Episode Cover Image

206- Nerding Out on Cybersecurity with Douglas Pierre O’Knightly

digital transformation, ai
Dissecting Popular IT Nerds
206- Nerding Out on Cybersecurity with Douglas Pierre O'Knightly
Loading
/

Douglas Pierre O’Knightly

Douglas Pierre O’Knightly is an Air Force veteran and lifelong gamer who brings creative solutions to high-value enterprises as a cybersecurity expert. His varied 20-year IT career includes starting businesses, designing games, and pioneering communications in war zones. Douglas loves solving complex tech problems with simple, efficient designs that minimize waste. With a passion for emerging tech, Douglas helps companies prep for cybersecurity regulations.

Nerding Out on Cybersecurity with Douglas Pierre O’Knightly

Join cybersecurity expert Douglas Pierre O’Knightly for a fascinating discussion covering his passion for Dungeons and Dragons and lessons learned from detecting a network breach while in the Air Force. He also shares insights into entering the cybersecurity field, handling emerging issues like ransomware attacks, and adopting the right mindset to make meaningful contributions in this rapidly evolving space.

Disclaimer: The views, thoughts, and opinions expressed by guests on this podcast are solely their own and do not necessarily reflect the views or positions of their employers, affiliates, organizations, or any other entities. The content provided is for informational purposes only and should not be considered professional advice. The podcast hosts and producers are not responsible for any actions taken based on the discussions in the episodes. We encourage listeners to consult with a professional or conduct their own research before making any decisions based on the content of this podcast

digital transformation, ai

3 Key Takeaways

Episode Show Notes

[0:16] Reminiscing about playing Dungeons and Dragons while deployed in Afghanistan.

[3:17] Already doing cybersecurity and network monitoring in the early 2000s.

[5:37] Getting started in technology and gaming at a young age.

[7:24] First computer used cassette tapes for storage and programming.

[8:49] Providing cybersecurity guidance for healthcare and manufacturing industries.

[10:10] Healthcare systems’ challenges in securing proprietary legacy systems.

[11:20] No healthcare system can be fully secured against targeting.

[13:17] Routes into cybersecurity amidst talent shortages.

[15:47] Toxic company cultures require stronger insider threat programs.

[17:29] Independent cybersecurity work amidst talent shortages.

[19:27] Cybersecurity expertise enabling business insights beyond just security.

[40:38] In cybersecurity, recognizing your own success over praise.

[45:13] Working hard, consistently, and going above expectations builds a strong reputation.

Transcript

Speaker 0 | 00:09.518

All right, welcome everyone back to Dissecting Popular IT Nerds today. Douglas Pierre, you have D. Pierre in parentheses, O’Nightly, and cybersecurity aficionado of sorts. I’ll let you talk more about that. But what’s cooler and what I’m looking at right now. is which i think is completely appropriate because the show is called dissecting popular it nerds and this is quite nerdy is you on a base in afghanistan playing dungeons and dragons and for anyone listening you can go to douglas’s linkedin profile and it’s like i don’t know it’s not too far back go to his posts and find the dungeons and dragons no no no it’s um under featured fourth featured thing of you playing dungeons and dragons And what looks like, I don’t know if you guys built it, like the plywood. What do we call this structure that you guys are sitting in? And welcome to the show. Welcome.

Speaker 1 | 01:08.208

Thanks for having me. It’s pretty awesome how it just popped up out of nowhere. But I’m really happy that you got excited about that point because I thought you were going to talk to me about cybersecurity. And I’m just like, oh, I’m so tired talking about cybersecurity.

Speaker 0 | 01:19.695

I mean, we got to protect all these figurines, you know. We have to protect the world of Dungeons and Dragons. Right. Go ahead, fire away.

Speaker 1 | 01:30.020

Well, it’s getting more popular now, so that might be getting true.

Speaker 0 | 01:34.261

Is it more popular in an off-the-grid fashion, like living off the grid, or is this more online?

Speaker 1 | 01:39.843

So D&D overall is more popular primarily because of the movie that just came out. They did a very good job on the movie, from what I heard. And so now that’s becoming more, D&D is popular. Now everyone knows what D&D is, kind of, at least. So,

Speaker 0 | 01:54.847

in that manner. ironically, I’m in technology and communications and I, but outside of work, I live pretty much off the grid. I have like removed all TVs from my house and everything. It’s, um, it’s kind of talking with, and I have eight kids. So I was talking to my kids last night and they were telling me about how back in the day they used to have one person on lookout. They would like pull a TV out. Like there was like one TV still hidden in a closet. We would like plug it in and we would have someone on the lookout for when dad got home. And like, you know, anyways, that’s it. eight kids that is awesome man be like you barbarian you took the tv out of your house and i was like yeah guess what my kids actually read books now and it’s not like the tv even really matters anymore because there’s this thing called the internet and all kinds of other stuff going on but um so it really didn’t do much but anyways sorry i’m very uh i’m a little bit caffeinated i tend to derail things so continue continue um dungeons and dragons in afghanistan is what this show is called cool

Speaker 1 | 02:50.148

Oh, right. So that building you’re asking about, it’s basically like one of those, uh, yeah, it’s, it’s manufactured building. They’re really quick to set up kind and pretty flimsy, that kind of thing. It’s that kind of building. Um, not very large, had a table in it big enough. So it worked.

Speaker 0 | 03:05.206

The, um, so anyways. Were you into security back then? I mean, what was I mean, we don’t have to talk about military deployment if you don’t want to, because it’s a sensitive subject for some people. Other people are OK talking about it. Other people have a lot of friends that are in the military. I do a lot of jujitsu. So I’ve got a whole range of people that have had all kinds of experiences. Some people are like, don’t ever ask me about it. Other people are OK talking about it.

Speaker 1 | 03:26.021

Oh, yeah. No, I don’t mind. So I was in cybersecurity before it was cool. Back then, they used to call us network engineers or sysadmins. we always had to secure it. It’s just, wasn’t a focus on it. So I’d say about 20 something years or so I detected my first kind of unauthorized entry into a network that wasn’t supposed to be in back in 2000. So I’ve been kind of in it a bit.

Speaker 0 | 03:52.987

Great. Let’s talk about that. What happened? What did you detect? How did they get in? Was it via dial up?

Speaker 1 | 04:00.452

Let me see. 2000. No, it was. So I used to work at a research lab for the air force. and I was a network engineer at the time. I was really big into looking at the data. I like to sniff networks and look at packets and get the story from that. So basically how I saw this one, it was that I just noticed how there seemed to be an IP address I didn’t recognize. At the time, the method of detecting it, we didn’t have all the tools back then like we do now. So the method of detecting it was you looked, you, you understood the baseline of your network because you worked in it all the time. And then you saw things that were just not normal. Right. And so that’s kind of what I detected. I detected, I can’t really get too deep into it. It’s Air Force stuff, but I detected things that weren’t normal.

Speaker 0 | 04:49.610

Was it something like someone using a packet sniffer or something like that? Also like you, or was it, no, it was different than that. Or, and again,

Speaker 1 | 04:55.633

if it’s more like, um, they noticed something coming in. and either taking something out or potentially trying to take something out. But it was kind of like how we were able to see how data loss prevention. It was a data loss prevention, but before it was called that. Basically noticing how someone that shouldn’t have access to shares had access. and was able to pull things out that kind of thing i brought it up to the the lead network engineer and the engineers at the time um who then escalated and but i was just a kind of a grunt at the time so i didn’t really know what was going on i just saw something weird so eventually it was just escalated out of my hands and i just never really heard about it afterwards but uh but yeah that’s when i first noticed that i was like i think i kind of like this because i’m able to see the story happening in in all the data that i get it’s no

Speaker 0 | 05:46.675

offense to this comment you’re you’re kind of a young guy and and a lot of times the people that and i’m only i’m bringing this point up for a reason there’s a lot of people that have been on the show i’ll you know like a lot of the first questions we ask people is like what was your first computer how do you get into this insanity and you know a lot of people were around before the dawn of the internet that’s really not the case with you i’m assuming that’s not the case with you so it’s always interesting to get the point of view of someone how did you get started in technology that was born in tech born into technology right when i was born it was 1976 so what did we have back then arpanet you know i mean like yeah no one knew anything about um we had you know floppy disks in the 80s we had you know it was a completely different we didn’t have cell phones no to me that blows my mind it still blows my mind today we did not have we didn’t have cell phones we had a bag phone eventually when i was in like fifth grade or something that had to be like installed with like you know lag bolts and stuff into like you know the both chevy blazer or something like that yeah so what was it what what got you into this and what was that because i want to hear the difference i want to hear the difference so i was i was born in 83 and actually i i’m a gamer and i’ve pretty much been a gamer since i was five uh

Speaker 1 | 07:04.034

with nintendo that’s what got me into tech in general and then i i was an nes or was it super net

Speaker 0 | 07:10.800

super this is nes the first one so you’re not that young okay 83 oh no no no i’m not i’m not that young my wife was 81 so okay you don’t it doesn’t count okay so you’re back you’re just like everybody else you’ve had enough yeah yeah i grew up in that we

Speaker 1 | 07:26.391

we we were at the computer so what was your first computer was it at least a pentium or what was it like what was it so my first computer i can’t i can’t remember the name but i do remember that it required tapes cassette tapes to store and and that’s also when i first got into programming it was very actually i think it was basic programming but uh but i got into programming when i was around eight or nine and and i i kind of just made little with either little games on these monochrome screens or like i made songs i made little sounds happen but uh with with programming with this and yeah you had to save it to cassette tapes and uh that wasn’t necessarily the the top of the line at the time. I didn’t really grow up in an environment where top of the line was a thing. So I got the hand-me-downs of the technologies. So that was kind of how I started around eight or nine years old. And then I just pretty much been into tech since then.

Speaker 0 | 08:19.940

Nintendo was like a dream back then. NES. Because before that was Atari and they kind of didn’t really do too well as a company from my understanding when you look back. But NES, like Nintendo Magazine, Super Nintendo, all that stuff. it just, it went wild. Um, now it’s just, it’s a totally another world. Um, absolutely insane. So, okay. So moving forward security now, what do you, what do you do now? What, how, what do you, what do you help people with now? So again, the, the listener base of the show is typically it directors, mid market space, maybe 500 end users, upwards of 10, 10,000 end users. What is, you know, the secure, the secure, they, they probably aren’t, uh, budgeted for a CISO, which. But they have to take care of security. What’s your top, I don’t know, top five things, or what should people be looking out for now?

Speaker 1 | 09:10.848

So that depends on the industry, because some industries are very heavily regulated.

Speaker 0 | 09:17.452

Yeah, let’s stay out of financial then. Let’s talk about, let’s go, what does the United States do? Manufacturing. We’ve got manufacturing, logistics. We’ve got healthcare. I think there’s a lot of opportunity there because to me, they’re just behind the infrastructure side and you’re a network engineer. So you know that their infrastructure is probably way behind just due to the fact that you’ve got hospitals and campuses that need to be upgraded. And that’s just huge forklifts,

Speaker 1 | 09:47.244

right? Yeah.

Speaker 0 | 09:48.085

Easy staff. And you’ve got nurses and doctors and doctors aren’t necessarily always prone to technology change. Yes, I’m pigeonholing them. I come from a family of doctors, so I know this. But go ahead, go.

Speaker 1 | 10:00.612

fire away you know we’ll stay away from financial industry because then you got sock one two you got all kinds of crazy stuff there yeah it does get sec and all that looking at so health care let’s focus on the health care health care has a very similar issue to dod is that there’s a lot of legacy systems going on. And that’s the big issue they have with keeping up with cybersecurity. Like all, most of the, or not most, I wouldn’t say most, a lot of the newer industries or the industries that aren’t tied so heavily to very proprietary technology, they’re able to be more agile and keep up with the changes and things like that. Healthcare.

Speaker 0 | 10:33.361

They can go to the acting or something. Yes, exactly.

Speaker 1 | 10:36.884

Healthcare,

Speaker 0 | 10:37.825

machines, machines and monitors and crazy stuff. Okay.

Speaker 1 | 10:42.585

Yeah. And healthcare, they can’t do that. They can’t just switch like that. The systems that healthcare uses, they go through a very extensive process of making sure that they are fit to be used for human life, to protect human life, to save human lives. So it’s a whole, it’s very stringent. Same thing with some places like the DOD. DOD does not keep up with the most recent upgrades. They have to stay behind. because those are tried and tested in stable systems. So healthcare also has to have very stable systems, which means they can’t keep up with the speed that they need to keep up.

Speaker 0 | 11:21.432

So then the question is, they don’t have the speed to keep up, so are they really safe, or is this just a mirage?

Speaker 1 | 11:27.698

All of it’s a mirage.

Speaker 0 | 11:29.359

Thank you.

Speaker 1 | 11:30.019

So healthcare, it’s all a mirage. The most everyone can do is just keep trying and moving forward and hope that they’re not the ones that get targeted. Because a lot of what we have in place is primarily if you’re not targeted and you’re taking care of the low-hanging fruit, the script kitties, the ones who aren’t actually targeting. But when an adversary starts targeting you, especially if it’s a nation state, then it is a mirage. It’s almost trivial to bypass most of what’s being put in.

Speaker 0 | 12:04.285

My sister’s hospital got shut down for a week due to a ransomware attack.

Speaker 1 | 12:07.947

Is that recent? Because I think I read… Is that…

Speaker 0 | 12:10.205

It was that recent last year. I mean, at least within the last six months or something, I remember she was like, yeah, we got, we’re completely shut down to a ransomware attack. I was like, did they pay it? She was like, no, they refuse to negotiate with like terrorists or something. I was like, okay. I was like,

Speaker 1 | 12:24.148

that sounds like they were coached.

Speaker 0 | 12:25.569

Yeah. Yeah. Uh-huh.

Speaker 1 | 12:26.749

And, and, and that’s, that’s a tricky thing right there. Paying the right, there’s a whole headache based on just paying ransoms based on cybersecurity insurance. Uh, the SEC and government tells you, no, you shouldn’t do it. But then at the same time, it’s like, well, I have people that depend on this being live right now. And you’re telling me that I shouldn’t spend this amount to be able to get going. I’m losing more than this, not spending this amount. Like that’s the hard thing that healthcare industries and any industries that finance all those, that’s the big thing that they have to deal with. And it’s hard. It is hard. And there’s not nearly enough experts out there because experts have to… focus on all the industries. All the industries have this problem. And so there’s just not enough of us.

Speaker 0 | 13:14.170

That’s a good, that’s a good, well, I would say security or cybersecurity in general is experiencing a exodus. No, not exodus. What’s the opposite of exodus? A significant growth of people that all want to be into it that don’t know other than I just want to be in cybersecurity. I don’t know, probably if they have the level of expertise or even know where to begin. But that’s a good point for people out there that are in security. Should they just be focusing on a vertical market like healthcare or manufacturing or should they even be going into security to begin with or will they just be depressed?

Speaker 1 | 13:54.377

So this is a tricky one because yes, there are a whole lot of people trying to get into the industry still and they’re needed. At the same time, it doesn’t look like anyone wants to really sacrifice to bring them on. because they have to be trained up. And cybersecurity is, there are things that people that have never been in cybersecurity, they can come on and start doing right now and bring value to the industry. The problem is, is that it doesn’t seem like anyone wants to really invest towards bringing them on board to do these types. For instance, like assessments, GRC, you know, governance risk, and I can never remember. Those types of things where it’s a lot of checking. checking things, checking for controls, all that stuff. These are perfect avenues for entry level.

Speaker 0 | 14:40.384

Great. Policy creation.

Speaker 1 | 14:42.266

Policy creation. Now you do still need an expert at the top to understand the intricacies and how…

Speaker 0 | 14:48.462

policy can affect uh business and because business must go on that’s one thing you need someone that also understands the culture of the actual business that you’re talking with and how yes work there too because that’s you know that’s a whole nother how can you infer how can you influence uh company culture is probably a big piece to it well so that that right there influence company culture that is not the place that’s not our place in cyber security we have to figure out how do we okay not necessarily influence it maybe not influence it but

Speaker 1 | 15:16.578

become it you become a part of it yes yes yes you need to know what the culture is and what you’re dealing with uh yes and you’re not trying to change add negative somewhere in between yeah because it’s not gonna it most likely it probably won’t change your yes happen overnight and yeah exactly if you try to come in and change culture you’re going to fail yes but what you do is you try to come in see what their culture is and then you try to put in cyber security everywhere you can that can fit that culture as best as possible

Speaker 0 | 15:44.514

Okay, here’s what I see, Mr. CEO. You have a very toxic culture. It is what it is. We need to deal with that. And most likely your employers are not going to give a crap about any of the security stuff. So we need to deal with that.

Speaker 1 | 15:55.777

So then how we deal with that is, okay, then we need to increase our insider risk program. And we also need to increase our data loss prevention, because because of your toxic culture, you tend to have higher increases of turnover, which cause these kind of issues can happen. You can have someone walk right out with your proprietary information to your competitor. That’s an insider risk program. Because of your toxic culture, you need a stronger insider risk program. That’s how we do it. We don’t say you need to change your culture.

Speaker 0 | 16:24.768

We don’t do that. That’s actually a very interesting topic. I think that would be a good article to write. So you have a toxic culture, but you’re making money. It’s like, now we’re going to implement a security program based on that. You know, I think that’s probably the reality of a lot of situations, right? It’s the 80, it’s the 80, 20 rule. How many companies have an absolute, just, I’m just so happy to work here. That’s why they have lists of like the top, whatever companies to work for, right? Because the majority of the companies are just, just another job.

Speaker 1 | 17:00.827

Yeah, exactly.

Speaker 0 | 17:01.988

Right. Which is an interesting thing. So companies don’t have the money. to spend on security or they don’t want to, or it’s not a biggest budget. And I’ve been kind of arguing this for a while that I think the place for security experts is not working inside a company. It might actually be freelancing or doing some of the things where it looks like you do. Maybe you have some advice there for people.

Speaker 1 | 17:18.981

Actually, I completely agree with you. What I see a lot when they try to look for cybersecurity talent is they try to find someone to come be a part of their team. The problem with that is that there’s not enough cybersecurity talent to go around as far as what they’re looking for. There’s plenty that want to get in, but. what the hiring managers and everyone’s going to be looking for are the ones that are already in and have been doing this for a while. So go ahead. Sorry. Go ahead. Go ahead.

Speaker 0 | 17:43.781

No, no. I mean, I’m just saying there’s this mentality. It’s a broken, it’s an old, an American, maybe Western culture mentality that I’ve got to get a job. I’ve got to go to college. I’ve got to focus on something. And now I’ve got to get a job. And when you get older, Like myself, and you know, you sit in an office and record podcasts and, you know, decide to move where you want to go or do a podcast somewhere else randomly someday because you just don’t want to be in Connecticut at the moment. You know what I mean? You realize that, wait a second, and you kind of look back, you start to see that there isn’t really any security, no pun intended, in having a job. Even though that that’s where everyone says the security is, right? Because what is security? Is it, you know, mental health? Is it happiness? It’s like, I need to put food on the table. That can go any, you know, and when you’ve been in the industry long enough and you’ve seen every company either sell, get sold by another company or, you know, file for chapter 11 or something like that, which is definitely going to happen a lot in the technology space.

Speaker 1 | 18:50.017

Yes, it is happening now.

Speaker 0 | 18:51.538

Right. You want, I want to tell the younger listeners out there that. It’s okay to, yeah, like you said earlier, focus on something small to begin with. What did we say? Not policy creation. What was your idea? Where can they come in? and make a big…

Speaker 1 | 19:09.495

Assessments, like doing and helping with assessments?

Speaker 0 | 19:12.597

Yeah, assessments. I mean, I’ll do your cybersecurity assessment for a thousand bucks. Go do five assessments a month or something. I don’t know. If you’re willing to be bold and kind of creative and kind of go sell yourself, I think it opens up a lot of opportunities. But if you just want a job and you want to clock in and clock out every day and you want everyone to love you and say, you’re the smartest guy in the world, we have the best security guy, and this is great. The reality is… everyone’s always replaceable. There might not be budget for it. There’s always going to be this, we, even though we battle it and the whole point of this show is to battle the idea that, um, security and technology is a cost center. No, it’s, it’s really not. It is to a kind of, but it’s really more of a business force multiplier. Um, because a, a security breach will bring your business to a grinding halt and destroy you. And, uh, everything, nothing gets done in the, in the company without technology. So

Speaker 1 | 20:04.100

I’d actually, I’d like to, I’d like to, emphasize what you just said there how it’s not just a cost sink there is a lot of capabilities that can come from cyber security talent that’s more than just cyber security great cyber security talent some of the best analysts of data period doesn’t have to be cyber security data just looking at data and being able to understand the story that’s going on uh oscent doing a open source intelligence type of research cyber security analysts do that very well everything is online okay so oscent is Open source intelligence, where basically you use what is already publicly and not necessarily readily, but publicly available. You use information to come up with, well, whatever intelligence. You get an understanding of an entity based on what they put publicly online.

Speaker 0 | 20:51.812

Okay, so if people get this far listening to this podcast, which I hope they do, this is very important. This might be the most important part of the show. That takes, you need to be able to think outside of the box and take that. knowledge that you have or would be able to use if they just listen to you and partner with, say, I don’t know, marketing? Yeah. Am I going too far there? No. Going too far to say that security can partner and talk with other people inside the business and say, hey, we can benefit you here. Did you know that we can give you insight into this?

Speaker 1 | 21:27.859

Exactly. Yes. And just to give you the marketing crossover, for example, I actually used to do SEO research, search engine optimization. I got into that because I started liking digital marketing when I realized that digital marketing is a social engineering. And I like social engineering. So this is how what you do for cybersecurity or what you do in something like marketing, this is how it can cross over and become a talent that you can provide value either way.

Speaker 0 | 21:55.818

It is absolutely social engineering, which is inherently… It depends on, I would say that’s another 80-20 rule, inherently evil. Inherently evil and about money. You know, I mean, it’s like, I can’t remember what it was. It was like some part of like some massive like, you know, feminist movement that was started like by a bunch of dudes in their like basement that were, you know what I mean? I was like, in order to make money, it had absolutely nothing to do with the cause whatsoever. But there was a, there was an avenue for social engineering, so to speak there.

Speaker 1 | 22:29.706

Yes. And social engineering is like the start of all of it.

Speaker 0 | 22:32.947

Uh, yeah. And I, so I started out in coffee at Starbucks and then like, I freed myself by going to like a Cisco startup and learning to like, you know, take technology and help small business owners, like, you know, make more money with it. So AKA I was in sales, which I thought was like, and I still to this day do. believe nothing happens without someone first making a sale. I do believe that is the heart of America in general to keep the wheels of business turning and all this stuff. Right. And then I went and then I got into marketing and I was like, this is evil. Now I know why everyone hates salespeople because they really hate marketing, but it’s not, it’s they don’t hate the sales guys because the sales guys are just trying to, you know, you know, help you fill a need and fix a problem. But the marketing people, I was like, they’re going out. Cause I took a bunch of marketing programs and I was like, so they go out and they’re like, so basically what we do is we interview a bunch of people. We take everything that we say and everything that they want, all their fears, you know, like what is it? FUD, fears, uncertainty, and desires basically.

Speaker 1 | 23:36.049

Yeah.

Speaker 0 | 23:37.871

That’s sales. That’s marketing.

Speaker 1 | 23:40.052

Yeah.

Speaker 0 | 23:40.212

They take everyone’s feels, fears, uncertainty, desires, whatever, right? They go interview a bunch of people. They take all that back. And then they put that in and then they basically regurgitate that out in their marketing message. And people are like, whoa, how does he know me?

Speaker 1 | 23:52.402

Yeah. And it’s a psycho, it’s psychology. That’s what it is. It’s all psychology.

Speaker 0 | 23:55.384

It’s a psyop. The whole thing’s a psyop. Yes.

Speaker 1 | 23:58.646

So yeah, that’s what it is. And that’s, it’s all social engineering. Marketing is just social engineering.

Speaker 0 | 24:04.178

That’s all it is. They don’t even know, like, really. It’s being done to them. Actually, they might even know what’s being done to them. Sometimes I know. I’m like, I know what this guy is doing, right? Because you start to see the patterns after a while. Yeah. Again, 80% of the people don’t know the patterns. So, anyways, moving on from that, let’s take a break. What do you believe in any or partake in or think that there might be truth to any conspiracy theories out there? You can’t say alien because now that’s like, I guess that’s like, they’re actually telling us that’s real now, which makes every, makes me disbelieve all of it. So anyways, go ahead.

Speaker 1 | 24:42.612

Well, so let’s see. Interesting conspiracy theory.

Speaker 0 | 24:47.196

We already know what you did before the internet. You played with figurines on a, on a board and rolled dice.

Speaker 1 | 24:52.560

And, and went outside and played, went outside and played a lot too.

Speaker 0 | 24:56.283

Yeah. That’s my other question. Like, what’d you do prior to the internet? You know, like. yeah i don’t know drank from the i drank from the fire hose i mean the the garden hose and i shot things with the bb gun that you know and blew things up with illegal fireworks that we got from like ohio or something yeah pretty much uh pine cone wars you go find pine cones and throw them at each other like we played outside with each other a lot uh that should happen more but everyone’s so tied to their phones and everything like that but but yeah you still want to know about the conspiracy theory i don’t know do you have anything you

Speaker 1 | 25:28.546

Not so much.

Speaker 0 | 25:29.967

Lizard people or anything. That one’s real wild.

Speaker 1 | 25:32.789

So the way I am, I’m a very efficient person. And if I cannot use information that will help me do what I’m trying to do, for instance, if I want to make money or if I want to take care of my family or if there’s information that doesn’t help me in any of that, I tend to not even really pay attention to it. I don’t even really watch TV much at all. I’m a gamer. So that’s what I do most of the time. My wife’s a gamer. So we game together. So like, I don’t really pay attention to all that stuff that much. Cybersecurity, I pay attention to so much because a lot of people need me to pay attention to it. And so, but if there was nobody needed cybersecurity, there would be something else I would pay attention to because it brings a lot of value to everyone else. The conspiracy theory thing. getting caught up in that, that would entertain myself, but I can’t see me turning that into some kind of value I can bring to everyone else. And so I don’t really, I don’t really put much effort to thinking about it too much. I can’t even remember any conspiracy theories right now.

Speaker 0 | 26:38.679

The, um, well, the one that I’ve been talking about a lot lately, because I went down the dark hole and, uh, and the reason why, and the reason why would be, you’re right. Like I hate wasting time. And I, I, As a guy with eight kids and two grandchildren now and a podcast and everything, I definitely don’t have any time to waste at all. But if you were to ask me what book sits in the bathroom, you know what I mean? It’s like the Apollo program breakdown, right? So I want to know everything. That’s a good question. I want to know about everything about how we got to the moon. I want to know everything. I want to know the size of the rockets. I want to know the rocket fuel. I want to know pressure. I want to know all the test sites. I want to know that we were 50 miles above the rotating around the moon, that we had to bring a lunar lander 50 miles down to the surface of the moon. How did we do that? How did we practice that? And the more that I look into the details, and this is not just, I’m not just like, oh, not thinking about it. I want to know the actual details. To me, it’s mind blowing that NASA lost. all of the data what could you like 80 of the data we can’t rebuild that rocket we don’t have any of it they just erased the tapes they just taped over the tapes of the most important thing in all of humankind all of like the history of mankind and no backups none i mean it’s just mind-blowing to me so then i’m and what started the whole thing was the picture of um richard nixon making a phone call on basically an analog rotary dial phone it did have square buttons on it so i’ll give them that okay From the White House, from the White House to the moon. The surface of the moon switched via that little like umbrella thing on the Land Rover. And I and that was 19 what, 69? ARPANET, I think, was what maybe started that year, maybe a month or something. And I just started thinking latency and jitter and phone calls nowadays and being a tech guy and supposedly AT&T switched the call from the White House to Houston and then they beamed it 220 or 240,000 miles away and back. And I just started thinking, I’m like, wow, that’s like crazy interesting. And like, I wonder how else they did everything else. And, you know, and everyone else, it’s science, Phil, it’s science. And I’m like, yeah, but I mean, there’s, there’s also politics involved at the time and the cold war and Vietnam and like all kinds of other things going on and all kinds of other competing reasons in trying to give America hope. And, you know, so I’m just, you know, I don’t want to get myself killed here, but, you know, I would. I just, you know, that was like, I’m like, maybe these guys are not, you know, maybe, you know, so I bought like every book on the subject and went down the dark hole. Why? Because the truth matters. And, you know, we’ve been sitting inside a pandemic and everything like that. And you got to be careful there with that one also. Um, so anyways, that’s why I asked the question just for, so then now that you have marketing out of marketing, just for the sake of marketing and to give the show more clicks and likes, that’s why I asked the question selfishly.

Speaker 1 | 29:44.478

oh well no that’s cool now now when you gave me that context now i have a better understanding of of i have i do have an answer for you so i’ve gotten to the the u.s constitution i’m a big fan of the u.s constitution i think it’s one of the the best design games i’ve ever seen and this is coming from someone who went to school for game development and game design i like it and uh and i think that there is a a very i wouldn’t say obvious but there is a point in time where it was pretty much sabotaged and has went downhill since then Does that count in what you’re talking about?

Speaker 0 | 30:16.143

Sounds very controversial. Well,

Speaker 1 | 30:20.465

I believe if we should get rid of the 16th and 17th amendments, and a lot of the issues we have will start righting itself.

Speaker 0 | 30:30.312

So a lot of people will say everyone should have a constitution in their pocket. And everyone, and I guarantee you that you and maybe a handful of other people, maybe the… The fact that the show does have a certain listenership, maybe they have read the Constitution. How many people have read the Constitution, do you think? Oh,

Speaker 1 | 30:46.724

barely anybody.

Speaker 0 | 30:47.945

I can’t tell you what the 16th and 17th Amendment are. What are they?

Speaker 1 | 30:51.067

So the 16th and 17th Amendment. The 16th Amendment is the one that brings the… First of all, they both came around 1912, 1913. And the 16th Amendment is basically what opened the floodgates for federal income tax. And the 17th Amendment is… where they took the senator, the method of choosing senators, and instead of leaving that to the state legislator, they now brought that to the public method, like the House of Representatives.

Speaker 0 | 31:22.527

So what are you saying? Are you saying that that got rid of representation? Is that what you’re saying? Real representation?

Speaker 1 | 31:28.211

No. So the Constitution, the founders, they created it with a very intricate layers of checks and balances.

Speaker 0 | 31:35.477

Okay.

Speaker 1 | 31:35.977

Whenever. the senators like the way they were like to layer that back to technology like your security policy program should be with checks and balances but exactly and there’s a division of powers and i’m a big fan of division of powers and i just happen to like dividing powers into threes just like the the uh the constitution does but there is you got to divide the powers because what the founders understood was that uh one the government is a necessity not a big government But the government is necessity and has a very specific need. And that’s generally for the protection from everyone else outside of that.

Speaker 0 | 32:12.995

So that’s a security piece. But what about infrastructure? What about health care? What about all these other things?

Speaker 1 | 32:18.618

So infrastructure is supposed to be facilitating and building infrastructure to allow the interstate trade and everything like that. But all the domestic stuff should be handled by the state. It should be coming from the state. And in the instance where the state.

Speaker 0 | 32:32.488

What about laws? I’m just curious. Just general.

Speaker 1 | 32:34.769

What about. The laws, the laws of which laws?

Speaker 0 | 32:37.607

How should they be formed? Any law?

Speaker 1 | 32:39.467

Any law, it should start from the lowest level. It should start to the level that’s closest to affecting it. So for instance, if it’s a thing about international trade, that should start at the federal level. If it’s something that’s domestic, then the people that are being governed should have a say in what that is. When you bring it up to the federal level, you no longer give that say to the people of that state.

Speaker 0 | 33:03.082

We’re a simpleton because you’ve got to be simple for the people because the people are simple. We remove those two amendments. What happens?

Speaker 1 | 33:10.007

So first, to understand what they did when they came in, when you take away the senators being chosen by the state legislators and make them chosen by the same entity that creates the House of Representatives, you no longer have the same checks and balances in place. Whenever the senators were chosen by the state legislators, the state legislators, they have a particular mission for that state. They are the champions of that state. they would be the ones that are least desire to lose that power to a higher entity. They would be the ones most protective of that power. Now, that also has bad things in place, which allow the 17th Amendment to even be brought in. But at the same time, you completely lose those checks and balances. And the thing about the House of Representatives and the people who choose the House of Representatives, which is us, all of us, is that we are very malleable. We are very hotheaded. We have short memories. We need babysitters. That’s what the senators were supposed to be. But now when the senators are also chosen by us, they’re no longer the cooler heads that prevail. They’re just longer termed House of Representatives. So that broke the entire thing.

Speaker 0 | 34:19.690

And just a disclaimer, which is I don’t participate in any politics. I’m literally just having a conversation with you here learning.

Speaker 1 | 34:30.013

Me too.

Speaker 0 | 34:30.993

I don’t. If you wanted to ask my real personal belief, I believe democracy is broken. And my main reason for that is I do believe that the foundation of the people is. ignorance you’re ignorant until you have knowledge and the foundation of the people is to seek out their own personal desires and i believe that if the foundation and the majority of people are ignorant and self selfish basically uh and you have a representative government based on the majority of the people you are ultimately bound for failure and the unit and in reality the u.s is is new we’re not we haven’t been around for a long time i mean two three hundred years old like what is that yes what is that in the history of time now brand new i’m not going to say we’re not a um a massive powerhouse that has literally invented everything in the face of the on the face of this earth over the last hundred years i mean go down the list oh i know electricity light bulb computer you know and it makes us a little bit arrogant you Um, but after traveling around the world and living in many other places, um, I’ve definitely been very relaxed and not as stressed out as I am here.

Speaker 1 | 35:49.748

Yeah, I completely agree with you. And that’s, I’ve been all around the world as well. And I, the U S has no, there’s no other place I would rather be than the U S there’s yes, it does have its issues, but there’s no other place like just from the U S constitution, every everywhere else, they looked at the U S constitution and say, wow, that’s cool. And then they started using, taking. uh aspects from it into their own government the u.s government is the one that was built from the bottom up while every other government seemed to come down from from it was taken away from someone in power that was forced to spread out but it was still coming from the top down not the u.s government so that’s it’s it’s a beautiful thing and the u.s constitution the founders put it makes it it makes me laugh when there’s people that think that the u.s constitution was built on a whim or that there wasn’t like lots of research that go into it you The founders used about a thousand years of, of governance and human, human proclivities in making the constitution. What they made was like,

Speaker 0 | 36:48.206

yeah. When you read, whatever, anyone that’s like a Benjamin Franklin fan or, or when you’re actually studying and read history, cause I am, I mean, I did minor in history. You’re going to, yeah. You’ll quickly realize that that’s not the case.

Speaker 1 | 36:59.917

Yeah. Well, and so, yeah. And that’s, that’s about the U S constitution. has been tampered with since 1912, and it caused a whole cascading set of issues in the world of politics and governing since then. Well,

Speaker 0 | 37:14.512

this isn’t a Marxist socialist socialism show. We could go down that dark hole for hours. How do we tie this back into the, maybe what’s the end game? What’s the end game for you? I like asking that question. Um, like where do you see yourself? You know, like for a lot of technology guys, I don’t think they think too much about like, unless you’ve got a job and you think you’re actually going to retire on your 401k, that type of thing. Um, what’s your, what should be the end game for a lot of people in technology? Is there, is there one?

Speaker 1 | 37:49.460

Well, my end game. Uh, so I say that I do all this technology and stuff as a side job, because my primary job is that I’m a father and husband. So I think that should be the end game. I think that should be the end game for all men is to, to strive. Like the fact that you have eight children, I am extremely impressed and give you kudos because that, that is like, I’m trying to grow up to be like you. I have three children.

Speaker 0 | 38:14.397

I was never going to have kids. You know what I mean? Um, by the way,

Speaker 1 | 38:17.039

I was there.

Speaker 0 | 38:17.979

I was there for three and four kids is hard. Eight kids is just like, you better delegate.

Speaker 1 | 38:23.062

Yes.

Speaker 0 | 38:23.682

It’s like, you know, now it’s kind of like, where are they right now? I don’t know. Okay. They know how to cook and clean and vacuum and stuff. The three kids, you’re like, why are you making her bed? I’m trying to tell them, stop making their bed and doing the laundry and stuff. Once you get to eight, they have to learn. It’s amazing. Some people are like, I can’t believe your kids know how to do this stuff. One guy, my son’s 17, but he doesn’t act like a 17-year-old. One of my sons is 17, and he was driving the day in. Of course, I was like, do you trust him driving? He’s like, yeah, I hate driving. I want him driving everywhere. What are you talking about?

Speaker 1 | 38:58.794

Yeah. It’s like, what are you talking about? We were like 15. What are you talking about?

Speaker 0 | 39:02.497

Yeah, definitely. Um, that’s yeah. So a good point. So yeah. For what do we do to, to build a lasting legacy, I guess, as I’m saying, yeah. So in the lasting legacy is for, is for family and stuff. Right. So at the end of the day, some people live, breathe and die technology and security. You probably have some security guys and that’s, that’s literally their life. But, um, I work to live. I don’t live. to work. I heard someone say that once. I can’t remember, but it makes sense.

Speaker 1 | 39:32.299

Yeah, it makes sense. And I thought about that. I’m like, yeah, but I kind of really liked what I do as well. So I do kind of live to work. I enjoy it. I get rewarded by my work. I help a lot of people.

Speaker 0 | 39:44.002

You got to enjoy it.

Speaker 1 | 39:45.382

Yes. And especially in cybersecurity, you do have to enjoy it because there’s a lot is a water hose of information all the time. The thing about cybersecurity is that you never really know you’re doing a good job because, well, everyone is. is assumed to be compromised. So it’s like, well, you might be compromised, but you don’t know because you didn’t see it. So it’s like, well, how do I know I’m doing a good job in cybersecurity? Someone has to tell you. And, but I don’t know, there’s all these KPIs that come up and they’re trying to make, what are the metrics for cybersecurity? But the thing is, the adversaries don’t care about these metrics and they bypass or walk around whatever metrics that come around. So it’s like cybersecurity is a really, it’s not a normal field. And it’s not necessarily easy field. So you do need to find enjoyment.

Speaker 0 | 40:30.316

It’s not filled with daily high fives and recognition. It’s not. It’s not like, hey, thanks. We didn’t get hacked today. Or hey, thanks. We didn’t, you know, get, you know, this happened today. Thanks for making sure nothing happened today. Exactly.

Speaker 1 | 40:42.625

It’s not that. So if you require that, this would not be the place for you. You got to be able to find your own meaning. You have to be able to find your own. You have to be able to understand when you’re doing well yourself. because a lot of times you’re not going to have anyone be able to tell you. Because a lot of people don’t understand cybersecurity themselves. When I go into a client’s environment, most of the time I’m the one at the top and they have no idea if I’m doing a good job or not. Only I can know that. And then I tell them if I’m doing a good job or not. That’s how it is with cybersecurity.

Speaker 0 | 41:10.009

You have to kind of understand that. Let’s leave people with some things that they can do. Whether they’re in, whether the network admin that also handles security, whether the IT director that’s also in charge of security, that people aren’t, you know, pumping their hands and saying, hey, thanks for, you know, everything working today. Like, I appreciate that. What are some things that they can do that people are like, wow, you know, like we mentioned the marketing thing earlier, like providing some, you know, reporting. I would think reporting would be one. Provide valuable reporting that’s, that’s. A, showing people like, hey, I’m here, that you’re raising your hand and you’re giving them some valuable info. Is there some things that you know of that people can do that might not be typical that put you in the spotlight more?

Speaker 1 | 41:56.706

So put you in the spotlight as in being able to get a job within cybersecurity?

Speaker 0 | 42:00.288

Not necessarily a job, maybe just even in an existing company. Or maybe you’re some kind of consultant and you can provide some sort of insight and asset to a company that’s very, very valuable. What is that in security? You already mentioned like the… you know, kind of like the data piece, like where are the, is there anything that people can do that you know of that, um, that’s maybe not typical?

Speaker 1 | 42:22.020

Yes. So right now, most people actually probably are not working in offices and doing like white collar work. They’re doing the work that require people to go out, the retail, like the big industries that are just the fabric of everything we do right now. You can look at what you’re doing. There’s some kind of technical aspect to it. I’m pretty sure everyone has, there’s computers, there’s work computers, even there’s one work office computer, but there’s something that is not being looked at. There’s not being paid attention to concerning security of your company. It could be as simple as, hey, I found this checklist of things that we should look at for our cybersecurity. Do you mind if I, would you be okay if I ran this through? Because it would help us because there’s been an uptick in our industry being phishing emails. So I think if we… If we do these things, it would help us. Like something like that. You can, it doesn’t matter what you’re doing right now. You can find a way to help your organization out with their cybersecurity. It can take a simple rule out there and look for cybersecurity awareness training. That’s a big one right there is who’s going to do the cybersecurity awareness training. If all the experts are doing the expert things like the high-end architecting and stuff like that, and that we can’t get enough entry-level cybersecurity people in. who’s doing the cyber security awareness training for their companies.

Speaker 0 | 43:38.779

And that’s a good point for anyone that’s looking to even grow inside a company. Maybe they’re, I don’t know, maybe the help desk or something.

Speaker 1 | 43:45.224

Yes.

Speaker 0 | 43:46.745

Offer to do that. Yes. Like it’s something fresh. It’s something fresh and new that you might not have done that gives you the opportunity to connect with people and do some things that some other people that might be a little more introvert. It’s a getting out of your comfort zone and having to connect and talk with people. That’s something that I had to learn to do a long time ago. I used to be the guy in high school that walked with his head down and couldn’t talk to anyone and was absolutely terrified of girls and all that type of stuff.

Speaker 1 | 44:10.884

Yeah, get over that.

Speaker 0 | 44:12.365

Yeah, get out of that comfort zone. That’s really helpful.

Speaker 1 | 44:16.128

Yeah, that’s pretty much it. That’s the big one. That’s the big one I think you can be impactful right now for everybody that’s looking to try to get into cybersecurity. I see a lot of people going what you would think the typical route. They’re going to school, getting masters in cybersecurity or things like that. Yes, those can help. But if you come… if you have actual experience in something that always.

Speaker 0 | 44:36.403

You said you like efficiency. You said you like efficiency. So let’s end with this. What’s the fastest path to, I guess the cash, I guess for anyone that’s looking to get a different, anyone that’s young, that’s looking to get a job in security or do something there. What’s the fastest path. I can’t imagine the fastest path is spending money on certification on certificates and getting a master’s degree. What’s the fastest path.

Speaker 1 | 44:58.108

Fastest path for a young person is to don’t even think about the cash. Don’t think about the cash. Think about solving someone’s problem. Try to do the, don’t think about like, I want to do the thing I want to do. Look at the things that everyone else doesn’t want to do and say, hey, let me do that. And then you’re a shoo-in. In this age of what they call quotation, quiet quitting and things like that, it’s even easier to make yourself stand out. You just do the opposite of what everyone else is being told to do.

Speaker 0 | 45:27.607

I’ve told people that every day. Be willing to do what other people are unwilling to do. And that’s it.

Speaker 1 | 45:32.670

I have done that very thing since for two decades, two and a half decades now, where I just grabbed the thing that I know I can do and nobody else wanted to do. And it has served me and helped me out in ways I didn’t even realize until like a decade or so later. I have a reputation out there that I didn’t even realize I built because of the work ethic I had. So now if I come to someone and say, hey, you got anything going on? People are comfortable with, oh, yeah. People like to give other people good people. They like to help. people. So if, if, if you’re a, someone that is known at being good at what you do, being even a hard worker, being a consistent worker, uh, if you’re known as that, you will get passed around in the, uh, in the, in the, in their circles where all the real jobs are being.

Speaker 0 | 46:17.828

Yes. If you’re anyone that’s willing to work hard and do more than what the average person has done, like it’s, there’s some very simple things to do in life. A, be willing to do what other people are unwilling to do, do 10% more than. the top person and you’ll be number one.

Speaker 1 | 46:32.199

And find the person. In every environment or most environments, there is the top dog. They’re not like the manager. There’s someone the manager goes to in order to make things happen. Become their best friend. Fix whatever issues they have. Help them out. Be helpful to them. They are going to be the one that will pass on things that you can use in the next.

Speaker 0 | 46:52.272

Yes. This is Douglas Pierre. Thank you so much for being on Dissecting Popular IT Nerds. It has been a pleasure having you on the show.

Speaker 1 | 46:59.396

Likewise.

Speaker 0 | 47:00.296

Yeah, outstanding and all the best to you now and in the future.

Speaker 1 | 47:04.838

Yes. And yeah, thank you. Thanks for having me. This is so impromptu and I loved it. So O’Nightly out.

206- Nerding Out on Cybersecurity with Douglas Pierre O’Knightly

Speaker 0 | 00:09.518

All right, welcome everyone back to Dissecting Popular IT Nerds today. Douglas Pierre, you have D. Pierre in parentheses, O’Nightly, and cybersecurity aficionado of sorts. I’ll let you talk more about that. But what’s cooler and what I’m looking at right now. is which i think is completely appropriate because the show is called dissecting popular it nerds and this is quite nerdy is you on a base in afghanistan playing dungeons and dragons and for anyone listening you can go to douglas’s linkedin profile and it’s like i don’t know it’s not too far back go to his posts and find the dungeons and dragons no no no it’s um under featured fourth featured thing of you playing dungeons and dragons And what looks like, I don’t know if you guys built it, like the plywood. What do we call this structure that you guys are sitting in? And welcome to the show. Welcome.

Speaker 1 | 01:08.208

Thanks for having me. It’s pretty awesome how it just popped up out of nowhere. But I’m really happy that you got excited about that point because I thought you were going to talk to me about cybersecurity. And I’m just like, oh, I’m so tired talking about cybersecurity.

Speaker 0 | 01:19.695

I mean, we got to protect all these figurines, you know. We have to protect the world of Dungeons and Dragons. Right. Go ahead, fire away.

Speaker 1 | 01:30.020

Well, it’s getting more popular now, so that might be getting true.

Speaker 0 | 01:34.261

Is it more popular in an off-the-grid fashion, like living off the grid, or is this more online?

Speaker 1 | 01:39.843

So D&D overall is more popular primarily because of the movie that just came out. They did a very good job on the movie, from what I heard. And so now that’s becoming more, D&D is popular. Now everyone knows what D&D is, kind of, at least. So,

Speaker 0 | 01:54.847

in that manner. ironically, I’m in technology and communications and I, but outside of work, I live pretty much off the grid. I have like removed all TVs from my house and everything. It’s, um, it’s kind of talking with, and I have eight kids. So I was talking to my kids last night and they were telling me about how back in the day they used to have one person on lookout. They would like pull a TV out. Like there was like one TV still hidden in a closet. We would like plug it in and we would have someone on the lookout for when dad got home. And like, you know, anyways, that’s it. eight kids that is awesome man be like you barbarian you took the tv out of your house and i was like yeah guess what my kids actually read books now and it’s not like the tv even really matters anymore because there’s this thing called the internet and all kinds of other stuff going on but um so it really didn’t do much but anyways sorry i’m very uh i’m a little bit caffeinated i tend to derail things so continue continue um dungeons and dragons in afghanistan is what this show is called cool

Speaker 1 | 02:50.148

Oh, right. So that building you’re asking about, it’s basically like one of those, uh, yeah, it’s, it’s manufactured building. They’re really quick to set up kind and pretty flimsy, that kind of thing. It’s that kind of building. Um, not very large, had a table in it big enough. So it worked.

Speaker 0 | 03:05.206

The, um, so anyways. Were you into security back then? I mean, what was I mean, we don’t have to talk about military deployment if you don’t want to, because it’s a sensitive subject for some people. Other people are OK talking about it. Other people have a lot of friends that are in the military. I do a lot of jujitsu. So I’ve got a whole range of people that have had all kinds of experiences. Some people are like, don’t ever ask me about it. Other people are OK talking about it.

Speaker 1 | 03:26.021

Oh, yeah. No, I don’t mind. So I was in cybersecurity before it was cool. Back then, they used to call us network engineers or sysadmins. we always had to secure it. It’s just, wasn’t a focus on it. So I’d say about 20 something years or so I detected my first kind of unauthorized entry into a network that wasn’t supposed to be in back in 2000. So I’ve been kind of in it a bit.

Speaker 0 | 03:52.987

Great. Let’s talk about that. What happened? What did you detect? How did they get in? Was it via dial up?

Speaker 1 | 04:00.452

Let me see. 2000. No, it was. So I used to work at a research lab for the air force. and I was a network engineer at the time. I was really big into looking at the data. I like to sniff networks and look at packets and get the story from that. So basically how I saw this one, it was that I just noticed how there seemed to be an IP address I didn’t recognize. At the time, the method of detecting it, we didn’t have all the tools back then like we do now. So the method of detecting it was you looked, you, you understood the baseline of your network because you worked in it all the time. And then you saw things that were just not normal. Right. And so that’s kind of what I detected. I detected, I can’t really get too deep into it. It’s Air Force stuff, but I detected things that weren’t normal.

Speaker 0 | 04:49.610

Was it something like someone using a packet sniffer or something like that? Also like you, or was it, no, it was different than that. Or, and again,

Speaker 1 | 04:55.633

if it’s more like, um, they noticed something coming in. and either taking something out or potentially trying to take something out. But it was kind of like how we were able to see how data loss prevention. It was a data loss prevention, but before it was called that. Basically noticing how someone that shouldn’t have access to shares had access. and was able to pull things out that kind of thing i brought it up to the the lead network engineer and the engineers at the time um who then escalated and but i was just a kind of a grunt at the time so i didn’t really know what was going on i just saw something weird so eventually it was just escalated out of my hands and i just never really heard about it afterwards but uh but yeah that’s when i first noticed that i was like i think i kind of like this because i’m able to see the story happening in in all the data that i get it’s no

Speaker 0 | 05:46.675

offense to this comment you’re you’re kind of a young guy and and a lot of times the people that and i’m only i’m bringing this point up for a reason there’s a lot of people that have been on the show i’ll you know like a lot of the first questions we ask people is like what was your first computer how do you get into this insanity and you know a lot of people were around before the dawn of the internet that’s really not the case with you i’m assuming that’s not the case with you so it’s always interesting to get the point of view of someone how did you get started in technology that was born in tech born into technology right when i was born it was 1976 so what did we have back then arpanet you know i mean like yeah no one knew anything about um we had you know floppy disks in the 80s we had you know it was a completely different we didn’t have cell phones no to me that blows my mind it still blows my mind today we did not have we didn’t have cell phones we had a bag phone eventually when i was in like fifth grade or something that had to be like installed with like you know lag bolts and stuff into like you know the both chevy blazer or something like that yeah so what was it what what got you into this and what was that because i want to hear the difference i want to hear the difference so i was i was born in 83 and actually i i’m a gamer and i’ve pretty much been a gamer since i was five uh

Speaker 1 | 07:04.034

with nintendo that’s what got me into tech in general and then i i was an nes or was it super net

Speaker 0 | 07:10.800

super this is nes the first one so you’re not that young okay 83 oh no no no i’m not i’m not that young my wife was 81 so okay you don’t it doesn’t count okay so you’re back you’re just like everybody else you’ve had enough yeah yeah i grew up in that we

Speaker 1 | 07:26.391

we we were at the computer so what was your first computer was it at least a pentium or what was it like what was it so my first computer i can’t i can’t remember the name but i do remember that it required tapes cassette tapes to store and and that’s also when i first got into programming it was very actually i think it was basic programming but uh but i got into programming when i was around eight or nine and and i i kind of just made little with either little games on these monochrome screens or like i made songs i made little sounds happen but uh with with programming with this and yeah you had to save it to cassette tapes and uh that wasn’t necessarily the the top of the line at the time. I didn’t really grow up in an environment where top of the line was a thing. So I got the hand-me-downs of the technologies. So that was kind of how I started around eight or nine years old. And then I just pretty much been into tech since then.

Speaker 0 | 08:19.940

Nintendo was like a dream back then. NES. Because before that was Atari and they kind of didn’t really do too well as a company from my understanding when you look back. But NES, like Nintendo Magazine, Super Nintendo, all that stuff. it just, it went wild. Um, now it’s just, it’s a totally another world. Um, absolutely insane. So, okay. So moving forward security now, what do you, what do you do now? What, how, what do you, what do you help people with now? So again, the, the listener base of the show is typically it directors, mid market space, maybe 500 end users, upwards of 10, 10,000 end users. What is, you know, the secure, the secure, they, they probably aren’t, uh, budgeted for a CISO, which. But they have to take care of security. What’s your top, I don’t know, top five things, or what should people be looking out for now?

Speaker 1 | 09:10.848

So that depends on the industry, because some industries are very heavily regulated.

Speaker 0 | 09:17.452

Yeah, let’s stay out of financial then. Let’s talk about, let’s go, what does the United States do? Manufacturing. We’ve got manufacturing, logistics. We’ve got healthcare. I think there’s a lot of opportunity there because to me, they’re just behind the infrastructure side and you’re a network engineer. So you know that their infrastructure is probably way behind just due to the fact that you’ve got hospitals and campuses that need to be upgraded. And that’s just huge forklifts,

Speaker 1 | 09:47.244

right? Yeah.

Speaker 0 | 09:48.085

Easy staff. And you’ve got nurses and doctors and doctors aren’t necessarily always prone to technology change. Yes, I’m pigeonholing them. I come from a family of doctors, so I know this. But go ahead, go.

Speaker 1 | 10:00.612

fire away you know we’ll stay away from financial industry because then you got sock one two you got all kinds of crazy stuff there yeah it does get sec and all that looking at so health care let’s focus on the health care health care has a very similar issue to dod is that there’s a lot of legacy systems going on. And that’s the big issue they have with keeping up with cybersecurity. Like all, most of the, or not most, I wouldn’t say most, a lot of the newer industries or the industries that aren’t tied so heavily to very proprietary technology, they’re able to be more agile and keep up with the changes and things like that. Healthcare.

Speaker 0 | 10:33.361

They can go to the acting or something. Yes, exactly.

Speaker 1 | 10:36.884

Healthcare,

Speaker 0 | 10:37.825

machines, machines and monitors and crazy stuff. Okay.

Speaker 1 | 10:42.585

Yeah. And healthcare, they can’t do that. They can’t just switch like that. The systems that healthcare uses, they go through a very extensive process of making sure that they are fit to be used for human life, to protect human life, to save human lives. So it’s a whole, it’s very stringent. Same thing with some places like the DOD. DOD does not keep up with the most recent upgrades. They have to stay behind. because those are tried and tested in stable systems. So healthcare also has to have very stable systems, which means they can’t keep up with the speed that they need to keep up.

Speaker 0 | 11:21.432

So then the question is, they don’t have the speed to keep up, so are they really safe, or is this just a mirage?

Speaker 1 | 11:27.698

All of it’s a mirage.

Speaker 0 | 11:29.359

Thank you.

Speaker 1 | 11:30.019

So healthcare, it’s all a mirage. The most everyone can do is just keep trying and moving forward and hope that they’re not the ones that get targeted. Because a lot of what we have in place is primarily if you’re not targeted and you’re taking care of the low-hanging fruit, the script kitties, the ones who aren’t actually targeting. But when an adversary starts targeting you, especially if it’s a nation state, then it is a mirage. It’s almost trivial to bypass most of what’s being put in.

Speaker 0 | 12:04.285

My sister’s hospital got shut down for a week due to a ransomware attack.

Speaker 1 | 12:07.947

Is that recent? Because I think I read… Is that…

Speaker 0 | 12:10.205

It was that recent last year. I mean, at least within the last six months or something, I remember she was like, yeah, we got, we’re completely shut down to a ransomware attack. I was like, did they pay it? She was like, no, they refuse to negotiate with like terrorists or something. I was like, okay. I was like,

Speaker 1 | 12:24.148

that sounds like they were coached.

Speaker 0 | 12:25.569

Yeah. Yeah. Uh-huh.

Speaker 1 | 12:26.749

And, and, and that’s, that’s a tricky thing right there. Paying the right, there’s a whole headache based on just paying ransoms based on cybersecurity insurance. Uh, the SEC and government tells you, no, you shouldn’t do it. But then at the same time, it’s like, well, I have people that depend on this being live right now. And you’re telling me that I shouldn’t spend this amount to be able to get going. I’m losing more than this, not spending this amount. Like that’s the hard thing that healthcare industries and any industries that finance all those, that’s the big thing that they have to deal with. And it’s hard. It is hard. And there’s not nearly enough experts out there because experts have to… focus on all the industries. All the industries have this problem. And so there’s just not enough of us.

Speaker 0 | 13:14.170

That’s a good, that’s a good, well, I would say security or cybersecurity in general is experiencing a exodus. No, not exodus. What’s the opposite of exodus? A significant growth of people that all want to be into it that don’t know other than I just want to be in cybersecurity. I don’t know, probably if they have the level of expertise or even know where to begin. But that’s a good point for people out there that are in security. Should they just be focusing on a vertical market like healthcare or manufacturing or should they even be going into security to begin with or will they just be depressed?

Speaker 1 | 13:54.377

So this is a tricky one because yes, there are a whole lot of people trying to get into the industry still and they’re needed. At the same time, it doesn’t look like anyone wants to really sacrifice to bring them on. because they have to be trained up. And cybersecurity is, there are things that people that have never been in cybersecurity, they can come on and start doing right now and bring value to the industry. The problem is, is that it doesn’t seem like anyone wants to really invest towards bringing them on board to do these types. For instance, like assessments, GRC, you know, governance risk, and I can never remember. Those types of things where it’s a lot of checking. checking things, checking for controls, all that stuff. These are perfect avenues for entry level.

Speaker 0 | 14:40.384

Great. Policy creation.

Speaker 1 | 14:42.266

Policy creation. Now you do still need an expert at the top to understand the intricacies and how…

Speaker 0 | 14:48.462

policy can affect uh business and because business must go on that’s one thing you need someone that also understands the culture of the actual business that you’re talking with and how yes work there too because that’s you know that’s a whole nother how can you infer how can you influence uh company culture is probably a big piece to it well so that that right there influence company culture that is not the place that’s not our place in cyber security we have to figure out how do we okay not necessarily influence it maybe not influence it but

Speaker 1 | 15:16.578

become it you become a part of it yes yes yes you need to know what the culture is and what you’re dealing with uh yes and you’re not trying to change add negative somewhere in between yeah because it’s not gonna it most likely it probably won’t change your yes happen overnight and yeah exactly if you try to come in and change culture you’re going to fail yes but what you do is you try to come in see what their culture is and then you try to put in cyber security everywhere you can that can fit that culture as best as possible

Speaker 0 | 15:44.514

Okay, here’s what I see, Mr. CEO. You have a very toxic culture. It is what it is. We need to deal with that. And most likely your employers are not going to give a crap about any of the security stuff. So we need to deal with that.

Speaker 1 | 15:55.777

So then how we deal with that is, okay, then we need to increase our insider risk program. And we also need to increase our data loss prevention, because because of your toxic culture, you tend to have higher increases of turnover, which cause these kind of issues can happen. You can have someone walk right out with your proprietary information to your competitor. That’s an insider risk program. Because of your toxic culture, you need a stronger insider risk program. That’s how we do it. We don’t say you need to change your culture.

Speaker 0 | 16:24.768

We don’t do that. That’s actually a very interesting topic. I think that would be a good article to write. So you have a toxic culture, but you’re making money. It’s like, now we’re going to implement a security program based on that. You know, I think that’s probably the reality of a lot of situations, right? It’s the 80, it’s the 80, 20 rule. How many companies have an absolute, just, I’m just so happy to work here. That’s why they have lists of like the top, whatever companies to work for, right? Because the majority of the companies are just, just another job.

Speaker 1 | 17:00.827

Yeah, exactly.

Speaker 0 | 17:01.988

Right. Which is an interesting thing. So companies don’t have the money. to spend on security or they don’t want to, or it’s not a biggest budget. And I’ve been kind of arguing this for a while that I think the place for security experts is not working inside a company. It might actually be freelancing or doing some of the things where it looks like you do. Maybe you have some advice there for people.

Speaker 1 | 17:18.981

Actually, I completely agree with you. What I see a lot when they try to look for cybersecurity talent is they try to find someone to come be a part of their team. The problem with that is that there’s not enough cybersecurity talent to go around as far as what they’re looking for. There’s plenty that want to get in, but. what the hiring managers and everyone’s going to be looking for are the ones that are already in and have been doing this for a while. So go ahead. Sorry. Go ahead. Go ahead.

Speaker 0 | 17:43.781

No, no. I mean, I’m just saying there’s this mentality. It’s a broken, it’s an old, an American, maybe Western culture mentality that I’ve got to get a job. I’ve got to go to college. I’ve got to focus on something. And now I’ve got to get a job. And when you get older, Like myself, and you know, you sit in an office and record podcasts and, you know, decide to move where you want to go or do a podcast somewhere else randomly someday because you just don’t want to be in Connecticut at the moment. You know what I mean? You realize that, wait a second, and you kind of look back, you start to see that there isn’t really any security, no pun intended, in having a job. Even though that that’s where everyone says the security is, right? Because what is security? Is it, you know, mental health? Is it happiness? It’s like, I need to put food on the table. That can go any, you know, and when you’ve been in the industry long enough and you’ve seen every company either sell, get sold by another company or, you know, file for chapter 11 or something like that, which is definitely going to happen a lot in the technology space.

Speaker 1 | 18:50.017

Yes, it is happening now.

Speaker 0 | 18:51.538

Right. You want, I want to tell the younger listeners out there that. It’s okay to, yeah, like you said earlier, focus on something small to begin with. What did we say? Not policy creation. What was your idea? Where can they come in? and make a big…

Speaker 1 | 19:09.495

Assessments, like doing and helping with assessments?

Speaker 0 | 19:12.597

Yeah, assessments. I mean, I’ll do your cybersecurity assessment for a thousand bucks. Go do five assessments a month or something. I don’t know. If you’re willing to be bold and kind of creative and kind of go sell yourself, I think it opens up a lot of opportunities. But if you just want a job and you want to clock in and clock out every day and you want everyone to love you and say, you’re the smartest guy in the world, we have the best security guy, and this is great. The reality is… everyone’s always replaceable. There might not be budget for it. There’s always going to be this, we, even though we battle it and the whole point of this show is to battle the idea that, um, security and technology is a cost center. No, it’s, it’s really not. It is to a kind of, but it’s really more of a business force multiplier. Um, because a, a security breach will bring your business to a grinding halt and destroy you. And, uh, everything, nothing gets done in the, in the company without technology. So

Speaker 1 | 20:04.100

I’d actually, I’d like to, I’d like to, emphasize what you just said there how it’s not just a cost sink there is a lot of capabilities that can come from cyber security talent that’s more than just cyber security great cyber security talent some of the best analysts of data period doesn’t have to be cyber security data just looking at data and being able to understand the story that’s going on uh oscent doing a open source intelligence type of research cyber security analysts do that very well everything is online okay so oscent is Open source intelligence, where basically you use what is already publicly and not necessarily readily, but publicly available. You use information to come up with, well, whatever intelligence. You get an understanding of an entity based on what they put publicly online.

Speaker 0 | 20:51.812

Okay, so if people get this far listening to this podcast, which I hope they do, this is very important. This might be the most important part of the show. That takes, you need to be able to think outside of the box and take that. knowledge that you have or would be able to use if they just listen to you and partner with, say, I don’t know, marketing? Yeah. Am I going too far there? No. Going too far to say that security can partner and talk with other people inside the business and say, hey, we can benefit you here. Did you know that we can give you insight into this?

Speaker 1 | 21:27.859

Exactly. Yes. And just to give you the marketing crossover, for example, I actually used to do SEO research, search engine optimization. I got into that because I started liking digital marketing when I realized that digital marketing is a social engineering. And I like social engineering. So this is how what you do for cybersecurity or what you do in something like marketing, this is how it can cross over and become a talent that you can provide value either way.

Speaker 0 | 21:55.818

It is absolutely social engineering, which is inherently… It depends on, I would say that’s another 80-20 rule, inherently evil. Inherently evil and about money. You know, I mean, it’s like, I can’t remember what it was. It was like some part of like some massive like, you know, feminist movement that was started like by a bunch of dudes in their like basement that were, you know what I mean? I was like, in order to make money, it had absolutely nothing to do with the cause whatsoever. But there was a, there was an avenue for social engineering, so to speak there.

Speaker 1 | 22:29.706

Yes. And social engineering is like the start of all of it.

Speaker 0 | 22:32.947

Uh, yeah. And I, so I started out in coffee at Starbucks and then like, I freed myself by going to like a Cisco startup and learning to like, you know, take technology and help small business owners, like, you know, make more money with it. So AKA I was in sales, which I thought was like, and I still to this day do. believe nothing happens without someone first making a sale. I do believe that is the heart of America in general to keep the wheels of business turning and all this stuff. Right. And then I went and then I got into marketing and I was like, this is evil. Now I know why everyone hates salespeople because they really hate marketing, but it’s not, it’s they don’t hate the sales guys because the sales guys are just trying to, you know, you know, help you fill a need and fix a problem. But the marketing people, I was like, they’re going out. Cause I took a bunch of marketing programs and I was like, so they go out and they’re like, so basically what we do is we interview a bunch of people. We take everything that we say and everything that they want, all their fears, you know, like what is it? FUD, fears, uncertainty, and desires basically.

Speaker 1 | 23:36.049

Yeah.

Speaker 0 | 23:37.871

That’s sales. That’s marketing.

Speaker 1 | 23:40.052

Yeah.

Speaker 0 | 23:40.212

They take everyone’s feels, fears, uncertainty, desires, whatever, right? They go interview a bunch of people. They take all that back. And then they put that in and then they basically regurgitate that out in their marketing message. And people are like, whoa, how does he know me?

Speaker 1 | 23:52.402

Yeah. And it’s a psycho, it’s psychology. That’s what it is. It’s all psychology.

Speaker 0 | 23:55.384

It’s a psyop. The whole thing’s a psyop. Yes.

Speaker 1 | 23:58.646

So yeah, that’s what it is. And that’s, it’s all social engineering. Marketing is just social engineering.

Speaker 0 | 24:04.178

That’s all it is. They don’t even know, like, really. It’s being done to them. Actually, they might even know what’s being done to them. Sometimes I know. I’m like, I know what this guy is doing, right? Because you start to see the patterns after a while. Yeah. Again, 80% of the people don’t know the patterns. So, anyways, moving on from that, let’s take a break. What do you believe in any or partake in or think that there might be truth to any conspiracy theories out there? You can’t say alien because now that’s like, I guess that’s like, they’re actually telling us that’s real now, which makes every, makes me disbelieve all of it. So anyways, go ahead.

Speaker 1 | 24:42.612

Well, so let’s see. Interesting conspiracy theory.

Speaker 0 | 24:47.196

We already know what you did before the internet. You played with figurines on a, on a board and rolled dice.

Speaker 1 | 24:52.560

And, and went outside and played, went outside and played a lot too.

Speaker 0 | 24:56.283

Yeah. That’s my other question. Like, what’d you do prior to the internet? You know, like. yeah i don’t know drank from the i drank from the fire hose i mean the the garden hose and i shot things with the bb gun that you know and blew things up with illegal fireworks that we got from like ohio or something yeah pretty much uh pine cone wars you go find pine cones and throw them at each other like we played outside with each other a lot uh that should happen more but everyone’s so tied to their phones and everything like that but but yeah you still want to know about the conspiracy theory i don’t know do you have anything you

Speaker 1 | 25:28.546

Not so much.

Speaker 0 | 25:29.967

Lizard people or anything. That one’s real wild.

Speaker 1 | 25:32.789

So the way I am, I’m a very efficient person. And if I cannot use information that will help me do what I’m trying to do, for instance, if I want to make money or if I want to take care of my family or if there’s information that doesn’t help me in any of that, I tend to not even really pay attention to it. I don’t even really watch TV much at all. I’m a gamer. So that’s what I do most of the time. My wife’s a gamer. So we game together. So like, I don’t really pay attention to all that stuff that much. Cybersecurity, I pay attention to so much because a lot of people need me to pay attention to it. And so, but if there was nobody needed cybersecurity, there would be something else I would pay attention to because it brings a lot of value to everyone else. The conspiracy theory thing. getting caught up in that, that would entertain myself, but I can’t see me turning that into some kind of value I can bring to everyone else. And so I don’t really, I don’t really put much effort to thinking about it too much. I can’t even remember any conspiracy theories right now.

Speaker 0 | 26:38.679

The, um, well, the one that I’ve been talking about a lot lately, because I went down the dark hole and, uh, and the reason why, and the reason why would be, you’re right. Like I hate wasting time. And I, I, As a guy with eight kids and two grandchildren now and a podcast and everything, I definitely don’t have any time to waste at all. But if you were to ask me what book sits in the bathroom, you know what I mean? It’s like the Apollo program breakdown, right? So I want to know everything. That’s a good question. I want to know about everything about how we got to the moon. I want to know everything. I want to know the size of the rockets. I want to know the rocket fuel. I want to know pressure. I want to know all the test sites. I want to know that we were 50 miles above the rotating around the moon, that we had to bring a lunar lander 50 miles down to the surface of the moon. How did we do that? How did we practice that? And the more that I look into the details, and this is not just, I’m not just like, oh, not thinking about it. I want to know the actual details. To me, it’s mind blowing that NASA lost. all of the data what could you like 80 of the data we can’t rebuild that rocket we don’t have any of it they just erased the tapes they just taped over the tapes of the most important thing in all of humankind all of like the history of mankind and no backups none i mean it’s just mind-blowing to me so then i’m and what started the whole thing was the picture of um richard nixon making a phone call on basically an analog rotary dial phone it did have square buttons on it so i’ll give them that okay From the White House, from the White House to the moon. The surface of the moon switched via that little like umbrella thing on the Land Rover. And I and that was 19 what, 69? ARPANET, I think, was what maybe started that year, maybe a month or something. And I just started thinking latency and jitter and phone calls nowadays and being a tech guy and supposedly AT&T switched the call from the White House to Houston and then they beamed it 220 or 240,000 miles away and back. And I just started thinking, I’m like, wow, that’s like crazy interesting. And like, I wonder how else they did everything else. And, you know, and everyone else, it’s science, Phil, it’s science. And I’m like, yeah, but I mean, there’s, there’s also politics involved at the time and the cold war and Vietnam and like all kinds of other things going on and all kinds of other competing reasons in trying to give America hope. And, you know, so I’m just, you know, I don’t want to get myself killed here, but, you know, I would. I just, you know, that was like, I’m like, maybe these guys are not, you know, maybe, you know, so I bought like every book on the subject and went down the dark hole. Why? Because the truth matters. And, you know, we’ve been sitting inside a pandemic and everything like that. And you got to be careful there with that one also. Um, so anyways, that’s why I asked the question just for, so then now that you have marketing out of marketing, just for the sake of marketing and to give the show more clicks and likes, that’s why I asked the question selfishly.

Speaker 1 | 29:44.478

oh well no that’s cool now now when you gave me that context now i have a better understanding of of i have i do have an answer for you so i’ve gotten to the the u.s constitution i’m a big fan of the u.s constitution i think it’s one of the the best design games i’ve ever seen and this is coming from someone who went to school for game development and game design i like it and uh and i think that there is a a very i wouldn’t say obvious but there is a point in time where it was pretty much sabotaged and has went downhill since then Does that count in what you’re talking about?

Speaker 0 | 30:16.143

Sounds very controversial. Well,

Speaker 1 | 30:20.465

I believe if we should get rid of the 16th and 17th amendments, and a lot of the issues we have will start righting itself.

Speaker 0 | 30:30.312

So a lot of people will say everyone should have a constitution in their pocket. And everyone, and I guarantee you that you and maybe a handful of other people, maybe the… The fact that the show does have a certain listenership, maybe they have read the Constitution. How many people have read the Constitution, do you think? Oh,

Speaker 1 | 30:46.724

barely anybody.

Speaker 0 | 30:47.945

I can’t tell you what the 16th and 17th Amendment are. What are they?

Speaker 1 | 30:51.067

So the 16th and 17th Amendment. The 16th Amendment is the one that brings the… First of all, they both came around 1912, 1913. And the 16th Amendment is basically what opened the floodgates for federal income tax. And the 17th Amendment is… where they took the senator, the method of choosing senators, and instead of leaving that to the state legislator, they now brought that to the public method, like the House of Representatives.

Speaker 0 | 31:22.527

So what are you saying? Are you saying that that got rid of representation? Is that what you’re saying? Real representation?

Speaker 1 | 31:28.211

No. So the Constitution, the founders, they created it with a very intricate layers of checks and balances.

Speaker 0 | 31:35.477

Okay.

Speaker 1 | 31:35.977

Whenever. the senators like the way they were like to layer that back to technology like your security policy program should be with checks and balances but exactly and there’s a division of powers and i’m a big fan of division of powers and i just happen to like dividing powers into threes just like the the uh the constitution does but there is you got to divide the powers because what the founders understood was that uh one the government is a necessity not a big government But the government is necessity and has a very specific need. And that’s generally for the protection from everyone else outside of that.

Speaker 0 | 32:12.995

So that’s a security piece. But what about infrastructure? What about health care? What about all these other things?

Speaker 1 | 32:18.618

So infrastructure is supposed to be facilitating and building infrastructure to allow the interstate trade and everything like that. But all the domestic stuff should be handled by the state. It should be coming from the state. And in the instance where the state.

Speaker 0 | 32:32.488

What about laws? I’m just curious. Just general.

Speaker 1 | 32:34.769

What about. The laws, the laws of which laws?

Speaker 0 | 32:37.607

How should they be formed? Any law?

Speaker 1 | 32:39.467

Any law, it should start from the lowest level. It should start to the level that’s closest to affecting it. So for instance, if it’s a thing about international trade, that should start at the federal level. If it’s something that’s domestic, then the people that are being governed should have a say in what that is. When you bring it up to the federal level, you no longer give that say to the people of that state.

Speaker 0 | 33:03.082

We’re a simpleton because you’ve got to be simple for the people because the people are simple. We remove those two amendments. What happens?

Speaker 1 | 33:10.007

So first, to understand what they did when they came in, when you take away the senators being chosen by the state legislators and make them chosen by the same entity that creates the House of Representatives, you no longer have the same checks and balances in place. Whenever the senators were chosen by the state legislators, the state legislators, they have a particular mission for that state. They are the champions of that state. they would be the ones that are least desire to lose that power to a higher entity. They would be the ones most protective of that power. Now, that also has bad things in place, which allow the 17th Amendment to even be brought in. But at the same time, you completely lose those checks and balances. And the thing about the House of Representatives and the people who choose the House of Representatives, which is us, all of us, is that we are very malleable. We are very hotheaded. We have short memories. We need babysitters. That’s what the senators were supposed to be. But now when the senators are also chosen by us, they’re no longer the cooler heads that prevail. They’re just longer termed House of Representatives. So that broke the entire thing.

Speaker 0 | 34:19.690

And just a disclaimer, which is I don’t participate in any politics. I’m literally just having a conversation with you here learning.

Speaker 1 | 34:30.013

Me too.

Speaker 0 | 34:30.993

I don’t. If you wanted to ask my real personal belief, I believe democracy is broken. And my main reason for that is I do believe that the foundation of the people is. ignorance you’re ignorant until you have knowledge and the foundation of the people is to seek out their own personal desires and i believe that if the foundation and the majority of people are ignorant and self selfish basically uh and you have a representative government based on the majority of the people you are ultimately bound for failure and the unit and in reality the u.s is is new we’re not we haven’t been around for a long time i mean two three hundred years old like what is that yes what is that in the history of time now brand new i’m not going to say we’re not a um a massive powerhouse that has literally invented everything in the face of the on the face of this earth over the last hundred years i mean go down the list oh i know electricity light bulb computer you know and it makes us a little bit arrogant you Um, but after traveling around the world and living in many other places, um, I’ve definitely been very relaxed and not as stressed out as I am here.

Speaker 1 | 35:49.748

Yeah, I completely agree with you. And that’s, I’ve been all around the world as well. And I, the U S has no, there’s no other place I would rather be than the U S there’s yes, it does have its issues, but there’s no other place like just from the U S constitution, every everywhere else, they looked at the U S constitution and say, wow, that’s cool. And then they started using, taking. uh aspects from it into their own government the u.s government is the one that was built from the bottom up while every other government seemed to come down from from it was taken away from someone in power that was forced to spread out but it was still coming from the top down not the u.s government so that’s it’s it’s a beautiful thing and the u.s constitution the founders put it makes it it makes me laugh when there’s people that think that the u.s constitution was built on a whim or that there wasn’t like lots of research that go into it you The founders used about a thousand years of, of governance and human, human proclivities in making the constitution. What they made was like,

Speaker 0 | 36:48.206

yeah. When you read, whatever, anyone that’s like a Benjamin Franklin fan or, or when you’re actually studying and read history, cause I am, I mean, I did minor in history. You’re going to, yeah. You’ll quickly realize that that’s not the case.

Speaker 1 | 36:59.917

Yeah. Well, and so, yeah. And that’s, that’s about the U S constitution. has been tampered with since 1912, and it caused a whole cascading set of issues in the world of politics and governing since then. Well,

Speaker 0 | 37:14.512

this isn’t a Marxist socialist socialism show. We could go down that dark hole for hours. How do we tie this back into the, maybe what’s the end game? What’s the end game for you? I like asking that question. Um, like where do you see yourself? You know, like for a lot of technology guys, I don’t think they think too much about like, unless you’ve got a job and you think you’re actually going to retire on your 401k, that type of thing. Um, what’s your, what should be the end game for a lot of people in technology? Is there, is there one?

Speaker 1 | 37:49.460

Well, my end game. Uh, so I say that I do all this technology and stuff as a side job, because my primary job is that I’m a father and husband. So I think that should be the end game. I think that should be the end game for all men is to, to strive. Like the fact that you have eight children, I am extremely impressed and give you kudos because that, that is like, I’m trying to grow up to be like you. I have three children.

Speaker 0 | 38:14.397

I was never going to have kids. You know what I mean? Um, by the way,

Speaker 1 | 38:17.039

I was there.

Speaker 0 | 38:17.979

I was there for three and four kids is hard. Eight kids is just like, you better delegate.

Speaker 1 | 38:23.062

Yes.

Speaker 0 | 38:23.682

It’s like, you know, now it’s kind of like, where are they right now? I don’t know. Okay. They know how to cook and clean and vacuum and stuff. The three kids, you’re like, why are you making her bed? I’m trying to tell them, stop making their bed and doing the laundry and stuff. Once you get to eight, they have to learn. It’s amazing. Some people are like, I can’t believe your kids know how to do this stuff. One guy, my son’s 17, but he doesn’t act like a 17-year-old. One of my sons is 17, and he was driving the day in. Of course, I was like, do you trust him driving? He’s like, yeah, I hate driving. I want him driving everywhere. What are you talking about?

Speaker 1 | 38:58.794

Yeah. It’s like, what are you talking about? We were like 15. What are you talking about?

Speaker 0 | 39:02.497

Yeah, definitely. Um, that’s yeah. So a good point. So yeah. For what do we do to, to build a lasting legacy, I guess, as I’m saying, yeah. So in the lasting legacy is for, is for family and stuff. Right. So at the end of the day, some people live, breathe and die technology and security. You probably have some security guys and that’s, that’s literally their life. But, um, I work to live. I don’t live. to work. I heard someone say that once. I can’t remember, but it makes sense.

Speaker 1 | 39:32.299

Yeah, it makes sense. And I thought about that. I’m like, yeah, but I kind of really liked what I do as well. So I do kind of live to work. I enjoy it. I get rewarded by my work. I help a lot of people.

Speaker 0 | 39:44.002

You got to enjoy it.

Speaker 1 | 39:45.382

Yes. And especially in cybersecurity, you do have to enjoy it because there’s a lot is a water hose of information all the time. The thing about cybersecurity is that you never really know you’re doing a good job because, well, everyone is. is assumed to be compromised. So it’s like, well, you might be compromised, but you don’t know because you didn’t see it. So it’s like, well, how do I know I’m doing a good job in cybersecurity? Someone has to tell you. And, but I don’t know, there’s all these KPIs that come up and they’re trying to make, what are the metrics for cybersecurity? But the thing is, the adversaries don’t care about these metrics and they bypass or walk around whatever metrics that come around. So it’s like cybersecurity is a really, it’s not a normal field. And it’s not necessarily easy field. So you do need to find enjoyment.

Speaker 0 | 40:30.316

It’s not filled with daily high fives and recognition. It’s not. It’s not like, hey, thanks. We didn’t get hacked today. Or hey, thanks. We didn’t, you know, get, you know, this happened today. Thanks for making sure nothing happened today. Exactly.

Speaker 1 | 40:42.625

It’s not that. So if you require that, this would not be the place for you. You got to be able to find your own meaning. You have to be able to find your own. You have to be able to understand when you’re doing well yourself. because a lot of times you’re not going to have anyone be able to tell you. Because a lot of people don’t understand cybersecurity themselves. When I go into a client’s environment, most of the time I’m the one at the top and they have no idea if I’m doing a good job or not. Only I can know that. And then I tell them if I’m doing a good job or not. That’s how it is with cybersecurity.

Speaker 0 | 41:10.009

You have to kind of understand that. Let’s leave people with some things that they can do. Whether they’re in, whether the network admin that also handles security, whether the IT director that’s also in charge of security, that people aren’t, you know, pumping their hands and saying, hey, thanks for, you know, everything working today. Like, I appreciate that. What are some things that they can do that people are like, wow, you know, like we mentioned the marketing thing earlier, like providing some, you know, reporting. I would think reporting would be one. Provide valuable reporting that’s, that’s. A, showing people like, hey, I’m here, that you’re raising your hand and you’re giving them some valuable info. Is there some things that you know of that people can do that might not be typical that put you in the spotlight more?

Speaker 1 | 41:56.706

So put you in the spotlight as in being able to get a job within cybersecurity?

Speaker 0 | 42:00.288

Not necessarily a job, maybe just even in an existing company. Or maybe you’re some kind of consultant and you can provide some sort of insight and asset to a company that’s very, very valuable. What is that in security? You already mentioned like the… you know, kind of like the data piece, like where are the, is there anything that people can do that you know of that, um, that’s maybe not typical?

Speaker 1 | 42:22.020

Yes. So right now, most people actually probably are not working in offices and doing like white collar work. They’re doing the work that require people to go out, the retail, like the big industries that are just the fabric of everything we do right now. You can look at what you’re doing. There’s some kind of technical aspect to it. I’m pretty sure everyone has, there’s computers, there’s work computers, even there’s one work office computer, but there’s something that is not being looked at. There’s not being paid attention to concerning security of your company. It could be as simple as, hey, I found this checklist of things that we should look at for our cybersecurity. Do you mind if I, would you be okay if I ran this through? Because it would help us because there’s been an uptick in our industry being phishing emails. So I think if we… If we do these things, it would help us. Like something like that. You can, it doesn’t matter what you’re doing right now. You can find a way to help your organization out with their cybersecurity. It can take a simple rule out there and look for cybersecurity awareness training. That’s a big one right there is who’s going to do the cybersecurity awareness training. If all the experts are doing the expert things like the high-end architecting and stuff like that, and that we can’t get enough entry-level cybersecurity people in. who’s doing the cyber security awareness training for their companies.

Speaker 0 | 43:38.779

And that’s a good point for anyone that’s looking to even grow inside a company. Maybe they’re, I don’t know, maybe the help desk or something.

Speaker 1 | 43:45.224

Yes.

Speaker 0 | 43:46.745

Offer to do that. Yes. Like it’s something fresh. It’s something fresh and new that you might not have done that gives you the opportunity to connect with people and do some things that some other people that might be a little more introvert. It’s a getting out of your comfort zone and having to connect and talk with people. That’s something that I had to learn to do a long time ago. I used to be the guy in high school that walked with his head down and couldn’t talk to anyone and was absolutely terrified of girls and all that type of stuff.

Speaker 1 | 44:10.884

Yeah, get over that.

Speaker 0 | 44:12.365

Yeah, get out of that comfort zone. That’s really helpful.

Speaker 1 | 44:16.128

Yeah, that’s pretty much it. That’s the big one. That’s the big one I think you can be impactful right now for everybody that’s looking to try to get into cybersecurity. I see a lot of people going what you would think the typical route. They’re going to school, getting masters in cybersecurity or things like that. Yes, those can help. But if you come… if you have actual experience in something that always.

Speaker 0 | 44:36.403

You said you like efficiency. You said you like efficiency. So let’s end with this. What’s the fastest path to, I guess the cash, I guess for anyone that’s looking to get a different, anyone that’s young, that’s looking to get a job in security or do something there. What’s the fastest path. I can’t imagine the fastest path is spending money on certification on certificates and getting a master’s degree. What’s the fastest path.

Speaker 1 | 44:58.108

Fastest path for a young person is to don’t even think about the cash. Don’t think about the cash. Think about solving someone’s problem. Try to do the, don’t think about like, I want to do the thing I want to do. Look at the things that everyone else doesn’t want to do and say, hey, let me do that. And then you’re a shoo-in. In this age of what they call quotation, quiet quitting and things like that, it’s even easier to make yourself stand out. You just do the opposite of what everyone else is being told to do.

Speaker 0 | 45:27.607

I’ve told people that every day. Be willing to do what other people are unwilling to do. And that’s it.

Speaker 1 | 45:32.670

I have done that very thing since for two decades, two and a half decades now, where I just grabbed the thing that I know I can do and nobody else wanted to do. And it has served me and helped me out in ways I didn’t even realize until like a decade or so later. I have a reputation out there that I didn’t even realize I built because of the work ethic I had. So now if I come to someone and say, hey, you got anything going on? People are comfortable with, oh, yeah. People like to give other people good people. They like to help. people. So if, if, if you’re a, someone that is known at being good at what you do, being even a hard worker, being a consistent worker, uh, if you’re known as that, you will get passed around in the, uh, in the, in the, in their circles where all the real jobs are being.

Speaker 0 | 46:17.828

Yes. If you’re anyone that’s willing to work hard and do more than what the average person has done, like it’s, there’s some very simple things to do in life. A, be willing to do what other people are unwilling to do, do 10% more than. the top person and you’ll be number one.

Speaker 1 | 46:32.199

And find the person. In every environment or most environments, there is the top dog. They’re not like the manager. There’s someone the manager goes to in order to make things happen. Become their best friend. Fix whatever issues they have. Help them out. Be helpful to them. They are going to be the one that will pass on things that you can use in the next.

Speaker 0 | 46:52.272

Yes. This is Douglas Pierre. Thank you so much for being on Dissecting Popular IT Nerds. It has been a pleasure having you on the show.

Speaker 1 | 46:59.396

Likewise.

Speaker 0 | 47:00.296

Yeah, outstanding and all the best to you now and in the future.

Speaker 1 | 47:04.838

Yes. And yeah, thank you. Thanks for having me. This is so impromptu and I loved it. So O’Nightly out.

Share This Episode On:

HOSTED BY PHIL HOWARD

Dissecting Popular IT Nerds Podcast

Weekly strategic insights from technology executives who understand your challenges

Are You The Nerd We're Looking For?

ATTENTION IT EXECUTIVES: Your advice and unique stories are invaluable to us. Help us by taking this quiz. You’ll gain recognition good for your career and you’ll contribute value to your fellow IT peers.

QR Code