Speaker 0 | 00:08.523
Welcome everyone back to Dissecting Popular IT Nerds Today, talking with John. Johnny? I mean, not Johnny. Johnny!
Speaker 1 | 00:15.910
It’s Johnny.
Speaker 0 | 00:17.852
I like Johnny. Is that how we really spell it too? Johnny like that? Because that’s unique.
Speaker 1 | 00:22.596
That is correct.
Speaker 0 | 00:23.936
Johnny, it’s Johnny because my brother’s also Johnny, but with a Y, but you’re John E with the E. Mullen, Director of Information Technology at Trenton Systems, which makes, we make boxes of stuff with wires in it and things like that.
Speaker 1 | 00:36.680
Yeah, we make secure servers and we provide it both for commercial and military. We’ve been working with the military probably the last three, four years now. We’ve really been involved with them. Because we’re one of the only companies that makes everything U.S. based. We make our boards, our BIOS, our boxes, and everything are U.S. based.
Speaker 0 | 01:00.177
That’s cool. And we didn’t finish the Johnny comment, but I mean, the fact that we’ve got secure and server in the same sentence or line, I guess, is fascinating to me. Are we talking like off the grid type stuff? I mean, you know.
Speaker 1 | 01:19.668
Some of us off the grid.
Speaker 0 | 01:21.609
A lot of the military guys I work with, there has to be complete off-the-grid type of computer enclosed. There is no WAN, so to speak, even though there is a WAN. It’s just not connected to the internet.
Speaker 1 | 01:32.096
Yeah, most of ours is WAN. We don’t do a lot of the stuff that’s off right now. Those are some of the projects we may be looking at down the line as we get more and more involved with the DoD. But it’s a growing industry. Like I said, since we’re… 100% U.S. based, we’ve had the government come to us and said, hey, we didn’t realize we had a company like this in Lawrenceville, Georgia, that can make these things for us. And they’ve been really pushing us and we partner with Intel and they’ve been helping us get in front of a lot of the primes that are looking for these things.
Speaker 0 | 02:11.858
Excellent. So we should be a U.S. and then now. if we just sell these overseas as well, we’ll be a 100% US-based server maker selling equipment too. We flip the script.
Speaker 1 | 02:24.690
That is correct, yes.
Speaker 0 | 02:26.711
We can flip the script. But what we were talking about prior to getting on is the typical thing that we all have in common in IT leadership, which is trying to do a lot with a little and still… move the company forward as a, as a business force. And what I, what I really love is that you have something that maybe a lot of people really, really, um, I don’t know, would be enamored of or want, which is an executive branch of people that is really open to talking about security and, and, and potentially investing in security.
Speaker 1 | 03:10.863
Yes. It’s, um, That was one of the reasons I started here at Trenton is I’ve worked for companies that from face value, they say, yeah, we want to be secure, but then they provide absolutely nothing. And, you know, you say this is going to cost you some money and they’re like, well, we haven’t been attacked, so we’re not going to do anything.
Speaker 0 | 03:31.137
It’s just a matter of it’s not a matter of if it’s a matter of when and how bad it’s going to be. What do you think is one of the areas that people should be investing in, but they’re not? Like where are they skimping on, I guess, so to speak?
Speaker 1 | 03:45.361
Well, a lot of it in terms of security is people. And one of the things that we really did here is we kind of focused on the people in terms of training. People don’t realize that things are happening all the time. And it’s just this simple email message that comes in that can affect the whole company as a whole. And we’ve been doing a lot of training. When I started here. Clicking on phishing attempts was about 30% of the company. We’ve pushed through training. And actually, for the last six months, I’ve been at 0%. So it felt really good. And with phishing attempts being about 80% of the attacks, right there, just by doing training, we’ve cut down 80% of the field that we can have to defend.
Speaker 0 | 04:37.349
I don’t feel like we talk about phishing enough. I mean, I know we do. It just seems like a… it’s um we’re always talking about pen testing and different things and just fishing’s like yeah that’s the obvious stuff but it really is always the people what was the number one fishing attack uh just so we can just tell people like hey and the number one thing was like they’re just trying to get our w-2s or you’re trying to get a you know whatever yeah
Speaker 1 | 04:58.804
they they go out and really what i’m seeing right now is the use of linkedin is they go out to a company and they find out who the CEO is. Most people will have their company email addresses as the email address to use. Well, now they have an idea of what the format is for emails. If you come in on LinkedIn and four people out of the company are last name, first initial.
Speaker 0 | 05:30.289
We know we can just use that and email the president. Yeah.
Speaker 1 | 05:33.790
Yeah. And, you know, the number one thing that I see all the time is things that look like they come from our CEO going to employees saying, hey, I need you to send me cards. You know, I don’t know how much, how often he uses all these Apple cards he requests. I block probably three a day coming in to somebody saying, hey, I’m in a meeting right now. Can you send me? $50 or $100 worth of Apple cards. And so it’s amazing.
Speaker 0 | 06:10.471
So what do they think is they’re being used for like tchotchkes or something or like giveaways? I mean, like, why would, you know, I mean.
Speaker 1 | 06:17.357
That’s usually what most people think is, oh, they’ve got, you know, a customer and they just want to give the customer a $50 gift certificate for coming into the building and watching it. And, you know, you think of it as. Who’s going to fall for that?
Speaker 0 | 06:34.554
You know, that’s pretty obvious. Yeah, from our standpoint, you could pull it off. I mean, I think you could pull it off if you’re like, hey, look, we’re running a sales contest. We’re trying to give away $10, $50 Amazon gift cards for any of our vendors that bring in 10 more secure-based server boxes this month or something. I don’t know, whatever it is. You know what I mean? Like, yeah. And we need those right away because I need to send them to our top five partners or something like that.
Speaker 1 | 07:02.846
And most of the time you think, oh yeah, this isn’t right. But if you’re busy and all of a sudden you look up and there’s a message from the CEO saying, hey, I need this. And you’re not really paying attention to what’s being said and think about, hey, would he really be asking me this?
Speaker 0 | 07:22.002
Okay, so this is like low life thieves. These are like little small time things. What are some of the worst ones that you’ve seen?
Speaker 1 | 07:31.466
Well, I remember early in my career getting the I love you virus.
Speaker 0 | 07:37.468
That was famous.
Speaker 1 | 07:38.308
That was famous. And that was.
Speaker 0 | 07:41.050
You should tell the story. What was that again? What was that again? That was super famous.
Speaker 1 | 07:45.631
Yeah, it basically was kind of a worm. But what would happen is an email would come in and it would say, I love you. And it would have a little attachment and people would click on it thinking, oh, I’m getting, you know, somebody. Well, then what would happen is it would go through your contact list and send that I love you message to everybody in your contact list. And so it just grew and grew. And I remember when I walked in that day, you know, I’m sitting there and I’m looking at my email and all of a sudden I go from no emails to about 1500. I’m like, wait a minute. What happened? Yeah. And everybody says they love me. You know. As an IT director, I don’t get that very often. So it’s like, oh, well, that’s nice. But yeah, that was a big one, you know, early in my career. And they’ve gone now just to, you know, ransomware is probably number one. And I’ve, at this side, I haven’t been hit by it, but with other companies, I have been. And the way they’re doing it now, you know, used to be ransomware. They’d come in, they’d encrypt your data. That wouldn’t be yet. You’d have to pay to get it unencrypted. If you had the good backups, you may be able to recover it without having to pay. Well, the ransomware people got smart.
Speaker 0 | 09:07.109
What’s the best backup? Just like a bare metal backup, like off-site or something? Yeah,
Speaker 1 | 09:12.511
I’ve actually used several different beams of Cronus and things like that. And what I’ve done is I do a backup both on-site and in the cloud. So that way I have coverage in both. because a lot of times with this ransomware, they’ll hit your on-site. So just having on-site is not going to protect you against ransomware on some of the new ones. So having that off-site where I can recover has helped quite a bit. We actually, with one company I work for, we got hit by ransomware. And not only did they encrypt the files, but now they also download the data beforehand. So even if you don’t… pay and you’re able to recover, they’ll say, hey, we have your data and we’re going to release it to the public unless you pay us. um,
Speaker 0 | 10:07.543
on the company and get on the company.
Speaker 1 | 10:11.125
That may be an issue. That may not be an issue.
Speaker 0 | 10:13.988
How are you going to know they’re going to, I mean, like, even if you pay them, like how, you know, yeah, I trust you’re going to erase it. Then you’re going to come back five years from, Hey, remember when we told you we’re going to erase it now.
Speaker 1 | 10:22.734
But believe it or not. And it’s funny because that that’s always the thing is how do you know? Well, ransomware is now a business and it’s a big business. And. In order to stay in business, you’ve got to do what you say you’re going to do, even if what you’re doing is illegal. Look,
Speaker 0 | 10:41.792
we know you’re a liar. Well, trust me, we’re trusted. We are a trusted ransomware business. If we say we’re going to, it’s a business.
Speaker 1 | 10:50.194
And truthfully, that’s kind of how they are. How can you believe that 100%? I have no clue. But yeah, that’s a big issue.
Speaker 0 | 11:00.957
We’re the most trusted robbers. Robert Barron.
Speaker 1 | 11:04.190
You’ll ever have. That is correct. But yeah, the last time we got with the ransomware, not only did they encrypt everything, but we were running Hyper-V. So they encrypted the virtual servers, and then they encrypted the data within the virtual servers. So when you get the ransomware, it says, oh, pay X amount, we’ll unencrypt it. So you pay that, they unencrypt it. you’ve spent up your virtual servers and guess what all your data on the virtual servers itself has been encrypted and now they come back and says oh well you just paid us to unencrypt your servers now you have to pay us to unencrypt your data uh so it was it was a wild scam so uh and now my understanding is they’re even reaching out to them yeah they’re reaching out to employees so that If you don’t pay them.
Speaker 0 | 12:02.922
And I’ll pay you to trace your salary. Listen up. I’ll pay you to trace. Go ahead. Reaching out to employees.
Speaker 1 | 12:07.967
Well, what they were doing is if the company wasn’t paying, they would call the employee and say, hey, we stole your data and we have your HR information. Your company is refusing to pay. So we’re going to release your information so that they can try getting the employees to start beating up on the companies to pay. So it’s,
Speaker 0 | 12:33.330
I wouldn’t be surprised if they were reaching out to employees to get inside jobs. Like some of these, some of these ransomware attacks, like the Caesar’s palace one, I was very, very skeptical of the Caesar’s palace. When I was like, let me get this straight. I was like, you’re a casino. I was like, your job. Number one is to steal everyone’s money. So isn’t it ironic that now someone’s stealing your money and now you’re going to, you’re going to file some insurance claim to get the money that you’ve stolen from everyone back. And then what’s going to happen? The person that stole all the money is probably going to walk back into the casino and gamble it back in the casino again because it was an inside job. Wouldn’t be surprised.
Speaker 1 | 13:13.342
Back to you.
Speaker 0 | 13:14.243
If I disappear, by the way, if I disappear and the host of Dissecting Public IT Nerds is found dead.
Speaker 1 | 13:22.466
Found dead. And you’re dead in Arizona. We know what happened.
Speaker 0 | 13:26.128
He was whacked. That’s probably. But yeah,
Speaker 1 | 13:29.009
the. The inside job is interesting because I just read an article yesterday. One of the hospital systems here locally, I guess they were hacked, I think it was about a year, year and a half ago. And it turned out it was a security company that was trying to raise business of how good they could do it. And they actually broke in and caused it and then sent the hospital systems. saying, hey, we can help you out on this. So it was a security company that actually put the virus on there and then contacted them to assist in taking it off.
Speaker 0 | 14:09.102
And how did that get found? By the other trusted security company that said, look, here’s who you can really trust. But finish that thought, and we’ll come back to trust in a moment.
Speaker 1 | 14:21.773
Yeah, I don’t know. Yeah, it is zero trust. But yeah, I don’t know how they caught him. Other than the fact that it was like perfect timing that this guy sent an email out right when they got hit saying, hey, we can help you recover from this. So I don’t know if that’s how they ended up starting tracking them that, hey, how did this person know that we were hacked within 30 minutes of happening?
Speaker 0 | 14:48.987
It’s an interesting concept. We have a security company. We’ve got all of our public facing employees. And then we’ve got our behind the scenes employees that are really just busy hacking everybody. Yeah. It’s. it’s pretty wild actually but that goes back to the like the whole like the the whole bill gates thing which again i don’t know if we’re allowed to talk about um if i if i wind up dead on the then um it comes back to that whole what was that in the 90s when did he get taken to court in the 90s and you know there’s like the whole like monopolization thing with the whole uh you know like the where he you know he owned microsoft but you know could also be making the the virus protection but creating the viruses but then also we’re gonna We’re going to make the browser at the same time. And it was just too big of a monopoly. And so he got, you know, he got attacked on that end. But you literally could do that. No one would know. The general public, 90% of the general public would have no clue.
Speaker 1 | 15:40.965
Well, and that’s your, my point is, is who do you know? Who can you trust? You know, how do I know that McAfee? I mean, I look at McAfee on my PCs right now. When they come in, everybody seems to put them in as a default protection. I don’t know anything about McAfee. All I know is I can’t get it off half the time. It seems to always come back again.
Speaker 0 | 16:04.617
It’s like my otter. It’s my otter box or whatever that I can’t seem to get. This won’t stop recording everything in my life. It shows up to every meeting, and I’ve got to remove it.
Speaker 1 | 16:16.703
And I don’t know if you follow John McAfee. He was kind of out there. So who’s to say he wasn’t creating stuff so he could say, hey, my. my software resolves it.
Speaker 0 | 16:30.078
We have a guy we called Old Man Marley back at my Cisco startup days. And when I left a Starbucks years ago, I went to a… How I got into technology, which I knew nothing about. I thought Cisco was spelled with an S, S-Y. And this recruiter was like, don’t worry, we’ll train you. We’ll train you. Do you know what voiceover IP is? And I was like, no, I have no clue. He’s like, don’t worry, they’ll train you. They’ll train you. Just show up in a suit and tie. So I started at this Cisco startup, you know, years ago and everyone in my family was like, don’t do it. It’s a fishing net approach. You know, they hire everybody. No one makes it. And then like I got in and I was like, oh, it’s true. It’s so true. And I was like, but I have to be the one that makes it because I actually am married and have kids and need to put food in it. Somehow I made it. But it’s another, another story. But so we used to have to go around and we were selling these Cisco iAd, these 2800 series iAds with back. you know that where we were like you know sip trunking is this new thing and it’s called dynamic allocation and you know it’s great because you know when you’re not on the phone you can use that bandwidth you know it’s like anyways i i come into this this massive business um campus these huge buildings right one of them’s this big pharmaceutical manufacturing business another huge massive building next door and i walk into this building it’s empty multiple floors just empty except for one cubicle. There’s one cubicle sitting in this dark building in the corner. And as I look on the wall across the entire, like a football field, like imagine like an empty, dark, massive, you know, office building. It’s empty. It’s gutted. There’s one cubicle, a bunch of servers in the back, one old man sitting in this cubicle. And there’s across the entire, like a ticker tape, like just a strip of… paper all in colors across the entire football field inside of this building across the top is the entire human genome the entire i know exactly right i’m like uh so like hey you know they said hit every door every floor you want to talk to these guys like hey man you need uh you need internet you know and he’s like yes sit down and uh and like i must have had a two-hour conversation with this guy which i was totally not supposed to do and he’s like we do We do need internet. You see these servers here? We’re running what’s called the Elder Dollar. The Elder Dollar. It was the first, I mean, it was a cryptocurrency. I’m telling you, this is like 20 years ago. This is 20 years ago. This guy had invented some kind of cryptocurrency he called the Elder Dollar. He’s like, look, every time you flush your toilet, I make one-tenth of a penny. he’s like i i invented their like the conveyor belt whatever this guy i cannot remember his name though he sat on the atomic bomb like the atomic uh committee was you know he like he knew had known einstein he was like there and when i got back to that someone like oh you met with old man marley like yeah they didn’t like you know the elder dollar and we’re like yeah he got you too but he was talking about like how he was gonna like you know solve world peace but it had to be done with we had to focus on this this cryptocurrency and it had to focus on it had to tap into some bit of of every human’s vice and he’s like we can’t use We can’t use sex because that’s going to spread disease. But, you know, gambling we could use and we could use, we can have these servers offshore and we’re going to create, you know, this like utopia. It was totally wild. But when I think back about it, I don’t even know how we got on this subject now. When you think back about it, you were, I think it was like behind the scenes and, you know, McAfee and stuff and, you know, what’s, you know, what, what could really be. And, you know. And then, you know, cryptocurrency, and this guy was way ahead of his time, and he had all these massive servers in the back. It was totally wild.
Speaker 1 | 20:34.717
It was,
Speaker 0 | 20:34.978
I don’t want to go with this, but that’s what.
Speaker 1 | 20:38.240
Yeah, I’m sure there’s a lot of those going on now. I remember, you know, I remember seeing, I went up to Illinois Champaign to see the first go of Mosaic before they released it for the browser. And thinking, wow, this is wild. I’m going to be able to do this.
Speaker 0 | 21:00.500
i think everything was like in the early days it was just wild wild west when you’re yeah i was you know oh man the let’s go back in time for a minute we haven’t done this in a while what was your first computer how did you get started out in technology how’d you end up where where you know where you where you are because i don’t you know it But it still amazes me, and I say this probably on every show or every other show that we do, it still amazes me that we were alive before computers, pretty much. I don’t think you can count the lunar lander as a computer, but anyways,
Speaker 1 | 21:38.500
that’s another subject. Yeah, my first computer was an IBM PC Junior with the side card on it. Let’s look this up.
Speaker 0 | 21:47.648
This is good because almost everybody on the show says, like, Apple to E most people say Commodore. Most people are Vick 20 or whatever it was, but anyways, go ahead. So IBM junior,
Speaker 1 | 22:02.434
IBM PC junior,
Speaker 0 | 22:04.155
IBM PC junior, we’re Googling this right now.
Speaker 1 | 22:06.755
It had a, a side card on it. So, you know, you can have the extra imprinting, but that was my first one. My, uh, my dad was always a tech junkie. You know, he bought one of the first calculators that was, you know, 500 and it could do addition and subtraction yeah and 500 is a lot of money back then oh yeah two grand or something you know yeah i mean i mean i look back and it’s like what you know you spent that much money for a calculator that can do you
Speaker 0 | 22:39.608
know addition subtraction i think it had multiplication i’m looking at this side car on the back of the side car into the pc junior by the way and people can’t see that i’m using description here
Speaker 1 | 22:51.336
And in Google Apps,
Speaker 0 | 22:53.878
it says 512K Space PC Junior. And I would say it’s about the size of, let’s see, he’s holding it in his hand. It’s pretty big. I would say it’s about the size of a VCR. Maybe a little bit smaller. A little bit smaller.
Speaker 1 | 23:10.832
Yeah, the size is, but it wasn’t quite as thick as a VCR. Right. But yeah, you could just, you would mount it onto the PC Junior. I think it did add some additional memory.
Speaker 0 | 23:21.933
Like four giant Hershey bars. Four giant Hershey bars stacked on top of each other to the side. Slap it on the side of this thing.
Speaker 1 | 23:28.436
Slap it on the side. I remember it had, that’s why we had to buy that in order to get the dot matrix printer. Because it had the parallel port on the back of it.
Speaker 0 | 23:38.140
Very nice.
Speaker 1 | 23:38.620
You could run the dot matrix printer on it.
Speaker 0 | 23:41.521
This stuff never gets old.
Speaker 1 | 23:43.302
No, I really wish I still had that PC.
Speaker 0 | 23:46.384
everyone said i wish i had mine i wish i had my texas instruments my my bill cosby computer the um there’s a yeah that last adapter how about the isa bus adapter that looks nice i bet you didn’t have that because that one has a that one has a um looks like almost like an ethernet cable did we even have ethernet cable no we did not have ethernet there was no ethernet cable must be an rj11 that’s
Speaker 1 | 24:09.793
being probably yeah because it probably had the mo i think there was a modem that you could buy for it also So I don’t know what the modem was going into. Well, actually, I do.
Speaker 0 | 24:20.815
Messaging had to be some local messaging system.
Speaker 1 | 24:24.658
No, actually.
Speaker 0 | 24:25.679
That was never cool enough for.
Speaker 1 | 24:27.240
Yeah. Well, we got the modem because the company my dad was working with worked with Walmart. And Walmart had put their started doing their inventory on computers. And he had to log into their system in order to pull data down. So, and I think that was why he had the modem on the PC jr.
Speaker 0 | 24:49.701
This thing actually had some games, had some legit, like, uh, like, uh, let’s see, uh, four colors. You had two different types of video, 16 colors or four colors. Uh, I don’t know what that means from a technical standpoint. You’d probably know better than me.
Speaker 1 | 25:03.935
I had nice green characters running around and actually I had white characters running around too. So.
Speaker 0 | 25:09.444
They had chess, it looks like. Yes.
Speaker 1 | 25:14.047
I’m trying to remember what the one I had. It was a mine thing. They had people running around, and you’d press the down, and it would dig a hole, so something chasing you would fall in the hole.
Speaker 0 | 25:25.215
Dig Dug?
Speaker 1 | 25:26.856
It wasn’t Dig Dug. That was my first time, but it wasn’t Dig Dug. It was like a Minesweeper type thing, but it’s not the Microsoft Minesweeper. I remember as a young kid playing that.
Speaker 0 | 25:39.998
So you came from a family of tech junkies. What did your dad do?
Speaker 1 | 25:44.841
He was actually a sales manager. So he was in sales.
Speaker 0 | 25:49.324
But he was a tech junkie.
Speaker 1 | 25:50.765
He was a tech junkie, yes. But he didn’t do anything tech-related other than he was the one that, like I said, when they were working with Walmart, he worked with them to get his system connected. So he could…
Speaker 0 | 26:06.144
Was he like a motivational dad? Was he like a motivational dad? Or like, you know, what was like being the son of a sales guy?
Speaker 1 | 26:12.648
Yeah, he was. The only problem is, is he was out all the time.
Speaker 0 | 26:18.172
He had to travel back then.
Speaker 1 | 26:19.874
Yep. He traveled Monday through Friday. So, you know, it would just be the weekends pretty much that you’d get to see him. And, you know, depending on what sport I was playing and what my sister was doing. And, you know, it’s… He didn’t have a whole lot of time to go through that, but he would always, when he was in the office, oh, come here and take a look at this. And, you know, I’d go play on the computer for a while and, you know, had to make sure, you know, back then you could play on the computer and you didn’t have to worry about a whole lot. You could delete files, but, you know, you had to know how to.
Speaker 0 | 26:55.323
You could forget to click save. That was it. You could forget to save things.
Speaker 1 | 27:00.967
Yeah. There wasn’t any issue of if I’m on there surfing a different site that I could download something onto his PC. I mean, there was nothing.
Speaker 0 | 27:08.335
No one cared. No one cared. And I still am blown away by the fact that email back in the day, you could look up like in the global address book.
Speaker 1 | 27:19.387
Yeah.
Speaker 0 | 27:19.988
Anybody. Yeah. Can’t do that today. Can’t just search. Can’t just search Johnny Mullen. Johnny Mullen. Where’s Johnny Mullen at? Oh, these days. Oh, he’s over here in Minneapolis. And here’s his email. Let’s give him an email. Let’s see if this is the Johnny Mullen. Yeah, you know, can’t do that anymore. Now you can do it on LinkedIn, though. You can do it on LinkedIn, and then you can ransomware them. That’s how we do it.
Speaker 1 | 27:45.552
Yeah.
Speaker 0 | 27:45.732
It’s not too far from the same way. Anyways.
Speaker 1 | 27:49.834
And that’s the big thing is, you know, being when. computers first came out, you know, we didn’t worry about security back then. You know, there was nothing you had to worry about. My first job when I got into working on the networks and had to install fiber. And I’ll never forget that the government came in and said, well, we need somebody every six feet watching the fiber cable to make sure somebody doesn’t break into it. And I’m like, what? I have this ring throughout the building. They quickly came back and said, oh, no, you don’t.
Speaker 0 | 28:28.740
While it was being installed or literally every or 24-7?
Speaker 1 | 28:33.984
Initially, they said literally. I had somebody, I needed to have somebody watching every six feet of the fiber.
Speaker 0 | 28:40.828
For a packet sniffer? Like someone was going to put a packet sniffer on or something?
Speaker 1 | 28:43.871
For anything. Yeah, it was, you know, really for anything. And at the time, you know, fiber was fairly new and people didn’t know. what it was going to take and the way we got around it, this is telling you how easy it was back then is you put it just into, you know, a plastic conduit. When we did that, it was like, okay, it’s fine. And I’m thinking it’s easier for me to get into that plastic conduit than it is to get into the fiber.
Speaker 0 | 29:09.643
All right.
Speaker 1 | 29:09.903
Steel. So, but you know, but you never worry about it.
Speaker 0 | 29:16.146
That’s a good point. It is easier to get into conduit than it is to then, then to get into the fiber. And then
Speaker 1 | 29:21.108
the fiber is delicate it breaks yes well you have to know which you know fiber you want to get into and then you gotta you know splice them together and so yeah splicing fiber is not easy and then you know you gotta have this special kit then uh yeah
Speaker 0 | 29:38.317
it’s not it’s not an easy thing at all so fast fast forward to today which is wasn’t that wasn’t that many years it’s amazing how fast we’ve come what the what For what’s your biggest, I guess, I don’t know, a single biggest frustration, problem, concern when it comes to, you know, IT leadership in general? And how do we overcome that?
Speaker 1 | 30:03.373
Again, it kind of gets back to the company looking as IT as a cost center. You know, they come in and, you know, they don’t want to talk to me unless they have some special project or something’s broken. And when I come in, especially for the security, we’re trying to, working with the government, we’re going to have to become CMMC certified, which is the cybersecurity maturity model that’s getting ready to come out probably next year. And in order to bid on government contracts or DOD contracts, you have to be CMNC certified. Well, there’s a lot involved with that. And the cost right now is extremely high. And trying to justify those costs to the executives where, you know, I may have a million dollar contract with the DOD, but it’s going to cost me $200,000 to put in the security requirements. How can you justify that?
Speaker 0 | 31:06.064
Once you put it in, is it one and done or is it every single contract?
Speaker 1 | 31:10.627
Every single contract. Well, it’s one and done. It meets all the contracts once you have it in there, once you have a CMMC.
Speaker 0 | 31:18.091
Can you spell that out? Because I’m just, I’m a little ignorant.
Speaker 1 | 31:21.033
Yeah.
Speaker 0 | 31:22.213
Go ahead.
Speaker 1 | 31:23.114
It’s cybersecurity. So that’s the C. Yep. Maturity.
Speaker 0 | 31:28.016
Yep.
Speaker 1 | 31:28.777
Model certificate. So CMMC.
Speaker 0 | 31:33.119
Got it.
Speaker 1 | 31:35.112
And really, that’s
Speaker 0 | 31:36.634
I lived down in Virginia and around D.C. and around the Beltway for a long time. So I’ve seen crazy stuff and I’ve seen a lot of government contracts and a lot of eight, eight, you know, eight, a Alaskan tribal native, you know, get around different contracts that way. I know a lot about how it works. And then I eventually decided I don’t want to deal with any government contracting whatsoever at all. So I guess. Good for you guys.
Speaker 1 | 32:06.637
Well, like I said,
Speaker 0 | 32:08.798
you need to know a lot. There’s a lot of paper pushing. There’s I mean, I remember walking into like a whole building of lawyers. Like you’ll see huge buildings of just lawyers in D.C. And you go in and I remember there was like a whole like just like a couple lawyers in an office, a massive office empty with all these chairs and seats and everything. We’re like, what are you doing? Well, once Obama passes this particular law or something. We got to be ready for this. And then we’re going to bring all these people in. We’re going to make phone calls and phone calls and phone calls and phone calls. And we’re going to make all this money.
Speaker 1 | 32:38.674
Yep.
Speaker 0 | 32:39.814
From one law. From one law. We’ll employ thousands of people. And I was like, this is how it works, I guess. This is where all our money goes. Hmm.
Speaker 1 | 32:49.218
Yeah. The government’s oversight on that. Now, you know, I will caveat that this is a good thing for them to do.
Speaker 0 | 32:56.641
No, no. I’m not saying this particular situation, you know,
Speaker 1 | 33:00.082
but asterix,
Speaker 0 | 33:01.223
asterix, asterix. But no. This is not CMMC. I’m not saying this. Absolutely.
Speaker 1 | 33:07.666
It’s just that the cost of it, you know, by having everybody have to do this as a government or a DOD contract. I think they said there’s like 70 to 80,000 defense industry base for selling to the government. And they’re looking at maybe losing as much as half of that defense industry base. because they will not be able to meet the CMMC certification. When I first started talking about it, I mean, they were, I was getting quotes for an auditor to come in anywhere from $200,000 to $500,000.
Speaker 0 | 33:47.962
This is really good because, I mean, this is a really good subject. And the reason why it’s such a good subject is because there’s this, there’s this, no, IT doesn’t make the company money. Right. There’s this perception that IT cannot make the company money. We’re a cost center. We can save the company money. We can make the company more efficient, but we never really are the sales guys. We don’t increase sales. We don’t create products. We’re not R&D. We’re not this. No, in this particular case, if IT can find a way to do this faster, better than everybody else, it opens up a whole new stream of revenue, so to speak.
Speaker 1 | 34:29.864
Well, and this has for us, because as I mentioned, the government’s coming to us because we’re U.S. based. And there’s a big push that they want to bring all this stuff back in, whether it’s I.T. or anything else. They’re trying to bring back into the from China to the United States.
Speaker 0 | 34:49.529
And if Trump comes back, you guys are golden. And I am not a political guy. This is not a political statement. And I don’t even vote. Everyone can beat me up for that one. But yeah, having everything. Yeah, it’s a big deal.
Speaker 1 | 35:07.851
And having the security and getting this certificate is just going to open you up to possibly a lot more contracts. Because let’s say there’s two of us that build secure servers. We have the certificate. The other company does not. Well, the government is going to say, we want the certificate. So all of a sudden, you know. our sales are going to increase because the other company can no longer meet that certification.
Speaker 0 | 35:38.615
Yeah. Because we’re the only, because we’re the only ones, right. And the very few,
Speaker 1 | 35:43.399
one very few for it.
Speaker 0 | 35:44.840
Yeah. We need to do a CMMC. We need to do a CMMC spotlight. So anyone out there that wants to come charge people, ridiculous amounts of money, 200,000 to $500,000 to see MMMC certified people. You can reach out to Phil Howard at dissecting popular it nerds. yeah we’re gonna charge you a hundred thousand dollars just to be anyways no i i think that the prices have gone down i think they realize that you know they threw out a massive ridiculous number at first like let’s see if they bite okay oh don’t worry we’ll cut it in half no no today only if you sign before the end of the year uh it’s 50 off well
Speaker 1 | 36:21.657
you know a lot of this came out because you know if you do that to you know a lucky martin a boeing any of the major primes you Okay, that’s not a lot of money to them because they’re multi-billion dollar companies. But if you try doing that to a company that makes a particular widget for a plane and they’re the only ones that can do it, and it’s a mom and pop shop with two employees, their contract is for $200,000 a year. They can’t afford $200,000 for an audit.
Speaker 0 | 36:51.238
It’s such a real thing. That’s such a real thing. There’s the government looking to buy. They need six of these things. One company makes it. It’s a particular type of swab that cleans a lens on a machine that the government needs. So they’re only going to buy it once. So they might as well buy 200,000 of them. And then we need a special contract vehicle to sell this to the government. It’s crazy. It’s an insane system. It’s completely wild. And if you don’t know that world, you don’t know that world. But if you do know that world, you know that world. And there’s whole groups of people that just sit around making that little contract vehicle happen to the government. And they’re just waiting to take what someone’s trash is someone else’s treasure type of thing, like these little small contracts that are only $200,000 that fall off the table.
Speaker 1 | 37:40.696
Yeah. It’s amazing. I started my career working with a defense industry, so I knew about that. And then I got out of that, and I thought, okay, I no longer have to read those. 100-page documents that make absolutely no sense to me.
Speaker 0 | 37:56.381
100 pages small. 100 pages small. If you looked at some of the old NASA documents, I think there are like 20,000 pages.
Speaker 1 | 38:05.284
Yeah.
Speaker 0 | 38:05.945
Insane, like insane, you know, RFPs and stuff like that. Responses to RFPs.
Speaker 1 | 38:11.807
Well, just working towards this certification right now, I think I’ve got like 20 documents that are all referenced. And I always talk to my boss about it saying… Eventually, I’m going to end up back to the same one because they always tend to reference each other. And so it’s like a circle. I start with this one and it references this. And then I go all the way back to the end and it references the initial document. But there’s always.
Speaker 0 | 38:38.520
You just made me think of a chat GPT request. I wonder. I wonder. Let’s just go try this out while we’re on the show. Can you write me a. I don’t know. A hundred page. RFP response by any chance? Is it even possible? Let’s see here. Your bots. We’re going to go to… What bot should we use? Should we use ChatGPT4? Should we use Claude? Let’s use Claude2. Nope. They’re going to try and charge me. Never mind.
Speaker 1 | 39:13.029
ChatGPT.
Speaker 0 | 39:14.070
Let’s do instant 100,000. Let’s do the old version of Claude, which I think Amazon just invested like… five billion in or something um can you write me and we’re gonna say for dod it’s probably gonna be like no right an rfp response for a dod contract let’s just start with that let’s just see what it says here’s a draft rft response you could use as a starting point for a dod contract dear sir madam Response to RFP for insert project or contract details. Thank you for the opportunity to submit a proposal to our proposed solution and management approach is as follow. Technical approach. Provide one to two paragraphs outlining your technical solution and how it meets. Okay. Management approach. Outline your project management. This is not that bad. Key personnel. Include names, roles, bios of key team members who will work. Past performance. Provide two to three examples of relevant past projects or similar scope, including details of customer. So then we will just take that. We’ll tell you, okay, can you give me two to three examples? Relative scope. We’ll put that in the chat. You’d be pricing. Provider all-inclusive. Not too bad. I’m surprised it even said yes.
Speaker 1 | 40:22.695
I wonder if you start putting in all the clauses that that’ll just ramp it up.
Speaker 0 | 40:26.437
You want to give me examples? I can move on. You want me to throw something in there?
Speaker 1 | 40:31.461
You can add.
Speaker 0 | 40:33.122
Let’s see.
Speaker 1 | 40:34.683
Let’s start with the main one, the NIST. Well, actually, yeah, NIST 800-171. N-I-S-T? N-I-S-T.
Speaker 0 | 40:42.228
Uh-huh. Can you, what do I want to say? Can you add in?
Speaker 1 | 40:48.853
Just say it has to meet. It has to meet NIST 800-171 security requirement.
Speaker 0 | 40:53.828
NIST 800-171 security. Anyone that trusts this, but this just goes to show you how we can, I don’t know, maybe hack the system. I don’t know. Requirements. Can you add in NIST 800-171 security requirements and provide an initial 10 bullet points that must be met? It must be. be met and make stuff up here. Here’s an updated RP response template with an added section addressing the NIST SP 800-171 security requirements. Access control, awareness and training, audit and accountability, configuration management, identification authentication, incident response, maintenance, media protection, physical protection, risk assessment.
Speaker 1 | 41:41.236
That’s it. Yep.
Speaker 0 | 41:42.676
Boom. Briefly describe your process and controls for meeting each of the 10 requirements. Yep.
Speaker 1 | 41:48.118
And there’s a total of about 300 out of those 10 domains. There’s about 300 responses that you have to do.
Speaker 0 | 41:57.244
So fun. So real fun. So again, I don’t know what this accomplished for us today, but it just made us realize that, look, oh, here’s how we’re going to tie this all together. Give me the… Give me the estimated time it will take to put all this together and how, this is the key, how I can ask executive management. That’s how we really do everything over here at DebtSec. Yeah. Paper, writing, nerds. And how I can ask executive management for more money.
Speaker 1 | 42:45.021
Money. Yep.
Speaker 0 | 42:46.979
We’re just going to be blatant about this. Blatant. Initial review of RFP requirements, two to four hours. Developing technical solutions and details, eight to 16 hours. This is vastly under. Can you multiply? Writing management and staffing plans, eight to 16 hours. Developing pricing model, four to eight hours. Gathering and preparing past performance examples, eight to 16 hours. Total estimated time, four to 80 hours. Yeah, right. In terms of existing executive management for additional funding to supporting proposed responses. Okay. Set up a meeting to brief leadership on the opportunity in your initial assessment that represents significant potential revenue growth. I like that. Revenue growth, which you already mentioned earlier. Quantify the contract value and margins if awarded to demonstrate potential impact on financials. Absolutely. Emphasize the heightened competition level and importance of a polished, comprehensive submission. Right. Look, we don’t get this right. We’re never going to get these contracts. Present a detailed budget outlining additional costs for security validations, custom solution development, supplemental staff and consultants. Nice. Highlight risks of an under. We look, we have just taken every IT director out there that didn’t even think about how to convince executive management that IT has something important. And we have told them, just go to Claude 100 K. Don’t even.
Speaker 1 | 44:10.678
pay don’t even pay for the additional piece and boom you’re now the cto yeah that’s and like i said i’ve got it easy on my side right now uh because we do the secure servers that my executives all understand the security and why it’s needed uh you know yes this again this is in an environment where they’re bought in yeah but for those like i said i’ve worked for others that you All they looked at is the expense. And yes, I am protecting you, but I haven’t had any problems. So why do I need to give you this money? And the theory was, and this actually wasn’t a theory, it was proven out. We got hit with the virus. I got money to finally get endpoint protection. Got hit by ransom. I finally got something to start protecting for ransomware. But it was a battle. And the only way I could get it is when something went down. As an IT manager, that wasn’t the way I wanted to work.
Speaker 0 | 45:17.458
I have a little department inside Dissecting Popular IT Nerds. It is like, hire me to hack your executive management so that they’ll approve your security budget.
Speaker 1 | 45:25.810
Yeah. I just, you know, please hack us, please. Well, and the other thing is when we got hacked, what was it? I was four 20 hour days. Now
Speaker 0 | 45:41.274
I can tell you, I’m so sorry. I’m so,
Speaker 1 | 45:43.174
I can tell you, I was burned out after that.
Speaker 0 | 45:46.775
And yeah,
Speaker 1 | 45:48.596
and this was one of these that all I would get from the executive management was, have you got a fix yet? Yeah. And I’d get that like every eight hours or something. And I’m like, I’m working as fast as I can. There’s me. I’m trying to do this recovery. And truthfully,
Speaker 0 | 46:06.455
it’s an unforgiving job.
Speaker 1 | 46:08.276
Yeah. There’s not a lot you can do, especially for like ransomware. You know, you end up getting the response team involved. And so a lot of it is sitting there waiting for them to negotiate with the ransomware company or bringing down a backup. You know that. Everybody talks about, well, I’ve got the backup up there. Well, if you’ve got a lot of data, it takes a lot of time to recover those. And, you know, they don’t put into the, you know, the executives don’t look at that. I don’t think of the time that we put in behind the scenes that the executive management doesn’t see.
Speaker 0 | 46:45.861
It’s, yeah, that’s the problem. That’s the real problem. And no one solved that yet. No one solved the how do we make security, the job of security be the job that everyone thanks us for when nothing goes wrong. And when everything goes wrong and we just barely save the company and bring us back online, they say, excellent job. Yeah. That’s it.
Speaker 1 | 47:16.309
That’s like. If you get that, you’re not working in IT.
Speaker 0 | 47:20.173
I am. Yeah. I mean, so it’s really what we need to do is just turn up a support group. And I think they are probably already, everyone already has the, I don’t know, go on Reddit and, you know, go to the gripe section. You know what I mean? Like the, the, the, you know, it’s the, it’s the, that, that I put the stick over my back with like the old handkerchief and, and, um, like sandwich in it. And I walked out the door and I now live off the grid in a, what is it? A yurt. Is that what they call those things? Yep. A yurt somewhere with a, with, you know, some, the, the solar panels on the roof and a wood stove. And you, I, you know, you don’t even know who I am anymore. Like,
Speaker 1 | 48:07.486
yeah,
Speaker 0 | 48:07.667
I just changed my name.
Speaker 1 | 48:09.428
I mean, it’s, you know, things have changed and changed so quickly. You know, I’ve gone to where my biggest concern was that somebody called me and said that their coffee holder was broken.
Speaker 0 | 48:21.656
Oh, yeah. Yeah. That’s the joke over here. How many tickets did we get? Congratulations. And I have a cartoon going up in the book that’s coming out very soon. I’ve got it right here. I’ve finished finally all the little annoying edits. Now, one of the cartoons in the book is congratulations, IT department. The hand dryer tickets are down by 13% this year.
Speaker 1 | 48:42.865
Yeah. Well, this one, and I don’t know if you were experiencing what the coffee holder was.
Speaker 0 | 48:50.270
Yeah, are you talking about the electronic coffee holder? I’m assuming that’s what you’re talking about. No. USB or something?
Speaker 1 | 48:58.115
No, this was literally when CDs first came out. Uh-huh. And when it was a CD holder, it had a coffee cup perfectly. Ah,
Speaker 0 | 49:08.883
yeah.
Speaker 1 | 49:09.203
And people originally thought that’s what it was.
Speaker 0 | 49:12.265
Shut up. I know that was like a joke,
Speaker 1 | 49:14.967
but I actually, I had, I think it was probably, I mean, it was under five. It was like probably two or three of them that I had that. And literally you go in there and they put the coffee on it and it bent it. So the drawer wouldn’t go back in and that’s what was broken. But I’ve had some of those that people talk about as jokes. They didn’t start out as a joke. Yeah. I really wish that nowadays with the security as it was, I could say it was a joke, but it’s just gotten a whole lot more, you know, a lot more things that we have to protect against.
Speaker 0 | 49:50.135
I actually cried a little bit. I actually dry some tears.
Speaker 1 | 49:55.598
Yeah. Yeah. I’ve had fun.
Speaker 0 | 49:58.239
I’ve had fun with other people’s experiences, other people’s whatever. I don’t know all that. Yes.
Speaker 1 | 50:03.522
Yeah. Well, another one was I remember having my uncle calling me once about his speakers not working on his computer. And I’m sitting there trying to troubleshoot and help them to figure out what it was and couldn’t get it to work. So I told him he was going to have to contact the provider, which in this case was Gateway. I don’t know if you remember Gateway computer.
Speaker 0 | 50:22.646
Of course I do. Gateway was my first Pentium.
Speaker 1 | 50:26.358
Was it? Yeah. Yeah. That came in,
Speaker 0 | 50:28.239
that came in before that. Yeah.
Speaker 1 | 50:31.200
Yeah.
Speaker 0 | 50:31.541
Before that. Yeah. My, I built it from some weird, you know, the, the computer that I had before that, I don’t even know what the brand was because we ordered it from, you know, whatever PC magazine and built it together with some random thing. It was,
Speaker 1 | 50:43.468
well, he, he called me about a week later and said, they found out what the problem was. It was an issue with the mouse. And I’m like, how did the mouse affect the speaker? And he’s like, oh, not the computer mouse. There was an actual mouse in the speaker.
Speaker 0 | 50:58.240
Oh,
Speaker 1 | 50:58.600
man. So I told him, I’m like, that’s what happens when you buy a computer from a company that builds them out of barns.
Speaker 0 | 51:04.303
Yeah. I mean, that’s another real thing is like other people that have opened up computers and they’re like filled with, you know, like.
Speaker 1 | 51:13.748
I’ve had that. Yeah, I’ve had that out of warehouses where computer starts acting or something smells like it’s burning. And. You go out and find a mouse nest in the computer. That’s why you always put those braces back in. When you take a card out, put the brace back in.
Speaker 0 | 51:33.754
Don’t let them crawl through. And a bar of Irish spring and a few mothballs. Yeah.
Speaker 1 | 51:43.238
Those are the old days.
Speaker 0 | 51:44.818
This has been a pleasure. What was I going? I did have. So. What does the future hold for us? Doom and gloom and dark nights, darker nights? Or I happen, I used to be a very positive minded person, but I’m more and more, more and more, I’m thinking, no, doom and gloom.
Speaker 1 | 52:08.854
Yeah, the, I don’t see any result to help with security. I really, I really don’t because, you know, as much as we do to protect. I’ve got people on the opposite side, and a lot of times they’re a whole lot smarter than we are.
Speaker 0 | 52:27.304
It’s just easier. It’s like going to the dark side. It’s like going to the dark side. Let’s just be honest. We’re going Darth. We’re going Darth.
Speaker 1 | 52:35.287
And with all the systems.
Speaker 0 | 52:40.549
If Anakin went to the dark side, what hope is there for us?
Speaker 1 | 52:44.331
Right.
Speaker 0 | 52:45.191
It’s like,
Speaker 1 | 52:47.032
could be there. Everything’s becoming electronic. So, you know, where it used to be, I had to worry about a computer. Well, now I have to worry about a computer and a phone and, oh, the phone and the video system. Oh, well, guess what? Now my coffee pots connected to the Internet. Now I can worry about that.
Speaker 0 | 53:07.130
But my friend and I used to just drive by with the with the universal, the universal garage remote. You know how many channels he used to have? I mean, he only had to swing through so many channels. I mean, back then, that was just stupid, stupid teenagers. I mean, we weren’t even teenagers. We’re even seventh grade. Yeah, we’re teenagers. 13. Just, you know, actually, no, I had to have a driver’s license or even it was a bike or something. You could just drive by people’s houses back in the day and hack the garage door. Now it’s everything. Now it’s like, hey, let’s turn their faucet on. Let’s turn their lights off in the house. Let’s do it’s pretty, you know, I think a pacemaker has been hacked. I think there’s actual evidence that a pacemaker has been hacked.
Speaker 1 | 53:45.772
Insulin was hacked and killed somebody. We’re screwed. Insulin. It’s just, you know, we’re going so much and, you know, that doesn’t even bring into the AI, you know, who knows what’s going to happen with that.
Speaker 0 | 54:00.552
I still got to have my AI PhD friend on the phone or every time I talk to him, when I see him, he’s just like, no, we’re done, Bill. We’re done. He’s so like, you know, fake’s like, no, we need to get on the good side. We need to battle. We need to fight back. We need to make sure we’re there. We need to make sure we’re on the front lines. on the front lines you know uh python and some other stuff and you know right now these things he’s talking about do you have any idea what they can do now phil do you have any idea we need to be on the front lines we need to be the good guys look okay yeah i know nothing about that i can’t do any of that i just have i’ll have you on the show i’m gonna have him on the show make it as just gonna be the dark days we’re gonna call it the dark show the dark show so it says um Very fun. It’s been great having you on the show. Any piece of advice for anyone out there? I don’t know, as far as security pieces, or if you had one piece of advice or your one trick of the trade or something that you could give to the listeners out there that they need to do at work.
Speaker 1 | 55:01.177
Yeah, really what I would say, try to become part of the company. A lot of times they put IT in the back room. and they don’t understand what you’re going through day to day, whether you’re the IT director or your desktop support. It seems to be, you know, in the back room. And they don’t want to think about it. And you don’t hear a lot until something goes wrong. So try to get in front of the executives and let them know what you’re doing. Let them know what your problems are. So they at least have some idea that there is something going on.
Speaker 0 | 55:41.948
What’s the best way to do that? Because immediately I thought in my head, like all these creative ways we could do like a flat screen update. Hey, here’s your IT guy working in live. Live, real time. This is a real live IT guy working right now or a newsletter or something. I mean, something funny or hilarious walking around. I mean, I give out nerd glasses and stuff, walk around with nerd glasses and pocket protector. Hey, I’m the IT guy.
Speaker 1 | 56:05.803
Just watch till you walk. Show somebody on the screen walking in the server room and hitting the power button off.
Speaker 0 | 56:14.369
Send out memes.
Speaker 1 | 56:15.209
And then bring it back up. Yes.
Speaker 0 | 56:16.951
Yeah,
Speaker 1 | 56:17.211
do that. But no, I try to meet with my boss, who’s the COO, and, you know, kind of give him an idea of what’s going on. Because otherwise, you know, he sits up there and his computer works and he’s doing what needs to be done. You know, he doesn’t know what’s going on.
Speaker 0 | 56:34.472
By the way, did you know if we get this certification, we can make this much more money? Hey, by the way, did you know if we do this, we could save this much money? Did you know we could do this? Just speaking dollars and cents. You could have, I don’t know, you can go to the Hamptons for an extra day this year.
Speaker 1 | 56:47.199
Yeah. So there’s a lot you can do, but you can’t do it sitting in the back room. You’ve got to bring it to the attention of people. You know, most of the time you get stuff you get from users. Thank you. But the executives don’t know what’s going on.
Speaker 0 | 57:03.288
Exactly. Johnny Mullen, everyone. Johnny Mullen, thank you so much for being on Dissecting Popular IT Nerds.
Speaker 1 | 57:09.774
Thank you very much. I appreciate it.