Episode Cover Image

224- Securing Your Business in an Increasingly Connected World with Jace Randolph

digital transformation, ai
Dissecting Popular IT Nerds
224- Securing Your Business in an Increasingly Connected World with Jace Randolph
Loading
/

Jace Randolph

Jace Randolph is a seasoned IT security professional with over 15 years of experience spanning various industries. After an unethical start as a black hat hacker, he now leverages his expertise in ethical hacking and social engineering to strengthen security for businesses. Jace is currently the Director of IT at Western Steel Buildings.

Securing Your Business in an Increasingly Connected World with Jace Randolph

Protecting company data is more challenging than ever with the proliferation of personal devices in the workplace. In this episode, Michael Moore speaks with IT security expert Jace Randolph about ethical hacking, social engineering, and the security vulnerabilities introduced by the shift to USB-C. They explore the ethical gray areas around exposing system weaknesses to improve security, securing personal devices used for work, and the need for more robust security standards. You will learn key strategies and mindsets to secure their business data in an increasingly interconnected digital world.

Disclaimer: The views, thoughts, and opinions expressed by guests on this podcast are solely their own and do not necessarily reflect the views or positions of their employers, affiliates, organizations, or any other entities. The content provided is for informational purposes only and should not be considered professional advice. The podcast hosts and producers are not responsible for any actions taken based on the discussions in the episodes. We encourage listeners to consult with a professional or conduct their own research before making any decisions based on the content of this podcast

digital transformation, ai

3 Key Takeaways

Episode Show Notes

Getting started in IT and ethical hacking [02:03]

Social engineering as an effective hacking technique [06:18]

Security vulnerabilities in manufacturing facilities [09:15]

The danger of using personal devices for work [14:00]

Small businesses as prime hacking targets [12:39]

Securing BYOD devices with MDMs [45:25]

Demo of hacking an iPhone with a malicious USB-C cable [43:20]

Unified connectivity leading to new vulnerabilities [38:43]

Overcoming resistance to change in IT [33:16]

Importance of learning the business side in IT [56:54]

Lack of security awareness as a key weakness [53:49]

The future of hacking and IT security [01:00:07]

Transcript

Speaker 0 | 00:09.119

Hi, nerds. I’m Michael Moore, hosting this podcast for Dissecting Popularity Nerds. I’m here with Jake Randolph, Director of Information Technology at Western Steel Buildings. Hey, Jake. How’s it going today?

Speaker 1 | 00:19.884

Good. How are you doing today, sir?

Speaker 0 | 00:21.124

I’m doing really good. Thank you very much. It’s great to have you on the program. Now it’s time for our icebreaker segment, Random Access Memories. I ask a question and then you just respond with the answer that comes to your head first. Your first question is, if you got stranded on an island, what piece of technology would you hope to have?

Speaker 1 | 00:43.511

Ooh, GPS beacon.

Speaker 0 | 00:45.994

See, that’s a good, that’s a great answer. You know, everyone can be like, no, I got my tablet. No, I got this. It’s going to run out of power. But you’re like, no, GPS beacon. I want it right now. I love it. right straight to the point get me off this island exactly um your next question light mode or dark mode dark mode all the way oh man you know how often do you uh um bring up a website or bring up an application most of the stuff can be hit with like you know i know there’s a an extension that you can use to kind of make it dark but you How many times do you try to pop up something in an application that just won’t work with anything, and it’s just in their bright place?

Speaker 1 | 01:34.610

Especially late at night, and then you end up putting your blue screen filter on through your settings, turning your brights, and then you’re like, God, I just can’t deal with this right now.

Speaker 0 | 01:41.532

It’s too much.

Speaker 1 | 01:43.833

You got your yellow-blue light glasses on. You got everything you can. But no, dark mode all the way. There’s no other answer to that.

Speaker 0 | 01:51.675

I agree with you on that one. If you’re… If your computer suddenly became sentient, what’s the first thing that you would do?

Speaker 1 | 02:01.357

Whoa, what a question. If it suddenly became sentient, I go with a funny answer of don’t tell my wife about my browsing history or what’s your XDD go on that? I don’t know. Okay,

Speaker 0 | 02:16.371

what’s the second thing that you would do? What’s the second thing you would do?

Speaker 1 | 02:20.515

You know, perform all of my coding for me please please just do it for me just if i tell you what i want will you do it for me just start asking questions listen we can make a good partnership all right we can really make this work i keep you filled with power you give me all my coding needs like i love it i

Speaker 0 | 02:41.740

love it oh um you know i uh i’m glad you’re on uh um hey i was looking at your linkedin And I have one question for you. Why is your LinkedIn so devoid of any information at all?

Speaker 1 | 02:59.434

Okay. So the short answer to this is I’ve been in many different careers, started in the Air Force, moved into oil field, moved into some manufacturing, did some sales, things like that. But the long answer is why my LinkedIn is so short as far as IT and technology comes to hand is it’s only been… the last three or four years of my life that I have been on the good side of IT. I kind of started my computer world. I started back in DOS when I was a kid. I had green screens and started learning coding, started doing things like that. And then I got really interested in breaking systems, really, really interested in breaking through security protocols, figuring out black hat operations, things like that. Got really into cracking Windows 7. The Windows 7 Black Edition was something I worked really hard with. And then, yeah, it just got, it started going further and further down the rabbit hole. It started getting more and more unethical. And then I realized that I wasn’t on the path that I really liked to be. And so I started using my powers for good. Started really focusing on ethical hacking, red teaming, things like that, and actually fixing the problems versus being a problem.

Speaker 0 | 04:18.208

I’ll see. Now, we like to hear that. We like to hear the reformed. Now, you know, it’s interesting, too. I mean, I think there’s a lot of folks, you know, that when you first get into IT and you start realizing all the things that you can do. Right. And all the ways that you can break things and stuff like that. Right. Very tempting to go down that route. You know, we have to we have to resist the dark side, so to speak. You know. Yes. No, it’s actually interesting to hear. We probably could go into a whole bunch of that. What’s also interesting, though, too, is I actually saw that. um, uh, uh, you were a recruiting manager,

Speaker 1 | 05:04.365

uh, Centerline drivers. Yeah.

Speaker 0 | 05:05.985

Yeah. So tell me a little bit about that.

Speaker 1 | 05:09.526

So I actually just recruited truck drivers. Uh, it was a, it was a, it was a daytime job, um, that got me paid while I was doing other things on the backend, um, that were not so ethical. Like I said, it was one of those things. I’ve had many, many jobs on the front end just to kind of support, um, you know, support my family and make sure that I was, paying my rent and buying the toys that I wanted to play with and spending a lot of time on hack five and learning a ton about, you know, uh, wifi cracking and things like that. And so I’ve had a lot of day jobs.

Speaker 0 | 05:41.963

No, it’s a, well, Hey, you know, what’s great about that though, right. Is having a lot of day jobs is that, uh, it gives you so much, uh, diverse experience, uh, to be able to tackle a whole host of issues. You know, when you get. You know, if you’ve only done one thing, if you have only been in one slot your entire career, then you have a you may be really good at it, but your focus is pretty narrow. If you expand out your, you know, your your different job settings and stuff, it allows you to kind of be able to adapt to different situations and use that life experience and those different work experiences. Right.

Speaker 1 | 06:20.720

Yes, absolutely. And being a recruiter actually, you know, helped me hone one of the best tools in today’s hacking world. And that’s social engineering. That was learning how to talk to people, learning how to sell yourself and learning how to get into anybody’s situation and make common ground. And then, you know, start getting information from them to obviously, I wanted to recruit them to be a driver. But at the same time, it was a great practice of learning just how to talk to people. So many IT professionals that I run into. have a really hard time with the social boundaries, especially when they’re very good at what they do. They have a really hard time in the social aspects of life and making connections and making real connections that aren’t through a digital screen. And so it’s interesting when you go into something like pen testing and red teaming, one of the things that you really want to do is you want to get a hold of cards. You want people to give up their information because it’s the easiest way to go about it. And so everything that I’ve done, being a recruiting manager, like I said, I took skills from that to apply it to the IT world. There’s, you know, when I was in the oil field, you know, learning how to use antiquated technology and understanding how that technology could be blended with new stuff. That was something that was really, really fun for me with Chesapeake International. And then there’s a lot of skills that are outside of the wheelhouse of what. everybody thinks is a typical IT guy. And if you apply those skills, I think you become a better IT guy.

Speaker 0 | 07:54.118

Now, I mean, you mentioned so many interesting things in there. I mean, rest in peace to Kevin Mitnick, right? Who basically, you know, made social engineering such a common attack, so common that, you know, I think it was just what MGM Grand, you know, was just a hit by it, right? They were social engineered into one of the biggest, you know, if you can hit the MGM grand, I mean, it’s like, that’s pretty, it’s pretty interesting. So such an interesting, you know, always evolving piece. It’s such a old technique that’s been used even back before there were computers, right? Correct. And just continuously adapted and people just fall for it. Because, you know, people want to be there’s a good portion of the public that want to be good and want to help. Yes. And they and they get tricked into social engineering, which I think a lot of people have dabbled in. So, you know,

Speaker 1 | 09:02.521

absolutely. Whether they know it or not.

Speaker 0 | 09:04.802

Exactly. Well, you also mentioned to Chesapeake International and and you were talking a little bit about these. And. created systems in relation to, I believe it was the oil.

Speaker 1 | 09:17.911

Correct. Oil field.

Speaker 0 | 09:18.891

Do you want to expand upon that a little bit? What that meant?

Speaker 1 | 09:22.494

Well, it actually expands into where my career has landed now. Working with Western Steel Buildings, we’re a metal building supplier, essentially. And we work with fabricators all over the world. And- It’s really given me more insight to some of the great problems in technology that we’re going to experience specifically in America. If you look at manufacturing as a whole, manufacturing, oil field, mining, farming, there’s so many aspects and there’s so much technology that goes into it. A lot of people don’t realize how many access points are on a farm, for instance. There’s access points everywhere. It’s usually antiquated access points that are WPS at best. Or you might find some WPA2. But for the most part, they’re very simple to get into. They’re simple people. They don’t see those types of things becoming an issue. Well, we started noticing a lot of, it started really coming to light in the war in Ukraine. We started looking at what Russia was using some of their cells for, and that was to attack manufacturing directly in other countries. We’ve seen it. We’ve seen it over the past five years, especially. And so when we look at our manufacturing. world and we look at the technology that’s there um for instance i’ll give you a great example of a fantastic program but it’s so antiquated and so outdated but it’s an amazing program mbs metal metal building software it’s used by some of the biggest manufacturers and metal buildings in the world and it’s 30 years old the interface on it is that of uh windows xp at best uh it looks looks like it was upgraded from 95 and you you look at the interface does it have like

Speaker 0 | 11:03.012

Flippy dancing on the desktop?

Speaker 1 | 11:05.193

Basically. I mean, that’s the only thing that’s missing from it. And you look at the way that the databases are built, they’re built upon the really old style of Excel. And it’s really incredible to see these systems still being used today. And then when you start looking at it, they’re secured by hardware keys. Like they’ve got some advanced technology there, but they’re easy to crack too. And so as these technologies keep coming in, And as these places start becoming bigger targets, companies like mine, we’re a small, medium business, and our revenue is high. Our revenue is that of interest. And social engineering and using those backdoors to get into our systems is something that I would be interested in doing if I was on the other side.

Speaker 0 | 11:51.506

Let me pause you for a minute because you said something that’s really interesting. I want to expand upon it because I get I get to talk to a lot of, a lot of folks in a lot of different industries and I get to talk to them about IT and I’m very lucky to have the opportunity to do so. When I do, there seems to be this misconception and, and I, and, you know, I said it on here about a big hack that happened to a big company, but there, there, there seems to be a misconception that, hey, listen, I’m not a big company. Why would they go after me?

Speaker 1 | 12:27.791

They will. Right.

Speaker 0 | 12:30.412

And I want to give you a chance to answer that question. And just so everyone from a business, because we do have business leaders that listen to this as well. And I want them to understand this really important concept because it’s something that it’s like a perpetuated myth that only the big person. It’s actually the other way around.

Speaker 1 | 12:56.603

It’s the other way. Very much so. I would say to all those business professionals watching, pay very close attention to your C-suite, very close attention to their habits, the way they log in, the way they do things. I would say if me personally on the level of ethical hacking, if I were to go into a small medium business, my target would be going on LinkedIn and seeing who is bragging about being a small business owner. And I could get the most information out of that than you would believe. And small hacks across many small companies lead to really big payouts. You are not immune. And the reason that you’re not immune is because you don’t have… Most of these small companies are like mine. I’m the only IT guy in my company. I’m one person. And I’m managing up to 40 people at a time. 40 devices. I’ve got a lot of… of BYOD devices. I’ve got a lot of infrastructure that I have to put in place and I’ve got a lot of management that I have to go through to keep that protected. Some of us use third party. I specifically use Arctic Wolf. I got to give them a huge shout out if you don’t know who they are. They’re a fantastic third party security company. I recommend them to anyone and everyone. And building your network out of… As once again, as a single IT professional, it is very difficult to manage when things go bad. And especially if things were go really bad on something like a zero day exploit. I’m going to be the last on the list on Microsoft support. I’m going to be the last on the list for Google support. I’m going to be last on the list for all the major places that get hit and where all of my information is going to be let loose. You know, the best I can hope for is maybe what a Charlie 8 escalation. And Microsoft, that’s the best I can hope for. And that is still what, you know, 700, 800 companies ahead of me on a zero day exploit. And so you’re definitely targeted more. What you see in the news is, you know, it’s kind of the elaborate farce. It gives the illusion of safety. Oh, Microsoft fixed this giant Chinese hack, this giant C-suite, and it only affected the DOD for this amount of time. They don’t say anything about the other 200 businesses that are affected by that same hack and just have no coverage. And so you have to pay attention, especially as a small business owner. One of the biggest, I think one of the biggest flaws in the mindset is if I’m a small company, my IT should be cheap. It’s actually the complete opposite. You should be spending 7% to 10%. If you’re a small, medium business, you should be spending 7% to 10% of your revenue on. your IT systems and technology and larger corporations about three.

Speaker 0 | 15:44.776

Yeah. You’re, you’re actually absolutely right. Which is interesting because, um, you know, when we see, I’ve worked for small companies, I’ve worked for large companies, right. You know, large companies, you’re lucky to get free, you know, they squeeze it down to two 1.5 if you’re, you know, um, and you’re, and you’re always digging to get, get more budget. Yes. Smaller companies, the problem that they run into, right, is their infrastructure. It’s like, do we invest in an on-prem infrastructure that we throw a bunch of capital in? And then we let it sit there for a long period of time until it’s still working. Why don’t I replace it?

Speaker 1 | 16:31.581

My favorite phrase. What we’re doing is working. Why are we changing it?

Speaker 0 | 16:36.782

And then. And then you have the other things, right? Which is, you know, hey, you know, let’s move all of our stuff into the cloud, right? But now you’ve got a big operational cost, right? And then what if it’s a company that requires a lot of different storage and all that type of stuff? Now you run into lots of problems there. And, you know, you have this, you know, this problem where it’s like, where do I put the money, right? As a small to medium business. And also, you know, I can’t afford to, you know, turn around and fork out 7% to IT. And then the question is, well, can you afford losing your data? Can you afford being down for how long? Can you? I mean, so that’s the question that you have, you know, how important is your data? How important is your business critical items, right? To keep them up. up and running. So it’s a, it’s a real quandary, uh, for them. And on top of that too, uh, there’s no, um, you know, it’s really easy for the larger companies to pay someone to come in, uh, and make them compliant, right. And then keep them compliant because they, you know, and put a compliance, uh, thing in place, but how, how do they, uh, how does a small company, uh, put in a compliance? and keep it going, right? And keep it funded. Because the requirements, if they want to play in the same type of arena and get the same type of clients, right? They’re going to have to play in the same compliance arena, right?

Speaker 1 | 18:22.410

Absolutely. And you mentioned something about, and I tend to pivot when I talk about technology and what your spend is. It’s not so much can you afford to lose your data, can you afford to lose your client’s data? Because as a small company, your credibility is so easily crushed. Walmart can lose tens of thousands of clients’ records and people are still going to go to Walmart. They’re so big that nothing, it’s really not going to change much. Are they going to feel the heat a little bit? Maybe. Are they going to have a compliance fine? Maybe. But as a small business, it’s astronomical because people will just leave. You don’t have a client base to keep that up. You could lose 50% of your revenue overnight. And then fighting and clawing to get that back as a small business, it’s so much harder. And so that’s why I tend to change the view from… Can you afford to lose your data? Can you afford to lose your clients? Because that’s really what it comes down to. Every business operates on some sort of service. Small businesses are service-related 90%. I’m going to make up a stat, 90% of the time. They’re service-related in some sort. They’re delivering a good. They’re delivering something special. They’re doing something that’s a limited scope. Whatever it is, small businesses depend on their credibility. And once that’s lost, it’s very hard to fight and claw back. once you become large, it doesn’t really affect you as much. And so you can afford to, um, not have things going as smoothly as you want. That’s, that’s kind of how I look at it on the pivot.

Speaker 0 | 19:58.365

You have a little bit of a buffer room for error.

Speaker 1 | 20:01.227

You have an error gap.

Speaker 0 | 20:02.468

Yeah. Yeah. And, uh, and you don’t have that when you’re a small to medium business, you, uh, you have to be on your A game. Uh, otherwise you’re going to get, uh, you’re going to be done. Um, It is a great point. And I actually love the pivot because it makes it makes complete sense and actually puts the it puts the onus where it really needs to be, which is you’re being entrusted with your client’s data. Yes. They trust you. Do you want to ruin that trust? And that’s a that’s kind of a really good way to kind of look at it. You had mentioned also that, you know, you’re working for manufacturing. You have worked for manufacturing in the past. Um. I have worked for manufacturing companies. I have consulted with manufacturing companies. And a big, big hurt for them is they buy these proprietary devices. Yes. And they’re really, really expensive. And they come from a company that does only that. Right. And buying another one is a huge investment. So they tend to keep these devices and people around that can continue to keep them working. And they keep them for a really long time. But what do we know about life cycles? We know that the life cycle of a workstation operating system is going to last a very short period of time. The life cycle of a server operating system a little bit longer, but not much. Right. So they pop these operating systems on there and they don’t up. update them. And so you sit there with these completely vulnerable systems that, you know, when everybody’s migrating to Windows 11, right, they’re, you know, they’re migrating from Microsoft Bob.

Speaker 1 | 21:56.696

Correct. You’re not wrong.

Speaker 0 | 21:59.717

It’s gonna be like five people that get that reference, by the way.

Speaker 1 | 22:02.758

I love that reference. That was awesome. I will, I will tell you, you know, what it is, what it comes down to. It comes down to a very famous NASA quote. It’s a failure of imagination. They come through and they get these proprietary devices like, oh, this is going to change my business. And they don’t think, they understand, they get the warranty and the salesperson comes in and says, yeah, this device is going to last you 25 years. But they never mention the operating system. I mean, look how many like laser and plasma bays are out there in manufacturing facilities. They’re still running off of very old antiquated systems. And, you know, and you look at these and you go, how did this, how did you spend millions of dollars on this piece? And there’s zero way to upgrade it. The fact is, is there’s many places that do upgrade. They do have modular systems. They have systems that are designed to be upgraded. They do. They create adapters for new systems. They. They do those types of things. There’s a ridiculous amount of them. It’s just not always the cheapest option. They’re looking at a $25,000 machine versus a $35,000 machine. This $25,000 machine has the same warranty as the other one. What’s the difference? 90% of the time, I don’t think they’re looking at the OSS. And most of the time, I don’t think they care. They’re like, oh, well, it’s not my computer. But now, you have to start caring. Look at what happened to… what was that gm facility that uh all of their robot arms got compromised and they had oh i know what you’re talking about yeah i can’t yeah that that was a that was a major major flaw and it was a choice of of choosing um a a machine um that was very very precise and very good at his job it did it did the same thing as the next one but it was just vulnerable and so Once again, as a business owner and even as a large business, you have to start looking at the creative ways that people hack into machines now. Like I said, nobody thinks about farmers. No one thinks about them. And I use them as examples quite a bit. Because if you’ve ever driven through, you know, Idaho, Montana, you throw a Wi-Fi card into monitoring mode and just start searching and start looking at all these access points that are just out there. And they’re all named, you know, farm one, farm two with the first name. And so the amount of information that you can get from just getting into a device that’s connected to their entire, all the way up to their home. from their sprinkler system to their home. It’s all connected. And the amount of access that you can get to someone so quickly from the side of the road, you don’t even have to go to their house anymore. I’ve got a thousand yards between me and them and I’m connecting to their sprinkler system and then getting into their home network. How ridiculous is that to think that we allowed technology to get so out of hand in some of these manufacturing places, some of these very critical, very critical manufacturing. uh, facilities and they’re the same as the farmers. It’s exactly the same thing. It’s hard to ramble a little bit on that one. No,

Speaker 0 | 25:17.404

that’s, you know, it’s an interesting thought because, um, you know, we tend to think of, you know, tend to think of businesses. We tend to think of, you know, um, businesses that you can walk into a building or a warehouse and stuff like that. But, but farming, uh, is, is something that, you know, doesn’t necessarily happen in a warehouse. Doesn’t happen in a. in a building. Right. And, um, and it’s a, it’s an interesting, uh, uh, thought to go to a field, uh, you know, uh, um, lean up next to a cow and, and hack. Right.

Speaker 1 | 25:51.517

Exactly. It’s very weird.

Speaker 0 | 25:53.377

That’s not the, uh, uh, it kind of makes a, kind of makes me miss gateway a little bit.

Speaker 1 | 25:59.819

Oh, let’s not say, oh, let’s please don’t bring those computers up again. Oh my gosh. What a scam. We’re gateways, right? Overpriced hardware for nothing. Oh, gosh. But what an age for us to be in, though. When we start to think about Gateway and Dell and the speed at which operating systems and hardware became obsolete and how fast it happened for us millennials and Gen Xers, we saw some incredible feats in technology that were so fast. And to feel. I feel the slowdown now. I don’t know about you, but I feel the slowdown of technology. I feel like we’re getting longer life cycles out of a lot of things. Although we’re getting new things, look at NVIDIA. I can still use a 2080 and play every single game that’s out right now.

Speaker 0 | 26:56.972

How long have you had your cell phone?

Speaker 1 | 27:00.015

Exactly. I mean, I have brand new cell phones. And we also,

Speaker 0 | 27:03.538

I also really want to dive into your cell phone is really what it is. I mean,

Speaker 1 | 27:07.181

you can now, I mean, you could keep, you can keep, I have a friend that just upgraded from his galaxy S six, you know, but remember when the Nokia’s were becoming obsolete, it was, it was one thing after another. We went to razors and we went, we watched the rise and fall of Blackberry.

Speaker 0 | 27:25.034

I missed my Nokia. I still miss my Nokia. I’m playing snake. I just, I, I, you know. There was, I don’t know if there was any better moment just to sit there and play Snake on a Nokia and be like.

Speaker 1 | 27:36.321

It was a time. It was the time of our lives, man. And then when they started putting Galaga on them, remember that? You could do that.

Speaker 0 | 27:42.444

Yeah.

Speaker 1 | 27:43.185

It was so great. But thinking about that and thinking about the speed at which it happened, and now we’ve got the Zoomers that are living in current technology. And what we’re going to see, what I feel we’re going to see is something that there’s a lot of. There’s a lot of talk about AI and self-driving vehicles and automation and how that’s going to affect places like truck drivers and things like that. But it’s going to affect the entire industry. A lot of these kids that are learning technology, they’re going to have no idea what they’re looking at. I mean, they’re going to look at it and they’re going to go, what is this? This doesn’t make any sense. Is this a touchscreen? No. Got to use tab. There’s no mouse? No. And so we’re going to get to the point. the point where some of these antiquated ideas are going to have to be upgraded really, really quickly. And how do they get upgraded? What parts, what chips are we using? And how are we going to make those decisions? And how secure are they going to be? In a world where security is an illusion, I think that illusion is going to start breaking down much faster in the next 10 years.

Speaker 0 | 28:50.661

Well, you’re right. And when you brought up AI, And now your current ability to just have it create code for you 80% of the way in a minute. You know what I mean? I mean, if you’re a good coder, you can get. a program created in, you know, I mean, it’s ridiculous how quick it is. I know, even I know, I didn’t know a certain programming code. And I went out and I was like, just create something. And I was able to edit it and get it to work. And I didn’t even know the code. Right. I mean, you know, it’s like, if you have a basic understanding of programming languages. And you go out there and be like, I just write it in this. I don’t know. I’ll figure it out on my way. And it’ll correct code for you. It’s ridiculous. It is such a and if you can create that that quickly, that means that viruses and malicious malicious software, all that can be created that much more quickly.

Speaker 1 | 30:00.262

So, well, you’re creating you’re creating an environment where you don’t just have sophisticated. sophisticated individuals or cells, you know, creating a single program or a single zero day exploit, you’ve got, you know, computers across the entire world. And you’ve got people that you can just say, Hey, ask chat to be cheated to this. And you’ve got, you’ve got suddenly you’ve got, you know, every one of your nodes is overloaded and you can’t, you can’t judge the traffic anymore. And, and you’re going, what’s happening? You know, it’s, it’s going to change. It’s, it’s really is going to change the world. And it’s, I think it’s going to be for the better. Ultimately, I think, you know, dealing with AI and starting to really embrace it is going to be important. But said one of the biggest things that’s got to change quickly is security. And we’ve got to understand that some of the most critical foundations of countries are literally teetering on a Windows XP program and an access point that’s barely got enough security to keep it off the word list.

Speaker 0 | 31:05.919

It’s scary to think, but it’s true. And it’s a really big deal. When you mention that these systems that are antiquated and primarily in use by manufacturing, I’m not saying that that’s the only place because there’s other places that actually have antiquated systems as well. But a point to health care. And that’s another. another big one, uh, um, but you know, where, where if you want to know why facts still exist, go to healthcare, right. You want to see dial-up modem still exist, go to healthcare, right.

Speaker 1 | 31:46.407

Um, exactly that,

Speaker 0 | 31:47.867

you know, you have all these, these kinds of older systems that, um, and, and you made a really good point about it, which was, um, we have a, uh, a generation coming in who are not used to these systems, uh, They don’t understand these systems. They didn’t grow up with these systems. They didn’t use DOS. They didn’t tab around. They don’t know. And I’m not knocking them. I’m just saying that this is what they were given, right? And so then they’re going to come into an environment and go, what do I need to do? Why? Why do I need to do this? And that’s actually great. That’s actually a good thing because that’s going to be an innovation change.

Speaker 1 | 32:32.366

that it should be,

Speaker 0 | 32:34.387

it should be right. Because you’re, you’re going to run into a problem. I think this is what you’re alluding to where the workforce, uh, the workforce training, right. Uh, budget will be too high and it’ll force, it’ll force the hand of the, uh, um, of the antiquated systems to actually get upgraded.

Speaker 1 | 32:54.664

That’s, I think that’s probably one of my biggest frustrations in technology, especially in it. Um, I. Every IT professional has experienced this. And so I can say this very confidently. We have all met people in our careers that are so resistant to change, resistant to the point of sabotaging. We have all seen the extremes that people will go to to not change. And I think that’s the frustration that I come into because you’ve got multimillion dollar companies that aren’t even looking. And, you know, they’re not even looking. They’re like, oh, no, it’s not going to happen to us. And then it does. And then they go, what happened? Where did this come from? Why was it? And you go, there’s been hundreds of thousands of people talking about this for so long. And just it takes it for some reason, it just takes a massive event for people to actually go forward with it. I thought that we were going to get, you know, a much bigger. Look into the recent zero-day attack that hit Microsoft. I mean, the DOD was attacked within what? 13 hours, like directly affected. Very,

Speaker 0 | 34:11.472

very quick.

Speaker 1 | 34:12.592

Very quick. And it wasn’t just a small DOD breach. This was a very large DOD breach. And you would think that in that moment, we would see, you know, a change of heart in the way that some of, you know, the major systems work. But Microsoft was like, oh, here’s some free security tools. And we’re like, what about upgrading those tools? What about changing the way that we, you know, changing the way that we look at keys, changing the way that we generate keys, changing the way that we allow access to this? You know, let’s talk about the fact that some of this was social engineering. Wait, hold on a second. Why did one person have the key to be able to breach the DoD? How is that even remotely possible in this day and age? And you’re talking about Microsoft. We’re not talking about mom and pop. We’re talking about the largest.

Speaker 0 | 35:04.114

you know entity and both way i think they’re the largest into the insecurity as well uh don’t quote me on that i could be wrong um wait we won’t quote you it’s recorded in here he’s allowed to be wrong on that i don’t have google pulled up right now so i don’t i don’t know everything but

Speaker 1 | 35:21.969

no when you start looking at that type of those types of situations you start looking at you see the resistance to change and then you’ve got people like um occupy the web you know fantastic book if you’ve never read it it’s uh getting started becoming a master yeah getting started becoming a master hacker and it’s uh by a guy um he goes by occupy the web and he does classes and seminars on on ethical hacking and and the exploits and the things that are being used and you would be so shocked to see some of the um systems that are just still in use because they’re there just available. And we go through the process of going, this would be so easy to close up, and it’s just not. And so that’s what you deal with in IT, and that’s what you deal with with people. And that kind of brings me to my next big point of how do you feel about… I’m going to ask you a question. How do you feel about the USBC change in…

Speaker 0 | 36:28.674

uh usb i’m sorry going from lightning to usbc and the iphone 15 if you looked into that at all as an android user i welcome it so do you really i don’t no i do because well and here’s here’s the reason um i i understand that the uh um you know it’s sometimes good to have different connectors and and stuff like that And mainly because it sparks innovation and it sparks stuff like that. But it’s also good sometimes to have standards. And the reason why I put that down, because certain things need standards so that you can enforce the security of those items correctly. So if you have if you have, you know, some people using a lightning connector and some people using a USB-C connector. Right. and then you’ve got different competing security standards from it, it becomes very difficult and hard to enforce it. I’m not saying that everyone should use the same thing, but when it comes to power, power is a good thing to standardize, right? Otherwise, if you ever traveled abroad and had to bring eight different connectors with you, you’ll understand why power is such a good thing to standardize.

Speaker 1 | 37:48.838

Power is great to standardize, but we’re not talking about power in the iPhone 15. We’re talking about, and this is the point that I’m going to go into data transfer. And I go to data transfer for a specific reason. I’ve got about 15 iPhone 15s over here and I have 100% free trade on them.

Speaker 0 | 38:07.353

Oh man.

Speaker 1 | 38:10.795

I have 100%. I’m working on a project specifically involving iOS that I want to bring to DEF CON next year. um i i have one i have 100 breach rate on them and it’s it’s scary to think uh because this is my thought on it the this was apple’s fault apple had an opportunity to standardize to to make the lightning adapter the standardized adapter across everywhere if they could have released the technology it would have been everywhere galaxy would have adopted it everybody

Speaker 0 | 38:43.219

fine with that i would have been fine with it i’m just fine for standardization you

Speaker 1 | 38:48.402

be standardized on just standardized something right but the problem is is in my suspicions were very very true and and this is a this is a shout out to apple as a fashion company they failed to realize um that this was coming they failed they thought they were invincible the eu you know mandated it they immediately instead of instead of resisting instead of going well why don’t we do this instead they just like okay we’ll just put a we’ll just put a usbc in there The GUI is completely open and barren right now. There’s about, I’m not sure if you’ve ever heard of a company called OMG.

Speaker 0 | 39:23.982

No, I’ve not actually.

Speaker 1 | 39:26.804

One more second.

Speaker 0 | 39:28.145

And we are learning so much stuff on this podcast today. It’s fantastic. And for the people that are listening and are not going to see this, he is scooting around his room, just grabbing different items, you know, like, like, like they’re props. Right. By the way, before we get into OMG. Let’s take a shout out to this room you’ve got right here, which is like it’s like your den. And you’ve got this I can see in the background. You’ve got a keyboard with little microphone there. A couple guitars. Guitars.

Speaker 1 | 40:08.673

Got a Pilates bike over here.

Speaker 0 | 40:10.475

Yeah. It’s just sit on the set on the bike, play the guitar. But, you know, no, this is great. This is this is really it’s like your spot down here. It is.

Speaker 1 | 40:19.701

And I’m actually. I’m actually remodeling it right now. That’s also a really fun thing. I’m really proud of what I’ve done down here. I’m really proud of it. It’s going to look really great once I’m finished. I actually got a hold of a bunch of pegboard and I’m able to acoustically dampen my room finally. And, you know, make my own recording place.

Speaker 0 | 40:38.972

No, that’s really nice.

Speaker 1 | 40:40.492

But back to it. I’m going to, no one’s going to think anything of this. It looks to be a very standard. Besides this little… orange clip here. These are formed as if they are in the manufacturing world. They’re the same as any other USB-C.

Speaker 0 | 40:58.504

To me, it looks like just a basic USB-C cable. Can’t even really tell a difference.

Speaker 1 | 41:03.867

There’s no extra markings on them. They’ve got the standard USB marking on them. It’s very easy.

Speaker 0 | 41:11.213

With this cable,

Speaker 1 | 41:12.534

I wouldn’t know a difference. You would never know. You wouldn’t be able to feel the difference. Believe me. I’ve tried to figure it out. I’ve tried to figure out a way because I had one of these go missing in my house and I was trying to find it. They’re not cheap. Let’s just go by this. But with this device, I have been literally… So in one end of this, there’s an active end and it’s actually got a chip set in it. It spits out a Wi-Fi signal that you can log into through a GUI on your phone, just through a web three base. You go to the address on it, and it injects a lot of code very quickly. I can build full payloads. I know most people are familiar with things like rubber duckies, the USB version of those. This is a rubber ducky in a cable form. It will charge your phone. If you plug it into a charger, it will charge your phone. You’ll never know. I also have the ability to, if it starts, if I start feeling like it’s going to get detected, I can remotely disable this. and it just stops working and people generally just throw it away. One of the, there’s, I can’t remember what the estimate is, but I’m sure there’s close to a million of these just in circulation, just out and about, randomly sitting there.

Speaker 0 | 42:31.438

This is why you shouldn’t use public chargers.

Speaker 1 | 42:34.620

This is why you should never use a cable that you didn’t personally buy.

Speaker 0 | 42:37.723

Exactly.

Speaker 1 | 42:39.184

The other side of it is this. These are very, very, very, very, very, very easy. uh to pack and ship um and so if i were to i don’t know start a little amazon store and you know sell usbc cables who would ever know um and so it’s it’s it’s scary to think uh about how many of these are out there and what’s going on with them but i can literally um on an ipad pro this is the kind of i’ll tell you what i’ve gotten into so far on an ipad pro as you know they were usbc I could turn on the camera and start recording and you didn’t even know that the camera’s on. I could turn on the audio and I could record audio, voice recorder and upload it to a server. You didn’t even know what was going on. It’s install a key logger, give full keyboard access, things like that. And that’s on an iPad Pro. And many more people have iPhones.

Speaker 0 | 43:35.779

Wow.

Speaker 1 | 43:36.920

Just think about that.

Speaker 0 | 43:38.280

That’s just amazing. And then 100% breach rate on what you tried there. That’s amazing. See, and so let’s take this one step further, right? Because let’s go back now, knowing this information, and we’ll go back to OMG. I’m not done with that.

Speaker 1 | 43:56.986

Can I ask for a pause really quickly? Sure. I’m so sorry. Can I ask for a pause? Give me one moment. I need to turn off my camera.

Speaker 0 | 44:03.730

Sorry for that brief break. There was a, I think there was a hack that he needed to stop while we were doing this. So.

Speaker 1 | 44:17.338

I wish I was that important. I really do.

Speaker 0 | 44:22.466

You know, it’s interesting. I actually wanted to pick up because you made a really good point with these cell phones and breaching them with this just USB cable, because there is a threat that exists right now for a lot of businesses. And it’s a big one. And it is people accessing data, business data, critical business data. from their personal devices. And I can’t tell you how big this is because a lot of companies don’t want to buy cell phones for their employees. So they allow them to use their personal devices and people don’t want to carry around two different cell phones. So they just open up Microsoft Teams or Google on their personal devices that are… you know, companies can’t really install anything on to protect them legally. So what’s your thoughts on this?

Speaker 1 | 45:30.459

Well, I mean, there are options for this. You know, there are MDMs out there that are for BYOD devices. Google does a pretty good job on Android, things like that. There’s also a company called Jamf for iOS devices. And they’re, they, they, tend to stay pretty far ahead of the curve as far as security is concerned with iOS. And I actually recently had a meeting with them, and they’re fantastic. They just acquired a small company that was specifically doing some really, really amazing work in iOS security due to hardware breaches, like we’re talking about now with USB cables. And so there are companies out there that are aware of it. They are taking care of it. They exist. It’s just a matter of the spend. The spend is quite high. You know, when I get quoted for the specific security that I’m looking for, specifically what I’m looking for is I have I have employees that travel quite often. Right. And so when they’re getting ready to travel, they simply through through Jamf, the program they have, they simply plug their device into their computer, run a piece of software. That software scans it, make sure the device is in a good state. They go to. that are traveling, whether that’s overseas or to a different place. When they come back before they can access company data again, they once again on their laptop or whatnot, they simply plug their phone in, run a scan. It tells if there’s any breaches. It looks for any changes in the device. Specifically, you know, one of their greatest achievements was locating the Pegasus exploit very, very successfully. I think… Their success rate was extremely high on iOS and mobile devices. And so there are companies out there that are doing it. They’re just expensive because they’re good at what they do. And so you have to explore. You have to be willing to understand, like I said, that goes back to what risk are you willing to take of your client’s data? Are you willing to just put it all out there and go and hope for the best? Or do you really want to be a company that takes care of your clients?

Speaker 0 | 47:46.145

That’s a, that’s, I mean, that’s again, what a great way to really outline it for that. And it, it’s a way that, you know, those, those options are good ways to mitigate if you can get your employees to agree, right. To load the, load that program and get them to adhere to plugging it in and all that stuff. I hope that, that. that stuff continues to evolve and they’re able to, you know, really find a really good ways to, to prevent that because I do see that that as being a major threat, especially when you show me cables that, you know, people can just plug in and get and breach and get access to, because you know that. Well,

Speaker 1 | 48:25.586

that’s company devices too. That’s, that’s the, that’s the thing, you know, you, you mentioned BYOD devices, you know, employees, you know, using their own devices, things like that. This cable doesn’t care if it’s a BYOD or if it’s a company device. It has not a care in the world. It’s going to it’s going to perform the same operations at a kernel level no matter what. Good point. Yeah. And so that’s that’s something that you that you have to you have to look at from a once again, there’s perspective of, you know, doing proper training, making directives. You know, it’s not hard for me to say, hey,

Speaker 0 | 49:05.221

if you’re going to go over.

Speaker 1 | 49:07.462

sees, you need to let me know. And I’m going to lock your account for the duration of that time, unless you really need it. And then, you know, here are the steps we’re going to take. Here’s the device that I’ve prepped for it. Take this device. And this is the only one that you’re going to be able to access from. It’s… It’s not hard to instill those. It’s work, especially for a small company. It’s work.

Speaker 0 | 49:30.693

Security versus convenience. And, you know, and that’s the that’s always the you know, that’s that’s always the problem. Right. You can install a you can go live in a house with no windows and you’ll and no doors and you’ll be really secure. Right. But the minute you install a door or a window and the more you do to make it. prettier and more convenient, then you start opening up risk. So yeah, I think you’re right on that. It’s a tightening of education. It’s a tightening of policy and procedure and putting these in place and understanding the risks. So it’s a really good conversation here to be had. When you were… Oh, by the way, I did agree to OMG. You did agree,

Speaker 1 | 50:21.753

meaning? Yep.

Speaker 0 | 50:23.070

No, I said we were going to talk about that. Was that the cable?

Speaker 1 | 50:27.032

Oh, yes, that’s the cable. Got it. Okay. So OMG is a, it’s actually not, it’s a company and a person. MG is an amazing, amazing technical specialist. And, you know, he’s partnered with places like Hack5, you know, which, you know, Hack5, as nefarious as it sounds, you know, they’re all about ethical hacking and they’re all about educating people and making it cool in such a way that people are attracted to it. But then, you know, it brings, it brings younger people into, Hey, I wanted to break into my friend’s phone. And then you become a part of the community there. And there, and the community is like, this is why you don’t want to do that. You know, that’s, uh, that’s, that’s the beauty of, of people like this, but in order to provide education, sometimes the breach has to happen. Sometimes it’s the school of hard knocks. And do you not manufacture these cables and partner with a company like that and just pretend like this problem doesn’t exist because there’s many other companies that are doing the same thing already? It’s not just him. This is just the one that we know. This is just the one that’s out in the open. There’s plenty of AliExpress cables that you can buy that I guarantee are loaded with some of the same technology. And you’ve just got to be… You’ve got to either be ahead of the curb and be willing to dive in and learn it or get hacked and regret it later.

Speaker 0 | 51:58.757

It’s such a good viewpoint on exactly what, you know, a lot of computer professionals run into in their life, which is I know I know a lot of stuff and I know what to do and how to abuse it. But I don’t. Right. But. But I need to know how because I need to be able to protect myself, my company, and all that type of stuff. So it’s an interesting ethical quandary of how far you go to make sure you understand the risks.

Speaker 1 | 52:39.671

Correct. The dilemma that I always run into is, and this is something that I’m sure… a lot of people that have gone the direction that have gone in is the temptation of how simple it is sometimes. And I say that very, very clearly because I think, I can’t remember the stat on it, but there was a hacking study that was done that went around. It just was gathering as many networks as possible and doing a simple… It was literally a simple 10-digit phone number. It was just numerical brute force hacks. And it was almost half of the networks that were discovered were people’s phone numbers. That is a very common thing. And so when we start talking about the idea of responsibility, windows, doors in your house, and your idea of security. It’s in your hands whether you put 10 on your windows, whether you put them up when you put them up there. Are you going to put curtains up so people can’t see in all the time? Are you going to, you know, are you going to get a doorbell with a camera on it so you can see who’s there? You know, it’s there’s there’s options for all of this. And if you refuse to progress and you just sit in the same old, that’s that’s where you’re going to end up. And that brings me to my next fun thing with IT. I. You know, getting back into the IT and getting kind of away from the hacking thing. I don’t know about you, but you’ve worked in manufacturing, you’ve worked in other facilities. How easy is it to implement a new system?

Speaker 0 | 54:24.278

Oh, my gosh.

Speaker 1 | 54:28.759

Even though it’s the best thing in the world, it’s a thousand percent easier than the current system they’re using. How difficult is it to do that?

Speaker 0 | 54:36.101

It requires a monumental effort to first understand the business processes that are in use. Right. Whether or not they make sense or not and should be continued moving forward. You have to get 15 people in a room for one process to understand it from A to B. Right. You can’t because no one understands just the whole thing. It’s always 15 different people are like, well, I think it’s this. And I think that’s why we do this. I think that’s why we do this. Because the people that implemented it usually are long gone. They’ve moved on. And so you’re trying to piece together a bunch of different. I think we do it this way because I’ve just always done that. And I don’t know why. So, and then, you know, so I actually welcome when a new, when people say we should put in a new system because then I go, yes. And we should just, at this point, we should figure out why we do all the things that we do and throw half of them out the window, simplify the process, and then, and then put the new system in place. Because that’s, that’s in putting new systems in place is the, uh, um, is the, the, the way in which to leap forward.

Speaker 1 | 55:55.225

Well, you know, going back to that, you said, you said you’ve done some consulting and, uh, I’m sure in that world, how many companies have you run into that just don’t have SOPs at all?

Speaker 0 | 56:06.011

Yes. The majority,

Speaker 1 | 56:10.113

the majority.

Speaker 0 | 56:10.494

Or they’re too old and they don’t make any sense.

Speaker 1 | 56:13.716

And that’s something that I, that I think is, is lost upon. some of the IT world and why. So I am paid quite well. I’m still underpaid because I am with a small and medium company, but it’s okay. My review is coming up and we’ll see what happens. And I love where I work. I love my job. But there’s a lot of IT professionals that go in to a company and just expect everything to work. And the unique thing about working with small to medium businesses is sometimes you have to learn their business. And that takes me back to one of the things that I said in the beginning is one of the best experiences and one of the best things that taught me the most about how to be a good IT professional was being a recruiter, learning how to talk to people because you’re not going into a team of like-minded individuals anymore. Most of the time when you’re getting hired, you’re getting hired on a small and medium business, you’re getting hired with people that have made it work and their system works for what they’re doing. even though it’s probably far from correct. And so you have to learn to communicate with them on a different scale. You have to learn to be kind, understand perspectives, and implement change that’s meaningful, but also doesn’t impact the business. Because one day of downtime can be detrimental to them. And so it’s something that I have a really hard time. That’s something that I’m looking into. I’m looking into hiring another IT professional. And I… really have a hard time finding people that understand that. I’ve got a lot of people that I can have a technical, a ton of people that I can have a technical conversation with. I can talk about everything that needs to be done, but I can’t depend on them to communicate with my small business and the leaders that are there and say, this is why we need to do this. It’s just because this is the right way. It’s normally what it is.

Speaker 0 | 58:08.458

It’s interesting because I, and you, and you know, if you, When we record, when this gets uploaded and stuff like that, there’ll be another podcast, too, that talks about this very similar thing, which was the communication soft skills are very hard to find right now. It’s very hard. Very difficult. And it’s something that, you know, I think that we believe we’ll just continue to. get worse unless we actually focus some training that way and and help out uh some of the newer folks that are coming in uh that um that need to learn that uh you know it’s a it’s a tough thing and uh even the folks that are here now you know not all of them have that that soft skills and be able to have that conversation and talk or have the business acumen in front of it right you know we’re we’re moving information around uh um we need to understand why and where that and how that information needs to move. You know, I wanted to get into our last segment here, which is the IT crystal ball. And we’ve been all over the place with this podcast in a great way. I think people are really going to love this when they look at it. Let’s do it. You know, the… When I talk about the IT crystal ball, I try to look about five years in the future, what’s going to happen with IT. And, you know, I usually focus on certain items. Here, I’m just going to let you kind of run with it and go wherever you want with it, because it’s going to be interesting. I mean, you’ve done a wide range of things, wide range of topics. And… I just want to hear your overall perspective on where we’re going in the next five years in IT.

Speaker 1 | 60:10.102

Well, I’ll jump on it from two perspectives. There’s a cynical perspective that kind of goes into the thought of Zoomers really entering into the workforce, manufacturing jobs, the amount of retirees versus the amount of people that are coming in, learning these jobs. That coupled with things like the… the crippling fear of AI and taking over jobs instead of understanding that those are job openings. And so in the next five years, we could see, we could see two very different things happen. We could either see an incredible amount of innovation that brings a lot of technology to the forefront. And we start seeing, you know, what we experienced in our younger years of, you know, millennials and Gen Xers of, of a technology bill. There’s, there’s a strong possibility of a technology boom happening in the next five years. Um, but the cynical side of me says that that’s not going to happen. And what we’re going to see is we’re going to see a lot more breaches. We’re going to see a lot more bad actors. Um, and, and when I say a lot more, I mean, there’s going to be a noticeable, noticeable amount of things changing within, especially, um, cell phones, personal devices and things like that. Um, I truly think that in the next five years, it’s going to be a big, massive change. And a lot of that’s going to be a due to. what released today. And that was the iPhone 15 going to USB-C. Now we’ve got pretty much everything on one universal adapter, and we’re going to see how that affects different companies and how many companies are willing to go into unified security protocols, as well as just, you know, having an adapter that charges everything. And so cynical view, next five years is going to be pretty rough. Optimistic view, we’re going to see technology. boom, people are going to embrace AI and it’s going to be really, really fun.

Speaker 0 | 62:03.093

I absolutely like it. Nerds, I’m Michael Moore hosting this podcast for Dissecting Popularity Nerds. I’ve been here with Jake Randolph, Director of Information Technology at Western Steel Buildings. Jake, thank you so much for coming on. Please come on again. I know I got a whole host of things to talk to you about.

Speaker 1 | 62:23.327

Anytime. I am willing to come on anytime.

Speaker 0 | 62:26.950

Thanks a lot.

224- Securing Your Business in an Increasingly Connected World with Jace Randolph

Speaker 0 | 00:09.119

Hi, nerds. I’m Michael Moore, hosting this podcast for Dissecting Popularity Nerds. I’m here with Jake Randolph, Director of Information Technology at Western Steel Buildings. Hey, Jake. How’s it going today?

Speaker 1 | 00:19.884

Good. How are you doing today, sir?

Speaker 0 | 00:21.124

I’m doing really good. Thank you very much. It’s great to have you on the program. Now it’s time for our icebreaker segment, Random Access Memories. I ask a question and then you just respond with the answer that comes to your head first. Your first question is, if you got stranded on an island, what piece of technology would you hope to have?

Speaker 1 | 00:43.511

Ooh, GPS beacon.

Speaker 0 | 00:45.994

See, that’s a good, that’s a great answer. You know, everyone can be like, no, I got my tablet. No, I got this. It’s going to run out of power. But you’re like, no, GPS beacon. I want it right now. I love it. right straight to the point get me off this island exactly um your next question light mode or dark mode dark mode all the way oh man you know how often do you uh um bring up a website or bring up an application most of the stuff can be hit with like you know i know there’s a an extension that you can use to kind of make it dark but you How many times do you try to pop up something in an application that just won’t work with anything, and it’s just in their bright place?

Speaker 1 | 01:34.610

Especially late at night, and then you end up putting your blue screen filter on through your settings, turning your brights, and then you’re like, God, I just can’t deal with this right now.

Speaker 0 | 01:41.532

It’s too much.

Speaker 1 | 01:43.833

You got your yellow-blue light glasses on. You got everything you can. But no, dark mode all the way. There’s no other answer to that.

Speaker 0 | 01:51.675

I agree with you on that one. If you’re… If your computer suddenly became sentient, what’s the first thing that you would do?

Speaker 1 | 02:01.357

Whoa, what a question. If it suddenly became sentient, I go with a funny answer of don’t tell my wife about my browsing history or what’s your XDD go on that? I don’t know. Okay,

Speaker 0 | 02:16.371

what’s the second thing that you would do? What’s the second thing you would do?

Speaker 1 | 02:20.515

You know, perform all of my coding for me please please just do it for me just if i tell you what i want will you do it for me just start asking questions listen we can make a good partnership all right we can really make this work i keep you filled with power you give me all my coding needs like i love it i

Speaker 0 | 02:41.740

love it oh um you know i uh i’m glad you’re on uh um hey i was looking at your linkedin And I have one question for you. Why is your LinkedIn so devoid of any information at all?

Speaker 1 | 02:59.434

Okay. So the short answer to this is I’ve been in many different careers, started in the Air Force, moved into oil field, moved into some manufacturing, did some sales, things like that. But the long answer is why my LinkedIn is so short as far as IT and technology comes to hand is it’s only been… the last three or four years of my life that I have been on the good side of IT. I kind of started my computer world. I started back in DOS when I was a kid. I had green screens and started learning coding, started doing things like that. And then I got really interested in breaking systems, really, really interested in breaking through security protocols, figuring out black hat operations, things like that. Got really into cracking Windows 7. The Windows 7 Black Edition was something I worked really hard with. And then, yeah, it just got, it started going further and further down the rabbit hole. It started getting more and more unethical. And then I realized that I wasn’t on the path that I really liked to be. And so I started using my powers for good. Started really focusing on ethical hacking, red teaming, things like that, and actually fixing the problems versus being a problem.

Speaker 0 | 04:18.208

I’ll see. Now, we like to hear that. We like to hear the reformed. Now, you know, it’s interesting, too. I mean, I think there’s a lot of folks, you know, that when you first get into IT and you start realizing all the things that you can do. Right. And all the ways that you can break things and stuff like that. Right. Very tempting to go down that route. You know, we have to we have to resist the dark side, so to speak. You know. Yes. No, it’s actually interesting to hear. We probably could go into a whole bunch of that. What’s also interesting, though, too, is I actually saw that. um, uh, uh, you were a recruiting manager,

Speaker 1 | 05:04.365

uh, Centerline drivers. Yeah.

Speaker 0 | 05:05.985

Yeah. So tell me a little bit about that.

Speaker 1 | 05:09.526

So I actually just recruited truck drivers. Uh, it was a, it was a, it was a daytime job, um, that got me paid while I was doing other things on the backend, um, that were not so ethical. Like I said, it was one of those things. I’ve had many, many jobs on the front end just to kind of support, um, you know, support my family and make sure that I was, paying my rent and buying the toys that I wanted to play with and spending a lot of time on hack five and learning a ton about, you know, uh, wifi cracking and things like that. And so I’ve had a lot of day jobs.

Speaker 0 | 05:41.963

No, it’s a, well, Hey, you know, what’s great about that though, right. Is having a lot of day jobs is that, uh, it gives you so much, uh, diverse experience, uh, to be able to tackle a whole host of issues. You know, when you get. You know, if you’ve only done one thing, if you have only been in one slot your entire career, then you have a you may be really good at it, but your focus is pretty narrow. If you expand out your, you know, your your different job settings and stuff, it allows you to kind of be able to adapt to different situations and use that life experience and those different work experiences. Right.

Speaker 1 | 06:20.720

Yes, absolutely. And being a recruiter actually, you know, helped me hone one of the best tools in today’s hacking world. And that’s social engineering. That was learning how to talk to people, learning how to sell yourself and learning how to get into anybody’s situation and make common ground. And then, you know, start getting information from them to obviously, I wanted to recruit them to be a driver. But at the same time, it was a great practice of learning just how to talk to people. So many IT professionals that I run into. have a really hard time with the social boundaries, especially when they’re very good at what they do. They have a really hard time in the social aspects of life and making connections and making real connections that aren’t through a digital screen. And so it’s interesting when you go into something like pen testing and red teaming, one of the things that you really want to do is you want to get a hold of cards. You want people to give up their information because it’s the easiest way to go about it. And so everything that I’ve done, being a recruiting manager, like I said, I took skills from that to apply it to the IT world. There’s, you know, when I was in the oil field, you know, learning how to use antiquated technology and understanding how that technology could be blended with new stuff. That was something that was really, really fun for me with Chesapeake International. And then there’s a lot of skills that are outside of the wheelhouse of what. everybody thinks is a typical IT guy. And if you apply those skills, I think you become a better IT guy.

Speaker 0 | 07:54.118

Now, I mean, you mentioned so many interesting things in there. I mean, rest in peace to Kevin Mitnick, right? Who basically, you know, made social engineering such a common attack, so common that, you know, I think it was just what MGM Grand, you know, was just a hit by it, right? They were social engineered into one of the biggest, you know, if you can hit the MGM grand, I mean, it’s like, that’s pretty, it’s pretty interesting. So such an interesting, you know, always evolving piece. It’s such a old technique that’s been used even back before there were computers, right? Correct. And just continuously adapted and people just fall for it. Because, you know, people want to be there’s a good portion of the public that want to be good and want to help. Yes. And they and they get tricked into social engineering, which I think a lot of people have dabbled in. So, you know,

Speaker 1 | 09:02.521

absolutely. Whether they know it or not.

Speaker 0 | 09:04.802

Exactly. Well, you also mentioned to Chesapeake International and and you were talking a little bit about these. And. created systems in relation to, I believe it was the oil.

Speaker 1 | 09:17.911

Correct. Oil field.

Speaker 0 | 09:18.891

Do you want to expand upon that a little bit? What that meant?

Speaker 1 | 09:22.494

Well, it actually expands into where my career has landed now. Working with Western Steel Buildings, we’re a metal building supplier, essentially. And we work with fabricators all over the world. And- It’s really given me more insight to some of the great problems in technology that we’re going to experience specifically in America. If you look at manufacturing as a whole, manufacturing, oil field, mining, farming, there’s so many aspects and there’s so much technology that goes into it. A lot of people don’t realize how many access points are on a farm, for instance. There’s access points everywhere. It’s usually antiquated access points that are WPS at best. Or you might find some WPA2. But for the most part, they’re very simple to get into. They’re simple people. They don’t see those types of things becoming an issue. Well, we started noticing a lot of, it started really coming to light in the war in Ukraine. We started looking at what Russia was using some of their cells for, and that was to attack manufacturing directly in other countries. We’ve seen it. We’ve seen it over the past five years, especially. And so when we look at our manufacturing. world and we look at the technology that’s there um for instance i’ll give you a great example of a fantastic program but it’s so antiquated and so outdated but it’s an amazing program mbs metal metal building software it’s used by some of the biggest manufacturers and metal buildings in the world and it’s 30 years old the interface on it is that of uh windows xp at best uh it looks looks like it was upgraded from 95 and you you look at the interface does it have like

Speaker 0 | 11:03.012

Flippy dancing on the desktop?

Speaker 1 | 11:05.193

Basically. I mean, that’s the only thing that’s missing from it. And you look at the way that the databases are built, they’re built upon the really old style of Excel. And it’s really incredible to see these systems still being used today. And then when you start looking at it, they’re secured by hardware keys. Like they’ve got some advanced technology there, but they’re easy to crack too. And so as these technologies keep coming in, And as these places start becoming bigger targets, companies like mine, we’re a small, medium business, and our revenue is high. Our revenue is that of interest. And social engineering and using those backdoors to get into our systems is something that I would be interested in doing if I was on the other side.

Speaker 0 | 11:51.506

Let me pause you for a minute because you said something that’s really interesting. I want to expand upon it because I get I get to talk to a lot of, a lot of folks in a lot of different industries and I get to talk to them about IT and I’m very lucky to have the opportunity to do so. When I do, there seems to be this misconception and, and I, and, you know, I said it on here about a big hack that happened to a big company, but there, there, there seems to be a misconception that, hey, listen, I’m not a big company. Why would they go after me?

Speaker 1 | 12:27.791

They will. Right.

Speaker 0 | 12:30.412

And I want to give you a chance to answer that question. And just so everyone from a business, because we do have business leaders that listen to this as well. And I want them to understand this really important concept because it’s something that it’s like a perpetuated myth that only the big person. It’s actually the other way around.

Speaker 1 | 12:56.603

It’s the other way. Very much so. I would say to all those business professionals watching, pay very close attention to your C-suite, very close attention to their habits, the way they log in, the way they do things. I would say if me personally on the level of ethical hacking, if I were to go into a small medium business, my target would be going on LinkedIn and seeing who is bragging about being a small business owner. And I could get the most information out of that than you would believe. And small hacks across many small companies lead to really big payouts. You are not immune. And the reason that you’re not immune is because you don’t have… Most of these small companies are like mine. I’m the only IT guy in my company. I’m one person. And I’m managing up to 40 people at a time. 40 devices. I’ve got a lot of… of BYOD devices. I’ve got a lot of infrastructure that I have to put in place and I’ve got a lot of management that I have to go through to keep that protected. Some of us use third party. I specifically use Arctic Wolf. I got to give them a huge shout out if you don’t know who they are. They’re a fantastic third party security company. I recommend them to anyone and everyone. And building your network out of… As once again, as a single IT professional, it is very difficult to manage when things go bad. And especially if things were go really bad on something like a zero day exploit. I’m going to be the last on the list on Microsoft support. I’m going to be the last on the list for Google support. I’m going to be last on the list for all the major places that get hit and where all of my information is going to be let loose. You know, the best I can hope for is maybe what a Charlie 8 escalation. And Microsoft, that’s the best I can hope for. And that is still what, you know, 700, 800 companies ahead of me on a zero day exploit. And so you’re definitely targeted more. What you see in the news is, you know, it’s kind of the elaborate farce. It gives the illusion of safety. Oh, Microsoft fixed this giant Chinese hack, this giant C-suite, and it only affected the DOD for this amount of time. They don’t say anything about the other 200 businesses that are affected by that same hack and just have no coverage. And so you have to pay attention, especially as a small business owner. One of the biggest, I think one of the biggest flaws in the mindset is if I’m a small company, my IT should be cheap. It’s actually the complete opposite. You should be spending 7% to 10%. If you’re a small, medium business, you should be spending 7% to 10% of your revenue on. your IT systems and technology and larger corporations about three.

Speaker 0 | 15:44.776

Yeah. You’re, you’re actually absolutely right. Which is interesting because, um, you know, when we see, I’ve worked for small companies, I’ve worked for large companies, right. You know, large companies, you’re lucky to get free, you know, they squeeze it down to two 1.5 if you’re, you know, um, and you’re, and you’re always digging to get, get more budget. Yes. Smaller companies, the problem that they run into, right, is their infrastructure. It’s like, do we invest in an on-prem infrastructure that we throw a bunch of capital in? And then we let it sit there for a long period of time until it’s still working. Why don’t I replace it?

Speaker 1 | 16:31.581

My favorite phrase. What we’re doing is working. Why are we changing it?

Speaker 0 | 16:36.782

And then. And then you have the other things, right? Which is, you know, hey, you know, let’s move all of our stuff into the cloud, right? But now you’ve got a big operational cost, right? And then what if it’s a company that requires a lot of different storage and all that type of stuff? Now you run into lots of problems there. And, you know, you have this, you know, this problem where it’s like, where do I put the money, right? As a small to medium business. And also, you know, I can’t afford to, you know, turn around and fork out 7% to IT. And then the question is, well, can you afford losing your data? Can you afford being down for how long? Can you? I mean, so that’s the question that you have, you know, how important is your data? How important is your business critical items, right? To keep them up. up and running. So it’s a, it’s a real quandary, uh, for them. And on top of that too, uh, there’s no, um, you know, it’s really easy for the larger companies to pay someone to come in, uh, and make them compliant, right. And then keep them compliant because they, you know, and put a compliance, uh, thing in place, but how, how do they, uh, how does a small company, uh, put in a compliance? and keep it going, right? And keep it funded. Because the requirements, if they want to play in the same type of arena and get the same type of clients, right? They’re going to have to play in the same compliance arena, right?

Speaker 1 | 18:22.410

Absolutely. And you mentioned something about, and I tend to pivot when I talk about technology and what your spend is. It’s not so much can you afford to lose your data, can you afford to lose your client’s data? Because as a small company, your credibility is so easily crushed. Walmart can lose tens of thousands of clients’ records and people are still going to go to Walmart. They’re so big that nothing, it’s really not going to change much. Are they going to feel the heat a little bit? Maybe. Are they going to have a compliance fine? Maybe. But as a small business, it’s astronomical because people will just leave. You don’t have a client base to keep that up. You could lose 50% of your revenue overnight. And then fighting and clawing to get that back as a small business, it’s so much harder. And so that’s why I tend to change the view from… Can you afford to lose your data? Can you afford to lose your clients? Because that’s really what it comes down to. Every business operates on some sort of service. Small businesses are service-related 90%. I’m going to make up a stat, 90% of the time. They’re service-related in some sort. They’re delivering a good. They’re delivering something special. They’re doing something that’s a limited scope. Whatever it is, small businesses depend on their credibility. And once that’s lost, it’s very hard to fight and claw back. once you become large, it doesn’t really affect you as much. And so you can afford to, um, not have things going as smoothly as you want. That’s, that’s kind of how I look at it on the pivot.

Speaker 0 | 19:58.365

You have a little bit of a buffer room for error.

Speaker 1 | 20:01.227

You have an error gap.

Speaker 0 | 20:02.468

Yeah. Yeah. And, uh, and you don’t have that when you’re a small to medium business, you, uh, you have to be on your A game. Uh, otherwise you’re going to get, uh, you’re going to be done. Um, It is a great point. And I actually love the pivot because it makes it makes complete sense and actually puts the it puts the onus where it really needs to be, which is you’re being entrusted with your client’s data. Yes. They trust you. Do you want to ruin that trust? And that’s a that’s kind of a really good way to kind of look at it. You had mentioned also that, you know, you’re working for manufacturing. You have worked for manufacturing in the past. Um. I have worked for manufacturing companies. I have consulted with manufacturing companies. And a big, big hurt for them is they buy these proprietary devices. Yes. And they’re really, really expensive. And they come from a company that does only that. Right. And buying another one is a huge investment. So they tend to keep these devices and people around that can continue to keep them working. And they keep them for a really long time. But what do we know about life cycles? We know that the life cycle of a workstation operating system is going to last a very short period of time. The life cycle of a server operating system a little bit longer, but not much. Right. So they pop these operating systems on there and they don’t up. update them. And so you sit there with these completely vulnerable systems that, you know, when everybody’s migrating to Windows 11, right, they’re, you know, they’re migrating from Microsoft Bob.

Speaker 1 | 21:56.696

Correct. You’re not wrong.

Speaker 0 | 21:59.717

It’s gonna be like five people that get that reference, by the way.

Speaker 1 | 22:02.758

I love that reference. That was awesome. I will, I will tell you, you know, what it is, what it comes down to. It comes down to a very famous NASA quote. It’s a failure of imagination. They come through and they get these proprietary devices like, oh, this is going to change my business. And they don’t think, they understand, they get the warranty and the salesperson comes in and says, yeah, this device is going to last you 25 years. But they never mention the operating system. I mean, look how many like laser and plasma bays are out there in manufacturing facilities. They’re still running off of very old antiquated systems. And, you know, and you look at these and you go, how did this, how did you spend millions of dollars on this piece? And there’s zero way to upgrade it. The fact is, is there’s many places that do upgrade. They do have modular systems. They have systems that are designed to be upgraded. They do. They create adapters for new systems. They. They do those types of things. There’s a ridiculous amount of them. It’s just not always the cheapest option. They’re looking at a $25,000 machine versus a $35,000 machine. This $25,000 machine has the same warranty as the other one. What’s the difference? 90% of the time, I don’t think they’re looking at the OSS. And most of the time, I don’t think they care. They’re like, oh, well, it’s not my computer. But now, you have to start caring. Look at what happened to… what was that gm facility that uh all of their robot arms got compromised and they had oh i know what you’re talking about yeah i can’t yeah that that was a that was a major major flaw and it was a choice of of choosing um a a machine um that was very very precise and very good at his job it did it did the same thing as the next one but it was just vulnerable and so Once again, as a business owner and even as a large business, you have to start looking at the creative ways that people hack into machines now. Like I said, nobody thinks about farmers. No one thinks about them. And I use them as examples quite a bit. Because if you’ve ever driven through, you know, Idaho, Montana, you throw a Wi-Fi card into monitoring mode and just start searching and start looking at all these access points that are just out there. And they’re all named, you know, farm one, farm two with the first name. And so the amount of information that you can get from just getting into a device that’s connected to their entire, all the way up to their home. from their sprinkler system to their home. It’s all connected. And the amount of access that you can get to someone so quickly from the side of the road, you don’t even have to go to their house anymore. I’ve got a thousand yards between me and them and I’m connecting to their sprinkler system and then getting into their home network. How ridiculous is that to think that we allowed technology to get so out of hand in some of these manufacturing places, some of these very critical, very critical manufacturing. uh, facilities and they’re the same as the farmers. It’s exactly the same thing. It’s hard to ramble a little bit on that one. No,

Speaker 0 | 25:17.404

that’s, you know, it’s an interesting thought because, um, you know, we tend to think of, you know, tend to think of businesses. We tend to think of, you know, um, businesses that you can walk into a building or a warehouse and stuff like that. But, but farming, uh, is, is something that, you know, doesn’t necessarily happen in a warehouse. Doesn’t happen in a. in a building. Right. And, um, and it’s a, it’s an interesting, uh, uh, thought to go to a field, uh, you know, uh, um, lean up next to a cow and, and hack. Right.

Speaker 1 | 25:51.517

Exactly. It’s very weird.

Speaker 0 | 25:53.377

That’s not the, uh, uh, it kind of makes a, kind of makes me miss gateway a little bit.

Speaker 1 | 25:59.819

Oh, let’s not say, oh, let’s please don’t bring those computers up again. Oh my gosh. What a scam. We’re gateways, right? Overpriced hardware for nothing. Oh, gosh. But what an age for us to be in, though. When we start to think about Gateway and Dell and the speed at which operating systems and hardware became obsolete and how fast it happened for us millennials and Gen Xers, we saw some incredible feats in technology that were so fast. And to feel. I feel the slowdown now. I don’t know about you, but I feel the slowdown of technology. I feel like we’re getting longer life cycles out of a lot of things. Although we’re getting new things, look at NVIDIA. I can still use a 2080 and play every single game that’s out right now.

Speaker 0 | 26:56.972

How long have you had your cell phone?

Speaker 1 | 27:00.015

Exactly. I mean, I have brand new cell phones. And we also,

Speaker 0 | 27:03.538

I also really want to dive into your cell phone is really what it is. I mean,

Speaker 1 | 27:07.181

you can now, I mean, you could keep, you can keep, I have a friend that just upgraded from his galaxy S six, you know, but remember when the Nokia’s were becoming obsolete, it was, it was one thing after another. We went to razors and we went, we watched the rise and fall of Blackberry.

Speaker 0 | 27:25.034

I missed my Nokia. I still miss my Nokia. I’m playing snake. I just, I, I, you know. There was, I don’t know if there was any better moment just to sit there and play Snake on a Nokia and be like.

Speaker 1 | 27:36.321

It was a time. It was the time of our lives, man. And then when they started putting Galaga on them, remember that? You could do that.

Speaker 0 | 27:42.444

Yeah.

Speaker 1 | 27:43.185

It was so great. But thinking about that and thinking about the speed at which it happened, and now we’ve got the Zoomers that are living in current technology. And what we’re going to see, what I feel we’re going to see is something that there’s a lot of. There’s a lot of talk about AI and self-driving vehicles and automation and how that’s going to affect places like truck drivers and things like that. But it’s going to affect the entire industry. A lot of these kids that are learning technology, they’re going to have no idea what they’re looking at. I mean, they’re going to look at it and they’re going to go, what is this? This doesn’t make any sense. Is this a touchscreen? No. Got to use tab. There’s no mouse? No. And so we’re going to get to the point. the point where some of these antiquated ideas are going to have to be upgraded really, really quickly. And how do they get upgraded? What parts, what chips are we using? And how are we going to make those decisions? And how secure are they going to be? In a world where security is an illusion, I think that illusion is going to start breaking down much faster in the next 10 years.

Speaker 0 | 28:50.661

Well, you’re right. And when you brought up AI, And now your current ability to just have it create code for you 80% of the way in a minute. You know what I mean? I mean, if you’re a good coder, you can get. a program created in, you know, I mean, it’s ridiculous how quick it is. I know, even I know, I didn’t know a certain programming code. And I went out and I was like, just create something. And I was able to edit it and get it to work. And I didn’t even know the code. Right. I mean, you know, it’s like, if you have a basic understanding of programming languages. And you go out there and be like, I just write it in this. I don’t know. I’ll figure it out on my way. And it’ll correct code for you. It’s ridiculous. It is such a and if you can create that that quickly, that means that viruses and malicious malicious software, all that can be created that much more quickly.

Speaker 1 | 30:00.262

So, well, you’re creating you’re creating an environment where you don’t just have sophisticated. sophisticated individuals or cells, you know, creating a single program or a single zero day exploit, you’ve got, you know, computers across the entire world. And you’ve got people that you can just say, Hey, ask chat to be cheated to this. And you’ve got, you’ve got suddenly you’ve got, you know, every one of your nodes is overloaded and you can’t, you can’t judge the traffic anymore. And, and you’re going, what’s happening? You know, it’s, it’s going to change. It’s, it’s really is going to change the world. And it’s, I think it’s going to be for the better. Ultimately, I think, you know, dealing with AI and starting to really embrace it is going to be important. But said one of the biggest things that’s got to change quickly is security. And we’ve got to understand that some of the most critical foundations of countries are literally teetering on a Windows XP program and an access point that’s barely got enough security to keep it off the word list.

Speaker 0 | 31:05.919

It’s scary to think, but it’s true. And it’s a really big deal. When you mention that these systems that are antiquated and primarily in use by manufacturing, I’m not saying that that’s the only place because there’s other places that actually have antiquated systems as well. But a point to health care. And that’s another. another big one, uh, um, but you know, where, where if you want to know why facts still exist, go to healthcare, right. You want to see dial-up modem still exist, go to healthcare, right.

Speaker 1 | 31:46.407

Um, exactly that,

Speaker 0 | 31:47.867

you know, you have all these, these kinds of older systems that, um, and, and you made a really good point about it, which was, um, we have a, uh, a generation coming in who are not used to these systems, uh, They don’t understand these systems. They didn’t grow up with these systems. They didn’t use DOS. They didn’t tab around. They don’t know. And I’m not knocking them. I’m just saying that this is what they were given, right? And so then they’re going to come into an environment and go, what do I need to do? Why? Why do I need to do this? And that’s actually great. That’s actually a good thing because that’s going to be an innovation change.

Speaker 1 | 32:32.366

that it should be,

Speaker 0 | 32:34.387

it should be right. Because you’re, you’re going to run into a problem. I think this is what you’re alluding to where the workforce, uh, the workforce training, right. Uh, budget will be too high and it’ll force, it’ll force the hand of the, uh, um, of the antiquated systems to actually get upgraded.

Speaker 1 | 32:54.664

That’s, I think that’s probably one of my biggest frustrations in technology, especially in it. Um, I. Every IT professional has experienced this. And so I can say this very confidently. We have all met people in our careers that are so resistant to change, resistant to the point of sabotaging. We have all seen the extremes that people will go to to not change. And I think that’s the frustration that I come into because you’ve got multimillion dollar companies that aren’t even looking. And, you know, they’re not even looking. They’re like, oh, no, it’s not going to happen to us. And then it does. And then they go, what happened? Where did this come from? Why was it? And you go, there’s been hundreds of thousands of people talking about this for so long. And just it takes it for some reason, it just takes a massive event for people to actually go forward with it. I thought that we were going to get, you know, a much bigger. Look into the recent zero-day attack that hit Microsoft. I mean, the DOD was attacked within what? 13 hours, like directly affected. Very,

Speaker 0 | 34:11.472

very quick.

Speaker 1 | 34:12.592

Very quick. And it wasn’t just a small DOD breach. This was a very large DOD breach. And you would think that in that moment, we would see, you know, a change of heart in the way that some of, you know, the major systems work. But Microsoft was like, oh, here’s some free security tools. And we’re like, what about upgrading those tools? What about changing the way that we, you know, changing the way that we look at keys, changing the way that we generate keys, changing the way that we allow access to this? You know, let’s talk about the fact that some of this was social engineering. Wait, hold on a second. Why did one person have the key to be able to breach the DoD? How is that even remotely possible in this day and age? And you’re talking about Microsoft. We’re not talking about mom and pop. We’re talking about the largest.

Speaker 0 | 35:04.114

you know entity and both way i think they’re the largest into the insecurity as well uh don’t quote me on that i could be wrong um wait we won’t quote you it’s recorded in here he’s allowed to be wrong on that i don’t have google pulled up right now so i don’t i don’t know everything but

Speaker 1 | 35:21.969

no when you start looking at that type of those types of situations you start looking at you see the resistance to change and then you’ve got people like um occupy the web you know fantastic book if you’ve never read it it’s uh getting started becoming a master yeah getting started becoming a master hacker and it’s uh by a guy um he goes by occupy the web and he does classes and seminars on on ethical hacking and and the exploits and the things that are being used and you would be so shocked to see some of the um systems that are just still in use because they’re there just available. And we go through the process of going, this would be so easy to close up, and it’s just not. And so that’s what you deal with in IT, and that’s what you deal with with people. And that kind of brings me to my next big point of how do you feel about… I’m going to ask you a question. How do you feel about the USBC change in…

Speaker 0 | 36:28.674

uh usb i’m sorry going from lightning to usbc and the iphone 15 if you looked into that at all as an android user i welcome it so do you really i don’t no i do because well and here’s here’s the reason um i i understand that the uh um you know it’s sometimes good to have different connectors and and stuff like that And mainly because it sparks innovation and it sparks stuff like that. But it’s also good sometimes to have standards. And the reason why I put that down, because certain things need standards so that you can enforce the security of those items correctly. So if you have if you have, you know, some people using a lightning connector and some people using a USB-C connector. Right. and then you’ve got different competing security standards from it, it becomes very difficult and hard to enforce it. I’m not saying that everyone should use the same thing, but when it comes to power, power is a good thing to standardize, right? Otherwise, if you ever traveled abroad and had to bring eight different connectors with you, you’ll understand why power is such a good thing to standardize.

Speaker 1 | 37:48.838

Power is great to standardize, but we’re not talking about power in the iPhone 15. We’re talking about, and this is the point that I’m going to go into data transfer. And I go to data transfer for a specific reason. I’ve got about 15 iPhone 15s over here and I have 100% free trade on them.

Speaker 0 | 38:07.353

Oh man.

Speaker 1 | 38:10.795

I have 100%. I’m working on a project specifically involving iOS that I want to bring to DEF CON next year. um i i have one i have 100 breach rate on them and it’s it’s scary to think uh because this is my thought on it the this was apple’s fault apple had an opportunity to standardize to to make the lightning adapter the standardized adapter across everywhere if they could have released the technology it would have been everywhere galaxy would have adopted it everybody

Speaker 0 | 38:43.219

fine with that i would have been fine with it i’m just fine for standardization you

Speaker 1 | 38:48.402

be standardized on just standardized something right but the problem is is in my suspicions were very very true and and this is a this is a shout out to apple as a fashion company they failed to realize um that this was coming they failed they thought they were invincible the eu you know mandated it they immediately instead of instead of resisting instead of going well why don’t we do this instead they just like okay we’ll just put a we’ll just put a usbc in there The GUI is completely open and barren right now. There’s about, I’m not sure if you’ve ever heard of a company called OMG.

Speaker 0 | 39:23.982

No, I’ve not actually.

Speaker 1 | 39:26.804

One more second.

Speaker 0 | 39:28.145

And we are learning so much stuff on this podcast today. It’s fantastic. And for the people that are listening and are not going to see this, he is scooting around his room, just grabbing different items, you know, like, like, like they’re props. Right. By the way, before we get into OMG. Let’s take a shout out to this room you’ve got right here, which is like it’s like your den. And you’ve got this I can see in the background. You’ve got a keyboard with little microphone there. A couple guitars. Guitars.

Speaker 1 | 40:08.673

Got a Pilates bike over here.

Speaker 0 | 40:10.475

Yeah. It’s just sit on the set on the bike, play the guitar. But, you know, no, this is great. This is this is really it’s like your spot down here. It is.

Speaker 1 | 40:19.701

And I’m actually. I’m actually remodeling it right now. That’s also a really fun thing. I’m really proud of what I’ve done down here. I’m really proud of it. It’s going to look really great once I’m finished. I actually got a hold of a bunch of pegboard and I’m able to acoustically dampen my room finally. And, you know, make my own recording place.

Speaker 0 | 40:38.972

No, that’s really nice.

Speaker 1 | 40:40.492

But back to it. I’m going to, no one’s going to think anything of this. It looks to be a very standard. Besides this little… orange clip here. These are formed as if they are in the manufacturing world. They’re the same as any other USB-C.

Speaker 0 | 40:58.504

To me, it looks like just a basic USB-C cable. Can’t even really tell a difference.

Speaker 1 | 41:03.867

There’s no extra markings on them. They’ve got the standard USB marking on them. It’s very easy.

Speaker 0 | 41:11.213

With this cable,

Speaker 1 | 41:12.534

I wouldn’t know a difference. You would never know. You wouldn’t be able to feel the difference. Believe me. I’ve tried to figure it out. I’ve tried to figure out a way because I had one of these go missing in my house and I was trying to find it. They’re not cheap. Let’s just go by this. But with this device, I have been literally… So in one end of this, there’s an active end and it’s actually got a chip set in it. It spits out a Wi-Fi signal that you can log into through a GUI on your phone, just through a web three base. You go to the address on it, and it injects a lot of code very quickly. I can build full payloads. I know most people are familiar with things like rubber duckies, the USB version of those. This is a rubber ducky in a cable form. It will charge your phone. If you plug it into a charger, it will charge your phone. You’ll never know. I also have the ability to, if it starts, if I start feeling like it’s going to get detected, I can remotely disable this. and it just stops working and people generally just throw it away. One of the, there’s, I can’t remember what the estimate is, but I’m sure there’s close to a million of these just in circulation, just out and about, randomly sitting there.

Speaker 0 | 42:31.438

This is why you shouldn’t use public chargers.

Speaker 1 | 42:34.620

This is why you should never use a cable that you didn’t personally buy.

Speaker 0 | 42:37.723

Exactly.

Speaker 1 | 42:39.184

The other side of it is this. These are very, very, very, very, very, very easy. uh to pack and ship um and so if i were to i don’t know start a little amazon store and you know sell usbc cables who would ever know um and so it’s it’s it’s scary to think uh about how many of these are out there and what’s going on with them but i can literally um on an ipad pro this is the kind of i’ll tell you what i’ve gotten into so far on an ipad pro as you know they were usbc I could turn on the camera and start recording and you didn’t even know that the camera’s on. I could turn on the audio and I could record audio, voice recorder and upload it to a server. You didn’t even know what was going on. It’s install a key logger, give full keyboard access, things like that. And that’s on an iPad Pro. And many more people have iPhones.

Speaker 0 | 43:35.779

Wow.

Speaker 1 | 43:36.920

Just think about that.

Speaker 0 | 43:38.280

That’s just amazing. And then 100% breach rate on what you tried there. That’s amazing. See, and so let’s take this one step further, right? Because let’s go back now, knowing this information, and we’ll go back to OMG. I’m not done with that.

Speaker 1 | 43:56.986

Can I ask for a pause really quickly? Sure. I’m so sorry. Can I ask for a pause? Give me one moment. I need to turn off my camera.

Speaker 0 | 44:03.730

Sorry for that brief break. There was a, I think there was a hack that he needed to stop while we were doing this. So.

Speaker 1 | 44:17.338

I wish I was that important. I really do.

Speaker 0 | 44:22.466

You know, it’s interesting. I actually wanted to pick up because you made a really good point with these cell phones and breaching them with this just USB cable, because there is a threat that exists right now for a lot of businesses. And it’s a big one. And it is people accessing data, business data, critical business data. from their personal devices. And I can’t tell you how big this is because a lot of companies don’t want to buy cell phones for their employees. So they allow them to use their personal devices and people don’t want to carry around two different cell phones. So they just open up Microsoft Teams or Google on their personal devices that are… you know, companies can’t really install anything on to protect them legally. So what’s your thoughts on this?

Speaker 1 | 45:30.459

Well, I mean, there are options for this. You know, there are MDMs out there that are for BYOD devices. Google does a pretty good job on Android, things like that. There’s also a company called Jamf for iOS devices. And they’re, they, they, tend to stay pretty far ahead of the curve as far as security is concerned with iOS. And I actually recently had a meeting with them, and they’re fantastic. They just acquired a small company that was specifically doing some really, really amazing work in iOS security due to hardware breaches, like we’re talking about now with USB cables. And so there are companies out there that are aware of it. They are taking care of it. They exist. It’s just a matter of the spend. The spend is quite high. You know, when I get quoted for the specific security that I’m looking for, specifically what I’m looking for is I have I have employees that travel quite often. Right. And so when they’re getting ready to travel, they simply through through Jamf, the program they have, they simply plug their device into their computer, run a piece of software. That software scans it, make sure the device is in a good state. They go to. that are traveling, whether that’s overseas or to a different place. When they come back before they can access company data again, they once again on their laptop or whatnot, they simply plug their phone in, run a scan. It tells if there’s any breaches. It looks for any changes in the device. Specifically, you know, one of their greatest achievements was locating the Pegasus exploit very, very successfully. I think… Their success rate was extremely high on iOS and mobile devices. And so there are companies out there that are doing it. They’re just expensive because they’re good at what they do. And so you have to explore. You have to be willing to understand, like I said, that goes back to what risk are you willing to take of your client’s data? Are you willing to just put it all out there and go and hope for the best? Or do you really want to be a company that takes care of your clients?

Speaker 0 | 47:46.145

That’s a, that’s, I mean, that’s again, what a great way to really outline it for that. And it, it’s a way that, you know, those, those options are good ways to mitigate if you can get your employees to agree, right. To load the, load that program and get them to adhere to plugging it in and all that stuff. I hope that, that. that stuff continues to evolve and they’re able to, you know, really find a really good ways to, to prevent that because I do see that that as being a major threat, especially when you show me cables that, you know, people can just plug in and get and breach and get access to, because you know that. Well,

Speaker 1 | 48:25.586

that’s company devices too. That’s, that’s the, that’s the thing, you know, you, you mentioned BYOD devices, you know, employees, you know, using their own devices, things like that. This cable doesn’t care if it’s a BYOD or if it’s a company device. It has not a care in the world. It’s going to it’s going to perform the same operations at a kernel level no matter what. Good point. Yeah. And so that’s that’s something that you that you have to you have to look at from a once again, there’s perspective of, you know, doing proper training, making directives. You know, it’s not hard for me to say, hey,

Speaker 0 | 49:05.221

if you’re going to go over.

Speaker 1 | 49:07.462

sees, you need to let me know. And I’m going to lock your account for the duration of that time, unless you really need it. And then, you know, here are the steps we’re going to take. Here’s the device that I’ve prepped for it. Take this device. And this is the only one that you’re going to be able to access from. It’s… It’s not hard to instill those. It’s work, especially for a small company. It’s work.

Speaker 0 | 49:30.693

Security versus convenience. And, you know, and that’s the that’s always the you know, that’s that’s always the problem. Right. You can install a you can go live in a house with no windows and you’ll and no doors and you’ll be really secure. Right. But the minute you install a door or a window and the more you do to make it. prettier and more convenient, then you start opening up risk. So yeah, I think you’re right on that. It’s a tightening of education. It’s a tightening of policy and procedure and putting these in place and understanding the risks. So it’s a really good conversation here to be had. When you were… Oh, by the way, I did agree to OMG. You did agree,

Speaker 1 | 50:21.753

meaning? Yep.

Speaker 0 | 50:23.070

No, I said we were going to talk about that. Was that the cable?

Speaker 1 | 50:27.032

Oh, yes, that’s the cable. Got it. Okay. So OMG is a, it’s actually not, it’s a company and a person. MG is an amazing, amazing technical specialist. And, you know, he’s partnered with places like Hack5, you know, which, you know, Hack5, as nefarious as it sounds, you know, they’re all about ethical hacking and they’re all about educating people and making it cool in such a way that people are attracted to it. But then, you know, it brings, it brings younger people into, Hey, I wanted to break into my friend’s phone. And then you become a part of the community there. And there, and the community is like, this is why you don’t want to do that. You know, that’s, uh, that’s, that’s the beauty of, of people like this, but in order to provide education, sometimes the breach has to happen. Sometimes it’s the school of hard knocks. And do you not manufacture these cables and partner with a company like that and just pretend like this problem doesn’t exist because there’s many other companies that are doing the same thing already? It’s not just him. This is just the one that we know. This is just the one that’s out in the open. There’s plenty of AliExpress cables that you can buy that I guarantee are loaded with some of the same technology. And you’ve just got to be… You’ve got to either be ahead of the curb and be willing to dive in and learn it or get hacked and regret it later.

Speaker 0 | 51:58.757

It’s such a good viewpoint on exactly what, you know, a lot of computer professionals run into in their life, which is I know I know a lot of stuff and I know what to do and how to abuse it. But I don’t. Right. But. But I need to know how because I need to be able to protect myself, my company, and all that type of stuff. So it’s an interesting ethical quandary of how far you go to make sure you understand the risks.

Speaker 1 | 52:39.671

Correct. The dilemma that I always run into is, and this is something that I’m sure… a lot of people that have gone the direction that have gone in is the temptation of how simple it is sometimes. And I say that very, very clearly because I think, I can’t remember the stat on it, but there was a hacking study that was done that went around. It just was gathering as many networks as possible and doing a simple… It was literally a simple 10-digit phone number. It was just numerical brute force hacks. And it was almost half of the networks that were discovered were people’s phone numbers. That is a very common thing. And so when we start talking about the idea of responsibility, windows, doors in your house, and your idea of security. It’s in your hands whether you put 10 on your windows, whether you put them up when you put them up there. Are you going to put curtains up so people can’t see in all the time? Are you going to, you know, are you going to get a doorbell with a camera on it so you can see who’s there? You know, it’s there’s there’s options for all of this. And if you refuse to progress and you just sit in the same old, that’s that’s where you’re going to end up. And that brings me to my next fun thing with IT. I. You know, getting back into the IT and getting kind of away from the hacking thing. I don’t know about you, but you’ve worked in manufacturing, you’ve worked in other facilities. How easy is it to implement a new system?

Speaker 0 | 54:24.278

Oh, my gosh.

Speaker 1 | 54:28.759

Even though it’s the best thing in the world, it’s a thousand percent easier than the current system they’re using. How difficult is it to do that?

Speaker 0 | 54:36.101

It requires a monumental effort to first understand the business processes that are in use. Right. Whether or not they make sense or not and should be continued moving forward. You have to get 15 people in a room for one process to understand it from A to B. Right. You can’t because no one understands just the whole thing. It’s always 15 different people are like, well, I think it’s this. And I think that’s why we do this. I think that’s why we do this. Because the people that implemented it usually are long gone. They’ve moved on. And so you’re trying to piece together a bunch of different. I think we do it this way because I’ve just always done that. And I don’t know why. So, and then, you know, so I actually welcome when a new, when people say we should put in a new system because then I go, yes. And we should just, at this point, we should figure out why we do all the things that we do and throw half of them out the window, simplify the process, and then, and then put the new system in place. Because that’s, that’s in putting new systems in place is the, uh, um, is the, the, the way in which to leap forward.

Speaker 1 | 55:55.225

Well, you know, going back to that, you said, you said you’ve done some consulting and, uh, I’m sure in that world, how many companies have you run into that just don’t have SOPs at all?

Speaker 0 | 56:06.011

Yes. The majority,

Speaker 1 | 56:10.113

the majority.

Speaker 0 | 56:10.494

Or they’re too old and they don’t make any sense.

Speaker 1 | 56:13.716

And that’s something that I, that I think is, is lost upon. some of the IT world and why. So I am paid quite well. I’m still underpaid because I am with a small and medium company, but it’s okay. My review is coming up and we’ll see what happens. And I love where I work. I love my job. But there’s a lot of IT professionals that go in to a company and just expect everything to work. And the unique thing about working with small to medium businesses is sometimes you have to learn their business. And that takes me back to one of the things that I said in the beginning is one of the best experiences and one of the best things that taught me the most about how to be a good IT professional was being a recruiter, learning how to talk to people because you’re not going into a team of like-minded individuals anymore. Most of the time when you’re getting hired, you’re getting hired on a small and medium business, you’re getting hired with people that have made it work and their system works for what they’re doing. even though it’s probably far from correct. And so you have to learn to communicate with them on a different scale. You have to learn to be kind, understand perspectives, and implement change that’s meaningful, but also doesn’t impact the business. Because one day of downtime can be detrimental to them. And so it’s something that I have a really hard time. That’s something that I’m looking into. I’m looking into hiring another IT professional. And I… really have a hard time finding people that understand that. I’ve got a lot of people that I can have a technical, a ton of people that I can have a technical conversation with. I can talk about everything that needs to be done, but I can’t depend on them to communicate with my small business and the leaders that are there and say, this is why we need to do this. It’s just because this is the right way. It’s normally what it is.

Speaker 0 | 58:08.458

It’s interesting because I, and you, and you know, if you, When we record, when this gets uploaded and stuff like that, there’ll be another podcast, too, that talks about this very similar thing, which was the communication soft skills are very hard to find right now. It’s very hard. Very difficult. And it’s something that, you know, I think that we believe we’ll just continue to. get worse unless we actually focus some training that way and and help out uh some of the newer folks that are coming in uh that um that need to learn that uh you know it’s a it’s a tough thing and uh even the folks that are here now you know not all of them have that that soft skills and be able to have that conversation and talk or have the business acumen in front of it right you know we’re we’re moving information around uh um we need to understand why and where that and how that information needs to move. You know, I wanted to get into our last segment here, which is the IT crystal ball. And we’ve been all over the place with this podcast in a great way. I think people are really going to love this when they look at it. Let’s do it. You know, the… When I talk about the IT crystal ball, I try to look about five years in the future, what’s going to happen with IT. And, you know, I usually focus on certain items. Here, I’m just going to let you kind of run with it and go wherever you want with it, because it’s going to be interesting. I mean, you’ve done a wide range of things, wide range of topics. And… I just want to hear your overall perspective on where we’re going in the next five years in IT.

Speaker 1 | 60:10.102

Well, I’ll jump on it from two perspectives. There’s a cynical perspective that kind of goes into the thought of Zoomers really entering into the workforce, manufacturing jobs, the amount of retirees versus the amount of people that are coming in, learning these jobs. That coupled with things like the… the crippling fear of AI and taking over jobs instead of understanding that those are job openings. And so in the next five years, we could see, we could see two very different things happen. We could either see an incredible amount of innovation that brings a lot of technology to the forefront. And we start seeing, you know, what we experienced in our younger years of, you know, millennials and Gen Xers of, of a technology bill. There’s, there’s a strong possibility of a technology boom happening in the next five years. Um, but the cynical side of me says that that’s not going to happen. And what we’re going to see is we’re going to see a lot more breaches. We’re going to see a lot more bad actors. Um, and, and when I say a lot more, I mean, there’s going to be a noticeable, noticeable amount of things changing within, especially, um, cell phones, personal devices and things like that. Um, I truly think that in the next five years, it’s going to be a big, massive change. And a lot of that’s going to be a due to. what released today. And that was the iPhone 15 going to USB-C. Now we’ve got pretty much everything on one universal adapter, and we’re going to see how that affects different companies and how many companies are willing to go into unified security protocols, as well as just, you know, having an adapter that charges everything. And so cynical view, next five years is going to be pretty rough. Optimistic view, we’re going to see technology. boom, people are going to embrace AI and it’s going to be really, really fun.

Speaker 0 | 62:03.093

I absolutely like it. Nerds, I’m Michael Moore hosting this podcast for Dissecting Popularity Nerds. I’ve been here with Jake Randolph, Director of Information Technology at Western Steel Buildings. Jake, thank you so much for coming on. Please come on again. I know I got a whole host of things to talk to you about.

Speaker 1 | 62:23.327

Anytime. I am willing to come on anytime.

Speaker 0 | 62:26.950

Thanks a lot.

Share This Episode On:

HOSTED BY PHIL HOWARD

Dissecting Popular IT Nerds Podcast

Weekly strategic insights from technology executives who understand your challenges

Are You The Nerd We're Looking For?

ATTENTION IT EXECUTIVES: Your advice and unique stories are invaluable to us. Help us by taking this quiz. You’ll gain recognition good for your career and you’ll contribute value to your fellow IT peers.

QR Code