 16:10
Yeah, we’re doing an introduction. And then you’re gonna tell us what your big goal is for 2021?
16:15
Oh, boy. Okay.
Kelly Robinson 16:18
What do you think about that? My big goal. All right. So I’m Kelly Robinson. I have a company called pata notes. Our talent acquisition and retention firm. So companies engage us on more of a retainer, to hire people for them, and try to hire the right people for them. My goal for 2021 overall, is to grow my business. So COVID stopped me for like a couple months, but I was able to meet revenue goal this year, which shocked me, which is great, but I just want to be on that trajectory, because we’re doing really well.
Gabriel Friedlander 16:58
Awesome.
Damon Pistulka 17:00
That’s awesome. Kelly, great to see it. Thanks for stopping by. Thanks, Damon. You bet, Brad.
17:07
Good morning.
17:08
Yeah.
Brad Smith 17:08
I’m Brad Smith, my company is stellar insight, Inc. and I help companies grow. I kind of like Craig’s goal of, you know, fortune 500 companies. But my goal was always to figure out where the mindset is for my clients and help them kind of shove up against their comfort zone. And my job is taken through the comfort zone into the unknown, and help them explore what’s possible. So my goal is to find out what’s possible, and I think I’ve been hiding out for 70 years, and it’s time for the world to know that brand exists. And that’s, that’s one of my goals, and to actually bring value to as many people as I can.
Damon Pistulka 17:53
Awesome. That’s cool, man. That’s, that’s awesome. Glad to see you, Brad. Thanks, Andrew Deutsch How you doing today?
18:03
Doing good. How are you?
Damon Pistulka 18:04
Wonderful. So go sorry, you’re not you know the drill
Andrew Deutsch 18:12
in I know you Yeah, I just bought a drill a shovel and a pickaxe My goal was to go to go in the backyard and mine Bitcoin. I think I have some buried back there.
Damon Pistulka 18:21
Yeah, yeah, you probably do.
Andrew Deutsch 18:23
That’s what I’m going to do this year. No, this year. It’s a toss up between get my my book published and grow to 1000 1000 subscribers on the fangled cast podcast that I started this year. One or the other. And, and then the crowd, the crowd will cheer and we’ll make a lot of money.
18:44
There we go.
Damon Pistulka 18:48
I have video envy. I just got it. Throw it out there. I got video and be bad. And I am taking you up on learning that stuff next year.
Andrew Deutsch 18:58
You Andrew, and then I’m gonna move the crab. So we’re good. There we go.
Damon Pistulka 19:14
Come down. He didn’t let him tell us what he was gonna do.
19:21
to slow
19:23
the Run button.
Damon Pistulka 19:25
Good. See ya. Those a little bit about yourself your goals for 2021.
Ajay 19:30
See, basically I’m a business development manager in an IT staffing firm. So where I help clients to recruit for their positions. Yeah. Yes, exactly. So the biggest goal for the 2021 is this. I just want to my own open my own business.
Damon Pistulka 19:47
Okay. So you’re opening your own IP staffing business. Yes.
19:52
Exactly. That’s a good for my 2021
Damon Pistulka 19:56
Great, good stuff. AJ thanks for thanks for being here. Again. Lovely. Thanks. So Andrew, before you got cut off so abruptly, tell us about what you do it
Andrew Deutsch 20:08
if I get cut off again or can I get like three words before you do it? No, we,
20:15
I hurry up
Andrew Deutsch 20:18
a marketing and sales consultant we help our clients convert every touch into a voracious advocate for their brand is fractional Chief Marketing Officer Commercial Officer. And we we have relationships and work in about 120 different countries with our clients.
Damon Pistulka 20:33
Nice. Nice. Thanks, Andrew.
20:37
cut me off.
Damon Pistulka 20:38
Now you can hear me now. Yes. So anyone else? Andrew, are we done?
20:49
I think that’s everybody,
20:50
raise your hand.
Damon Pistulka 20:55
Awesome, awesome soul. So, Andrew. Well, let’s start with you start and then I’ll go and then we’ll let the speakers go after that. Does that sound good? Because they’re gonna speak after that. All right. So go ahead, Andrew.
21:09
Yep. Yeah.
Andrew Cross 21:11
Yeah, well, intercross exit your way co founder with Damon Pistulka. We’re helping companies add value to their businesses on an exit when they want to sell so.
21:25
And
Andrew Cross 21:28
it’s, yeah, anyways, goals for next year. I want to lose 15 pounds. Actually, that’s the goal for first quarter.
21:36
And
Andrew Cross 21:38
and I want to add 500 million in value to companies in the next year, which is I think that’s what we do. And we need to step it up.
21:49
Yeah. Awesome. My goal
Damon Pistulka 21:52
number on it for it. Awesome. Ira Bowman, I don’t know he’s, he’s sick today. But he can get up if he wants to, he can let you know. By chat, I see that he said everyone but him. So he was looking for the pretty green this morning. Damon Pistulka Andrew talked about our business. You know, Mike, my goals for 2021. In addition to what he’s saying about growing value we’re going to do that is really extending the reach of our company.
And, and the people here, and, and just the helping as many people as we can get their, their brand out along with our brand and along with their customers and make them all successful. Because if there’s something that Michael Connor and Ira and so as other people have taught me in this last year, and you people here on this thing is like if we work together, we can be bigger, better, stronger, faster than anyone that’s going in alone.
And I truly believe that. Personally, for me, I’m really jacked for 2021. Because this year has been as someone said, for me, and in our business, honestly, it’s been a great year. But for me personally, it’s been a super, super enlightening journey. As far as I mean, I’m doing stuff that I never thought I would ever be doing, personally and taking care of myself getting exercise, you know, daily journaling, reading just those kind of things. I’m so excited to see what that’s going to bring next year. So
Jacob Warren 23:30
let’s see Jacob, alphabetically you come first. Oh, dear. Oh, dear. Well, Jacob Warren Warren research, the services or business? Essentially, when it comes in cinemas speaker with Ron today, well, the details will get covered later. But I think it’s for the goals for this year. 2021 is going to be an incredible year. But the major goal is that I want to have clients in every state in the US.
That’s one of the major goals for that. I think that as through all this, there are a lot of businesses out there that don’t or haven’t had the opportunity to realize what they can do by leveraging technology. And so that’s I want to be able to provide that to as many people as possible, but in the year we’ll be in all every state in the US.
Damon Pistulka 24:34
Awesome. Awesome, dude. Awesome, dude. So Ron,
Ron Craig 24:38
hey, well, first of all, thanks for inviting me as a speaker. And so my name is Ron Craig and I am a cybersecurity enthusiast and I have my own copywriting and brand awareness company and so I help clients and customers actually have their their messages their products and their services heard through social media.
LinkedIn is pie primary focus that I do, and I think I do a fairly decent job, but I look at myself as a cyber communicator, cyber storyteller. So I want to make things that are relatable for everybody to understand. Because the worst thing is, is that, you know, we’re talking over people’s heads, I want everyone to be able to understand what they need to do in a language that they understand. Not our geek speak, or as I like to say, don’t take a nerd turn all over the content.
Damon Pistulka 25:28
That’s a good one.
Ron Craig 25:30
So that’s my thing. So my goal for 2021 is to continue growing my business I I’m starting to work on 180 day plan, which I’m actually gonna be working with Jared Greer, which I think I mentioned to you guys before, so he and I are going to put together a plan for 100 next 180 days to see how I’m going to grow and scale and, and get to capacity. So I can help a lot more people, a lot more companies, you know, become more cyber aware.
Damon Pistulka 25:56
Yeah. Yeah. Awesome, Ron. Awesome. So having you guys on, I think is a unique experience for us. Because if, if people haven’t been impacted by some sort of cyber hack, you know, something happened to them, their business, their family, I think they’re probably a few lucky people. Really, because I think I see the seams that we’ve seen in business we’ve we’ve had in some of our clients, get wire transfers, intercepted, we’ve had, you know, just a normal phishing stuff that you see to pull little bits of money out of accounts, you know, and we, and we’ve seen some data hacks that have been and website hacks. And those are the kinds of things that we see in business.
But I thought we would start the discussion here with Ron talking about some of the things that you see. And then Jacob some of the things that you guys are seeing in the businesses you’re working with. And then we talk about we we kind of finished up the discussion with some practical steps, people can take in their business or themselves, that can protect them more, because I just, it’s such a widespread problem, and we don’t even know about it. So if you got questions, put them in the chat, we’ll have these guys answer. We’ll make sure that we’re getting them to them. But take us away here, Ron, and let’s let’s let’s talk about this a little bit. Sure.
Ron Craig 27:27
I think, you know, what I’d like to start with to is to kind of make a kind of throw numbers around. And you know, we had a report that came out, actually, in the last couple days that talked about what what the damage and what the loss was in 2020. For cybercrime, it actually has surpassed $1 trillion lost mostly from businesses. So that’s actually kind of putting up there of what, you know, the severity of what’s out there, and what we’re kind of up against, I mean, $1 trillion. I mean, that number, there’s, there’s many most countries in the world don’t even have a GDP of natural waters. Yeah, so what we’re actually looking at, and of course, you know, the US has a very huge target.
So in terms of what we see out there, I mean, business email compromise, which is basically, you know, somebody saying, Hey, I’m the CEO, it’s a phishing email, social engineering, to say, Come in, you know, transfer $500 million, you know, account A to B, or any other levels. So social engineering, or fishing as people, you know, really look at it as, is still one of the biggest attack vectors that are out there in the landscape.
So, you know, it’s still from my last that I checked, it’s still about 80%, of the, of the vector that’s actually coming up people. So in terms of what companies need to do, you know, it really is awareness, you know, I really pushed the awareness side, you know, I looked at it as there’s two different factors, you know, there’s, there’s the technology to help secure the technology. And at the end of the day, though, we actually have the people that are really the human firewall, that have to make that decision.
Now, as you know, as Damon, you were saying, you know, your, your parents get, you know, a call from somebody saying, oh, there’s tech support. But you know, one thing about awareness is, tech companies don’t call you up and say, Hey, I see you have a problem. Let me help you fix it. It doesn’t happen ever. It’s. So that’s up to us to really communicate that message out to, you know, the audience, whether that’s business or whether it’s, you know, grandparents, aunts, uncles, children, everybody to understand of what’s considered the norm. And that does change.
And you know, there’s a lot of different attack styles and vectors out there. And the thing is, it’s almost impossible to understand them all. Because, you know, one thing I always say often is that cybercrime is basically limitless, it’s unbound by the creativity of the attacker. They can they’ll they’re going to come up with a new attack day after day after day, with different ideas, different components, but the components of it you know, whether it’s too good to be true use of fear people calling you up, all of that really does remain the same. So it’s having the awareness and the awareness training. So awareness. training and awareness is really my key focus that I do. And that I, that I promote.
Damon Pistulka 30:06
Yeah, you made. The one thing you said that I wrote down that I think is really impactful important for people to understand is the human firewall. And we are the We are the ultimate gatekeeper on a lot of this, because that’s where most of the crime happens. not correct? is when something happens like that and someone let somebody in? Or is that just on the personal side? That’s more where it happens.
Ron Craig 30:33
Oh, no, that’s, I mean, that’s, that’s the best way to get into a business. So whether it’s coming through a VC, you know, attack, it’s still somebody I mean, it’s it’s people attacking people, you know, the outcome is either going to be money, intelligence, you know, to to push an agenda, let’s say, if it’s political, whether it’s a nation state back, I mean, the solar winds attack, I don’t want to go into that, because we’d be talking for like six years, but the solar winds was basically a supply chain attack, where it always comes down to, you know, return on investment, it’s what the ROI is, you know,
what can I do to get me the most money intelligence, it’s all about data, data, as I posted the other day, data is knowledge and knowledge is power. And so you have to protect the data. And to get access to the data, you know, really is coming through the gates, you know, you can come in through the back channel through supply chain, like solar winds, getting through the front door, because somebody wasn’t aware of that clicked on a phishing link, and they let somebody into the organization, it gets ransomed.
And then, of course, you’re sitting there with a note on your screen that says, you have to give us $1.5 million to get your data back. Yeah, where, you know, it comes into the practical steps that we’ll talk about after to make sure, first of all, you don’t pay that ever, you should never ever pay it. I don’t even think you know, even if you have insurance, I don’t like paying ransom because you’re funding for the crime.
And a lot of these ransom organizations and criminal organizations also deal with human trafficking. So just like a couple weeks ago, you know, I see that a school district, you know, paid the ransom. Well, first of all, a school district that looks after children paid a ransom to a criminal organization that most likely deals in human trafficking. I mean, it just blows my mind. Yeah. So let’s make sure that these people don’t get a dime. Yeah,
Damon Pistulka 32:21
that’s a good point. That’s a good point. And yeah, I just, I just, you know, the Garmin thing is one that I saw this year, that was really, it’s a company that I know, and you know, it didn’t they end up paying, like $10 million or so I don’t know, it’s probably small in the whole scheme of things. But the one that I saw that made was, yeah,
Ron Craig 32:38
they negotiated down, I think there’s something like six, but it doesn’t matter, you know, you shouldn’t have to pay 100, you know, 100,000 I know, it’s a cost of doing business. I know, it’s not simple. You know, I, you know, we always look at ourselves from a from a security, you know, protection defense advocates and say that you never ever pay.
But if I look at this from the concept of somebody who has a small business has 20 employees and have family prepay, and they didn’t do their due diligence, they don’t have the proper protections in place. So either they pay the ransom, or they send 20 people home without jobs. Yeah, understand that it’s not an easy decision. So what we got to do is we got to make sure that we get the defenses up to the point where they have the proper technology, firewalls, training, everything they need, so that we don’t put any more money in these buggers pockets.
Damon Pistulka 33:26
Yeah, yeah, that’s, that’s for sure. Now, Jacob, when you’re when you’re out there, and I and and I’m gonna expand on what you do a little bit. I mean, Jacob is helping organizations, just normal businesses, but also you help some government organizations that they just can’t get hacked. Right. And, and so what are you seeing in the field that is working well, and practical kind of things that that you see that that’s helping anyway? Or, or if I’m completely wrong, you know, you know, me take it another direction? Yeah. So I think here’s, here’s what I’m seeing out in the field is that
Jacob Warren 34:08
there are a lot of small businesses that go with this principle of imagine being in a Corvette, for example, or in a Corvette convertible, and you’re driving along, you have all of the revenue and everything that your business generates sitting in the backseat, then they pull up and park the car, lock the door and leave the top down.
That is the problem point that a lot of businesses that are smaller, and when we’re talking to small businesses, we’re talking under 200 employees, that they’re the businesses that you know, will go from one to 20 employees, and they approach it in a way typically, that it’s, well it, you know, we’re not big enough to be hacked and, and it’s not gonna affect us.
And so they’ll do things where They won’t even have a firewall, which, in case of old, it would be extremely expensive. That’s no longer the case, technology has gotten better, to allow it to be more affordable for them. And so what we do is we step in and help walk through and show them that, hey, I, the security piece of it is not this complex monster. Um, it can be a lot simpler. But if you look at even the room that we’re in right now, out of 10 of us, four and a half of the businesses that are currently watching out of 10, or 20, but let’s use that number 10.
Four, and a half of them are going to be hacked. Now, imagine that when you look at what like Ron was bringing up with the with the ransom, imagine it will cost you to $100,000, on average, to recover from that. I mean, it’s it’s no longer a case of not protecting your network. And so what we’re seeing is the awareness piece where there’s companies like, well, what Ron does is that education piece is becoming simpler and simpler to understand, it’s no longer that dry, annoying stuff, it’s it, it’s actually something that actively needs to be looked at.
You’re constantly improving yourself in your business, whether it’s, you know, to perform better at sales, or you know, do better things with their accounting, whatever it is, it’s now it, what we’re seeing in companies that are less susceptible, is that they’re lowering that overall what’s called an attack surface, you don’t what’s easier to hit a target that is a football field size, or something that’s one inch by women, when you’re looking at it from 100 yards away. And so what we’re seeing is the companies that take even basic steps, they are lowering that risk factor, while still allowing them to function and not hinder their the speed of business. Yeah, yeah, I
Damon Pistulka 37:21
think that’s one of the things that people think is when they go, okay. things on hold, right? When you add to your corporate VPN, you have logged into the VPN yet to do the kind of things that you used to do in the old days, and maybe that’s still prevalent, but they’re worried about how it will affect them. And the cost. I mean, because most Let’s face it, most people that are in business in this room, we we we don’t understand it that well.
And the days of old where you had to have a server in your in your business, and it was handling email and your website. No, it’s gone. And and even now that the hardware, and the systems to do this have gotten much easier for people like you or the business people themselves to maintain, correct? Yes, for example, you take your phone, the hardware in this phone is far greater than the servers that were around, let’s say 15 years ago, for example, that’s quite far back. But
Jacob Warren 38:21
when you start thinking about and phased out,
Damon Pistulka 38:26
did you freeze up all there we go, we came back.
Jacob Warren 38:30
I’m still here. I saw everybody else but but essentially, it comes down to the the hardware is cheaper. The amount of investment into technology for those hardware vendors is constantly being invested and reinvested. There’s no reason that as a small business, that you do not have a firewall, I mean, would you would you do? Would you operate in a way that way you pull up with that convertible, lock the door and think that it’s okay, would you?
I mean, it’s not realistic. This is your livelihood. And so when you start looking at the fact that the data shows that it’s 43% of small businesses 43% are you will experience a cyber attack if they don’t take precautions, and it’s not meant to, you know, go into scaring you. But it’s like, it’s almost to the point where why wouldn’t you just on a larger scale? Why wouldn’t you spend just a fraction of a cost to even start down that path of protecting your environment? Ah, cool.
Damon Pistulka 39:41
Cool. Well, Ron, I know that you’re passionate about this and I did want to bring us up that’s awesome about the business side Jacob and we’ll come back and ask you a couple of practical things that you know first steps for business owners or or even a more advanced step RON and RON, you as well. One of the things you’re passionate about The post that I see a lot, you’re talking about kids and practical cyber security and those kinds of things. Can you can you drop us a couple of nuggets of knowledge here? Because your posts about that are incredible.
Ron Craig 40:12
Yeah, Thanks, Damon. Yeah, I mean, that is a huge passion of mine is, you know, really protecting the next generation, you know, I look at the, and, you know, it kind of has that line between, you know, security and privacy, they’re kind of one, you know, they are very couple there, they’re definitely brother and sister, or whatever, to each other. But, you know, privacy is something that we talk about often. And everybody has a right to privacy. I mean, people don’t even maybe not even realize this, but even your children actually have legally a right to privacy.
And privacy is an endangered species, by far, like we have lost, you know, for our generation and everybody alive today. You know, our personal information is out there. And I don’t even look at that. And I think I’ve said this many times is that a static information, what I call see your your static, you know, PII personal identified information is gone. You know, where you live, who you are, who you work for, it’s gone. I mean, it’s not coming back, you can’t get it back, you can’t get your thumbprint back, you’ve used that on your devices, you can’t get your voiceprint back. And honestly, it’s not even the one to worry about, you know, what you statically where you live isn’t a big deal.
what actually is a big deal, especially even for children who are targeted by marketing, getting ad campaigns is what they do, where they go, what they look at, who they talk to where they’re at. And look at that Amazon, I’m going to knock them right now. They have that that bracelet that’s coming out that apparently even monitors your body fat. And yeah, in sells that to third party. So there’s a you know, what was announced to me recently was, Apple is being very, very good at actually pushing the privacy vector, you know, they have a lot of kids that use our devices.
Now they’re coming out in early 2021, to give us a choice to say, I don’t want you tracking my behavior, and my data, including apps, we get to opt out and say you don’t get that. And of course, Facebook is fighting back and saying that’s going to hurt small businesses, because we need to be able to target you and track you and see where you’re going. So now there’s a big fight going on in the industry that Facebook and Apple are going actually the head now and actually blows literally blows on ads, and it’s just horrible.
It’s gonna get messy. But Apple, you know, Craig federighi. I mean, he said that our customers are not our product. And that right there. I love that. That was beautiful. And so when it comes back to the kids, it’s so money important. You know, I, I mean, I had a post out the A few months ago, and I think it made a lot of waves and people are really upset when I talked about there were ads coming up showing my my seven year old, you know, decapitations and blood spatter on the screen, because what they did is they were able to sneak an ad into a four plus game that actually was able to circumvent the content restrictions.
I don’t even understand how they even allowed to put ads on a device that set up for for a four year old. Yeah. Yeah. So when it comes to the kids and everything I’m going to be I’m always going to be a strong advocate. I have a zero tolerance mentality when it comes to children being targeted for business and ads, and campaigns. absolutely zero tolerance for it. I don’t think it should be allowed. I think it should be regulated. It shouldn’t be allowed to happen.
Damon Pistulka 43:29
Yeah, yeah.
Andrew Cross 43:30
I invited Alexandre up. He was said, it’s a very, uh, you put us a great comments in there. You know, might as well come up here, it says in the chat and see if we can contribute a little bit to the conversation. But I had a question guys to just recently to not about, you know, with with children and hacking but with this big one, that the
43:53
with the
Andrew Cross 43:56
that the got it. They’ve got another Treasury Department, you know, this recent one that’s in the news. Yeah, I was reading about it just yesterday was that, you know, they came in through office 365 into these agencies, government agencies, and Microsoft now had kind of like, went on the offensive back against the hackers, and they’ve got some article was about very considerable resources they put on it. Yeah.
You know, I just was curious, you know, just as industry, you know, as insiders into that, too. Is that, what do you guys think about that? Is that I mean, it was kind of like for once, you know, Microsoft was the using the evil for good type of, you know, kind of thing, but yeah, what do you maybe if you could add some comments about that? I thought it was interesting.
Jacob Warren 44:43
Yeah. If you don’t mind, I’ll go first on that one, the solar wings attack and how they essentially did that. And so one of the great things with Microsoft Office 365 is that it gives you access to A lot of different plugins and modules that you can plug into it. So wins. When it comes to that supply chain and stuff, there’s, there’s additional layers of protection you can put within that environment. And so it wasn’t necessarily a vulnerability with the Microsoft platform, it was the added modules that were put in place to protect or monitor and support it.
And with that comes, you know, you’ve heard certificates and things like that there’s different measures that you’re supposed to implement, and vet and put into place with that. It’s kind of like, the best way to look at it is for this particular environment for how this network was managed, they gave out too many keys and didn’t pay attention to where whose hands those keys ended up into, which allowed for a vulnerability that happened that then was exploited, and then executed. That’s about best way to simply put that into place. And then let you guys take that one to
Damon Pistulka 46:07
go ahead, Alexander.
Alexandre 46:08
Yeah, I agree with Jacob on this one. Because the path to get in is often you know, an issue with the configuration or implementation of the solution. Like, you know, I’m kind of publicly known to scream about the cloud stuff, no cloud equal leaking stuff. But my real point is that if you do it right, you, you clearly lower the likelihood of such event to happen. So most of the time, it’s all about the basics. And when there is a successful attack on the platform, then the next thing you know, is the lateral move.
So right now, and I did come on just like few minutes ago, on that topic about solar wind, we haven’t seen or realized yet the actual impact, which is much bigger than just the thing that just happened and an issue as like, in the case of solar wind. And we can only assume for now, because there is a whole federal investigation and all people are on it. So but one of the thing that may happen in such thing, it’s like supply chain attack, if they have a CI CD pipeline that got corrupted, and there is so many ways to get into a CI CD pipeline. So for people who don’t know, ci, CD is continuous development process.
It’s your robot that build your software and release automatically. It’s pulling source code and a date and it building in red, the QA by itself. And usually it’s pulling in all the needed modules that you need from open source from private source. And it’s updating continuously. And what happened is, if one of these components, like gem file or whatever is corrupted in the repository, it’s going to go into your code. So that’s one path. And one thing I saw nine, I don’t know if it’s reveal yet, but there have been some information about an open FTP access to a repository server on solo inside, that may have allowed an attacker to drop nasty code into the chain.
And then if you don’t do an end, to be honest, you should do like this DevOps that should switch to dev sec Ops, which should involve automatic code review, when you release the software. But you know, all the business, we’re all driven by time to market. So a lot of automation. And some time, either we don’t have the resources or the skills or the time to assess the whole thing. And instead of doing dev sec Ops, with security in mind, we just stick to DevOps, and whatever it is, you got in your pipeline, some corrupted assets, and you may you may miss it, and why it works. The way the software development cycle work, is that module is not causing an issue, no one is going to go after it.
Because that’s the Agile thing, you know, we fix issue, but what runs, runs, and if it passes a QA and there is no regression testing on that, that was issue it’s gonna stay in. So that’s how you get a permanent foothold in the supply chain, why they didn’t remove it, because it was quiet and silent and in a triggering issue. So if you don’t catch it, at the time of the the time, it’s included into the source code, or the supply chain, assuming this is what happened. Again, this is an assumption. But this is something that did happen many times, and we saw gem repository, all kind of online repository corrupted.
And it could be actually one of these as well, we have no idea yet. But that’s the way it’s spreading. And because we are all relying on external providers, that’s the supply chain security main issue, how far are you going to trust and I forget, when you you’re going to verify the due diligence process on the supply chain, you know, and how much time are you allowed by your business to do that work? So it’s all and then we fall back on the legal side of thing and liability. Sometime we just transfer the responsibility on the provider if we have a contract, and therefore we just blind spot it, but that you know, the brand impact like so are we in it’s kind of being explosive right now.
And I think the name of the brand is going to be tough to recover after that. I think so. Even if you have A contract that actually do a risk transfer to a third party and assume they are not the first responder, we saw the the other security team phi that got victim in that stuff as well. You know, they had most likely a contract with a responsibility and and we see the same thing with the cloudshell responsibility. But then when it comes to duplication like that, and the brand impact, there is no contract that’s going to cover it.
Jacob Warren 50:23
Yeah, yeah, well, and one of the things that kind of summarizes what Alexandra just said, is, um, what a lot of people might not be aware of out of the tech industries, solar winds has been picking up and merging with a ton of different companies, they acquired a company called geo phi, they, they’re acquiring these technologies. And so when you’re too hasty to putting all these technologies together, and you don’t vet them, you get vulnerabilities like this.
And so I think as the story develops, we’ll find out more and more that it’s one of those security, you can implement it quickly. Yes, but you have to do it right if you do it quickly. And so it’s verifiable processes that you as the end customer should be able to see where your data comes, leaves your office and goes to wherever it’s going. You should have auditable tracking of every packet all the way across.
Damon Pistulka 51:23
Yeah. Okay. So let’s bring this back into the things that the typical business person or someone on this call can do to help protect themselves. And people I know, you know, two factor authentication is one of the things that you talk about, Ron, I don’t know if people understand what the authenticator apps that you can put on your phone are. Let’s just talk about the basic securities that we should be using both personally run and in business, Jacob, and then then we’re going to be running out of time, but I think it’d be awesome if we can cover a couple of those.
Ron Craig 52:01
Sure. You know, one thing that I like to always stress often too is visibility, know your assets. I mean, the thing is, is that you can’t protect anything, if you don’t even know what you’ve got. So always have an inventory of what you have. And that includes everything your device, you know, your devices, your IoT. IoT is at Whole, that’s a whole other chat. Yeah, it’s, you know, you have to understand what you got. And that includes, you know, people, right now we have a work from anywhere, mentality happening. So what what it is, is, you know, we say this, often the perimeter is dead, it’s gone, there is no perimeter anymore.
All it is, is endpoints, you know, an endpoint is your staff in their home behind a network, you don’t control. So basic security, hygiene is something that is so important. So whether, you know, it’s two factor authentication, it’s having, if you use these speaker things that listen in on your car chats with your, with your family, make sure they’re off, you know, mute it when you use them two factor authentication, Password Manager, no, that has both people have kind of fight that saying, you know, well past, what if the password manager gets gets compromised?
That is a risk, of course. But what’s what’s a bigger risk is people trying to remember these passwords. And what typically happens is you reuse the same password on 50 sites. And so what happens is when that password gets compromised, because of a database that was leaked, on some BestBuy site, or whatever you’re using, and now they use that everywhere, so yeah, well, you should have single use passwords, strong complex passwords on per site. Now there are things you can do in your head to say, this is know based on site, you kind of salted and you do all these fancy things.
But, you know, a password manager, can we use a good one, you know, bit Warden is one that Alex and I both, you know, like to use, because it’s open source, and it doesn’t store the vault in the cloud, if you don’t want it to you can, you know, sport on each device. So Password Manager. And the biggest thing for me, is really the promotion of, you know, security awareness training, you know, I mean, I’m a very huge advocate of wiser training, it’s probably the best out there, you know, I’ve, you know, we’ve all taken security training over the years, you know, usually there’s like, some, some bear comes flying through or, and it was something that just irks me,
but, you know, when it comes to, you know, making, you know, retraining, training and awareness and making it, you know, engaging and every, you know, we no one wants to sit through 45 minutes of boring training videos, you know, you want to be able to quick, you know, we’re in a quick consumption culture, you know, second, a minute and a half is pretty much all we can handle now, when we’re watching videos, so that’s why I like wiser is, you know, these are very high quality videos, minute and a half, you’re done.
You know, if you do that once a day in a week, you’re already basically 1,000% better off than you were before because you know, about, you know, these attacks and these, these risks that aren’t there. So, so training, you know, it’s all about lowering risk, honestly, you know, you got to lower Cool.
Damon Pistulka 55:01
Cool. So, Jacob, what are you seeing suggesting, that people should be doing in their business right now some of the basic things?
Jacob Warren 55:12
Yes, the number one is don’t be scared of it. Don’t be scared of cybersecurity. Don’t avoid, don’t treat it like an elephant in the room, the simplest thing you can do is implement a firewall. The reason you want to do that is because that stops or stops attackers from getting in your network. Some people go and say, Hey, I’ll put an endpoint antivirus software, you know, on my computer and call it good. Well, that, that starts protecting you after they’re already in your net. And so just look at that.
Cyber security awareness training, some sort is important. And then don’t be scared of it. It’s okay to start looking into cybersecurity. Work with a vendor or partner that it will explain the things to you in the way that you prefer. And then establish what amount of risks and things you want to take on as a business. And then move forward. Just be aware of your surroundings. That’s the key thing for businesses to do. And it is a lot simpler to implement now than it has been than ever before. Cool. Cool. Well, guys,
Damon Pistulka 56:28
I appreciate you being here today. And and obviously, this topic is big. And the solar wind thing blew it up. It was nice. It happened before this, because we had arranged you guys a long time ago to speak. And, you know, for us, it was a good thing to be able to talk about, but appreciate you having having you guys here. If people want to get ahold of you. They can they can reach you on LinkedIn and in the chat here if you’re in the room and ask them some additional questions, and do those things. Oh, so Andrew Deutsch says I should stop using Andres. Password one is my password.
57:10
Well, hold on. What what?
57:11
Who do you think? Yeah. Yeah.
Damon Pistulka 57:14
So Andrew, take us away, man. Thanks, everyone. Yeah, thanks
57:18
again.
57:18
Hey, great guy.
Andrew Cross 57:19
So I guess I will change I’ve been using password for my password for years. That or have a look at that. Anyhow. Excellent stuff. great tips. We as always, we’ll go back to the tables and continue the conversations. If anyone wants to hang out, please do. I’m going to have to jump off early today. So I won’t be there. But Hope you guys all have a great Christmas. I think David too, if you want a Christmas party,
Damon Pistulka 57:46
those of you that are on the invite you got our weekly Christmas party. Next week on Monday night, we’re going to have some fun with that one. Oh, and you reminded me I got a couple other announcements. Whoo. Yeah, we’re gonna have some fun, it’s in the afternoon. So if you want, you can ask me about it at the table, or just message me on LinkedIn. Next year 2021. For this, this is our last run of the year, we’re starting off with Troy niehaus. Next year, I believe is the first one we’ve got going on. He’s going to be teaching us about some financial planning. And he can speak a lot more eloquently about than I am.
What I’m looking for, for next year, we’re already scheduled through I think through the first part of February. But if you’ve got speakers that you think we should hear you got topics we should be covering. That’s great. We want to hear those and bring those to us. Hey, we’ll get we’ll get them out. Get them up there. The other thing we’re going to play with next year to have some fun guest hosts, I think we’re going to have some fun. Andrew brought this up with me in a meeting a while ago, we’re going to have some guest hosts here. So if you’re interested in that, I got some ideas for it. But it will be a lot of fun next year to do that.
59:00
And if you aren’t interested, we’re gonna make you do it. Yeah. And they can
Damon Pistulka 59:05
get a strong arm this stuff, you don’t know that. I want to keep it fresh. You want to keep it informative. We want to have a good place for people to come to network when you can and just build this community. So invite your friends get ready for 2021. We’ll see you next week at our holiday party Monday night. I believe that I say was three or four o’clock our time I can look at it but when was it Andrew? Let me get the calendar up here. Yes, and I am a calendar zombie.
59:37
So
Damon Pistulka 59:39
let’s see. It is that at three o’clock Pacific. So six o’clock east coast. And we’ll be doing that next week. Right back here on Remo and go on from there. Thanks, everybody. We’re going back to the tables.
59:53
Good. Thanks, guys.
