Episode Cover Image

243- Decrypting Cybersecurity and DOD Contracts with JohnE Mullin

Dissecting Popular IT Nerds
Dissecting Popular IT Nerds
243- Decrypting Cybersecurity and DOD Contracts with JohnE Mullin
Loading
/

JohnE Mullin

JohnE Mullin is Director of Information Technology at Trenton Systems, a leading provider of specialized servers and hardware. He has over 25 years of experience spanning IT operations, infrastructure, security, networking, and telecom. Johnny has helped guide companies through ransomware attacks and complex government procurement processes. His technical expertise combined with business acumen offers IT leaders an invaluable perspective.

Decrypting Cybersecurity and DOD Contracts with JohnE Mullin

Get an eye-opening look at cybersecurity, government contracting, and using IT to drive revenue. JohnE Mullin, Director of IT at Trenton Systems, joins host Phil Howard, bringing decades of experience. Learn about pressing security threats and complex DOD certification. JohnE shares real ransomware war stories and advice on getting security buy-in. Expect candid takes on IT’s challenges along with tips for making security a revenue generator. Tune in for an unfiltered backstage pass to IT security, government procurement, and opening new revenue streams.

Disclaimer: The views, thoughts, and opinions expressed by guests on this podcast are solely their own and do not necessarily reflect the views or positions of their employers, affiliates, organizations, or any other entities. The content provided is for informational purposes only and should not be considered professional advice. The podcast hosts and producers are not responsible for any actions taken based on the discussions in the episodes. We encourage listeners to consult with a professional or conduct their own research before making any decisions based on the content of this podcast

243- Decrypting Cybersecurity and DOD Contracts with JohnE Mullin

3 Key Takeaways

Episode Show Notes

Focus on IT leadership and security investment [00:02:23]

CEO impersonation and Apple gift card scams [00:05:55]

The rise of devastating ransomware attacks [00:08:37]

First computers and early technology experiences [00:21:46]

Complexities of government IT contracting [00:32:29]

IT’s potential to drive revenue [00:35:03]

Requesting proposal for DOD contract [00:40:25]

Reviewing DOD requirements and budget [00:43:43]

Security only appreciated when things go wrong [00:48:05]

Increasing complexity of cybersecurity [00:51:05]

Troubleshooting computers – real user stories [00:51:11]

Expanding IoT attack surface [00:54:11]

Transcript

Speaker 0 | 00:08.523

Welcome everyone back to Dissecting Popular IT Nerds Today, talking with John. Johnny? I mean, not Johnny. Johnny!

Speaker 1 | 00:15.910

It’s Johnny.

Speaker 0 | 00:17.852

I like Johnny. Is that how we really spell it too? Johnny like that? Because that’s unique.

Speaker 1 | 00:22.596

That is correct.

Speaker 0 | 00:23.936

Johnny, it’s Johnny because my brother’s also Johnny, but with a Y, but you’re John E with the E. Mullen, Director of Information Technology at Trenton Systems, which makes, we make boxes of stuff with wires in it and things like that.

Speaker 1 | 00:36.680

Yeah, we make secure servers and we provide it both for commercial and military. We’ve been working with the military probably the last three, four years now. We’ve really been involved with them. Because we’re one of the only companies that makes everything U.S. based. We make our boards, our BIOS, our boxes, and everything are U.S. based.

Speaker 0 | 01:00.177

That’s cool. And we didn’t finish the Johnny comment, but I mean, the fact that we’ve got secure and server in the same sentence or line, I guess, is fascinating to me. Are we talking like off the grid type stuff? I mean, you know.

Speaker 1 | 01:19.668

Some of us off the grid.

Speaker 0 | 01:21.609

A lot of the military guys I work with, there has to be complete off-the-grid type of computer enclosed. There is no WAN, so to speak, even though there is a WAN. It’s just not connected to the internet.

Speaker 1 | 01:32.096

Yeah, most of ours is WAN. We don’t do a lot of the stuff that’s off right now. Those are some of the projects we may be looking at down the line as we get more and more involved with the DoD. But it’s a growing industry. Like I said, since we’re… 100% U.S. based, we’ve had the government come to us and said, hey, we didn’t realize we had a company like this in Lawrenceville, Georgia, that can make these things for us. And they’ve been really pushing us and we partner with Intel and they’ve been helping us get in front of a lot of the primes that are looking for these things.

Speaker 0 | 02:11.858

Excellent. So we should be a U.S. and then now. if we just sell these overseas as well, we’ll be a 100% US-based server maker selling equipment too. We flip the script.

Speaker 1 | 02:24.690

That is correct, yes.

Speaker 0 | 02:26.711

We can flip the script. But what we were talking about prior to getting on is the typical thing that we all have in common in IT leadership, which is trying to do a lot with a little and still… move the company forward as a, as a business force. And what I, what I really love is that you have something that maybe a lot of people really, really, um, I don’t know, would be enamored of or want, which is an executive branch of people that is really open to talking about security and, and, and potentially investing in security.

Speaker 1 | 03:10.863

Yes. It’s, um, That was one of the reasons I started here at Trenton is I’ve worked for companies that from face value, they say, yeah, we want to be secure, but then they provide absolutely nothing. And, you know, you say this is going to cost you some money and they’re like, well, we haven’t been attacked, so we’re not going to do anything.

Speaker 0 | 03:31.137

It’s just a matter of it’s not a matter of if it’s a matter of when and how bad it’s going to be. What do you think is one of the areas that people should be investing in, but they’re not? Like where are they skimping on, I guess, so to speak?

Speaker 1 | 03:45.361

Well, a lot of it in terms of security is people. And one of the things that we really did here is we kind of focused on the people in terms of training. People don’t realize that things are happening all the time. And it’s just this simple email message that comes in that can affect the whole company as a whole. And we’ve been doing a lot of training. When I started here. Clicking on phishing attempts was about 30% of the company. We’ve pushed through training. And actually, for the last six months, I’ve been at 0%. So it felt really good. And with phishing attempts being about 80% of the attacks, right there, just by doing training, we’ve cut down 80% of the field that we can have to defend.

Speaker 0 | 04:37.349

I don’t feel like we talk about phishing enough. I mean, I know we do. It just seems like a… it’s um we’re always talking about pen testing and different things and just fishing’s like yeah that’s the obvious stuff but it really is always the people what was the number one fishing attack uh just so we can just tell people like hey and the number one thing was like they’re just trying to get our w-2s or you’re trying to get a you know whatever yeah

Speaker 1 | 04:58.804

they they go out and really what i’m seeing right now is the use of linkedin is they go out to a company and they find out who the CEO is. Most people will have their company email addresses as the email address to use. Well, now they have an idea of what the format is for emails. If you come in on LinkedIn and four people out of the company are last name, first initial.

Speaker 0 | 05:30.289

We know we can just use that and email the president. Yeah.

Speaker 1 | 05:33.790

Yeah. And, you know, the number one thing that I see all the time is things that look like they come from our CEO going to employees saying, hey, I need you to send me cards. You know, I don’t know how much, how often he uses all these Apple cards he requests. I block probably three a day coming in to somebody saying, hey, I’m in a meeting right now. Can you send me? $50 or $100 worth of Apple cards. And so it’s amazing.

Speaker 0 | 06:10.471

So what do they think is they’re being used for like tchotchkes or something or like giveaways? I mean, like, why would, you know, I mean.

Speaker 1 | 06:17.357

That’s usually what most people think is, oh, they’ve got, you know, a customer and they just want to give the customer a $50 gift certificate for coming into the building and watching it. And, you know, you think of it as. Who’s going to fall for that?

Speaker 0 | 06:34.554

You know, that’s pretty obvious. Yeah, from our standpoint, you could pull it off. I mean, I think you could pull it off if you’re like, hey, look, we’re running a sales contest. We’re trying to give away $10, $50 Amazon gift cards for any of our vendors that bring in 10 more secure-based server boxes this month or something. I don’t know, whatever it is. You know what I mean? Like, yeah. And we need those right away because I need to send them to our top five partners or something like that.

Speaker 1 | 07:02.846

And most of the time you think, oh yeah, this isn’t right. But if you’re busy and all of a sudden you look up and there’s a message from the CEO saying, hey, I need this. And you’re not really paying attention to what’s being said and think about, hey, would he really be asking me this?

Speaker 0 | 07:22.002

Okay, so this is like low life thieves. These are like little small time things. What are some of the worst ones that you’ve seen?

Speaker 1 | 07:31.466

Well, I remember early in my career getting the I love you virus.

Speaker 0 | 07:37.468

That was famous.

Speaker 1 | 07:38.308

That was famous. And that was.

Speaker 0 | 07:41.050

You should tell the story. What was that again? What was that again? That was super famous.

Speaker 1 | 07:45.631

Yeah, it basically was kind of a worm. But what would happen is an email would come in and it would say, I love you. And it would have a little attachment and people would click on it thinking, oh, I’m getting, you know, somebody. Well, then what would happen is it would go through your contact list and send that I love you message to everybody in your contact list. And so it just grew and grew. And I remember when I walked in that day, you know, I’m sitting there and I’m looking at my email and all of a sudden I go from no emails to about 1500. I’m like, wait a minute. What happened? Yeah. And everybody says they love me. You know. As an IT director, I don’t get that very often. So it’s like, oh, well, that’s nice. But yeah, that was a big one, you know, early in my career. And they’ve gone now just to, you know, ransomware is probably number one. And I’ve, at this side, I haven’t been hit by it, but with other companies, I have been. And the way they’re doing it now, you know, used to be ransomware. They’d come in, they’d encrypt your data. That wouldn’t be yet. You’d have to pay to get it unencrypted. If you had the good backups, you may be able to recover it without having to pay. Well, the ransomware people got smart.

Speaker 0 | 09:07.109

What’s the best backup? Just like a bare metal backup, like off-site or something? Yeah,

Speaker 1 | 09:12.511

I’ve actually used several different beams of Cronus and things like that. And what I’ve done is I do a backup both on-site and in the cloud. So that way I have coverage in both. because a lot of times with this ransomware, they’ll hit your on-site. So just having on-site is not going to protect you against ransomware on some of the new ones. So having that off-site where I can recover has helped quite a bit. We actually, with one company I work for, we got hit by ransomware. And not only did they encrypt the files, but now they also download the data beforehand. So even if you don’t… pay and you’re able to recover, they’ll say, hey, we have your data and we’re going to release it to the public unless you pay us. um,

Speaker 0 | 10:07.543

on the company and get on the company.

Speaker 1 | 10:11.125

That may be an issue. That may not be an issue.

Speaker 0 | 10:13.988

How are you going to know they’re going to, I mean, like, even if you pay them, like how, you know, yeah, I trust you’re going to erase it. Then you’re going to come back five years from, Hey, remember when we told you we’re going to erase it now.

Speaker 1 | 10:22.734

But believe it or not. And it’s funny because that that’s always the thing is how do you know? Well, ransomware is now a business and it’s a big business. And. In order to stay in business, you’ve got to do what you say you’re going to do, even if what you’re doing is illegal. Look,

Speaker 0 | 10:41.792

we know you’re a liar. Well, trust me, we’re trusted. We are a trusted ransomware business. If we say we’re going to, it’s a business.

Speaker 1 | 10:50.194

And truthfully, that’s kind of how they are. How can you believe that 100%? I have no clue. But yeah, that’s a big issue.

Speaker 0 | 11:00.957

We’re the most trusted robbers. Robert Barron.

Speaker 1 | 11:04.190

You’ll ever have. That is correct. But yeah, the last time we got with the ransomware, not only did they encrypt everything, but we were running Hyper-V. So they encrypted the virtual servers, and then they encrypted the data within the virtual servers. So when you get the ransomware, it says, oh, pay X amount, we’ll unencrypt it. So you pay that, they unencrypt it. you’ve spent up your virtual servers and guess what all your data on the virtual servers itself has been encrypted and now they come back and says oh well you just paid us to unencrypt your servers now you have to pay us to unencrypt your data uh so it was it was a wild scam so uh and now my understanding is they’re even reaching out to them yeah they’re reaching out to employees so that If you don’t pay them.

Speaker 0 | 12:02.922

And I’ll pay you to trace your salary. Listen up. I’ll pay you to trace. Go ahead. Reaching out to employees.

Speaker 1 | 12:07.967

Well, what they were doing is if the company wasn’t paying, they would call the employee and say, hey, we stole your data and we have your HR information. Your company is refusing to pay. So we’re going to release your information so that they can try getting the employees to start beating up on the companies to pay. So it’s,

Speaker 0 | 12:33.330

I wouldn’t be surprised if they were reaching out to employees to get inside jobs. Like some of these, some of these ransomware attacks, like the Caesar’s palace one, I was very, very skeptical of the Caesar’s palace. When I was like, let me get this straight. I was like, you’re a casino. I was like, your job. Number one is to steal everyone’s money. So isn’t it ironic that now someone’s stealing your money and now you’re going to, you’re going to file some insurance claim to get the money that you’ve stolen from everyone back. And then what’s going to happen? The person that stole all the money is probably going to walk back into the casino and gamble it back in the casino again because it was an inside job. Wouldn’t be surprised.

Speaker 1 | 13:13.342

Back to you.

Speaker 0 | 13:14.243

If I disappear, by the way, if I disappear and the host of Dissecting Public IT Nerds is found dead.

Speaker 1 | 13:22.466

Found dead. And you’re dead in Arizona. We know what happened.

Speaker 0 | 13:26.128

He was whacked. That’s probably. But yeah,

Speaker 1 | 13:29.009

the. The inside job is interesting because I just read an article yesterday. One of the hospital systems here locally, I guess they were hacked, I think it was about a year, year and a half ago. And it turned out it was a security company that was trying to raise business of how good they could do it. And they actually broke in and caused it and then sent the hospital systems. saying, hey, we can help you out on this. So it was a security company that actually put the virus on there and then contacted them to assist in taking it off.

Speaker 0 | 14:09.102

And how did that get found? By the other trusted security company that said, look, here’s who you can really trust. But finish that thought, and we’ll come back to trust in a moment.

Speaker 1 | 14:21.773

Yeah, I don’t know. Yeah, it is zero trust. But yeah, I don’t know how they caught him. Other than the fact that it was like perfect timing that this guy sent an email out right when they got hit saying, hey, we can help you recover from this. So I don’t know if that’s how they ended up starting tracking them that, hey, how did this person know that we were hacked within 30 minutes of happening?

Speaker 0 | 14:48.987

It’s an interesting concept. We have a security company. We’ve got all of our public facing employees. And then we’ve got our behind the scenes employees that are really just busy hacking everybody. Yeah. It’s. it’s pretty wild actually but that goes back to the like the whole like the the whole bill gates thing which again i don’t know if we’re allowed to talk about um if i if i wind up dead on the then um it comes back to that whole what was that in the 90s when did he get taken to court in the 90s and you know there’s like the whole like monopolization thing with the whole uh you know like the where he you know he owned microsoft but you know could also be making the the virus protection but creating the viruses but then also we’re gonna We’re going to make the browser at the same time. And it was just too big of a monopoly. And so he got, you know, he got attacked on that end. But you literally could do that. No one would know. The general public, 90% of the general public would have no clue.

Speaker 1 | 15:40.965

Well, and that’s your, my point is, is who do you know? Who can you trust? You know, how do I know that McAfee? I mean, I look at McAfee on my PCs right now. When they come in, everybody seems to put them in as a default protection. I don’t know anything about McAfee. All I know is I can’t get it off half the time. It seems to always come back again.

Speaker 0 | 16:04.617

It’s like my otter. It’s my otter box or whatever that I can’t seem to get. This won’t stop recording everything in my life. It shows up to every meeting, and I’ve got to remove it.

Speaker 1 | 16:16.703

And I don’t know if you follow John McAfee. He was kind of out there. So who’s to say he wasn’t creating stuff so he could say, hey, my. my software resolves it.

Speaker 0 | 16:30.078

We have a guy we called Old Man Marley back at my Cisco startup days. And when I left a Starbucks years ago, I went to a… How I got into technology, which I knew nothing about. I thought Cisco was spelled with an S, S-Y. And this recruiter was like, don’t worry, we’ll train you. We’ll train you. Do you know what voiceover IP is? And I was like, no, I have no clue. He’s like, don’t worry, they’ll train you. They’ll train you. Just show up in a suit and tie. So I started at this Cisco startup, you know, years ago and everyone in my family was like, don’t do it. It’s a fishing net approach. You know, they hire everybody. No one makes it. And then like I got in and I was like, oh, it’s true. It’s so true. And I was like, but I have to be the one that makes it because I actually am married and have kids and need to put food in it. Somehow I made it. But it’s another, another story. But so we used to have to go around and we were selling these Cisco iAd, these 2800 series iAds with back. you know that where we were like you know sip trunking is this new thing and it’s called dynamic allocation and you know it’s great because you know when you’re not on the phone you can use that bandwidth you know it’s like anyways i i come into this this massive business um campus these huge buildings right one of them’s this big pharmaceutical manufacturing business another huge massive building next door and i walk into this building it’s empty multiple floors just empty except for one cubicle. There’s one cubicle sitting in this dark building in the corner. And as I look on the wall across the entire, like a football field, like imagine like an empty, dark, massive, you know, office building. It’s empty. It’s gutted. There’s one cubicle, a bunch of servers in the back, one old man sitting in this cubicle. And there’s across the entire, like a ticker tape, like just a strip of… paper all in colors across the entire football field inside of this building across the top is the entire human genome the entire i know exactly right i’m like uh so like hey you know they said hit every door every floor you want to talk to these guys like hey man you need uh you need internet you know and he’s like yes sit down and uh and like i must have had a two-hour conversation with this guy which i was totally not supposed to do and he’s like we do We do need internet. You see these servers here? We’re running what’s called the Elder Dollar. The Elder Dollar. It was the first, I mean, it was a cryptocurrency. I’m telling you, this is like 20 years ago. This is 20 years ago. This guy had invented some kind of cryptocurrency he called the Elder Dollar. He’s like, look, every time you flush your toilet, I make one-tenth of a penny. he’s like i i invented their like the conveyor belt whatever this guy i cannot remember his name though he sat on the atomic bomb like the atomic uh committee was you know he like he knew had known einstein he was like there and when i got back to that someone like oh you met with old man marley like yeah they didn’t like you know the elder dollar and we’re like yeah he got you too but he was talking about like how he was gonna like you know solve world peace but it had to be done with we had to focus on this this cryptocurrency and it had to focus on it had to tap into some bit of of every human’s vice and he’s like we can’t use We can’t use sex because that’s going to spread disease. But, you know, gambling we could use and we could use, we can have these servers offshore and we’re going to create, you know, this like utopia. It was totally wild. But when I think back about it, I don’t even know how we got on this subject now. When you think back about it, you were, I think it was like behind the scenes and, you know, McAfee and stuff and, you know, what’s, you know, what, what could really be. And, you know. And then, you know, cryptocurrency, and this guy was way ahead of his time, and he had all these massive servers in the back. It was totally wild.

Speaker 1 | 20:34.717

It was,

Speaker 0 | 20:34.978

I don’t want to go with this, but that’s what.

Speaker 1 | 20:38.240

Yeah, I’m sure there’s a lot of those going on now. I remember, you know, I remember seeing, I went up to Illinois Champaign to see the first go of Mosaic before they released it for the browser. And thinking, wow, this is wild. I’m going to be able to do this.

Speaker 0 | 21:00.500

i think everything was like in the early days it was just wild wild west when you’re yeah i was you know oh man the let’s go back in time for a minute we haven’t done this in a while what was your first computer how did you get started out in technology how’d you end up where where you know where you where you are because i don’t you know it But it still amazes me, and I say this probably on every show or every other show that we do, it still amazes me that we were alive before computers, pretty much. I don’t think you can count the lunar lander as a computer, but anyways,

Speaker 1 | 21:38.500

that’s another subject. Yeah, my first computer was an IBM PC Junior with the side card on it. Let’s look this up.

Speaker 0 | 21:47.648

This is good because almost everybody on the show says, like, Apple to E most people say Commodore. Most people are Vick 20 or whatever it was, but anyways, go ahead. So IBM junior,

Speaker 1 | 22:02.434

IBM PC junior,

Speaker 0 | 22:04.155

IBM PC junior, we’re Googling this right now.

Speaker 1 | 22:06.755

It had a, a side card on it. So, you know, you can have the extra imprinting, but that was my first one. My, uh, my dad was always a tech junkie. You know, he bought one of the first calculators that was, you know, 500 and it could do addition and subtraction yeah and 500 is a lot of money back then oh yeah two grand or something you know yeah i mean i mean i look back and it’s like what you know you spent that much money for a calculator that can do you

Speaker 0 | 22:39.608

know addition subtraction i think it had multiplication i’m looking at this side car on the back of the side car into the pc junior by the way and people can’t see that i’m using description here

Speaker 1 | 22:51.336

And in Google Apps,

Speaker 0 | 22:53.878

it says 512K Space PC Junior. And I would say it’s about the size of, let’s see, he’s holding it in his hand. It’s pretty big. I would say it’s about the size of a VCR. Maybe a little bit smaller. A little bit smaller.

Speaker 1 | 23:10.832

Yeah, the size is, but it wasn’t quite as thick as a VCR. Right. But yeah, you could just, you would mount it onto the PC Junior. I think it did add some additional memory.

Speaker 0 | 23:21.933

Like four giant Hershey bars. Four giant Hershey bars stacked on top of each other to the side. Slap it on the side of this thing.

Speaker 1 | 23:28.436

Slap it on the side. I remember it had, that’s why we had to buy that in order to get the dot matrix printer. Because it had the parallel port on the back of it.

Speaker 0 | 23:38.140

Very nice.

Speaker 1 | 23:38.620

You could run the dot matrix printer on it.

Speaker 0 | 23:41.521

This stuff never gets old.

Speaker 1 | 23:43.302

No, I really wish I still had that PC.

Speaker 0 | 23:46.384

everyone said i wish i had mine i wish i had my texas instruments my my bill cosby computer the um there’s a yeah that last adapter how about the isa bus adapter that looks nice i bet you didn’t have that because that one has a that one has a um looks like almost like an ethernet cable did we even have ethernet cable no we did not have ethernet there was no ethernet cable must be an rj11 that’s

Speaker 1 | 24:09.793

being probably yeah because it probably had the mo i think there was a modem that you could buy for it also So I don’t know what the modem was going into. Well, actually, I do.

Speaker 0 | 24:20.815

Messaging had to be some local messaging system.

Speaker 1 | 24:24.658

No, actually.

Speaker 0 | 24:25.679

That was never cool enough for.

Speaker 1 | 24:27.240

Yeah. Well, we got the modem because the company my dad was working with worked with Walmart. And Walmart had put their started doing their inventory on computers. And he had to log into their system in order to pull data down. So, and I think that was why he had the modem on the PC jr.

Speaker 0 | 24:49.701

This thing actually had some games, had some legit, like, uh, like, uh, let’s see, uh, four colors. You had two different types of video, 16 colors or four colors. Uh, I don’t know what that means from a technical standpoint. You’d probably know better than me.

Speaker 1 | 25:03.935

I had nice green characters running around and actually I had white characters running around too. So.

Speaker 0 | 25:09.444

They had chess, it looks like. Yes.

Speaker 1 | 25:14.047

I’m trying to remember what the one I had. It was a mine thing. They had people running around, and you’d press the down, and it would dig a hole, so something chasing you would fall in the hole.

Speaker 0 | 25:25.215

Dig Dug?

Speaker 1 | 25:26.856

It wasn’t Dig Dug. That was my first time, but it wasn’t Dig Dug. It was like a Minesweeper type thing, but it’s not the Microsoft Minesweeper. I remember as a young kid playing that.

Speaker 0 | 25:39.998

So you came from a family of tech junkies. What did your dad do?

Speaker 1 | 25:44.841

He was actually a sales manager. So he was in sales.

Speaker 0 | 25:49.324

But he was a tech junkie.

Speaker 1 | 25:50.765

He was a tech junkie, yes. But he didn’t do anything tech-related other than he was the one that, like I said, when they were working with Walmart, he worked with them to get his system connected. So he could…

Speaker 0 | 26:06.144

Was he like a motivational dad? Was he like a motivational dad? Or like, you know, what was like being the son of a sales guy?

Speaker 1 | 26:12.648

Yeah, he was. The only problem is, is he was out all the time.

Speaker 0 | 26:18.172

He had to travel back then.

Speaker 1 | 26:19.874

Yep. He traveled Monday through Friday. So, you know, it would just be the weekends pretty much that you’d get to see him. And, you know, depending on what sport I was playing and what my sister was doing. And, you know, it’s… He didn’t have a whole lot of time to go through that, but he would always, when he was in the office, oh, come here and take a look at this. And, you know, I’d go play on the computer for a while and, you know, had to make sure, you know, back then you could play on the computer and you didn’t have to worry about a whole lot. You could delete files, but, you know, you had to know how to.

Speaker 0 | 26:55.323

You could forget to click save. That was it. You could forget to save things.

Speaker 1 | 27:00.967

Yeah. There wasn’t any issue of if I’m on there surfing a different site that I could download something onto his PC. I mean, there was nothing.

Speaker 0 | 27:08.335

No one cared. No one cared. And I still am blown away by the fact that email back in the day, you could look up like in the global address book.

Speaker 1 | 27:19.387

Yeah.

Speaker 0 | 27:19.988

Anybody. Yeah. Can’t do that today. Can’t just search. Can’t just search Johnny Mullen. Johnny Mullen. Where’s Johnny Mullen at? Oh, these days. Oh, he’s over here in Minneapolis. And here’s his email. Let’s give him an email. Let’s see if this is the Johnny Mullen. Yeah, you know, can’t do that anymore. Now you can do it on LinkedIn, though. You can do it on LinkedIn, and then you can ransomware them. That’s how we do it.

Speaker 1 | 27:45.552

Yeah.

Speaker 0 | 27:45.732

It’s not too far from the same way. Anyways.

Speaker 1 | 27:49.834

And that’s the big thing is, you know, being when. computers first came out, you know, we didn’t worry about security back then. You know, there was nothing you had to worry about. My first job when I got into working on the networks and had to install fiber. And I’ll never forget that the government came in and said, well, we need somebody every six feet watching the fiber cable to make sure somebody doesn’t break into it. And I’m like, what? I have this ring throughout the building. They quickly came back and said, oh, no, you don’t.

Speaker 0 | 28:28.740

While it was being installed or literally every or 24-7?

Speaker 1 | 28:33.984

Initially, they said literally. I had somebody, I needed to have somebody watching every six feet of the fiber.

Speaker 0 | 28:40.828

For a packet sniffer? Like someone was going to put a packet sniffer on or something?

Speaker 1 | 28:43.871

For anything. Yeah, it was, you know, really for anything. And at the time, you know, fiber was fairly new and people didn’t know. what it was going to take and the way we got around it, this is telling you how easy it was back then is you put it just into, you know, a plastic conduit. When we did that, it was like, okay, it’s fine. And I’m thinking it’s easier for me to get into that plastic conduit than it is to get into the fiber.

Speaker 0 | 29:09.643

All right.

Speaker 1 | 29:09.903

Steel. So, but you know, but you never worry about it.

Speaker 0 | 29:16.146

That’s a good point. It is easier to get into conduit than it is to then, then to get into the fiber. And then

Speaker 1 | 29:21.108

the fiber is delicate it breaks yes well you have to know which you know fiber you want to get into and then you gotta you know splice them together and so yeah splicing fiber is not easy and then you know you gotta have this special kit then uh yeah

Speaker 0 | 29:38.317

it’s not it’s not an easy thing at all so fast fast forward to today which is wasn’t that wasn’t that many years it’s amazing how fast we’ve come what the what For what’s your biggest, I guess, I don’t know, a single biggest frustration, problem, concern when it comes to, you know, IT leadership in general? And how do we overcome that?

Speaker 1 | 30:03.373

Again, it kind of gets back to the company looking as IT as a cost center. You know, they come in and, you know, they don’t want to talk to me unless they have some special project or something’s broken. And when I come in, especially for the security, we’re trying to, working with the government, we’re going to have to become CMMC certified, which is the cybersecurity maturity model that’s getting ready to come out probably next year. And in order to bid on government contracts or DOD contracts, you have to be CMNC certified. Well, there’s a lot involved with that. And the cost right now is extremely high. And trying to justify those costs to the executives where, you know, I may have a million dollar contract with the DOD, but it’s going to cost me $200,000 to put in the security requirements. How can you justify that?

Speaker 0 | 31:06.064

Once you put it in, is it one and done or is it every single contract?

Speaker 1 | 31:10.627

Every single contract. Well, it’s one and done. It meets all the contracts once you have it in there, once you have a CMMC.

Speaker 0 | 31:18.091

Can you spell that out? Because I’m just, I’m a little ignorant.

Speaker 1 | 31:21.033

Yeah.

Speaker 0 | 31:22.213

Go ahead.

Speaker 1 | 31:23.114

It’s cybersecurity. So that’s the C. Yep. Maturity.

Speaker 0 | 31:28.016

Yep.

Speaker 1 | 31:28.777

Model certificate. So CMMC.

Speaker 0 | 31:33.119

Got it.

Speaker 1 | 31:35.112

And really, that’s

Speaker 0 | 31:36.634

I lived down in Virginia and around D.C. and around the Beltway for a long time. So I’ve seen crazy stuff and I’ve seen a lot of government contracts and a lot of eight, eight, you know, eight, a Alaskan tribal native, you know, get around different contracts that way. I know a lot about how it works. And then I eventually decided I don’t want to deal with any government contracting whatsoever at all. So I guess. Good for you guys.

Speaker 1 | 32:06.637

Well, like I said,

Speaker 0 | 32:08.798

you need to know a lot. There’s a lot of paper pushing. There’s I mean, I remember walking into like a whole building of lawyers. Like you’ll see huge buildings of just lawyers in D.C. And you go in and I remember there was like a whole like just like a couple lawyers in an office, a massive office empty with all these chairs and seats and everything. We’re like, what are you doing? Well, once Obama passes this particular law or something. We got to be ready for this. And then we’re going to bring all these people in. We’re going to make phone calls and phone calls and phone calls and phone calls. And we’re going to make all this money.

Speaker 1 | 32:38.674

Yep.

Speaker 0 | 32:39.814

From one law. From one law. We’ll employ thousands of people. And I was like, this is how it works, I guess. This is where all our money goes. Hmm.

Speaker 1 | 32:49.218

Yeah. The government’s oversight on that. Now, you know, I will caveat that this is a good thing for them to do.

Speaker 0 | 32:56.641

No, no. I’m not saying this particular situation, you know,

Speaker 1 | 33:00.082

but asterix,

Speaker 0 | 33:01.223

asterix, asterix. But no. This is not CMMC. I’m not saying this. Absolutely.

Speaker 1 | 33:07.666

It’s just that the cost of it, you know, by having everybody have to do this as a government or a DOD contract. I think they said there’s like 70 to 80,000 defense industry base for selling to the government. And they’re looking at maybe losing as much as half of that defense industry base. because they will not be able to meet the CMMC certification. When I first started talking about it, I mean, they were, I was getting quotes for an auditor to come in anywhere from $200,000 to $500,000.

Speaker 0 | 33:47.962

This is really good because, I mean, this is a really good subject. And the reason why it’s such a good subject is because there’s this, there’s this, no, IT doesn’t make the company money. Right. There’s this perception that IT cannot make the company money. We’re a cost center. We can save the company money. We can make the company more efficient, but we never really are the sales guys. We don’t increase sales. We don’t create products. We’re not R&D. We’re not this. No, in this particular case, if IT can find a way to do this faster, better than everybody else, it opens up a whole new stream of revenue, so to speak.

Speaker 1 | 34:29.864

Well, and this has for us, because as I mentioned, the government’s coming to us because we’re U.S. based. And there’s a big push that they want to bring all this stuff back in, whether it’s I.T. or anything else. They’re trying to bring back into the from China to the United States.

Speaker 0 | 34:49.529

And if Trump comes back, you guys are golden. And I am not a political guy. This is not a political statement. And I don’t even vote. Everyone can beat me up for that one. But yeah, having everything. Yeah, it’s a big deal.

Speaker 1 | 35:07.851

And having the security and getting this certificate is just going to open you up to possibly a lot more contracts. Because let’s say there’s two of us that build secure servers. We have the certificate. The other company does not. Well, the government is going to say, we want the certificate. So all of a sudden, you know. our sales are going to increase because the other company can no longer meet that certification.

Speaker 0 | 35:38.615

Yeah. Because we’re the only, because we’re the only ones, right. And the very few,

Speaker 1 | 35:43.399

one very few for it.

Speaker 0 | 35:44.840

Yeah. We need to do a CMMC. We need to do a CMMC spotlight. So anyone out there that wants to come charge people, ridiculous amounts of money, 200,000 to $500,000 to see MMMC certified people. You can reach out to Phil Howard at dissecting popular it nerds. yeah we’re gonna charge you a hundred thousand dollars just to be anyways no i i think that the prices have gone down i think they realize that you know they threw out a massive ridiculous number at first like let’s see if they bite okay oh don’t worry we’ll cut it in half no no today only if you sign before the end of the year uh it’s 50 off well

Speaker 1 | 36:21.657

you know a lot of this came out because you know if you do that to you know a lucky martin a boeing any of the major primes you Okay, that’s not a lot of money to them because they’re multi-billion dollar companies. But if you try doing that to a company that makes a particular widget for a plane and they’re the only ones that can do it, and it’s a mom and pop shop with two employees, their contract is for $200,000 a year. They can’t afford $200,000 for an audit.

Speaker 0 | 36:51.238

It’s such a real thing. That’s such a real thing. There’s the government looking to buy. They need six of these things. One company makes it. It’s a particular type of swab that cleans a lens on a machine that the government needs. So they’re only going to buy it once. So they might as well buy 200,000 of them. And then we need a special contract vehicle to sell this to the government. It’s crazy. It’s an insane system. It’s completely wild. And if you don’t know that world, you don’t know that world. But if you do know that world, you know that world. And there’s whole groups of people that just sit around making that little contract vehicle happen to the government. And they’re just waiting to take what someone’s trash is someone else’s treasure type of thing, like these little small contracts that are only $200,000 that fall off the table.

Speaker 1 | 37:40.696

Yeah. It’s amazing. I started my career working with a defense industry, so I knew about that. And then I got out of that, and I thought, okay, I no longer have to read those. 100-page documents that make absolutely no sense to me.

Speaker 0 | 37:56.381

100 pages small. 100 pages small. If you looked at some of the old NASA documents, I think there are like 20,000 pages.

Speaker 1 | 38:05.284

Yeah.

Speaker 0 | 38:05.945

Insane, like insane, you know, RFPs and stuff like that. Responses to RFPs.

Speaker 1 | 38:11.807

Well, just working towards this certification right now, I think I’ve got like 20 documents that are all referenced. And I always talk to my boss about it saying… Eventually, I’m going to end up back to the same one because they always tend to reference each other. And so it’s like a circle. I start with this one and it references this. And then I go all the way back to the end and it references the initial document. But there’s always.

Speaker 0 | 38:38.520

You just made me think of a chat GPT request. I wonder. I wonder. Let’s just go try this out while we’re on the show. Can you write me a. I don’t know. A hundred page. RFP response by any chance? Is it even possible? Let’s see here. Your bots. We’re going to go to… What bot should we use? Should we use ChatGPT4? Should we use Claude? Let’s use Claude2. Nope. They’re going to try and charge me. Never mind.

Speaker 1 | 39:13.029

ChatGPT.

Speaker 0 | 39:14.070

Let’s do instant 100,000. Let’s do the old version of Claude, which I think Amazon just invested like… five billion in or something um can you write me and we’re gonna say for dod it’s probably gonna be like no right an rfp response for a dod contract let’s just start with that let’s just see what it says here’s a draft rft response you could use as a starting point for a dod contract dear sir madam Response to RFP for insert project or contract details. Thank you for the opportunity to submit a proposal to our proposed solution and management approach is as follow. Technical approach. Provide one to two paragraphs outlining your technical solution and how it meets. Okay. Management approach. Outline your project management. This is not that bad. Key personnel. Include names, roles, bios of key team members who will work. Past performance. Provide two to three examples of relevant past projects or similar scope, including details of customer. So then we will just take that. We’ll tell you, okay, can you give me two to three examples? Relative scope. We’ll put that in the chat. You’d be pricing. Provider all-inclusive. Not too bad. I’m surprised it even said yes.

Speaker 1 | 40:22.695

I wonder if you start putting in all the clauses that that’ll just ramp it up.

Speaker 0 | 40:26.437

You want to give me examples? I can move on. You want me to throw something in there?

Speaker 1 | 40:31.461

You can add.

Speaker 0 | 40:33.122

Let’s see.

Speaker 1 | 40:34.683

Let’s start with the main one, the NIST. Well, actually, yeah, NIST 800-171. N-I-S-T? N-I-S-T.

Speaker 0 | 40:42.228

Uh-huh. Can you, what do I want to say? Can you add in?

Speaker 1 | 40:48.853

Just say it has to meet. It has to meet NIST 800-171 security requirement.

Speaker 0 | 40:53.828

NIST 800-171 security. Anyone that trusts this, but this just goes to show you how we can, I don’t know, maybe hack the system. I don’t know. Requirements. Can you add in NIST 800-171 security requirements and provide an initial 10 bullet points that must be met? It must be. be met and make stuff up here. Here’s an updated RP response template with an added section addressing the NIST SP 800-171 security requirements. Access control, awareness and training, audit and accountability, configuration management, identification authentication, incident response, maintenance, media protection, physical protection, risk assessment.

Speaker 1 | 41:41.236

That’s it. Yep.

Speaker 0 | 41:42.676

Boom. Briefly describe your process and controls for meeting each of the 10 requirements. Yep.

Speaker 1 | 41:48.118

And there’s a total of about 300 out of those 10 domains. There’s about 300 responses that you have to do.

Speaker 0 | 41:57.244

So fun. So real fun. So again, I don’t know what this accomplished for us today, but it just made us realize that, look, oh, here’s how we’re going to tie this all together. Give me the… Give me the estimated time it will take to put all this together and how, this is the key, how I can ask executive management. That’s how we really do everything over here at DebtSec. Yeah. Paper, writing, nerds. And how I can ask executive management for more money.

Speaker 1 | 42:45.021

Money. Yep.

Speaker 0 | 42:46.979

We’re just going to be blatant about this. Blatant. Initial review of RFP requirements, two to four hours. Developing technical solutions and details, eight to 16 hours. This is vastly under. Can you multiply? Writing management and staffing plans, eight to 16 hours. Developing pricing model, four to eight hours. Gathering and preparing past performance examples, eight to 16 hours. Total estimated time, four to 80 hours. Yeah, right. In terms of existing executive management for additional funding to supporting proposed responses. Okay. Set up a meeting to brief leadership on the opportunity in your initial assessment that represents significant potential revenue growth. I like that. Revenue growth, which you already mentioned earlier. Quantify the contract value and margins if awarded to demonstrate potential impact on financials. Absolutely. Emphasize the heightened competition level and importance of a polished, comprehensive submission. Right. Look, we don’t get this right. We’re never going to get these contracts. Present a detailed budget outlining additional costs for security validations, custom solution development, supplemental staff and consultants. Nice. Highlight risks of an under. We look, we have just taken every IT director out there that didn’t even think about how to convince executive management that IT has something important. And we have told them, just go to Claude 100 K. Don’t even.

Speaker 1 | 44:10.678

pay don’t even pay for the additional piece and boom you’re now the cto yeah that’s and like i said i’ve got it easy on my side right now uh because we do the secure servers that my executives all understand the security and why it’s needed uh you know yes this again this is in an environment where they’re bought in yeah but for those like i said i’ve worked for others that you All they looked at is the expense. And yes, I am protecting you, but I haven’t had any problems. So why do I need to give you this money? And the theory was, and this actually wasn’t a theory, it was proven out. We got hit with the virus. I got money to finally get endpoint protection. Got hit by ransom. I finally got something to start protecting for ransomware. But it was a battle. And the only way I could get it is when something went down. As an IT manager, that wasn’t the way I wanted to work.

Speaker 0 | 45:17.458

I have a little department inside Dissecting Popular IT Nerds. It is like, hire me to hack your executive management so that they’ll approve your security budget.

Speaker 1 | 45:25.810

Yeah. I just, you know, please hack us, please. Well, and the other thing is when we got hacked, what was it? I was four 20 hour days. Now

Speaker 0 | 45:41.274

I can tell you, I’m so sorry. I’m so,

Speaker 1 | 45:43.174

I can tell you, I was burned out after that.

Speaker 0 | 45:46.775

And yeah,

Speaker 1 | 45:48.596

and this was one of these that all I would get from the executive management was, have you got a fix yet? Yeah. And I’d get that like every eight hours or something. And I’m like, I’m working as fast as I can. There’s me. I’m trying to do this recovery. And truthfully,

Speaker 0 | 46:06.455

it’s an unforgiving job.

Speaker 1 | 46:08.276

Yeah. There’s not a lot you can do, especially for like ransomware. You know, you end up getting the response team involved. And so a lot of it is sitting there waiting for them to negotiate with the ransomware company or bringing down a backup. You know that. Everybody talks about, well, I’ve got the backup up there. Well, if you’ve got a lot of data, it takes a lot of time to recover those. And, you know, they don’t put into the, you know, the executives don’t look at that. I don’t think of the time that we put in behind the scenes that the executive management doesn’t see.

Speaker 0 | 46:45.861

It’s, yeah, that’s the problem. That’s the real problem. And no one solved that yet. No one solved the how do we make security, the job of security be the job that everyone thanks us for when nothing goes wrong. And when everything goes wrong and we just barely save the company and bring us back online, they say, excellent job. Yeah. That’s it.

Speaker 1 | 47:16.309

That’s like. If you get that, you’re not working in IT.

Speaker 0 | 47:20.173

I am. Yeah. I mean, so it’s really what we need to do is just turn up a support group. And I think they are probably already, everyone already has the, I don’t know, go on Reddit and, you know, go to the gripe section. You know what I mean? Like the, the, the, you know, it’s the, it’s the, that, that I put the stick over my back with like the old handkerchief and, and, um, like sandwich in it. And I walked out the door and I now live off the grid in a, what is it? A yurt. Is that what they call those things? Yep. A yurt somewhere with a, with, you know, some, the, the solar panels on the roof and a wood stove. And you, I, you know, you don’t even know who I am anymore. Like,

Speaker 1 | 48:07.486

yeah,

Speaker 0 | 48:07.667

I just changed my name.

Speaker 1 | 48:09.428

I mean, it’s, you know, things have changed and changed so quickly. You know, I’ve gone to where my biggest concern was that somebody called me and said that their coffee holder was broken.

Speaker 0 | 48:21.656

Oh, yeah. Yeah. That’s the joke over here. How many tickets did we get? Congratulations. And I have a cartoon going up in the book that’s coming out very soon. I’ve got it right here. I’ve finished finally all the little annoying edits. Now, one of the cartoons in the book is congratulations, IT department. The hand dryer tickets are down by 13% this year.

Speaker 1 | 48:42.865

Yeah. Well, this one, and I don’t know if you were experiencing what the coffee holder was.

Speaker 0 | 48:50.270

Yeah, are you talking about the electronic coffee holder? I’m assuming that’s what you’re talking about. No. USB or something?

Speaker 1 | 48:58.115

No, this was literally when CDs first came out. Uh-huh. And when it was a CD holder, it had a coffee cup perfectly. Ah,

Speaker 0 | 49:08.883

yeah.

Speaker 1 | 49:09.203

And people originally thought that’s what it was.

Speaker 0 | 49:12.265

Shut up. I know that was like a joke,

Speaker 1 | 49:14.967

but I actually, I had, I think it was probably, I mean, it was under five. It was like probably two or three of them that I had that. And literally you go in there and they put the coffee on it and it bent it. So the drawer wouldn’t go back in and that’s what was broken. But I’ve had some of those that people talk about as jokes. They didn’t start out as a joke. Yeah. I really wish that nowadays with the security as it was, I could say it was a joke, but it’s just gotten a whole lot more, you know, a lot more things that we have to protect against.

Speaker 0 | 49:50.135

I actually cried a little bit. I actually dry some tears.

Speaker 1 | 49:55.598

Yeah. Yeah. I’ve had fun.

Speaker 0 | 49:58.239

I’ve had fun with other people’s experiences, other people’s whatever. I don’t know all that. Yes.

Speaker 1 | 50:03.522

Yeah. Well, another one was I remember having my uncle calling me once about his speakers not working on his computer. And I’m sitting there trying to troubleshoot and help them to figure out what it was and couldn’t get it to work. So I told him he was going to have to contact the provider, which in this case was Gateway. I don’t know if you remember Gateway computer.

Speaker 0 | 50:22.646

Of course I do. Gateway was my first Pentium.

Speaker 1 | 50:26.358

Was it? Yeah. Yeah. That came in,

Speaker 0 | 50:28.239

that came in before that. Yeah.

Speaker 1 | 50:31.200

Yeah.

Speaker 0 | 50:31.541

Before that. Yeah. My, I built it from some weird, you know, the, the computer that I had before that, I don’t even know what the brand was because we ordered it from, you know, whatever PC magazine and built it together with some random thing. It was,

Speaker 1 | 50:43.468

well, he, he called me about a week later and said, they found out what the problem was. It was an issue with the mouse. And I’m like, how did the mouse affect the speaker? And he’s like, oh, not the computer mouse. There was an actual mouse in the speaker.

Speaker 0 | 50:58.240

Oh,

Speaker 1 | 50:58.600

man. So I told him, I’m like, that’s what happens when you buy a computer from a company that builds them out of barns.

Speaker 0 | 51:04.303

Yeah. I mean, that’s another real thing is like other people that have opened up computers and they’re like filled with, you know, like.

Speaker 1 | 51:13.748

I’ve had that. Yeah, I’ve had that out of warehouses where computer starts acting or something smells like it’s burning. And. You go out and find a mouse nest in the computer. That’s why you always put those braces back in. When you take a card out, put the brace back in.

Speaker 0 | 51:33.754

Don’t let them crawl through. And a bar of Irish spring and a few mothballs. Yeah.

Speaker 1 | 51:43.238

Those are the old days.

Speaker 0 | 51:44.818

This has been a pleasure. What was I going? I did have. So. What does the future hold for us? Doom and gloom and dark nights, darker nights? Or I happen, I used to be a very positive minded person, but I’m more and more, more and more, I’m thinking, no, doom and gloom.

Speaker 1 | 52:08.854

Yeah, the, I don’t see any result to help with security. I really, I really don’t because, you know, as much as we do to protect. I’ve got people on the opposite side, and a lot of times they’re a whole lot smarter than we are.

Speaker 0 | 52:27.304

It’s just easier. It’s like going to the dark side. It’s like going to the dark side. Let’s just be honest. We’re going Darth. We’re going Darth.

Speaker 1 | 52:35.287

And with all the systems.

Speaker 0 | 52:40.549

If Anakin went to the dark side, what hope is there for us?

Speaker 1 | 52:44.331

Right.

Speaker 0 | 52:45.191

It’s like,

Speaker 1 | 52:47.032

could be there. Everything’s becoming electronic. So, you know, where it used to be, I had to worry about a computer. Well, now I have to worry about a computer and a phone and, oh, the phone and the video system. Oh, well, guess what? Now my coffee pots connected to the Internet. Now I can worry about that.

Speaker 0 | 53:07.130

But my friend and I used to just drive by with the with the universal, the universal garage remote. You know how many channels he used to have? I mean, he only had to swing through so many channels. I mean, back then, that was just stupid, stupid teenagers. I mean, we weren’t even teenagers. We’re even seventh grade. Yeah, we’re teenagers. 13. Just, you know, actually, no, I had to have a driver’s license or even it was a bike or something. You could just drive by people’s houses back in the day and hack the garage door. Now it’s everything. Now it’s like, hey, let’s turn their faucet on. Let’s turn their lights off in the house. Let’s do it’s pretty, you know, I think a pacemaker has been hacked. I think there’s actual evidence that a pacemaker has been hacked.

Speaker 1 | 53:45.772

Insulin was hacked and killed somebody. We’re screwed. Insulin. It’s just, you know, we’re going so much and, you know, that doesn’t even bring into the AI, you know, who knows what’s going to happen with that.

Speaker 0 | 54:00.552

I still got to have my AI PhD friend on the phone or every time I talk to him, when I see him, he’s just like, no, we’re done, Bill. We’re done. He’s so like, you know, fake’s like, no, we need to get on the good side. We need to battle. We need to fight back. We need to make sure we’re there. We need to make sure we’re on the front lines. on the front lines you know uh python and some other stuff and you know right now these things he’s talking about do you have any idea what they can do now phil do you have any idea we need to be on the front lines we need to be the good guys look okay yeah i know nothing about that i can’t do any of that i just have i’ll have you on the show i’m gonna have him on the show make it as just gonna be the dark days we’re gonna call it the dark show the dark show so it says um Very fun. It’s been great having you on the show. Any piece of advice for anyone out there? I don’t know, as far as security pieces, or if you had one piece of advice or your one trick of the trade or something that you could give to the listeners out there that they need to do at work.

Speaker 1 | 55:01.177

Yeah, really what I would say, try to become part of the company. A lot of times they put IT in the back room. and they don’t understand what you’re going through day to day, whether you’re the IT director or your desktop support. It seems to be, you know, in the back room. And they don’t want to think about it. And you don’t hear a lot until something goes wrong. So try to get in front of the executives and let them know what you’re doing. Let them know what your problems are. So they at least have some idea that there is something going on.

Speaker 0 | 55:41.948

What’s the best way to do that? Because immediately I thought in my head, like all these creative ways we could do like a flat screen update. Hey, here’s your IT guy working in live. Live, real time. This is a real live IT guy working right now or a newsletter or something. I mean, something funny or hilarious walking around. I mean, I give out nerd glasses and stuff, walk around with nerd glasses and pocket protector. Hey, I’m the IT guy.

Speaker 1 | 56:05.803

Just watch till you walk. Show somebody on the screen walking in the server room and hitting the power button off.

Speaker 0 | 56:14.369

Send out memes.

Speaker 1 | 56:15.209

And then bring it back up. Yes.

Speaker 0 | 56:16.951

Yeah,

Speaker 1 | 56:17.211

do that. But no, I try to meet with my boss, who’s the COO, and, you know, kind of give him an idea of what’s going on. Because otherwise, you know, he sits up there and his computer works and he’s doing what needs to be done. You know, he doesn’t know what’s going on.

Speaker 0 | 56:34.472

By the way, did you know if we get this certification, we can make this much more money? Hey, by the way, did you know if we do this, we could save this much money? Did you know we could do this? Just speaking dollars and cents. You could have, I don’t know, you can go to the Hamptons for an extra day this year.

Speaker 1 | 56:47.199

Yeah. So there’s a lot you can do, but you can’t do it sitting in the back room. You’ve got to bring it to the attention of people. You know, most of the time you get stuff you get from users. Thank you. But the executives don’t know what’s going on.

Speaker 0 | 57:03.288

Exactly. Johnny Mullen, everyone. Johnny Mullen, thank you so much for being on Dissecting Popular IT Nerds.

Speaker 1 | 57:09.774

Thank you very much. I appreciate it.

243- Decrypting Cybersecurity and DOD Contracts with JohnE Mullin

Speaker 0 | 00:08.523

Welcome everyone back to Dissecting Popular IT Nerds Today, talking with John. Johnny? I mean, not Johnny. Johnny!

Speaker 1 | 00:15.910

It’s Johnny.

Speaker 0 | 00:17.852

I like Johnny. Is that how we really spell it too? Johnny like that? Because that’s unique.

Speaker 1 | 00:22.596

That is correct.

Speaker 0 | 00:23.936

Johnny, it’s Johnny because my brother’s also Johnny, but with a Y, but you’re John E with the E. Mullen, Director of Information Technology at Trenton Systems, which makes, we make boxes of stuff with wires in it and things like that.

Speaker 1 | 00:36.680

Yeah, we make secure servers and we provide it both for commercial and military. We’ve been working with the military probably the last three, four years now. We’ve really been involved with them. Because we’re one of the only companies that makes everything U.S. based. We make our boards, our BIOS, our boxes, and everything are U.S. based.

Speaker 0 | 01:00.177

That’s cool. And we didn’t finish the Johnny comment, but I mean, the fact that we’ve got secure and server in the same sentence or line, I guess, is fascinating to me. Are we talking like off the grid type stuff? I mean, you know.

Speaker 1 | 01:19.668

Some of us off the grid.

Speaker 0 | 01:21.609

A lot of the military guys I work with, there has to be complete off-the-grid type of computer enclosed. There is no WAN, so to speak, even though there is a WAN. It’s just not connected to the internet.

Speaker 1 | 01:32.096

Yeah, most of ours is WAN. We don’t do a lot of the stuff that’s off right now. Those are some of the projects we may be looking at down the line as we get more and more involved with the DoD. But it’s a growing industry. Like I said, since we’re… 100% U.S. based, we’ve had the government come to us and said, hey, we didn’t realize we had a company like this in Lawrenceville, Georgia, that can make these things for us. And they’ve been really pushing us and we partner with Intel and they’ve been helping us get in front of a lot of the primes that are looking for these things.

Speaker 0 | 02:11.858

Excellent. So we should be a U.S. and then now. if we just sell these overseas as well, we’ll be a 100% US-based server maker selling equipment too. We flip the script.

Speaker 1 | 02:24.690

That is correct, yes.

Speaker 0 | 02:26.711

We can flip the script. But what we were talking about prior to getting on is the typical thing that we all have in common in IT leadership, which is trying to do a lot with a little and still… move the company forward as a, as a business force. And what I, what I really love is that you have something that maybe a lot of people really, really, um, I don’t know, would be enamored of or want, which is an executive branch of people that is really open to talking about security and, and, and potentially investing in security.

Speaker 1 | 03:10.863

Yes. It’s, um, That was one of the reasons I started here at Trenton is I’ve worked for companies that from face value, they say, yeah, we want to be secure, but then they provide absolutely nothing. And, you know, you say this is going to cost you some money and they’re like, well, we haven’t been attacked, so we’re not going to do anything.

Speaker 0 | 03:31.137

It’s just a matter of it’s not a matter of if it’s a matter of when and how bad it’s going to be. What do you think is one of the areas that people should be investing in, but they’re not? Like where are they skimping on, I guess, so to speak?

Speaker 1 | 03:45.361

Well, a lot of it in terms of security is people. And one of the things that we really did here is we kind of focused on the people in terms of training. People don’t realize that things are happening all the time. And it’s just this simple email message that comes in that can affect the whole company as a whole. And we’ve been doing a lot of training. When I started here. Clicking on phishing attempts was about 30% of the company. We’ve pushed through training. And actually, for the last six months, I’ve been at 0%. So it felt really good. And with phishing attempts being about 80% of the attacks, right there, just by doing training, we’ve cut down 80% of the field that we can have to defend.

Speaker 0 | 04:37.349

I don’t feel like we talk about phishing enough. I mean, I know we do. It just seems like a… it’s um we’re always talking about pen testing and different things and just fishing’s like yeah that’s the obvious stuff but it really is always the people what was the number one fishing attack uh just so we can just tell people like hey and the number one thing was like they’re just trying to get our w-2s or you’re trying to get a you know whatever yeah

Speaker 1 | 04:58.804

they they go out and really what i’m seeing right now is the use of linkedin is they go out to a company and they find out who the CEO is. Most people will have their company email addresses as the email address to use. Well, now they have an idea of what the format is for emails. If you come in on LinkedIn and four people out of the company are last name, first initial.

Speaker 0 | 05:30.289

We know we can just use that and email the president. Yeah.

Speaker 1 | 05:33.790

Yeah. And, you know, the number one thing that I see all the time is things that look like they come from our CEO going to employees saying, hey, I need you to send me cards. You know, I don’t know how much, how often he uses all these Apple cards he requests. I block probably three a day coming in to somebody saying, hey, I’m in a meeting right now. Can you send me? $50 or $100 worth of Apple cards. And so it’s amazing.

Speaker 0 | 06:10.471

So what do they think is they’re being used for like tchotchkes or something or like giveaways? I mean, like, why would, you know, I mean.

Speaker 1 | 06:17.357

That’s usually what most people think is, oh, they’ve got, you know, a customer and they just want to give the customer a $50 gift certificate for coming into the building and watching it. And, you know, you think of it as. Who’s going to fall for that?

Speaker 0 | 06:34.554

You know, that’s pretty obvious. Yeah, from our standpoint, you could pull it off. I mean, I think you could pull it off if you’re like, hey, look, we’re running a sales contest. We’re trying to give away $10, $50 Amazon gift cards for any of our vendors that bring in 10 more secure-based server boxes this month or something. I don’t know, whatever it is. You know what I mean? Like, yeah. And we need those right away because I need to send them to our top five partners or something like that.

Speaker 1 | 07:02.846

And most of the time you think, oh yeah, this isn’t right. But if you’re busy and all of a sudden you look up and there’s a message from the CEO saying, hey, I need this. And you’re not really paying attention to what’s being said and think about, hey, would he really be asking me this?

Speaker 0 | 07:22.002

Okay, so this is like low life thieves. These are like little small time things. What are some of the worst ones that you’ve seen?

Speaker 1 | 07:31.466

Well, I remember early in my career getting the I love you virus.

Speaker 0 | 07:37.468

That was famous.

Speaker 1 | 07:38.308

That was famous. And that was.

Speaker 0 | 07:41.050

You should tell the story. What was that again? What was that again? That was super famous.

Speaker 1 | 07:45.631

Yeah, it basically was kind of a worm. But what would happen is an email would come in and it would say, I love you. And it would have a little attachment and people would click on it thinking, oh, I’m getting, you know, somebody. Well, then what would happen is it would go through your contact list and send that I love you message to everybody in your contact list. And so it just grew and grew. And I remember when I walked in that day, you know, I’m sitting there and I’m looking at my email and all of a sudden I go from no emails to about 1500. I’m like, wait a minute. What happened? Yeah. And everybody says they love me. You know. As an IT director, I don’t get that very often. So it’s like, oh, well, that’s nice. But yeah, that was a big one, you know, early in my career. And they’ve gone now just to, you know, ransomware is probably number one. And I’ve, at this side, I haven’t been hit by it, but with other companies, I have been. And the way they’re doing it now, you know, used to be ransomware. They’d come in, they’d encrypt your data. That wouldn’t be yet. You’d have to pay to get it unencrypted. If you had the good backups, you may be able to recover it without having to pay. Well, the ransomware people got smart.

Speaker 0 | 09:07.109

What’s the best backup? Just like a bare metal backup, like off-site or something? Yeah,

Speaker 1 | 09:12.511

I’ve actually used several different beams of Cronus and things like that. And what I’ve done is I do a backup both on-site and in the cloud. So that way I have coverage in both. because a lot of times with this ransomware, they’ll hit your on-site. So just having on-site is not going to protect you against ransomware on some of the new ones. So having that off-site where I can recover has helped quite a bit. We actually, with one company I work for, we got hit by ransomware. And not only did they encrypt the files, but now they also download the data beforehand. So even if you don’t… pay and you’re able to recover, they’ll say, hey, we have your data and we’re going to release it to the public unless you pay us. um,

Speaker 0 | 10:07.543

on the company and get on the company.

Speaker 1 | 10:11.125

That may be an issue. That may not be an issue.

Speaker 0 | 10:13.988

How are you going to know they’re going to, I mean, like, even if you pay them, like how, you know, yeah, I trust you’re going to erase it. Then you’re going to come back five years from, Hey, remember when we told you we’re going to erase it now.

Speaker 1 | 10:22.734

But believe it or not. And it’s funny because that that’s always the thing is how do you know? Well, ransomware is now a business and it’s a big business. And. In order to stay in business, you’ve got to do what you say you’re going to do, even if what you’re doing is illegal. Look,

Speaker 0 | 10:41.792

we know you’re a liar. Well, trust me, we’re trusted. We are a trusted ransomware business. If we say we’re going to, it’s a business.

Speaker 1 | 10:50.194

And truthfully, that’s kind of how they are. How can you believe that 100%? I have no clue. But yeah, that’s a big issue.

Speaker 0 | 11:00.957

We’re the most trusted robbers. Robert Barron.

Speaker 1 | 11:04.190

You’ll ever have. That is correct. But yeah, the last time we got with the ransomware, not only did they encrypt everything, but we were running Hyper-V. So they encrypted the virtual servers, and then they encrypted the data within the virtual servers. So when you get the ransomware, it says, oh, pay X amount, we’ll unencrypt it. So you pay that, they unencrypt it. you’ve spent up your virtual servers and guess what all your data on the virtual servers itself has been encrypted and now they come back and says oh well you just paid us to unencrypt your servers now you have to pay us to unencrypt your data uh so it was it was a wild scam so uh and now my understanding is they’re even reaching out to them yeah they’re reaching out to employees so that If you don’t pay them.

Speaker 0 | 12:02.922

And I’ll pay you to trace your salary. Listen up. I’ll pay you to trace. Go ahead. Reaching out to employees.

Speaker 1 | 12:07.967

Well, what they were doing is if the company wasn’t paying, they would call the employee and say, hey, we stole your data and we have your HR information. Your company is refusing to pay. So we’re going to release your information so that they can try getting the employees to start beating up on the companies to pay. So it’s,

Speaker 0 | 12:33.330

I wouldn’t be surprised if they were reaching out to employees to get inside jobs. Like some of these, some of these ransomware attacks, like the Caesar’s palace one, I was very, very skeptical of the Caesar’s palace. When I was like, let me get this straight. I was like, you’re a casino. I was like, your job. Number one is to steal everyone’s money. So isn’t it ironic that now someone’s stealing your money and now you’re going to, you’re going to file some insurance claim to get the money that you’ve stolen from everyone back. And then what’s going to happen? The person that stole all the money is probably going to walk back into the casino and gamble it back in the casino again because it was an inside job. Wouldn’t be surprised.

Speaker 1 | 13:13.342

Back to you.

Speaker 0 | 13:14.243

If I disappear, by the way, if I disappear and the host of Dissecting Public IT Nerds is found dead.

Speaker 1 | 13:22.466

Found dead. And you’re dead in Arizona. We know what happened.

Speaker 0 | 13:26.128

He was whacked. That’s probably. But yeah,

Speaker 1 | 13:29.009

the. The inside job is interesting because I just read an article yesterday. One of the hospital systems here locally, I guess they were hacked, I think it was about a year, year and a half ago. And it turned out it was a security company that was trying to raise business of how good they could do it. And they actually broke in and caused it and then sent the hospital systems. saying, hey, we can help you out on this. So it was a security company that actually put the virus on there and then contacted them to assist in taking it off.

Speaker 0 | 14:09.102

And how did that get found? By the other trusted security company that said, look, here’s who you can really trust. But finish that thought, and we’ll come back to trust in a moment.

Speaker 1 | 14:21.773

Yeah, I don’t know. Yeah, it is zero trust. But yeah, I don’t know how they caught him. Other than the fact that it was like perfect timing that this guy sent an email out right when they got hit saying, hey, we can help you recover from this. So I don’t know if that’s how they ended up starting tracking them that, hey, how did this person know that we were hacked within 30 minutes of happening?

Speaker 0 | 14:48.987

It’s an interesting concept. We have a security company. We’ve got all of our public facing employees. And then we’ve got our behind the scenes employees that are really just busy hacking everybody. Yeah. It’s. it’s pretty wild actually but that goes back to the like the whole like the the whole bill gates thing which again i don’t know if we’re allowed to talk about um if i if i wind up dead on the then um it comes back to that whole what was that in the 90s when did he get taken to court in the 90s and you know there’s like the whole like monopolization thing with the whole uh you know like the where he you know he owned microsoft but you know could also be making the the virus protection but creating the viruses but then also we’re gonna We’re going to make the browser at the same time. And it was just too big of a monopoly. And so he got, you know, he got attacked on that end. But you literally could do that. No one would know. The general public, 90% of the general public would have no clue.

Speaker 1 | 15:40.965

Well, and that’s your, my point is, is who do you know? Who can you trust? You know, how do I know that McAfee? I mean, I look at McAfee on my PCs right now. When they come in, everybody seems to put them in as a default protection. I don’t know anything about McAfee. All I know is I can’t get it off half the time. It seems to always come back again.

Speaker 0 | 16:04.617

It’s like my otter. It’s my otter box or whatever that I can’t seem to get. This won’t stop recording everything in my life. It shows up to every meeting, and I’ve got to remove it.

Speaker 1 | 16:16.703

And I don’t know if you follow John McAfee. He was kind of out there. So who’s to say he wasn’t creating stuff so he could say, hey, my. my software resolves it.

Speaker 0 | 16:30.078

We have a guy we called Old Man Marley back at my Cisco startup days. And when I left a Starbucks years ago, I went to a… How I got into technology, which I knew nothing about. I thought Cisco was spelled with an S, S-Y. And this recruiter was like, don’t worry, we’ll train you. We’ll train you. Do you know what voiceover IP is? And I was like, no, I have no clue. He’s like, don’t worry, they’ll train you. They’ll train you. Just show up in a suit and tie. So I started at this Cisco startup, you know, years ago and everyone in my family was like, don’t do it. It’s a fishing net approach. You know, they hire everybody. No one makes it. And then like I got in and I was like, oh, it’s true. It’s so true. And I was like, but I have to be the one that makes it because I actually am married and have kids and need to put food in it. Somehow I made it. But it’s another, another story. But so we used to have to go around and we were selling these Cisco iAd, these 2800 series iAds with back. you know that where we were like you know sip trunking is this new thing and it’s called dynamic allocation and you know it’s great because you know when you’re not on the phone you can use that bandwidth you know it’s like anyways i i come into this this massive business um campus these huge buildings right one of them’s this big pharmaceutical manufacturing business another huge massive building next door and i walk into this building it’s empty multiple floors just empty except for one cubicle. There’s one cubicle sitting in this dark building in the corner. And as I look on the wall across the entire, like a football field, like imagine like an empty, dark, massive, you know, office building. It’s empty. It’s gutted. There’s one cubicle, a bunch of servers in the back, one old man sitting in this cubicle. And there’s across the entire, like a ticker tape, like just a strip of… paper all in colors across the entire football field inside of this building across the top is the entire human genome the entire i know exactly right i’m like uh so like hey you know they said hit every door every floor you want to talk to these guys like hey man you need uh you need internet you know and he’s like yes sit down and uh and like i must have had a two-hour conversation with this guy which i was totally not supposed to do and he’s like we do We do need internet. You see these servers here? We’re running what’s called the Elder Dollar. The Elder Dollar. It was the first, I mean, it was a cryptocurrency. I’m telling you, this is like 20 years ago. This is 20 years ago. This guy had invented some kind of cryptocurrency he called the Elder Dollar. He’s like, look, every time you flush your toilet, I make one-tenth of a penny. he’s like i i invented their like the conveyor belt whatever this guy i cannot remember his name though he sat on the atomic bomb like the atomic uh committee was you know he like he knew had known einstein he was like there and when i got back to that someone like oh you met with old man marley like yeah they didn’t like you know the elder dollar and we’re like yeah he got you too but he was talking about like how he was gonna like you know solve world peace but it had to be done with we had to focus on this this cryptocurrency and it had to focus on it had to tap into some bit of of every human’s vice and he’s like we can’t use We can’t use sex because that’s going to spread disease. But, you know, gambling we could use and we could use, we can have these servers offshore and we’re going to create, you know, this like utopia. It was totally wild. But when I think back about it, I don’t even know how we got on this subject now. When you think back about it, you were, I think it was like behind the scenes and, you know, McAfee and stuff and, you know, what’s, you know, what, what could really be. And, you know. And then, you know, cryptocurrency, and this guy was way ahead of his time, and he had all these massive servers in the back. It was totally wild.

Speaker 1 | 20:34.717

It was,

Speaker 0 | 20:34.978

I don’t want to go with this, but that’s what.

Speaker 1 | 20:38.240

Yeah, I’m sure there’s a lot of those going on now. I remember, you know, I remember seeing, I went up to Illinois Champaign to see the first go of Mosaic before they released it for the browser. And thinking, wow, this is wild. I’m going to be able to do this.

Speaker 0 | 21:00.500

i think everything was like in the early days it was just wild wild west when you’re yeah i was you know oh man the let’s go back in time for a minute we haven’t done this in a while what was your first computer how did you get started out in technology how’d you end up where where you know where you where you are because i don’t you know it But it still amazes me, and I say this probably on every show or every other show that we do, it still amazes me that we were alive before computers, pretty much. I don’t think you can count the lunar lander as a computer, but anyways,

Speaker 1 | 21:38.500

that’s another subject. Yeah, my first computer was an IBM PC Junior with the side card on it. Let’s look this up.

Speaker 0 | 21:47.648

This is good because almost everybody on the show says, like, Apple to E most people say Commodore. Most people are Vick 20 or whatever it was, but anyways, go ahead. So IBM junior,

Speaker 1 | 22:02.434

IBM PC junior,

Speaker 0 | 22:04.155

IBM PC junior, we’re Googling this right now.

Speaker 1 | 22:06.755

It had a, a side card on it. So, you know, you can have the extra imprinting, but that was my first one. My, uh, my dad was always a tech junkie. You know, he bought one of the first calculators that was, you know, 500 and it could do addition and subtraction yeah and 500 is a lot of money back then oh yeah two grand or something you know yeah i mean i mean i look back and it’s like what you know you spent that much money for a calculator that can do you

Speaker 0 | 22:39.608

know addition subtraction i think it had multiplication i’m looking at this side car on the back of the side car into the pc junior by the way and people can’t see that i’m using description here

Speaker 1 | 22:51.336

And in Google Apps,

Speaker 0 | 22:53.878

it says 512K Space PC Junior. And I would say it’s about the size of, let’s see, he’s holding it in his hand. It’s pretty big. I would say it’s about the size of a VCR. Maybe a little bit smaller. A little bit smaller.

Speaker 1 | 23:10.832

Yeah, the size is, but it wasn’t quite as thick as a VCR. Right. But yeah, you could just, you would mount it onto the PC Junior. I think it did add some additional memory.

Speaker 0 | 23:21.933

Like four giant Hershey bars. Four giant Hershey bars stacked on top of each other to the side. Slap it on the side of this thing.

Speaker 1 | 23:28.436

Slap it on the side. I remember it had, that’s why we had to buy that in order to get the dot matrix printer. Because it had the parallel port on the back of it.

Speaker 0 | 23:38.140

Very nice.

Speaker 1 | 23:38.620

You could run the dot matrix printer on it.

Speaker 0 | 23:41.521

This stuff never gets old.

Speaker 1 | 23:43.302

No, I really wish I still had that PC.

Speaker 0 | 23:46.384

everyone said i wish i had mine i wish i had my texas instruments my my bill cosby computer the um there’s a yeah that last adapter how about the isa bus adapter that looks nice i bet you didn’t have that because that one has a that one has a um looks like almost like an ethernet cable did we even have ethernet cable no we did not have ethernet there was no ethernet cable must be an rj11 that’s

Speaker 1 | 24:09.793

being probably yeah because it probably had the mo i think there was a modem that you could buy for it also So I don’t know what the modem was going into. Well, actually, I do.

Speaker 0 | 24:20.815

Messaging had to be some local messaging system.

Speaker 1 | 24:24.658

No, actually.

Speaker 0 | 24:25.679

That was never cool enough for.

Speaker 1 | 24:27.240

Yeah. Well, we got the modem because the company my dad was working with worked with Walmart. And Walmart had put their started doing their inventory on computers. And he had to log into their system in order to pull data down. So, and I think that was why he had the modem on the PC jr.

Speaker 0 | 24:49.701

This thing actually had some games, had some legit, like, uh, like, uh, let’s see, uh, four colors. You had two different types of video, 16 colors or four colors. Uh, I don’t know what that means from a technical standpoint. You’d probably know better than me.

Speaker 1 | 25:03.935

I had nice green characters running around and actually I had white characters running around too. So.

Speaker 0 | 25:09.444

They had chess, it looks like. Yes.

Speaker 1 | 25:14.047

I’m trying to remember what the one I had. It was a mine thing. They had people running around, and you’d press the down, and it would dig a hole, so something chasing you would fall in the hole.

Speaker 0 | 25:25.215

Dig Dug?

Speaker 1 | 25:26.856

It wasn’t Dig Dug. That was my first time, but it wasn’t Dig Dug. It was like a Minesweeper type thing, but it’s not the Microsoft Minesweeper. I remember as a young kid playing that.

Speaker 0 | 25:39.998

So you came from a family of tech junkies. What did your dad do?

Speaker 1 | 25:44.841

He was actually a sales manager. So he was in sales.

Speaker 0 | 25:49.324

But he was a tech junkie.

Speaker 1 | 25:50.765

He was a tech junkie, yes. But he didn’t do anything tech-related other than he was the one that, like I said, when they were working with Walmart, he worked with them to get his system connected. So he could…

Speaker 0 | 26:06.144

Was he like a motivational dad? Was he like a motivational dad? Or like, you know, what was like being the son of a sales guy?

Speaker 1 | 26:12.648

Yeah, he was. The only problem is, is he was out all the time.

Speaker 0 | 26:18.172

He had to travel back then.

Speaker 1 | 26:19.874

Yep. He traveled Monday through Friday. So, you know, it would just be the weekends pretty much that you’d get to see him. And, you know, depending on what sport I was playing and what my sister was doing. And, you know, it’s… He didn’t have a whole lot of time to go through that, but he would always, when he was in the office, oh, come here and take a look at this. And, you know, I’d go play on the computer for a while and, you know, had to make sure, you know, back then you could play on the computer and you didn’t have to worry about a whole lot. You could delete files, but, you know, you had to know how to.

Speaker 0 | 26:55.323

You could forget to click save. That was it. You could forget to save things.

Speaker 1 | 27:00.967

Yeah. There wasn’t any issue of if I’m on there surfing a different site that I could download something onto his PC. I mean, there was nothing.

Speaker 0 | 27:08.335

No one cared. No one cared. And I still am blown away by the fact that email back in the day, you could look up like in the global address book.

Speaker 1 | 27:19.387

Yeah.

Speaker 0 | 27:19.988

Anybody. Yeah. Can’t do that today. Can’t just search. Can’t just search Johnny Mullen. Johnny Mullen. Where’s Johnny Mullen at? Oh, these days. Oh, he’s over here in Minneapolis. And here’s his email. Let’s give him an email. Let’s see if this is the Johnny Mullen. Yeah, you know, can’t do that anymore. Now you can do it on LinkedIn, though. You can do it on LinkedIn, and then you can ransomware them. That’s how we do it.

Speaker 1 | 27:45.552

Yeah.

Speaker 0 | 27:45.732

It’s not too far from the same way. Anyways.

Speaker 1 | 27:49.834

And that’s the big thing is, you know, being when. computers first came out, you know, we didn’t worry about security back then. You know, there was nothing you had to worry about. My first job when I got into working on the networks and had to install fiber. And I’ll never forget that the government came in and said, well, we need somebody every six feet watching the fiber cable to make sure somebody doesn’t break into it. And I’m like, what? I have this ring throughout the building. They quickly came back and said, oh, no, you don’t.

Speaker 0 | 28:28.740

While it was being installed or literally every or 24-7?

Speaker 1 | 28:33.984

Initially, they said literally. I had somebody, I needed to have somebody watching every six feet of the fiber.

Speaker 0 | 28:40.828

For a packet sniffer? Like someone was going to put a packet sniffer on or something?

Speaker 1 | 28:43.871

For anything. Yeah, it was, you know, really for anything. And at the time, you know, fiber was fairly new and people didn’t know. what it was going to take and the way we got around it, this is telling you how easy it was back then is you put it just into, you know, a plastic conduit. When we did that, it was like, okay, it’s fine. And I’m thinking it’s easier for me to get into that plastic conduit than it is to get into the fiber.

Speaker 0 | 29:09.643

All right.

Speaker 1 | 29:09.903

Steel. So, but you know, but you never worry about it.

Speaker 0 | 29:16.146

That’s a good point. It is easier to get into conduit than it is to then, then to get into the fiber. And then

Speaker 1 | 29:21.108

the fiber is delicate it breaks yes well you have to know which you know fiber you want to get into and then you gotta you know splice them together and so yeah splicing fiber is not easy and then you know you gotta have this special kit then uh yeah

Speaker 0 | 29:38.317

it’s not it’s not an easy thing at all so fast fast forward to today which is wasn’t that wasn’t that many years it’s amazing how fast we’ve come what the what For what’s your biggest, I guess, I don’t know, a single biggest frustration, problem, concern when it comes to, you know, IT leadership in general? And how do we overcome that?

Speaker 1 | 30:03.373

Again, it kind of gets back to the company looking as IT as a cost center. You know, they come in and, you know, they don’t want to talk to me unless they have some special project or something’s broken. And when I come in, especially for the security, we’re trying to, working with the government, we’re going to have to become CMMC certified, which is the cybersecurity maturity model that’s getting ready to come out probably next year. And in order to bid on government contracts or DOD contracts, you have to be CMNC certified. Well, there’s a lot involved with that. And the cost right now is extremely high. And trying to justify those costs to the executives where, you know, I may have a million dollar contract with the DOD, but it’s going to cost me $200,000 to put in the security requirements. How can you justify that?

Speaker 0 | 31:06.064

Once you put it in, is it one and done or is it every single contract?

Speaker 1 | 31:10.627

Every single contract. Well, it’s one and done. It meets all the contracts once you have it in there, once you have a CMMC.

Speaker 0 | 31:18.091

Can you spell that out? Because I’m just, I’m a little ignorant.

Speaker 1 | 31:21.033

Yeah.

Speaker 0 | 31:22.213

Go ahead.

Speaker 1 | 31:23.114

It’s cybersecurity. So that’s the C. Yep. Maturity.

Speaker 0 | 31:28.016

Yep.

Speaker 1 | 31:28.777

Model certificate. So CMMC.

Speaker 0 | 31:33.119

Got it.

Speaker 1 | 31:35.112

And really, that’s

Speaker 0 | 31:36.634

I lived down in Virginia and around D.C. and around the Beltway for a long time. So I’ve seen crazy stuff and I’ve seen a lot of government contracts and a lot of eight, eight, you know, eight, a Alaskan tribal native, you know, get around different contracts that way. I know a lot about how it works. And then I eventually decided I don’t want to deal with any government contracting whatsoever at all. So I guess. Good for you guys.

Speaker 1 | 32:06.637

Well, like I said,

Speaker 0 | 32:08.798

you need to know a lot. There’s a lot of paper pushing. There’s I mean, I remember walking into like a whole building of lawyers. Like you’ll see huge buildings of just lawyers in D.C. And you go in and I remember there was like a whole like just like a couple lawyers in an office, a massive office empty with all these chairs and seats and everything. We’re like, what are you doing? Well, once Obama passes this particular law or something. We got to be ready for this. And then we’re going to bring all these people in. We’re going to make phone calls and phone calls and phone calls and phone calls. And we’re going to make all this money.

Speaker 1 | 32:38.674

Yep.

Speaker 0 | 32:39.814

From one law. From one law. We’ll employ thousands of people. And I was like, this is how it works, I guess. This is where all our money goes. Hmm.

Speaker 1 | 32:49.218

Yeah. The government’s oversight on that. Now, you know, I will caveat that this is a good thing for them to do.

Speaker 0 | 32:56.641

No, no. I’m not saying this particular situation, you know,

Speaker 1 | 33:00.082

but asterix,

Speaker 0 | 33:01.223

asterix, asterix. But no. This is not CMMC. I’m not saying this. Absolutely.

Speaker 1 | 33:07.666

It’s just that the cost of it, you know, by having everybody have to do this as a government or a DOD contract. I think they said there’s like 70 to 80,000 defense industry base for selling to the government. And they’re looking at maybe losing as much as half of that defense industry base. because they will not be able to meet the CMMC certification. When I first started talking about it, I mean, they were, I was getting quotes for an auditor to come in anywhere from $200,000 to $500,000.

Speaker 0 | 33:47.962

This is really good because, I mean, this is a really good subject. And the reason why it’s such a good subject is because there’s this, there’s this, no, IT doesn’t make the company money. Right. There’s this perception that IT cannot make the company money. We’re a cost center. We can save the company money. We can make the company more efficient, but we never really are the sales guys. We don’t increase sales. We don’t create products. We’re not R&D. We’re not this. No, in this particular case, if IT can find a way to do this faster, better than everybody else, it opens up a whole new stream of revenue, so to speak.

Speaker 1 | 34:29.864

Well, and this has for us, because as I mentioned, the government’s coming to us because we’re U.S. based. And there’s a big push that they want to bring all this stuff back in, whether it’s I.T. or anything else. They’re trying to bring back into the from China to the United States.

Speaker 0 | 34:49.529

And if Trump comes back, you guys are golden. And I am not a political guy. This is not a political statement. And I don’t even vote. Everyone can beat me up for that one. But yeah, having everything. Yeah, it’s a big deal.

Speaker 1 | 35:07.851

And having the security and getting this certificate is just going to open you up to possibly a lot more contracts. Because let’s say there’s two of us that build secure servers. We have the certificate. The other company does not. Well, the government is going to say, we want the certificate. So all of a sudden, you know. our sales are going to increase because the other company can no longer meet that certification.

Speaker 0 | 35:38.615

Yeah. Because we’re the only, because we’re the only ones, right. And the very few,

Speaker 1 | 35:43.399

one very few for it.

Speaker 0 | 35:44.840

Yeah. We need to do a CMMC. We need to do a CMMC spotlight. So anyone out there that wants to come charge people, ridiculous amounts of money, 200,000 to $500,000 to see MMMC certified people. You can reach out to Phil Howard at dissecting popular it nerds. yeah we’re gonna charge you a hundred thousand dollars just to be anyways no i i think that the prices have gone down i think they realize that you know they threw out a massive ridiculous number at first like let’s see if they bite okay oh don’t worry we’ll cut it in half no no today only if you sign before the end of the year uh it’s 50 off well

Speaker 1 | 36:21.657

you know a lot of this came out because you know if you do that to you know a lucky martin a boeing any of the major primes you Okay, that’s not a lot of money to them because they’re multi-billion dollar companies. But if you try doing that to a company that makes a particular widget for a plane and they’re the only ones that can do it, and it’s a mom and pop shop with two employees, their contract is for $200,000 a year. They can’t afford $200,000 for an audit.

Speaker 0 | 36:51.238

It’s such a real thing. That’s such a real thing. There’s the government looking to buy. They need six of these things. One company makes it. It’s a particular type of swab that cleans a lens on a machine that the government needs. So they’re only going to buy it once. So they might as well buy 200,000 of them. And then we need a special contract vehicle to sell this to the government. It’s crazy. It’s an insane system. It’s completely wild. And if you don’t know that world, you don’t know that world. But if you do know that world, you know that world. And there’s whole groups of people that just sit around making that little contract vehicle happen to the government. And they’re just waiting to take what someone’s trash is someone else’s treasure type of thing, like these little small contracts that are only $200,000 that fall off the table.

Speaker 1 | 37:40.696

Yeah. It’s amazing. I started my career working with a defense industry, so I knew about that. And then I got out of that, and I thought, okay, I no longer have to read those. 100-page documents that make absolutely no sense to me.

Speaker 0 | 37:56.381

100 pages small. 100 pages small. If you looked at some of the old NASA documents, I think there are like 20,000 pages.

Speaker 1 | 38:05.284

Yeah.

Speaker 0 | 38:05.945

Insane, like insane, you know, RFPs and stuff like that. Responses to RFPs.

Speaker 1 | 38:11.807

Well, just working towards this certification right now, I think I’ve got like 20 documents that are all referenced. And I always talk to my boss about it saying… Eventually, I’m going to end up back to the same one because they always tend to reference each other. And so it’s like a circle. I start with this one and it references this. And then I go all the way back to the end and it references the initial document. But there’s always.

Speaker 0 | 38:38.520

You just made me think of a chat GPT request. I wonder. I wonder. Let’s just go try this out while we’re on the show. Can you write me a. I don’t know. A hundred page. RFP response by any chance? Is it even possible? Let’s see here. Your bots. We’re going to go to… What bot should we use? Should we use ChatGPT4? Should we use Claude? Let’s use Claude2. Nope. They’re going to try and charge me. Never mind.

Speaker 1 | 39:13.029

ChatGPT.

Speaker 0 | 39:14.070

Let’s do instant 100,000. Let’s do the old version of Claude, which I think Amazon just invested like… five billion in or something um can you write me and we’re gonna say for dod it’s probably gonna be like no right an rfp response for a dod contract let’s just start with that let’s just see what it says here’s a draft rft response you could use as a starting point for a dod contract dear sir madam Response to RFP for insert project or contract details. Thank you for the opportunity to submit a proposal to our proposed solution and management approach is as follow. Technical approach. Provide one to two paragraphs outlining your technical solution and how it meets. Okay. Management approach. Outline your project management. This is not that bad. Key personnel. Include names, roles, bios of key team members who will work. Past performance. Provide two to three examples of relevant past projects or similar scope, including details of customer. So then we will just take that. We’ll tell you, okay, can you give me two to three examples? Relative scope. We’ll put that in the chat. You’d be pricing. Provider all-inclusive. Not too bad. I’m surprised it even said yes.

Speaker 1 | 40:22.695

I wonder if you start putting in all the clauses that that’ll just ramp it up.

Speaker 0 | 40:26.437

You want to give me examples? I can move on. You want me to throw something in there?

Speaker 1 | 40:31.461

You can add.

Speaker 0 | 40:33.122

Let’s see.

Speaker 1 | 40:34.683

Let’s start with the main one, the NIST. Well, actually, yeah, NIST 800-171. N-I-S-T? N-I-S-T.

Speaker 0 | 40:42.228

Uh-huh. Can you, what do I want to say? Can you add in?

Speaker 1 | 40:48.853

Just say it has to meet. It has to meet NIST 800-171 security requirement.

Speaker 0 | 40:53.828

NIST 800-171 security. Anyone that trusts this, but this just goes to show you how we can, I don’t know, maybe hack the system. I don’t know. Requirements. Can you add in NIST 800-171 security requirements and provide an initial 10 bullet points that must be met? It must be. be met and make stuff up here. Here’s an updated RP response template with an added section addressing the NIST SP 800-171 security requirements. Access control, awareness and training, audit and accountability, configuration management, identification authentication, incident response, maintenance, media protection, physical protection, risk assessment.

Speaker 1 | 41:41.236

That’s it. Yep.

Speaker 0 | 41:42.676

Boom. Briefly describe your process and controls for meeting each of the 10 requirements. Yep.

Speaker 1 | 41:48.118

And there’s a total of about 300 out of those 10 domains. There’s about 300 responses that you have to do.

Speaker 0 | 41:57.244

So fun. So real fun. So again, I don’t know what this accomplished for us today, but it just made us realize that, look, oh, here’s how we’re going to tie this all together. Give me the… Give me the estimated time it will take to put all this together and how, this is the key, how I can ask executive management. That’s how we really do everything over here at DebtSec. Yeah. Paper, writing, nerds. And how I can ask executive management for more money.

Speaker 1 | 42:45.021

Money. Yep.

Speaker 0 | 42:46.979

We’re just going to be blatant about this. Blatant. Initial review of RFP requirements, two to four hours. Developing technical solutions and details, eight to 16 hours. This is vastly under. Can you multiply? Writing management and staffing plans, eight to 16 hours. Developing pricing model, four to eight hours. Gathering and preparing past performance examples, eight to 16 hours. Total estimated time, four to 80 hours. Yeah, right. In terms of existing executive management for additional funding to supporting proposed responses. Okay. Set up a meeting to brief leadership on the opportunity in your initial assessment that represents significant potential revenue growth. I like that. Revenue growth, which you already mentioned earlier. Quantify the contract value and margins if awarded to demonstrate potential impact on financials. Absolutely. Emphasize the heightened competition level and importance of a polished, comprehensive submission. Right. Look, we don’t get this right. We’re never going to get these contracts. Present a detailed budget outlining additional costs for security validations, custom solution development, supplemental staff and consultants. Nice. Highlight risks of an under. We look, we have just taken every IT director out there that didn’t even think about how to convince executive management that IT has something important. And we have told them, just go to Claude 100 K. Don’t even.

Speaker 1 | 44:10.678

pay don’t even pay for the additional piece and boom you’re now the cto yeah that’s and like i said i’ve got it easy on my side right now uh because we do the secure servers that my executives all understand the security and why it’s needed uh you know yes this again this is in an environment where they’re bought in yeah but for those like i said i’ve worked for others that you All they looked at is the expense. And yes, I am protecting you, but I haven’t had any problems. So why do I need to give you this money? And the theory was, and this actually wasn’t a theory, it was proven out. We got hit with the virus. I got money to finally get endpoint protection. Got hit by ransom. I finally got something to start protecting for ransomware. But it was a battle. And the only way I could get it is when something went down. As an IT manager, that wasn’t the way I wanted to work.

Speaker 0 | 45:17.458

I have a little department inside Dissecting Popular IT Nerds. It is like, hire me to hack your executive management so that they’ll approve your security budget.

Speaker 1 | 45:25.810

Yeah. I just, you know, please hack us, please. Well, and the other thing is when we got hacked, what was it? I was four 20 hour days. Now

Speaker 0 | 45:41.274

I can tell you, I’m so sorry. I’m so,

Speaker 1 | 45:43.174

I can tell you, I was burned out after that.

Speaker 0 | 45:46.775

And yeah,

Speaker 1 | 45:48.596

and this was one of these that all I would get from the executive management was, have you got a fix yet? Yeah. And I’d get that like every eight hours or something. And I’m like, I’m working as fast as I can. There’s me. I’m trying to do this recovery. And truthfully,

Speaker 0 | 46:06.455

it’s an unforgiving job.

Speaker 1 | 46:08.276

Yeah. There’s not a lot you can do, especially for like ransomware. You know, you end up getting the response team involved. And so a lot of it is sitting there waiting for them to negotiate with the ransomware company or bringing down a backup. You know that. Everybody talks about, well, I’ve got the backup up there. Well, if you’ve got a lot of data, it takes a lot of time to recover those. And, you know, they don’t put into the, you know, the executives don’t look at that. I don’t think of the time that we put in behind the scenes that the executive management doesn’t see.

Speaker 0 | 46:45.861

It’s, yeah, that’s the problem. That’s the real problem. And no one solved that yet. No one solved the how do we make security, the job of security be the job that everyone thanks us for when nothing goes wrong. And when everything goes wrong and we just barely save the company and bring us back online, they say, excellent job. Yeah. That’s it.

Speaker 1 | 47:16.309

That’s like. If you get that, you’re not working in IT.

Speaker 0 | 47:20.173

I am. Yeah. I mean, so it’s really what we need to do is just turn up a support group. And I think they are probably already, everyone already has the, I don’t know, go on Reddit and, you know, go to the gripe section. You know what I mean? Like the, the, the, you know, it’s the, it’s the, that, that I put the stick over my back with like the old handkerchief and, and, um, like sandwich in it. And I walked out the door and I now live off the grid in a, what is it? A yurt. Is that what they call those things? Yep. A yurt somewhere with a, with, you know, some, the, the solar panels on the roof and a wood stove. And you, I, you know, you don’t even know who I am anymore. Like,

Speaker 1 | 48:07.486

yeah,

Speaker 0 | 48:07.667

I just changed my name.

Speaker 1 | 48:09.428

I mean, it’s, you know, things have changed and changed so quickly. You know, I’ve gone to where my biggest concern was that somebody called me and said that their coffee holder was broken.

Speaker 0 | 48:21.656

Oh, yeah. Yeah. That’s the joke over here. How many tickets did we get? Congratulations. And I have a cartoon going up in the book that’s coming out very soon. I’ve got it right here. I’ve finished finally all the little annoying edits. Now, one of the cartoons in the book is congratulations, IT department. The hand dryer tickets are down by 13% this year.

Speaker 1 | 48:42.865

Yeah. Well, this one, and I don’t know if you were experiencing what the coffee holder was.

Speaker 0 | 48:50.270

Yeah, are you talking about the electronic coffee holder? I’m assuming that’s what you’re talking about. No. USB or something?

Speaker 1 | 48:58.115

No, this was literally when CDs first came out. Uh-huh. And when it was a CD holder, it had a coffee cup perfectly. Ah,

Speaker 0 | 49:08.883

yeah.

Speaker 1 | 49:09.203

And people originally thought that’s what it was.

Speaker 0 | 49:12.265

Shut up. I know that was like a joke,

Speaker 1 | 49:14.967

but I actually, I had, I think it was probably, I mean, it was under five. It was like probably two or three of them that I had that. And literally you go in there and they put the coffee on it and it bent it. So the drawer wouldn’t go back in and that’s what was broken. But I’ve had some of those that people talk about as jokes. They didn’t start out as a joke. Yeah. I really wish that nowadays with the security as it was, I could say it was a joke, but it’s just gotten a whole lot more, you know, a lot more things that we have to protect against.

Speaker 0 | 49:50.135

I actually cried a little bit. I actually dry some tears.

Speaker 1 | 49:55.598

Yeah. Yeah. I’ve had fun.

Speaker 0 | 49:58.239

I’ve had fun with other people’s experiences, other people’s whatever. I don’t know all that. Yes.

Speaker 1 | 50:03.522

Yeah. Well, another one was I remember having my uncle calling me once about his speakers not working on his computer. And I’m sitting there trying to troubleshoot and help them to figure out what it was and couldn’t get it to work. So I told him he was going to have to contact the provider, which in this case was Gateway. I don’t know if you remember Gateway computer.

Speaker 0 | 50:22.646

Of course I do. Gateway was my first Pentium.

Speaker 1 | 50:26.358

Was it? Yeah. Yeah. That came in,

Speaker 0 | 50:28.239

that came in before that. Yeah.

Speaker 1 | 50:31.200

Yeah.

Speaker 0 | 50:31.541

Before that. Yeah. My, I built it from some weird, you know, the, the computer that I had before that, I don’t even know what the brand was because we ordered it from, you know, whatever PC magazine and built it together with some random thing. It was,

Speaker 1 | 50:43.468

well, he, he called me about a week later and said, they found out what the problem was. It was an issue with the mouse. And I’m like, how did the mouse affect the speaker? And he’s like, oh, not the computer mouse. There was an actual mouse in the speaker.

Speaker 0 | 50:58.240

Oh,

Speaker 1 | 50:58.600

man. So I told him, I’m like, that’s what happens when you buy a computer from a company that builds them out of barns.

Speaker 0 | 51:04.303

Yeah. I mean, that’s another real thing is like other people that have opened up computers and they’re like filled with, you know, like.

Speaker 1 | 51:13.748

I’ve had that. Yeah, I’ve had that out of warehouses where computer starts acting or something smells like it’s burning. And. You go out and find a mouse nest in the computer. That’s why you always put those braces back in. When you take a card out, put the brace back in.

Speaker 0 | 51:33.754

Don’t let them crawl through. And a bar of Irish spring and a few mothballs. Yeah.

Speaker 1 | 51:43.238

Those are the old days.

Speaker 0 | 51:44.818

This has been a pleasure. What was I going? I did have. So. What does the future hold for us? Doom and gloom and dark nights, darker nights? Or I happen, I used to be a very positive minded person, but I’m more and more, more and more, I’m thinking, no, doom and gloom.

Speaker 1 | 52:08.854

Yeah, the, I don’t see any result to help with security. I really, I really don’t because, you know, as much as we do to protect. I’ve got people on the opposite side, and a lot of times they’re a whole lot smarter than we are.

Speaker 0 | 52:27.304

It’s just easier. It’s like going to the dark side. It’s like going to the dark side. Let’s just be honest. We’re going Darth. We’re going Darth.

Speaker 1 | 52:35.287

And with all the systems.

Speaker 0 | 52:40.549

If Anakin went to the dark side, what hope is there for us?

Speaker 1 | 52:44.331

Right.

Speaker 0 | 52:45.191

It’s like,

Speaker 1 | 52:47.032

could be there. Everything’s becoming electronic. So, you know, where it used to be, I had to worry about a computer. Well, now I have to worry about a computer and a phone and, oh, the phone and the video system. Oh, well, guess what? Now my coffee pots connected to the Internet. Now I can worry about that.

Speaker 0 | 53:07.130

But my friend and I used to just drive by with the with the universal, the universal garage remote. You know how many channels he used to have? I mean, he only had to swing through so many channels. I mean, back then, that was just stupid, stupid teenagers. I mean, we weren’t even teenagers. We’re even seventh grade. Yeah, we’re teenagers. 13. Just, you know, actually, no, I had to have a driver’s license or even it was a bike or something. You could just drive by people’s houses back in the day and hack the garage door. Now it’s everything. Now it’s like, hey, let’s turn their faucet on. Let’s turn their lights off in the house. Let’s do it’s pretty, you know, I think a pacemaker has been hacked. I think there’s actual evidence that a pacemaker has been hacked.

Speaker 1 | 53:45.772

Insulin was hacked and killed somebody. We’re screwed. Insulin. It’s just, you know, we’re going so much and, you know, that doesn’t even bring into the AI, you know, who knows what’s going to happen with that.

Speaker 0 | 54:00.552

I still got to have my AI PhD friend on the phone or every time I talk to him, when I see him, he’s just like, no, we’re done, Bill. We’re done. He’s so like, you know, fake’s like, no, we need to get on the good side. We need to battle. We need to fight back. We need to make sure we’re there. We need to make sure we’re on the front lines. on the front lines you know uh python and some other stuff and you know right now these things he’s talking about do you have any idea what they can do now phil do you have any idea we need to be on the front lines we need to be the good guys look okay yeah i know nothing about that i can’t do any of that i just have i’ll have you on the show i’m gonna have him on the show make it as just gonna be the dark days we’re gonna call it the dark show the dark show so it says um Very fun. It’s been great having you on the show. Any piece of advice for anyone out there? I don’t know, as far as security pieces, or if you had one piece of advice or your one trick of the trade or something that you could give to the listeners out there that they need to do at work.

Speaker 1 | 55:01.177

Yeah, really what I would say, try to become part of the company. A lot of times they put IT in the back room. and they don’t understand what you’re going through day to day, whether you’re the IT director or your desktop support. It seems to be, you know, in the back room. And they don’t want to think about it. And you don’t hear a lot until something goes wrong. So try to get in front of the executives and let them know what you’re doing. Let them know what your problems are. So they at least have some idea that there is something going on.

Speaker 0 | 55:41.948

What’s the best way to do that? Because immediately I thought in my head, like all these creative ways we could do like a flat screen update. Hey, here’s your IT guy working in live. Live, real time. This is a real live IT guy working right now or a newsletter or something. I mean, something funny or hilarious walking around. I mean, I give out nerd glasses and stuff, walk around with nerd glasses and pocket protector. Hey, I’m the IT guy.

Speaker 1 | 56:05.803

Just watch till you walk. Show somebody on the screen walking in the server room and hitting the power button off.

Speaker 0 | 56:14.369

Send out memes.

Speaker 1 | 56:15.209

And then bring it back up. Yes.

Speaker 0 | 56:16.951

Yeah,

Speaker 1 | 56:17.211

do that. But no, I try to meet with my boss, who’s the COO, and, you know, kind of give him an idea of what’s going on. Because otherwise, you know, he sits up there and his computer works and he’s doing what needs to be done. You know, he doesn’t know what’s going on.

Speaker 0 | 56:34.472

By the way, did you know if we get this certification, we can make this much more money? Hey, by the way, did you know if we do this, we could save this much money? Did you know we could do this? Just speaking dollars and cents. You could have, I don’t know, you can go to the Hamptons for an extra day this year.

Speaker 1 | 56:47.199

Yeah. So there’s a lot you can do, but you can’t do it sitting in the back room. You’ve got to bring it to the attention of people. You know, most of the time you get stuff you get from users. Thank you. But the executives don’t know what’s going on.

Speaker 0 | 57:03.288

Exactly. Johnny Mullen, everyone. Johnny Mullen, thank you so much for being on Dissecting Popular IT Nerds.

Speaker 1 | 57:09.774

Thank you very much. I appreciate it.

Share This Episode On:

HOSTED BY PHIL HOWARD

Dissecting Popular IT Nerds Podcast

Weekly strategic insights from technology executives who understand your challenges

Are You The Nerd We're Looking For?

ATTENTION IT EXECUTIVES: Your advice and unique stories are invaluable to us. Help us by taking this quiz. You’ll gain recognition good for your career and you’ll contribute value to your fellow IT peers.

QR Code