Episode Cover Image

291- Branden Escobar Talks Modern Cybersecurity in Oil and Gas Stations

Dissecting Popular IT Nerds
Dissecting Popular IT Nerds
291- Branden Escobar Talks Modern Cybersecurity in Oil and Gas Stations
Loading
/

Branden Escobar

Currently the IT Director at Boyett Petroleum, Brandon Escobar has rapidly advanced in his career due to his versatility and dedication. With a Bachelor’s degree in Computer Science and a Master’s in Cybersecurity from Johns Hopkins, he has integrated innovative solutions and strong security measures across various industries.

Branden’s keen insights and ability to communicate complex ideas make him a standout leader in IT and cybersecurity.

Branden Escobar Talks Modern Cybersecurity in Oil and Gas Stations

How does someone rise to an IT leadership role in just a few years? In this episode of Dissecting Popular IT Nerds, Branden Escobar shares his journey from starting in IT to leading cybersecurity efforts at Boyett Petroleum. We dive into his educational background, the importance of being adaptable, and how cybersecurity has evolved. Listen in for insights on managing IT in a growing company and implementing effective security measures.

Disclaimer: The views, thoughts, and opinions expressed by guests on this podcast are solely their own and do not necessarily reflect the views or positions of their employers, affiliates, organizations, or any other entities. The content provided is for informational purposes only and should not be considered professional advice. The podcast hosts and producers are not responsible for any actions taken based on the discussions in the episodes. We encourage listeners to consult with a professional or conduct their own research before making any decisions based on the content of this podcast

3 Key Takeaways

Episode Show Notes

Introduction [00:00:10]

Early interest in technology [00:02:16]

Shift from law to IT [00:03:03]

Choosing cybersecurity over data science [00:04:24]

Importance of communication in IT [00:05:41]

Private vs public sector IT [00:10:22]

Managing expectations in IT [00:13:37]

Challenges as a young IT leader [00:15:28]

Using technology to advance business goals [00:21:19]

Human element in cybersecurity [00:27:06]

Cybersecurity as a comprehensive field [00:32:19]

Importance of identity and access management [00:43:25]

Transcript

Speaker 0 | 00:07.837

Welcome everyone back to Dissecting Popular IT Nerds. Today, Brandon Escobar. Assuming I got that one right, you have one of the easier names in the world.

Speaker 1 | 00:16.220

Yeah, no relation to Pablo.

Speaker 0 | 00:18.541

Cybe. That’s too bad. That would make this show a lot cooler. Yeah. I would make this. cybersecurity in the oil and gas kind of gas station industry. So that brings you into like three layers of security. I’m assuming there’s the physical security where we have to make sure guns don’t enter the store. And there’s there’s that layer of security, which I have no clue if you deal with that whatsoever, because security back in the day used to be just, you know, cameras and stuff a little more advanced today. Anywho, welcome to the show. How did you get started in this world of technology? What was your first computer? Did you do anything before the internet was, were you even alive before the internet was invented? I was like 96. Yeah, but I mean, it really depends on where you draw the line. ARPANET, does that count? That doesn’t really count, right? You were born in 96?

Speaker 1 | 01:17.385

I was. I am 27. I’ll be 28 in July. Actually, 28, three months from yesterday.

Speaker 0 | 01:24.470

That’s so absurd. I graduated. college in 90 no high school 95 so okay so i graduated high school i had a 386 with a dvd drive that came out and you weren’t even born yet so yes so no that doesn’t count you were not born vhs tapes and the video player if that helps yeah that i mean that’s a little bit so you were behind you were a family that was behind the times and technology just a little bit you know i think dvds were out by then remember the dvd thing that was a thing yeah and then the shift to blu-ray and all that other fun stuff so anywho um you have already a fairly extensive it uh history how’d that all happen since since you were born in an era where it was a real thing kind of already so by the time you were 16 it was a real thing right uh back in it was kind of like a step above the um audio vizio guy that would roll like a i don’t know a tv or something into a room yeah i i

Speaker 1 | 02:25.488

tell people that like you know my i have a couple of brothers my baby brother really grew up with all the new technology that we have right so he was born around the time of like the iphone so he’s grown up with a lot of the newer stuff i grew up at a time where we still had you know like phones on the wall and you know long coiled cables and all that kind of stuff and coax and everything like that that was fun the old thing that was all wound up into a big ball Mid thing. Yeah. Limited movement.

Speaker 0 | 02:58.233

Bambo2 is coming on TV. I’ve got to be able to talk on the phone and watch TV at the same time. Yeah. First blood. Second blood.

Speaker 1 | 03:05.477

Whatever it was. I got my start really in IT. What’s funny is through high school, I was like really big on, I was, I wanted to be a lawyer because I loved history. So I was like, I’ll go get my history degree and be a lawyer. And then I was like, I don’t know. These computer things are pretty cool. You know? And so I took a robotics class in my senior year of high school. So it was just very straightforward programming and working with just these little robots, make them like flip over and everything. And I really, I love that. So I went to California State University Stanislaus and that was 2014. So my first year I graduated in 2018 with my bachelor’s in computer science. And then… you know i i had a little gap in between graduating college and getting my first it job so i was like well i might as well be a little bit productive and go get my master’s degree so applied at a bunch of different school ended up getting into cyber security at johns hopkins what was funny was i was between data science and cyber security and i was like well do i kind of want to work with like data or do I want to do cool spy stuff with the cybersecurity side of things? And I’m very glad I went with cybersecurity. No shade being thrown at data science people.

Speaker 0 | 04:31.535

Oh, no, we can throw all kinds of stuff. It’s really, you guys are boring numbers people that really think you’re wicked, wicked important. And really, we just throw you by the wayside and say, oh, we got to have a data guy, so bring him in. No, I only say that because I have a lot of friends that are like, I literally have friends that have PhDs in. some sort of data science and they talk like it’s, you know, like the most important thing in the world. I have no clue what they’re talking about. It’s something about. Something about some weird coding language or something, Python or something. They talk about snakes.

Speaker 1 | 05:01.697

I don’t know. Yeah, things like that. What I loved about cybersecurity especially was that human element. And, you know, both in dealing with adversaries who are on the other side of, you know, trying to get into systems, but also the human element of like the people that I’m working with in whatever organization I’m in. Like I’m on the security team. If I’m on the security team. I’m doing the technical side of things, but really everybody’s part of the security team because we all kind of have a responsibility to work safely with all that.

Speaker 0 | 05:36.605

Yeah. You have a responsibility for making other people realize that you guys are actually also human also, and not just like this department that is wasting everyone’s money.

Speaker 1 | 05:48.490

Correct. And it’s really… My dad, he’s worked in sales pretty much his whole life. And he’s taught… me a lot about him. He’s taught me a lot about communication. And I had a professor in college, it was my senior year at CSU, we had to do this big, like 20 minute presentation. And she was like, you know, I know a lot of you might be kind of introverted, you know, you might not be, you might not like presenting, but you have to be able to present your ideas to people. You have to be able to share your knowledge and make it consumable for people who might not have.

Speaker 0 | 06:25.438

as much technical depth you know why should we care about what you’re saying nerd exactly here’s why yeah let me break it down for you um uh let me dumb it down for your meager mind to uh try and digest this stuff that’s way above you no yes so here’s you need to speak with people in a way that is not condescending to them right um that also shows that you have a soul you and you are able to think outside of the box. So you’ve really been in like, would you say you’ve been in the work world actually like in the positions that you’re in for, I don’t know what, six years or so?

Speaker 1 | 07:06.749

So I started my first IT job I got at the end of 2019. So right before COVID, I was the systems administrator at a local control systems integrator. here in ester california okay and uh they hey covet hit next beat of god they were up in the cloud they had that foresight so like from my side of things you know i didn’t have to transition a bunch of stuff up into the cloud but i was able to get a lot of exposure to a lot of different technologies and not only that yeah but how those technologies are impacting the business right the business processes because it’s kind of like we have a process that we need to do here at work

Speaker 0 | 07:52.246

so what tool are we going to use to like make it happen right so what’s your thought process around that and really where i’m where i kind of i’m actually a little bit fascinated is how fast you got to where you are in that short of a period of time being honest uh the and how did you get any sort of i don’t know how big do you have a team of people i do um i have you

Speaker 1 | 08:19.290

So far, I’ve got a couple people in my current department. And we’re looking to grow just because the business itself, I mean, boy, petroleum. I mean, we’re growing like crazy. And it’s really just trying to my job since I’ve been coming in has really been trying to scale our IT department to meet the needs of the business as a whole, which is just, you know, exploded in the past few years.

Speaker 2 | 08:44.368

At Dissecting Popular IT Nerds, we expect.

Speaker 0 | 08:46.890

to win and we expect our IT directors to win.

Speaker 2 | 08:50.131

And one of those areas where we know that we can help you win is internet service providers. As an IT director tasked with managing internet connectivity, few vendor relationships can prove more painfully frustrating than the one with your internet service provider. The array of challenges seems never-ending, from unreliable uptime and insufficient bandwidth to poor customer service and hidden fees. It’s like getting stuck in rush hour traffic. Dealing with ISPs can try one’s patience even on the best of days. So whether you are managing one location or a hundred locations, our back office support team and vendor partners are the best in the industry. And the best part about this is none of this will ever cost you a dime due to the partnership and the sponsors that we have behind the scenes at Dissecting Popular IT Nerds. Let us show you how we can manage away the mediocrity and hit it out of the park. We start by mapping all of the available fiber routes, and we use our $1.2 billion in combined customer buying power and massive economy of scale to map all of your locations, to overcome construction fees, to use industry historical data, to encourage providers to compete for the lowest possible pricing, to negotiate the lowest rates guaranteed, and to provide fast response times in hours, not days. And we leverage aggregators and wholesale relationship to ensure you get the best possible pricing available in the marketplace. And on top of all of this, you get proactive network monitoring and proactive alerts so that you’re not left calling 1-800-GO-POUND-SAN to enter in a ticket number and wonder, why is my internet connection down? In short, we are the partner that you have always wanted, who understands your needs, your frustrations, and knows what you need without you having to ask. So, we’re still human. but we are some of the best and we aim to win. This all starts with a value discovery call where we find out what you have, why you have it, and what’s on your roadmap. All you need to do is email internet at popularit.net and say, I want help managing all of my internet garbage. Please make my life easier and we’ll get right on it for you. Have a wonderful day.

Speaker 0 | 11:04.586

There’s going to be, this is just me thinking out of the box. I think there’s going to be a transition from the… old school IT guys that are going to hopefully retire and have something to retire on and do something. And one of the questions we ask a lot is it kind of what’s the end game for IT and the more new school people that grew up with technology that didn’t grow up and learn how the internet actually came about and what a network card is and all that type of stuff. So you’re of the new school and the fact that you’re in a leadership position as soon as you have been, there’s something there that’s going on. So I don’t know what it is. Maybe you can pinpoint it. Maybe it’s dad was a sales guy. So I learned to talk to people and sell myself. I mean, honestly, that really did it. It could be, you know, so that makes me more empathetic to people because the reality is very successful salespeople, good salespeople treat it as profession and they treat it as really filling a need, kind of acting like a doctor, really helping people sell a solution versus the, the. unfortunate stereotype of the scumbags of the world, like the Wolf of Wall Street, whatever his name was. I don’t know. What’s his name? I can’t remember that guy’s name, Jordan or something. Whatever his name is, that’s scumbag. And so it’s because that’s really not what it is. So you may have learned, you know, without even knowing it from your father, like how to be empathetic, talk with people, have this leadership. I don’t know. Maybe you tell me what’s the key.

Speaker 1 | 12:32.107

Yeah. So, I mean, in a lot of ways, I think it’s just the body of knowledge. that I’ve been able to learn from. And it’s my ability to communicate that. Right. So, um, you really do have to be able to sell yourself as an IT person.

Speaker 0 | 12:49.721

First thing I want to know, what’s the body of language that you’re referring to? Cause it’s a little bit vague. I just need to know. That’s true.

Speaker 1 | 12:56.005

Uh, so I mean, with regard to what I’ve done, you know, educationally and experience wise, right. And so I’ve worked at several different organizations now. I’ve worked private, I’ve worked public, and I’ve gotten a really broad perspective on how private sector does things versus public sector. There’s things I like in both. There’s things that I think could be improved in both.

Speaker 0 | 13:18.227

So experience, in short, get yourself, get your hands dirty, get in there, figure out how people build their networks and different applications they use, where things are broken, what things work better.

Speaker 1 | 13:31.978

Yes.

Speaker 0 | 13:32.678

Okay.

Speaker 1 | 13:33.479

And it’s… And I do think it’s an attitude of being willing to just be flexible and adaptable to a situation, right? Like the solution you have in mind, you might be trying to put a square peg through a round hole, so to speak, right? And it might be there’s a better solution out there. And being open to the idea that things that you’ve put in, they might not be doing the best job. It’s going to be flexible and adaptable. But so like with regards to cybersecurity, That in and of itself, I think, has been tremendously helpful just because as an industry, there’s a shortage of people in cybersecurity. And it’s a really

Speaker 0 | 14:14.859

I’m going to I’m going to challenge that. I think there is an overflowing flood of every single person like real people, like people saying, I’m going to be a real estate agent. Yeah, there’s a million real estate agents on every street corner, but there’s only one or two that know what they’re doing and care. So I’m going to challenge it, but I’m going to hold on. Hold that thought for a second. Because you were finishing one other thing when I asked you like how you got to where you were so fast and you said one was like experience and then I kind of cut you off and there was some other key piece there, which was like the leadership piece, which I want to know how you gained that because I don’t think people overnight learn how to. People have said before, referring to end users, herding cats is one of the terms that shows up in our urban dictionary. We’re putting together an urban dictionary where I had AI. I didn’t have AI. Greg, the Frenchman, my producer, had AI scrape all of the shows and pull all of the terms that IT directors use. One of them was herding cats, which I thought was hilarious.

Speaker 1 | 15:07.057

Yeah.

Speaker 0 | 15:07.958

Anywho, so how did you learn to herd cats so fast? And then not only that, get other people to help you herd the cats, i.e. systems admin people, help desk people. And yeah, how’d you make that jump?

Speaker 1 | 15:21.947

In a way, you almost have to take a role of kind of like mediating between the two groups of people, right? So in a way, as an IT director, this is my first management level position. So I had to learn a few things. I had to learn how to start managing people. I mean, if we’re using herding cats, that’s, you know, one set of that. The other is really managing expectations with, you know, people in different departments.

Speaker 0 | 15:51.149

Okay.

Speaker 1 | 15:52.030

And really trying to gauge what they need, right? But people can kind of communicate a need that they have, and you just kind of have, you really have to look at how to make it happen.

Speaker 0 | 16:04.977

Yes. I have many of those myself, still trying to figure them out. Okay. And to kind of like pull this full circle to bring it back to even the question that was before that, because I get very ADD and I drink a lot of coffee. The new school layer of IT leadership that I’m seeing come about is kind of the new school. I don’t know if you’re a gamer and I’m not trying to pigeonhole you into a gamer. Okay. So the kind of the, the new, the, the gamer group heard of, of people, right? Because the older generation, what would we have? Atari NES. We had Mike Tyson’s punch out was, which was awesome. Right. Um, but you guys have like a whole new layer of like, yeah, we were, I was on Twitch the other day and we were doing this and that. It’s like a whole new layer of coders. It’s a whole new, I don’t know if you want to call them millennials. I don’t, you know, whatever you want to call the different generations, however they want to pigeonhole us, you know? Uh, I’m already trying to make myself younger than I am, but, um, that’s, there’s going to be this changing of the guard, so to speak. And I think you kind of represent that a little bit because just straight up your age and the position that you’re in. I don’t know if there’s any insights to be gained from that or anything. I guess my question would be is how is it coming in, in it being younger and. maybe possibly having to deal with the stereotypes of, well, you’re young and we’re old, so we know better. Can you just get the job done? Does that make sense? How do you gain some level of authority that’s like, hey, look, I know this stuff. This is what we need to be careful of. This is how we should do this. This is how we can help you do more with less. Have you seen any layers where technology can help scale the business?

Speaker 1 | 17:55.583

Yeah. I mean, for a lot of that, and from what I’ve seen. relating to that it’s a lot of things have just been for example like on-premise so long that you know this is just the way that we we’ve done things right it’s how it’s done okay okay that that’s fine the process itself might not be the problem it’s the tools and how we’re applying them that we could probably make some improvements right so you know people want to be able to do what they’ve kind of always done right but if you give them flexibility if you give them better accessibility, that kind of helps, you know, sweeten the deal for them. So it’s just kind of like, hey, so, you know, we want to do all of this with our file structure. We want to do all, we have these different technologies that talk to each other. We don’t want to have to be, you know, connected to a, stuck to an on-prem,

Speaker 0 | 18:51.872

right?

Speaker 1 | 18:53.394

So pushing things, and this is part of me, I guess, being new generation, but I’m also like, My mindset being my first job I was at, we were all in the cloud, right? And so I’ve been exposed to cloud technologies and just the growth of what they can do, like even in the past four or five years that I’ve been working in IT, is just great. Virtualization and the security part of me, because now, so my specialty is security, but now because I’m… In my position, I really do have to keep in mind, you know, and I think I was listening to one of your podcasts earlier. You talked about business continuity. What’s the baseline that I need to have running to make sure that my company can keep running, keep making money? Right. Because at the end of the day. IT is really a support branch of pretty much every company and organization, right? And so you have to be willing to help people. You also have to be willing to give them solutions that are actually trying to solve the actual problems that they’re having, if that makes sense.

Speaker 0 | 20:06.154

No, it absolutely does. There might even be some things there that as you connect with sales and growth of the company that you can actually offer up that… that actually do help grow the company and provide business development.

Speaker 1 | 20:19.259

Exactly.

Speaker 0 | 20:20.120

I just know my team comes up with crazy things on a daily basis. Like, hey, you got to check this out. Like what? Oh, you got to check this out. Check out this, what we did with this AI and these different APIs. And we put them all together and look at what it popped out. Like, oh, that’s pretty wild. Yeah. And then my question is, is like, okay, can you put it into action? So we stopped talking about things and can we actually, you know, we actually do a thousand ideas on a daily basis. How do we actually. execute and make something, you know, do something.

Speaker 1 | 20:47.733

Exactly. After a certain point that having ideas phase, you really do just need to dig in your heels and commit, right? It’s like, okay, we have this idea. We have a plan of action of how we’re going to execute this idea. You know, we have our testing phases of however we’re going to put this into motion. Whether that be a security tool, you know, a BI tool for…

Speaker 0 | 21:12.234

the sales folks so they can get better numbers on what’s going on in the company um okay so since you didn’t go into data um because that’s not a real thing and that’s just a side gig for everyone else no um how uh have you found any um i don’t know i’m just fascinated with data because we have a ton of data the show itself has a ton of data from i don’t know i think we’re nearing 300 interviews all transcribed um various different pain points and things and themes that are common throughout um it leadership um yeah i would there’s like this trevor treasure trove of stuff there that i would love to be able to take action on and i’m just wondering if there’s anything that you’ve found lately or tools that you’ve used that have been very useful did you say power bi i can’t remember anyways it’s the bi for business intelligence you

Speaker 1 | 22:10.490

I don’t have any specific tools as of now, but I do know that really a lot of people tend to be very visual. I’m very visual, so when people are explaining concepts to me, sometimes I like to take a whiteboard and draw out what we’re talking about. So it helps me understand it a bit better. So you might have a treasure trove of data somewhere, right? And if you… If you don’t have good reporting, if you don’t have a good way to represent that data, it’s just kind of numbers. But when you have that and you give the people in your organization the ability to utilize that, it helps them to make decisions that are data-driven decisions, right? So they might have a gut feeling about something, and if they’ve got data to back that up, they might make a better business decision.

Speaker 0 | 23:05.411

Yeah, the thoughts that you just made me think of. were, how are we moving the bar in X, Y, Z areas? And then if we can provide them, if IT can provide X, Y, Z areas, and then maybe even a Z, hey, I don’t know if this is important to you, but have you noticed that we’ve got this metric also? I don’t know if it’s important, is it? Yeah, that’s just, it sounds so basic and simple, but how many IT guys are just worried about? I don’t know, our KPIs around tickets and how we’re doing this, that, and everything else. There could be a, what do we call that, a paradigm shift.

Speaker 1 | 23:47.282

Yeah, truly just a paradigm shift to where the stereotypical IT person is offering more to an organization more than just, you know, help me fix my computer or maintain my systems or something like that. Really utilizing the tools that are out there. there to enhance business. Right. And I, I say that, and I guess part of it is with my cybersecurity background, we work a lot with, um, documentation, standards, compliance, all that sort of thing. Right. So you guys got that.

Speaker 0 | 24:22.718

That’s nice. We have security. We actually have a security compliance. Um, you can keep going.

Speaker 1 | 24:28.560

Yeah. Um, the whole mindset of cybersecurity being. You really need to tailor it to the business that you’re in, right? So I could come in heavy-handed, lock everything down. But then my users are really annoyed with how locked down everything is, or it literally stops business correctly.

Speaker 0 | 24:51.043

Classic, typical. Yeah.

Speaker 1 | 24:53.305

So it’s very much tailoring security to your business case. And in much the same way, I really feel like that’s a concept you could apply across all of IT. And everybody really gets focused on the thing they’re doing. Right. And kind of something I’ve been. you know, working on, you know, coming into a directorship, I really have to keep my mind on the big picture. Okay. So we’re going to put this tool in, it’s offering these benefits. Who does it affect? You know, it’s affecting everybody positively, hopefully. Right. You know, is this the best use case for our business? Is this going to improve things overall? What other exigent things do I need to think about? Do I need to think about? access? Do I need to think about the security side of that? It’s a lot to think about. But eventually, yes, like I said earlier, you do have to commit. And I’ve taken a very collaborative approach in my current role because at the end of the day, I could pick the tool for people, but it might not be the best tool. It’s smarter long-term, in my opinion, just to have people test in different departments, test drive the tool that they’re going to use or test drive a few, look at the cost benefits analysis between all of them, and then you can all make a decision. It might take a bit longer, but it’ll be a better informed decision.

Speaker 0 | 26:22.116

And it takes full response. It doesn’t take, it takes some of the responsibility off of your shoulders. So, hey, look, guys, I’m advising here. I’m advising on the different things that we have available. Let’s test them out. Let’s go through a proof of concept phase, whatever it is, and then you decide.

Speaker 1 | 26:37.180

Because at the end of the day, if you’re going to be, let’s say, writing a contract for a tool for a few years, you want it to be a good tool and you want the people using it to be happy with it. They might need some retraining. That’s fine. That can be set up too. But you have to make sure that whatever you’re doing, I mean, this is my short experience thus far, you are getting input from people in management. or hearing from people working with the tool every day, getting feedback and figuring out, okay, so we’re having these problems, these issues, or these are some really positive things that we’re hearing about this.

Speaker 0 | 27:19.261

What do you do for that? Walk around, ask people, send out a survey? What are we doing?

Speaker 1 | 27:25.605

We’ve got a bunch of tools in the works. One of the pushes to cloud that we did have was more out of necessity. I do plan on kind of utilizing, we’re kind of like a Microsoft sweet shop, utilizing something like Microsoft Forms, trying to get feedback from people. I actually do do this with our security awareness training. Security awareness training tends to get lumped in with HR training. So people kind of, they’re not thrilled with it when they do have to do it. The training I’ve… generally picked has been a bit more interactive and a bit easier to digest um you know what do you guys use no before or something before yeah i should have like the vendor guest section of the show yeah there you go vendor do you use yeah um no before is pretty good yeah no before um i went to a fantastic presentation on security awareness training at a conference a couple years back and you know I had done the security awareness training where we have people come in batches and we’re like, hey guys, this is why we do this and this, right? And it wasn’t super effective. So at this conference, the presenter was like, look, there’s all these options for security awareness training and they’re way more engaging. And it’s not going to take two, three hours of a slideshow. It’s maybe a half hour, 45 minutes. It’s much more engaging. Some of them have a plot. Some of them are funny.

Speaker 0 | 29:02.116

Yeah. Yeah.

Speaker 1 | 29:02.936

And people connect with that a lot better, which means, you know, hopefully they’re doing much better.

Speaker 0 | 29:09.419

It really shouldn’t be lumped in with HR. Cause HR, HR sometimes is like the biggest weakness. They’re sometimes the biggest weakness. Like, Hey, send us all the W2s. We need them right away. Right. Uh, the president said we need to send all that, you know, his, his email spoofed or something like that. Yeah. With like a dot, dot. org or something you know and then you know quick send us all the w2s we need them and send a gift card to charlie yeah and that’s really just a training thing you know um you know i have an education in this and i’ve also got the practical experience in it it’s what i see

Speaker 1 | 29:45.382

I know what I know. Now I really have to communicate what I know. And it has to be something that people understand, right?

Speaker 0 | 29:54.726

And again- They have to care though. They really have to care also because in every organization, it’s the 80-20 rule. And in this case, I would guess 20% of the people actually really care about security. And I would say the other 80% are kind of like, ah, we gotta do this. So that’s kind of like the biggest- weakest link. And then I’ve had some people say, well, we’re just going to make it part of their employee agreement that they have to sign off on. But it is, yes, it is humans is the biggest weakness for sure.

Speaker 1 | 30:27.688

And that’s kind of the beauty of cybersecurity. You could have the most locked down fortified system in the world and one person could actually just let someone in, you know?

Speaker 0 | 30:40.438

So back to this anomaly of why you said you think there’s a shortage of cybersecurity people, which I would completely disagree with. I think it’s overloaded and flooded right now. I think it’s like so many people trying to go. I want to go into cyber. I want to go into cybersecurity. I want to be an ethical hacker. I want to be this. You know, like I want to be a pen tester. I just want to, you know, like to me, like I feel like there’s an overload of those people. So I don’t know. And, and products and vendors, my gosh, there’s an overload of security vendors calling me on a day. Can I be on your show? Can I do this? No, you can pay. Well, maybe, I guess if you want to, you know, come on in a vendor agnostic standpoint and battle it off with all the other guys and you guys each can pay me $5,000. And yeah, we’ll do a podcast, but no, um, for anyone listening out there that wants to come on the show and, uh, but really, I mean the, the security, I don’t even like when people ask me for stuff, I’m like, look. you know, whatever. Mike Johnson on show 259 said he only needs three vendors and these are his top three. I was like, so maybe, you know, I don’t even, I don’t even try to get into suggesting I do have a top five, I would say top five, you know, security vendors, and you probably only need five and those five will probably take care of the majority of the, and everything else is kind of up to you to manage your particular organization and all the security policy. And I don’t know if you’ve got certifications and all that other type of stuff. Um, no before is definitely probably, you know, they’re, they’re up there on the list. Um, I don’t know where I’ve totally forgot where we were going with this. Oh, your shortage of security. Why do you think there’s a shortage of security people? So

Speaker 1 | 32:21.474

I think, I think there’s a shortage of qualified people going into these security positions. Now that’s not to like throw stones and say, you know, just cause you want to be an ethical hacker, you can’t do it. but the, I mean,

Speaker 0 | 32:38.320

there’s a shortage of positions. Let’s put it that way. There’s a shortage of well-paid positions where they don’t, it’s like the, have you read the Phoenix project or listen to the Phoenix project? If you haven’t, you need to everyone listening. If you have not heard the Phoenix project yet, again, I should get paid for advertising this way. It’s like, you just got, it’s like the brave heart or the star Wars of, you know, the it world books that you need to read or something. You know what I mean? But security is kind of like, you know, like this, the redheaded stepchild, you know, like in every organization type of thing, you know,

Speaker 1 | 33:10.815

and it’s,

Speaker 0 | 33:11.675

and that exists and that exists in that book, you know, as like, you know, so it’s kind of like, oh, get out. Oh, great. So here comes security screwing up the whole, like, you know, implementation of, you know, we just got all the coding done and here comes security, you know? So anyways.

Speaker 1 | 33:26.580

So, and it’s, it’s, but the thing is that’s not a love about security is it’s so it is this. I had a friend who told me this when I was first really trying to break in IT. He’s like, IT is like a vast ocean, right? Like if we have all the oceans of the world, IT is like all the oceans of the world. And cybersecurity is like, you know, pick an ocean, right? Within security, you know, you’ve got your ethical hackers and your pen testers. I would say that’s probably the most visible type of position that people want because, you know, everybody wants to be a hacker. I’ve talked with folks who do that. That’s their job. It’s not just hacking. They will literally go break into a building. They will walk into buildings. They will be like, how far can I get into this building without getting stopped?

Speaker 0 | 34:12.595

Oh, I love it. I love it. Your dad is a salesperson. You’ve probably got all kinds of… I started out at a Cisco startup years ago, years ago, when I first stopped working for Starbucks, because that’s the only job you could get right out of college, which… probably a lot of people relate to nowadays. Why did I pay for all this college education? I’m working at Burger King. Nothing wrong with, I could use a Whopper right now.

Speaker 1 | 34:38.351

Yeah.

Speaker 0 | 34:38.651

And the vegans are like, hey.

Speaker 1 | 34:43.176

Yeah. I mean,

Speaker 0 | 34:43.996

you mean the, what do they call that? Zero meat? Anyways, miracle something. Anyways. Very off topic, but yeah, there you go. Train of thought completely gone. I don’t know where we’re going. Remind me, where was I going with that?

Speaker 1 | 34:59.403

We’re talking about the ocean that is cyber.

Speaker 0 | 35:02.265

Yes. So when you said the ocean, but just real quick, I just want to know you, I’m a very visual guy. So these things went, this is what went through my mind when you said the ocean, you’re probably too, again, too young. May the Lord above bless you. The, did you ever see that movie Waterworld? Do you remember that movie? water world never saw it but i’ve seen this is what i imagined like water world is microsoft and then there’s like all these other like little products and security things that are like the pirates you know like battling uh microsoft to uh get some give a seat at the table anywho okay go on so now back to reality which

Speaker 1 | 35:37.347

but within within cyber security itself as a field you know i i would say there might there’s probably a shortage of people wanting to do compliance where you’re kind of a lawyer in a lot of ways. You’re looking at these standards. You’re looking at, how do we do this? Are we doing this? Are we compliant with this? If an auditor comes to me today and asks me these hard questions, am I going to pass or not?

Speaker 0 | 36:02.859

Definitely not. No one’s passing.

Speaker 1 | 36:05.520

Yeah. Say what you want about cybersecurity standards. They provide a good baseline for what you can. look forward to and achieve because generally they’ve been collaboratively looked at and constructed by professionals from all different industries and all different fields. And I mean, you know, if you’re talking about people think security, I think like, you know, corporate cybersecurity, there’s operational technologies, you know, factories that if an attacker gets into their network, they can, you know.

Speaker 0 | 36:44.655

damage heavy equipment they can cause heavy equipment to malfunction yeah i mean you see this with so this is what actually got me they can hack a radiation machine they can have a literally in a hospital like some sort of iot radiation machine that’s like supposed to be targeting uh i’ve heard that a pacemaker’s been hacked i don’t know how i don’t know why ransomware has shut off or it’s locked down like monitors at hospitals there was a

Speaker 1 | 37:12.784

story a couple years back where these attackers ran somewhere to hospital and the hospital told them dude there’s a guy on life support here and i can’t i can’t monitor him or help him so they the attackers gave them the key for free for once back to actually like unlock it right but the person passed away so you know it’s real life ramifications um But going back to the whole shortage.

Speaker 0 | 37:42.933

My sister’s an RN. Her hospital was hit by ransomware and they refused to pay the ransom. But they were down for like 10 days. Yeah. Like something, like just something, like a hospital. I mean, it wasn’t Vermont. So I mean, how many people actually live in Vermont? So I think it wasn’t as bad as it was. but it was a hospital, like a full fledged hospital down for like days. And I remember, I just remember what I thought of the physical attack, because I used to have fun. Just like, let’s just see how far I can get in for my clients. Like, let’s just see, Hey, you want to just check your, um, you know, let’s just check your current providers and see if they’re secure. And I would just call up XYZ provider or vendor and just say that I’m not that person. I’m hi, I’m I’m so-and-so calling in. I need our, I need our, and I’m really in a hurry because we got to, we’re redoing this like, you know, network or something, blah, blah, blah. I need the, I need all the static IP ranges. I need blah, blah, blah. Okay, sure. Here they are.

Speaker 1 | 38:47.385

Yeah.

Speaker 0 | 38:47.685

Just like so easy. So easy.

Speaker 1 | 38:50.007

Introduce a stressful situation, you know, with very little time or like room to argue and, you know, social engineering, well, it defeats.

Speaker 0 | 38:59.375

What’s your address, sir? Yes, it’s here. Zip code this. Oh, okay. Here’s your information. It’s really like, I think vendors, I think vendors could be one of the weakest links. Yes. And ironically, also a sales people that want to try and sell a deal that will give out customer information very easily. I’ve seen that. I’ve seen people just haphazardly unplug things physically in a data center. And, you know, it’s just like, whoops.

Speaker 1 | 39:33.306

Yeah. Or it’s like. My favorite I’ve heard, which is kind of like an outdated solution, is, well, I’ll unplug the infected computer from the network. And I’m like, it’s over already. You know, it’s all over. If it’s ransomware, it’s all over the network already. It’s worming its way through the whole thing. It doesn’t matter if you unplug the infected endpoint.

Speaker 0 | 39:55.886

Speaking of vendors, I had a personal one myself that I’m really still really, really, I’m really irked, really ticked off about this. I can probably think of some other words to describe these people. I had personally a malware attack that took down our website. that was like, I was literally losing my mind because we had all, we had like podcasts that had just gotten released. And it was, it was again, trying to find someone that wants to come on the team at Dissecting Popular IT Nerds and be our coder and web developer looking for that. This is an advertisement, trying to find the right guy. It’s not a WordPress guy because WordPress has so many plugins and everything. So there’s one vulnerability on one of the plugins that wasn’t updated. Malware comes in, takes down the website. Here’s what the vendor does. We’re going to bring in whatever other security vendor to clean up all the malware and blah, blah, blah, blah, blah. So great, we got security cleaning up the malware. That’s awesome. Got to take a backup. Got to take a mirror image. Multiple backups. Everything’s cleaned. Everything’s backed up. Now we suggest that you move to better servers, more secure, faster, more resources, blah, blah, blah, blah. Yeah, yeah, sounds great. Sounds great. I’ll get an extra $100 like a month. Okay, no problem. What do they do but restore the older backup and bring all of the malware back? And all of the malware back. So now, got to go back to the security vendor again, clean up the malware, all that stuff. And that guy’s like, well, we just got done working for you in an emergency situation. This is not an emergency again because you guys are idiots. So you just have to wait in line. That’s the type of thing that vendors… That even though it’s not your fault, it’s another vendor’s fault, they still look at it as your fault. So, anyways.

Speaker 1 | 41:51.155

Yeah.

Speaker 0 | 41:52.156

That’s my gripe. No, it’s fine. It’s one of my personal gripes.

Speaker 1 | 41:55.497

But the thing is, it’s challenging. It’s challenging because a lot of vendors, depending on who they are, they’re probably dealing with issues and attacks. Not justifying their actions against you, Phil. Oh, yes. But it’s the skill set needed to… be in cybersecurity. And this is kind of why I say there is a quote unquote shortage, right? You really do kind of have to have some level of technical depth to really get into security, or you have to be able to get into the compliance side of things and be able to kind of comprehend how to apply standards and such.

Speaker 2 | 42:32.513

At Dissecting Popular IT Nerds, we expect to win and we expect our IT directors to win. And one of those areas where we know that we can help you win. is internet service providers. As an IT director tasked with managing internet connectivity, few vendor relationships can prove more painfully frustrating than the one with your internet service provider. The array of challenges seems never-ending, from unreliable uptime and insufficient bandwidth to poor customer service and hidden fees. It’s like getting stuck in rush hour traffic. Dealing with ISPs can try one’s patience even on the best of days. So… Whether you are managing one location or a hundred locations, our back office support team and vendor partners are the best in the industry. And the best part about this is none of this will ever cost you a dime due to the partnership and the sponsors that we have behind the scenes at Dissecting Popular IT Nerds. Let us show you how we can manage away the mediocrity and hit it out of the park. We start by mapping all of the available fiber routes. And we use our $1.2 billion in combined customer buying power in massive economy of scale to map all of your locations, to overcome construction fees, to use industry historical data, to encourage providers to compete for the lowest possible pricing, to negotiate the lowest rates guaranteed, and to provide fast response times in hours, not days. And we leverage aggregators and wholesale relationship to ensure you get the best possible pricing available in the marketplace. And… On top of all of this, you get proactive network monitoring and proactive alerts so that you’re not left calling 1-800-GO-POUND-SAN to enter in a ticket number and wonder, why is my internet connection down? In short, we are the partner that you have always wanted, who understands your needs, your frustrations, and knows what you need without you having to ask. So we’re still human, but we are some of the best and we aim to win. This all starts with a value discovery call where we find out what you have, why you have it, and what’s on your roadmap. All you need to do is email internet at popularit.net and say, I want help managing all of my internet garbage. Please make my life easier and we’ll get right on it for you. Have a wonderful day.

Speaker 0 | 44:52.637

Maybe the final point, which I would love your input on, unless you ascribe to any conspiracy theories that we would like to talk about on the show, because we usually have the conspiracy theory section. I pretty much subscribed to them all, except for the lizard people one. That one’s a little bit too far for me. What I find is very interesting because there’s like, okay, What you’re saying is kind of like, well, if I’m going to go to medical school, I’m going to go to general medical school. I’m going to go to medical school. I’m going to go to college first. I’m going to focus on whatever. Then I’m going to graduate college and I’m going to go to medical school. I’m going to go through the general securities, right? General security. You’ve got to have a roadmap. You’ve got to have security policies in place. You’ve got to know what this is. You’ve got to know what that is. There’s all these different layers of security. And then you go to the general first two years of medical school. And then eventually you pick, I want to be a urologist or I want to be a, I don’t know. Any other, my dad was a urologist. That’s why I thought, that’s why that came to mind. You know what it’s like growing up in a house with a urologist? It’s very funny. The, so then you pick that. So that’s kind of like my, the metaphor that I’m thinking of, like where you’re going with this, but here’s something else that’s very interesting, which might be different because a lot, and I think this is beneficial to the listeners to the show is many IT directors are the IT director or the IT leader. The more that you study or have, I don’t know, whatever you want to call it, certifications or a knowledge base in a specific layer of security, the more valuable you are to any given company. Because that company,

Speaker 2 | 46:25.766

because most likely,

Speaker 0 | 46:28.107

most likely, you guys do not have, or it would take a lot for you to budget a CISO role. At a petroleum company, maybe maybe that maybe that maybe they would maybe you know what I mean, but I doubt it in in mid-market Manufacturing technology retail space all these different places in America You have to do IT has to do a lot with a little and they have to support a lot of people and they have To create the digital revolution and make people believe in it and they have to show people that you can do more with technology and it’s a business force multiplier not a Cost center that should be pigeonholed in a light item on the just a small percentage line item on the P&L. So I like it. I like what you’re saying. And I think, what would you say are the most important layers of security that any IT director or IT leader should go get?

Speaker 1 | 47:23.998

I mean, I think the most important layer of security at the end of the day is being able to communicate the importance of security to the rest of the company. I mean, on a technical level, you know, you have your endpoint layer, you have your backups. Biggest… The biggest threat I would see outside of kind of an endpoint layer problem would really be, you know, data exfiltration, insider attacks, that sort of thing. Identity and access management is massive. Most of the time, if an attacker does get into a system, they’re going to use credentials that are somewhere in the system that they can use. And it really covers their tracks because it might look like normal activity, quote unquote.

Speaker 0 | 48:08.702

It’s very good. Yeah. Very good. So how, you know, I’m just like, how does, it’s kind of like, how did a hospital get taken out? Exactly.

Speaker 1 | 48:17.910

I mean, there was, I got into cybersecurity. I took a class my last year of my bachelor’s and what hooked me was, have you ever heard of Stuxnet?

Speaker 0 | 48:29.980

Yes.

Speaker 1 | 48:31.121

So for anybody.

Speaker 0 | 48:32.022

Wait a second. Is that the Iranian thing where we threw the, that’s where we threw the little. The USB outside.

Speaker 1 | 48:39.923

Yeah, we totally didn’t do that.

Speaker 0 | 48:43.264

No, I thought it was like common knowledge that we just dropped that little USB outside.

Speaker 1 | 48:48.086

It’s attributed.

Speaker 0 | 48:49.347

We have a show on that. We have a show on that, by the way.

Speaker 1 | 48:51.308

Yeah, but Stuxnet really showed me, it’s like, look, this has impact. It really, I mean, think about that. Nuclear uranium refinement equipment just gets, it gets a little wobble from a program. And then it just destroys, you know, hundreds of millions of dollars of equipment or however much it was. I don’t know.

Speaker 0 | 49:11.701

Yeah.

Speaker 1 | 49:12.601

All of that.

Speaker 0 | 49:13.482

And it was so easy. And look at how it happened, too. It wasn’t like I just I just I just dropped a USB. If that’s really the story. Yeah. Yeah. Just outside the building.

Speaker 1 | 49:22.767

Never plug a USB in that you found in those.

Speaker 0 | 49:26.008

Those handfuls. There’s like handfuls of USBs. Why is there so many USBs outside today? I don’t know. Let’s see what’s on one of these. Is this from a vector? Is this from a vendor? Yeah. And we used to give those out. People used to give those out at, at like it expo or something here, take our USB and plug this in with all of our information on it’s free. You know what I mean?

Speaker 1 | 49:46.326

No.

Speaker 0 | 49:46.507

It used to be like the give out. That was the giveaway.

Speaker 1 | 49:49.538

No. Well, and I tell people too, it’s like, this wasn’t, you know, the nature of cyber attacks has changed. It really used to be more so like they wouldn’t steal crazy, huge amounts of money. And now you have attackers who are like, Hey, I mean, I’m just going to blow up your entire infrastructure and all of your backups and have a nice day. There’s attacks that are just that malicious. I mean,

Speaker 0 | 50:14.839

I just retire and I’m sure a lot of companies would too. Like someone just kind of do a grinding halt. Me, I’d just be done. I don’t care. So whatever. I’m done with the podcast. Days are done. Have fun, guys.

Speaker 1 | 50:23.993

Yeah.

Speaker 0 | 50:24.694

We’re starting from zero again.

Speaker 1 | 50:26.575

Don’t care. Just like, you know, double extortion. They’ll take all your data and then they’ll tell you, hey, I’m going to publish this on the dark web. I’m going to publish everything unless you pay us. So it’s not it’s no longer, hey, your stuff’s locked down. Pay me. It’s your stuff’s locked down and I’m going to publish it for the world to see. Pay me.

Speaker 0 | 50:44.854

Yeah. And I have no, and you really have no way of knowing whether they will or will not anyways.

Speaker 1 | 50:48.755

Correct.

Speaker 0 | 50:50.055

The yes. Yes. We used to talk, I just remember back in the day we used to talk about packet sniffers. Yeah. You never know. Someone could put a packet sniffer on there and sniffing packets off. You gotta put headers and putters on that and shut that down. Yeah. Yeah. Well, it has been a pleasure having you on the show. What is the, um, what’s the, um, What’s the key to you? Because, you know, what’s the key to having fun, I guess, in IT? I guess yours was like, just like it from day one. But any advice to anyone out there?

Speaker 1 | 51:19.353

I would say the key to having fun in IT is just being open to learning, you know, new parts of IT, learning new tools, learning new technologies. I mean, I had a really good conversation with one of my best friends. This was back in college. And it was like, you have to be a lifelong learner. Because the stuff that I learned in college… the basic core concepts are the same the application of said concepts is just completely different now it just evolves constantly that is the number one advice that everyone gives lifelong learner i would say that if we had to like match it all together like that would be it yeah

Speaker 0 | 51:58.565

um for sure but i i think layer and like you and that goes hand in hand with being able to add we used to uh before and The show has been around for what, three years now. So we used to talk about like, oh, does certifications really matter? Does an MBA really matter? In your case, I’m sure you’d say, I don’t know. Did the MBA matter? I don’t know. Probably. Definitely makes you look, you’re definitely a big deal. You’re definitely a bigger deal. Yeah. But now I’m going to be start leaning more towards, I think certifications matter when it makes you more of a well-rounded leader. Like, I don’t think, you know, like the Cisco certification or this certification, but the security certs. The maybe if you’ve got security clearance, things like that, an extra layer of security clearance, CMMC, which I ran into the other day, different security. Yeah, all of that matters.

Speaker 1 | 52:54.143

Yes, I think, you know, it really just depends on what direction you want to take. Do you want to be more well-rounded in security? Do you want to be an ethical hacker only? You know, they like.

Speaker 0 | 53:06.170

No, no, no. Do not do that. That’s too hard. It’s not, it’s a dream. That’s like, just like, yeah, I’m going to be an ethical hacker. Yeah. Okay. I’m sorry. Everyone’s mad at me. What are you talking about? I am an ethical actor. I’m already doing it, Phil. Like come on the show. Any ethical actors making a lot of money out there right now. I want to have you on the show. That is your invitation. But you know, it’s, it’s layered on top of a general leadership piece. If you want to have, if you want to. me i’m just saying for people that want to get to a c level or want to be in a leadership position or want to build a business and why not someday have a way of maybe not just having a job your whole life and you want to i don’t know be part of a startup or start your own company and cash out with billions eventually i don’t know that would be cool the are you a golf fan did you watch the masters i don’t know i don’t follow there’s some closely i am aware i need to get into golf because no no no i’m not saying you have to get into golf i’m a jujitsu guy so like i grew up but i grew up from a family of doctors. So everyone golfed, you know, like.

Speaker 1 | 54:05.702

Yeah, my brothers and my dad golf. I want to be golfing with them more because it is a fun time.

Speaker 0 | 54:11.704

And all the vendors golf, all the, you know, all that stuff. But yeah, I can’t remember who the, I can’t remember who the like caddy was this week. But there was like a billion dollar caddy. Like he filled in for the caddy or something, but he was like a billionaire. So it was kind of funny that the caddy was, you know, was like the richest guy on the course. But he like, you know, had some cloud company that he sold or something. Probably. Yeah. making myself look very ignorant right now. Thank you so much for being on Dissecting Popular IT Nerds. It was a pleasure.

Speaker 1 | 54:39.523

Yeah, thank you, Phil.

291- Branden Escobar Talks Modern Cybersecurity in Oil and Gas Stations

Speaker 0 | 00:07.837

Welcome everyone back to Dissecting Popular IT Nerds. Today, Brandon Escobar. Assuming I got that one right, you have one of the easier names in the world.

Speaker 1 | 00:16.220

Yeah, no relation to Pablo.

Speaker 0 | 00:18.541

Cybe. That’s too bad. That would make this show a lot cooler. Yeah. I would make this. cybersecurity in the oil and gas kind of gas station industry. So that brings you into like three layers of security. I’m assuming there’s the physical security where we have to make sure guns don’t enter the store. And there’s there’s that layer of security, which I have no clue if you deal with that whatsoever, because security back in the day used to be just, you know, cameras and stuff a little more advanced today. Anywho, welcome to the show. How did you get started in this world of technology? What was your first computer? Did you do anything before the internet was, were you even alive before the internet was invented? I was like 96. Yeah, but I mean, it really depends on where you draw the line. ARPANET, does that count? That doesn’t really count, right? You were born in 96?

Speaker 1 | 01:17.385

I was. I am 27. I’ll be 28 in July. Actually, 28, three months from yesterday.

Speaker 0 | 01:24.470

That’s so absurd. I graduated. college in 90 no high school 95 so okay so i graduated high school i had a 386 with a dvd drive that came out and you weren’t even born yet so yes so no that doesn’t count you were not born vhs tapes and the video player if that helps yeah that i mean that’s a little bit so you were behind you were a family that was behind the times and technology just a little bit you know i think dvds were out by then remember the dvd thing that was a thing yeah and then the shift to blu-ray and all that other fun stuff so anywho um you have already a fairly extensive it uh history how’d that all happen since since you were born in an era where it was a real thing kind of already so by the time you were 16 it was a real thing right uh back in it was kind of like a step above the um audio vizio guy that would roll like a i don’t know a tv or something into a room yeah i i

Speaker 1 | 02:25.488

tell people that like you know my i have a couple of brothers my baby brother really grew up with all the new technology that we have right so he was born around the time of like the iphone so he’s grown up with a lot of the newer stuff i grew up at a time where we still had you know like phones on the wall and you know long coiled cables and all that kind of stuff and coax and everything like that that was fun the old thing that was all wound up into a big ball Mid thing. Yeah. Limited movement.

Speaker 0 | 02:58.233

Bambo2 is coming on TV. I’ve got to be able to talk on the phone and watch TV at the same time. Yeah. First blood. Second blood.

Speaker 1 | 03:05.477

Whatever it was. I got my start really in IT. What’s funny is through high school, I was like really big on, I was, I wanted to be a lawyer because I loved history. So I was like, I’ll go get my history degree and be a lawyer. And then I was like, I don’t know. These computer things are pretty cool. You know? And so I took a robotics class in my senior year of high school. So it was just very straightforward programming and working with just these little robots, make them like flip over and everything. And I really, I love that. So I went to California State University Stanislaus and that was 2014. So my first year I graduated in 2018 with my bachelor’s in computer science. And then… you know i i had a little gap in between graduating college and getting my first it job so i was like well i might as well be a little bit productive and go get my master’s degree so applied at a bunch of different school ended up getting into cyber security at johns hopkins what was funny was i was between data science and cyber security and i was like well do i kind of want to work with like data or do I want to do cool spy stuff with the cybersecurity side of things? And I’m very glad I went with cybersecurity. No shade being thrown at data science people.

Speaker 0 | 04:31.535

Oh, no, we can throw all kinds of stuff. It’s really, you guys are boring numbers people that really think you’re wicked, wicked important. And really, we just throw you by the wayside and say, oh, we got to have a data guy, so bring him in. No, I only say that because I have a lot of friends that are like, I literally have friends that have PhDs in. some sort of data science and they talk like it’s, you know, like the most important thing in the world. I have no clue what they’re talking about. It’s something about. Something about some weird coding language or something, Python or something. They talk about snakes.

Speaker 1 | 05:01.697

I don’t know. Yeah, things like that. What I loved about cybersecurity especially was that human element. And, you know, both in dealing with adversaries who are on the other side of, you know, trying to get into systems, but also the human element of like the people that I’m working with in whatever organization I’m in. Like I’m on the security team. If I’m on the security team. I’m doing the technical side of things, but really everybody’s part of the security team because we all kind of have a responsibility to work safely with all that.

Speaker 0 | 05:36.605

Yeah. You have a responsibility for making other people realize that you guys are actually also human also, and not just like this department that is wasting everyone’s money.

Speaker 1 | 05:48.490

Correct. And it’s really… My dad, he’s worked in sales pretty much his whole life. And he’s taught… me a lot about him. He’s taught me a lot about communication. And I had a professor in college, it was my senior year at CSU, we had to do this big, like 20 minute presentation. And she was like, you know, I know a lot of you might be kind of introverted, you know, you might not be, you might not like presenting, but you have to be able to present your ideas to people. You have to be able to share your knowledge and make it consumable for people who might not have.

Speaker 0 | 06:25.438

as much technical depth you know why should we care about what you’re saying nerd exactly here’s why yeah let me break it down for you um uh let me dumb it down for your meager mind to uh try and digest this stuff that’s way above you no yes so here’s you need to speak with people in a way that is not condescending to them right um that also shows that you have a soul you and you are able to think outside of the box. So you’ve really been in like, would you say you’ve been in the work world actually like in the positions that you’re in for, I don’t know what, six years or so?

Speaker 1 | 07:06.749

So I started my first IT job I got at the end of 2019. So right before COVID, I was the systems administrator at a local control systems integrator. here in ester california okay and uh they hey covet hit next beat of god they were up in the cloud they had that foresight so like from my side of things you know i didn’t have to transition a bunch of stuff up into the cloud but i was able to get a lot of exposure to a lot of different technologies and not only that yeah but how those technologies are impacting the business right the business processes because it’s kind of like we have a process that we need to do here at work

Speaker 0 | 07:52.246

so what tool are we going to use to like make it happen right so what’s your thought process around that and really where i’m where i kind of i’m actually a little bit fascinated is how fast you got to where you are in that short of a period of time being honest uh the and how did you get any sort of i don’t know how big do you have a team of people i do um i have you

Speaker 1 | 08:19.290

So far, I’ve got a couple people in my current department. And we’re looking to grow just because the business itself, I mean, boy, petroleum. I mean, we’re growing like crazy. And it’s really just trying to my job since I’ve been coming in has really been trying to scale our IT department to meet the needs of the business as a whole, which is just, you know, exploded in the past few years.

Speaker 2 | 08:44.368

At Dissecting Popular IT Nerds, we expect.

Speaker 0 | 08:46.890

to win and we expect our IT directors to win.

Speaker 2 | 08:50.131

And one of those areas where we know that we can help you win is internet service providers. As an IT director tasked with managing internet connectivity, few vendor relationships can prove more painfully frustrating than the one with your internet service provider. The array of challenges seems never-ending, from unreliable uptime and insufficient bandwidth to poor customer service and hidden fees. It’s like getting stuck in rush hour traffic. Dealing with ISPs can try one’s patience even on the best of days. So whether you are managing one location or a hundred locations, our back office support team and vendor partners are the best in the industry. And the best part about this is none of this will ever cost you a dime due to the partnership and the sponsors that we have behind the scenes at Dissecting Popular IT Nerds. Let us show you how we can manage away the mediocrity and hit it out of the park. We start by mapping all of the available fiber routes, and we use our $1.2 billion in combined customer buying power and massive economy of scale to map all of your locations, to overcome construction fees, to use industry historical data, to encourage providers to compete for the lowest possible pricing, to negotiate the lowest rates guaranteed, and to provide fast response times in hours, not days. And we leverage aggregators and wholesale relationship to ensure you get the best possible pricing available in the marketplace. And on top of all of this, you get proactive network monitoring and proactive alerts so that you’re not left calling 1-800-GO-POUND-SAN to enter in a ticket number and wonder, why is my internet connection down? In short, we are the partner that you have always wanted, who understands your needs, your frustrations, and knows what you need without you having to ask. So, we’re still human. but we are some of the best and we aim to win. This all starts with a value discovery call where we find out what you have, why you have it, and what’s on your roadmap. All you need to do is email internet at popularit.net and say, I want help managing all of my internet garbage. Please make my life easier and we’ll get right on it for you. Have a wonderful day.

Speaker 0 | 11:04.586

There’s going to be, this is just me thinking out of the box. I think there’s going to be a transition from the… old school IT guys that are going to hopefully retire and have something to retire on and do something. And one of the questions we ask a lot is it kind of what’s the end game for IT and the more new school people that grew up with technology that didn’t grow up and learn how the internet actually came about and what a network card is and all that type of stuff. So you’re of the new school and the fact that you’re in a leadership position as soon as you have been, there’s something there that’s going on. So I don’t know what it is. Maybe you can pinpoint it. Maybe it’s dad was a sales guy. So I learned to talk to people and sell myself. I mean, honestly, that really did it. It could be, you know, so that makes me more empathetic to people because the reality is very successful salespeople, good salespeople treat it as profession and they treat it as really filling a need, kind of acting like a doctor, really helping people sell a solution versus the, the. unfortunate stereotype of the scumbags of the world, like the Wolf of Wall Street, whatever his name was. I don’t know. What’s his name? I can’t remember that guy’s name, Jordan or something. Whatever his name is, that’s scumbag. And so it’s because that’s really not what it is. So you may have learned, you know, without even knowing it from your father, like how to be empathetic, talk with people, have this leadership. I don’t know. Maybe you tell me what’s the key.

Speaker 1 | 12:32.107

Yeah. So, I mean, in a lot of ways, I think it’s just the body of knowledge. that I’ve been able to learn from. And it’s my ability to communicate that. Right. So, um, you really do have to be able to sell yourself as an IT person.

Speaker 0 | 12:49.721

First thing I want to know, what’s the body of language that you’re referring to? Cause it’s a little bit vague. I just need to know. That’s true.

Speaker 1 | 12:56.005

Uh, so I mean, with regard to what I’ve done, you know, educationally and experience wise, right. And so I’ve worked at several different organizations now. I’ve worked private, I’ve worked public, and I’ve gotten a really broad perspective on how private sector does things versus public sector. There’s things I like in both. There’s things that I think could be improved in both.

Speaker 0 | 13:18.227

So experience, in short, get yourself, get your hands dirty, get in there, figure out how people build their networks and different applications they use, where things are broken, what things work better.

Speaker 1 | 13:31.978

Yes.

Speaker 0 | 13:32.678

Okay.

Speaker 1 | 13:33.479

And it’s… And I do think it’s an attitude of being willing to just be flexible and adaptable to a situation, right? Like the solution you have in mind, you might be trying to put a square peg through a round hole, so to speak, right? And it might be there’s a better solution out there. And being open to the idea that things that you’ve put in, they might not be doing the best job. It’s going to be flexible and adaptable. But so like with regards to cybersecurity, That in and of itself, I think, has been tremendously helpful just because as an industry, there’s a shortage of people in cybersecurity. And it’s a really

Speaker 0 | 14:14.859

I’m going to I’m going to challenge that. I think there is an overflowing flood of every single person like real people, like people saying, I’m going to be a real estate agent. Yeah, there’s a million real estate agents on every street corner, but there’s only one or two that know what they’re doing and care. So I’m going to challenge it, but I’m going to hold on. Hold that thought for a second. Because you were finishing one other thing when I asked you like how you got to where you were so fast and you said one was like experience and then I kind of cut you off and there was some other key piece there, which was like the leadership piece, which I want to know how you gained that because I don’t think people overnight learn how to. People have said before, referring to end users, herding cats is one of the terms that shows up in our urban dictionary. We’re putting together an urban dictionary where I had AI. I didn’t have AI. Greg, the Frenchman, my producer, had AI scrape all of the shows and pull all of the terms that IT directors use. One of them was herding cats, which I thought was hilarious.

Speaker 1 | 15:07.057

Yeah.

Speaker 0 | 15:07.958

Anywho, so how did you learn to herd cats so fast? And then not only that, get other people to help you herd the cats, i.e. systems admin people, help desk people. And yeah, how’d you make that jump?

Speaker 1 | 15:21.947

In a way, you almost have to take a role of kind of like mediating between the two groups of people, right? So in a way, as an IT director, this is my first management level position. So I had to learn a few things. I had to learn how to start managing people. I mean, if we’re using herding cats, that’s, you know, one set of that. The other is really managing expectations with, you know, people in different departments.

Speaker 0 | 15:51.149

Okay.

Speaker 1 | 15:52.030

And really trying to gauge what they need, right? But people can kind of communicate a need that they have, and you just kind of have, you really have to look at how to make it happen.

Speaker 0 | 16:04.977

Yes. I have many of those myself, still trying to figure them out. Okay. And to kind of like pull this full circle to bring it back to even the question that was before that, because I get very ADD and I drink a lot of coffee. The new school layer of IT leadership that I’m seeing come about is kind of the new school. I don’t know if you’re a gamer and I’m not trying to pigeonhole you into a gamer. Okay. So the kind of the, the new, the, the gamer group heard of, of people, right? Because the older generation, what would we have? Atari NES. We had Mike Tyson’s punch out was, which was awesome. Right. Um, but you guys have like a whole new layer of like, yeah, we were, I was on Twitch the other day and we were doing this and that. It’s like a whole new layer of coders. It’s a whole new, I don’t know if you want to call them millennials. I don’t, you know, whatever you want to call the different generations, however they want to pigeonhole us, you know? Uh, I’m already trying to make myself younger than I am, but, um, that’s, there’s going to be this changing of the guard, so to speak. And I think you kind of represent that a little bit because just straight up your age and the position that you’re in. I don’t know if there’s any insights to be gained from that or anything. I guess my question would be is how is it coming in, in it being younger and. maybe possibly having to deal with the stereotypes of, well, you’re young and we’re old, so we know better. Can you just get the job done? Does that make sense? How do you gain some level of authority that’s like, hey, look, I know this stuff. This is what we need to be careful of. This is how we should do this. This is how we can help you do more with less. Have you seen any layers where technology can help scale the business?

Speaker 1 | 17:55.583

Yeah. I mean, for a lot of that, and from what I’ve seen. relating to that it’s a lot of things have just been for example like on-premise so long that you know this is just the way that we we’ve done things right it’s how it’s done okay okay that that’s fine the process itself might not be the problem it’s the tools and how we’re applying them that we could probably make some improvements right so you know people want to be able to do what they’ve kind of always done right but if you give them flexibility if you give them better accessibility, that kind of helps, you know, sweeten the deal for them. So it’s just kind of like, hey, so, you know, we want to do all of this with our file structure. We want to do all, we have these different technologies that talk to each other. We don’t want to have to be, you know, connected to a, stuck to an on-prem,

Speaker 0 | 18:51.872

right?

Speaker 1 | 18:53.394

So pushing things, and this is part of me, I guess, being new generation, but I’m also like, My mindset being my first job I was at, we were all in the cloud, right? And so I’ve been exposed to cloud technologies and just the growth of what they can do, like even in the past four or five years that I’ve been working in IT, is just great. Virtualization and the security part of me, because now, so my specialty is security, but now because I’m… In my position, I really do have to keep in mind, you know, and I think I was listening to one of your podcasts earlier. You talked about business continuity. What’s the baseline that I need to have running to make sure that my company can keep running, keep making money? Right. Because at the end of the day. IT is really a support branch of pretty much every company and organization, right? And so you have to be willing to help people. You also have to be willing to give them solutions that are actually trying to solve the actual problems that they’re having, if that makes sense.

Speaker 0 | 20:06.154

No, it absolutely does. There might even be some things there that as you connect with sales and growth of the company that you can actually offer up that… that actually do help grow the company and provide business development.

Speaker 1 | 20:19.259

Exactly.

Speaker 0 | 20:20.120

I just know my team comes up with crazy things on a daily basis. Like, hey, you got to check this out. Like what? Oh, you got to check this out. Check out this, what we did with this AI and these different APIs. And we put them all together and look at what it popped out. Like, oh, that’s pretty wild. Yeah. And then my question is, is like, okay, can you put it into action? So we stopped talking about things and can we actually, you know, we actually do a thousand ideas on a daily basis. How do we actually. execute and make something, you know, do something.

Speaker 1 | 20:47.733

Exactly. After a certain point that having ideas phase, you really do just need to dig in your heels and commit, right? It’s like, okay, we have this idea. We have a plan of action of how we’re going to execute this idea. You know, we have our testing phases of however we’re going to put this into motion. Whether that be a security tool, you know, a BI tool for…

Speaker 0 | 21:12.234

the sales folks so they can get better numbers on what’s going on in the company um okay so since you didn’t go into data um because that’s not a real thing and that’s just a side gig for everyone else no um how uh have you found any um i don’t know i’m just fascinated with data because we have a ton of data the show itself has a ton of data from i don’t know i think we’re nearing 300 interviews all transcribed um various different pain points and things and themes that are common throughout um it leadership um yeah i would there’s like this trevor treasure trove of stuff there that i would love to be able to take action on and i’m just wondering if there’s anything that you’ve found lately or tools that you’ve used that have been very useful did you say power bi i can’t remember anyways it’s the bi for business intelligence you

Speaker 1 | 22:10.490

I don’t have any specific tools as of now, but I do know that really a lot of people tend to be very visual. I’m very visual, so when people are explaining concepts to me, sometimes I like to take a whiteboard and draw out what we’re talking about. So it helps me understand it a bit better. So you might have a treasure trove of data somewhere, right? And if you… If you don’t have good reporting, if you don’t have a good way to represent that data, it’s just kind of numbers. But when you have that and you give the people in your organization the ability to utilize that, it helps them to make decisions that are data-driven decisions, right? So they might have a gut feeling about something, and if they’ve got data to back that up, they might make a better business decision.

Speaker 0 | 23:05.411

Yeah, the thoughts that you just made me think of. were, how are we moving the bar in X, Y, Z areas? And then if we can provide them, if IT can provide X, Y, Z areas, and then maybe even a Z, hey, I don’t know if this is important to you, but have you noticed that we’ve got this metric also? I don’t know if it’s important, is it? Yeah, that’s just, it sounds so basic and simple, but how many IT guys are just worried about? I don’t know, our KPIs around tickets and how we’re doing this, that, and everything else. There could be a, what do we call that, a paradigm shift.

Speaker 1 | 23:47.282

Yeah, truly just a paradigm shift to where the stereotypical IT person is offering more to an organization more than just, you know, help me fix my computer or maintain my systems or something like that. Really utilizing the tools that are out there. there to enhance business. Right. And I, I say that, and I guess part of it is with my cybersecurity background, we work a lot with, um, documentation, standards, compliance, all that sort of thing. Right. So you guys got that.

Speaker 0 | 24:22.718

That’s nice. We have security. We actually have a security compliance. Um, you can keep going.

Speaker 1 | 24:28.560

Yeah. Um, the whole mindset of cybersecurity being. You really need to tailor it to the business that you’re in, right? So I could come in heavy-handed, lock everything down. But then my users are really annoyed with how locked down everything is, or it literally stops business correctly.

Speaker 0 | 24:51.043

Classic, typical. Yeah.

Speaker 1 | 24:53.305

So it’s very much tailoring security to your business case. And in much the same way, I really feel like that’s a concept you could apply across all of IT. And everybody really gets focused on the thing they’re doing. Right. And kind of something I’ve been. you know, working on, you know, coming into a directorship, I really have to keep my mind on the big picture. Okay. So we’re going to put this tool in, it’s offering these benefits. Who does it affect? You know, it’s affecting everybody positively, hopefully. Right. You know, is this the best use case for our business? Is this going to improve things overall? What other exigent things do I need to think about? Do I need to think about? access? Do I need to think about the security side of that? It’s a lot to think about. But eventually, yes, like I said earlier, you do have to commit. And I’ve taken a very collaborative approach in my current role because at the end of the day, I could pick the tool for people, but it might not be the best tool. It’s smarter long-term, in my opinion, just to have people test in different departments, test drive the tool that they’re going to use or test drive a few, look at the cost benefits analysis between all of them, and then you can all make a decision. It might take a bit longer, but it’ll be a better informed decision.

Speaker 0 | 26:22.116

And it takes full response. It doesn’t take, it takes some of the responsibility off of your shoulders. So, hey, look, guys, I’m advising here. I’m advising on the different things that we have available. Let’s test them out. Let’s go through a proof of concept phase, whatever it is, and then you decide.

Speaker 1 | 26:37.180

Because at the end of the day, if you’re going to be, let’s say, writing a contract for a tool for a few years, you want it to be a good tool and you want the people using it to be happy with it. They might need some retraining. That’s fine. That can be set up too. But you have to make sure that whatever you’re doing, I mean, this is my short experience thus far, you are getting input from people in management. or hearing from people working with the tool every day, getting feedback and figuring out, okay, so we’re having these problems, these issues, or these are some really positive things that we’re hearing about this.

Speaker 0 | 27:19.261

What do you do for that? Walk around, ask people, send out a survey? What are we doing?

Speaker 1 | 27:25.605

We’ve got a bunch of tools in the works. One of the pushes to cloud that we did have was more out of necessity. I do plan on kind of utilizing, we’re kind of like a Microsoft sweet shop, utilizing something like Microsoft Forms, trying to get feedback from people. I actually do do this with our security awareness training. Security awareness training tends to get lumped in with HR training. So people kind of, they’re not thrilled with it when they do have to do it. The training I’ve… generally picked has been a bit more interactive and a bit easier to digest um you know what do you guys use no before or something before yeah i should have like the vendor guest section of the show yeah there you go vendor do you use yeah um no before is pretty good yeah no before um i went to a fantastic presentation on security awareness training at a conference a couple years back and you know I had done the security awareness training where we have people come in batches and we’re like, hey guys, this is why we do this and this, right? And it wasn’t super effective. So at this conference, the presenter was like, look, there’s all these options for security awareness training and they’re way more engaging. And it’s not going to take two, three hours of a slideshow. It’s maybe a half hour, 45 minutes. It’s much more engaging. Some of them have a plot. Some of them are funny.

Speaker 0 | 29:02.116

Yeah. Yeah.

Speaker 1 | 29:02.936

And people connect with that a lot better, which means, you know, hopefully they’re doing much better.

Speaker 0 | 29:09.419

It really shouldn’t be lumped in with HR. Cause HR, HR sometimes is like the biggest weakness. They’re sometimes the biggest weakness. Like, Hey, send us all the W2s. We need them right away. Right. Uh, the president said we need to send all that, you know, his, his email spoofed or something like that. Yeah. With like a dot, dot. org or something you know and then you know quick send us all the w2s we need them and send a gift card to charlie yeah and that’s really just a training thing you know um you know i have an education in this and i’ve also got the practical experience in it it’s what i see

Speaker 1 | 29:45.382

I know what I know. Now I really have to communicate what I know. And it has to be something that people understand, right?

Speaker 0 | 29:54.726

And again- They have to care though. They really have to care also because in every organization, it’s the 80-20 rule. And in this case, I would guess 20% of the people actually really care about security. And I would say the other 80% are kind of like, ah, we gotta do this. So that’s kind of like the biggest- weakest link. And then I’ve had some people say, well, we’re just going to make it part of their employee agreement that they have to sign off on. But it is, yes, it is humans is the biggest weakness for sure.

Speaker 1 | 30:27.688

And that’s kind of the beauty of cybersecurity. You could have the most locked down fortified system in the world and one person could actually just let someone in, you know?

Speaker 0 | 30:40.438

So back to this anomaly of why you said you think there’s a shortage of cybersecurity people, which I would completely disagree with. I think it’s overloaded and flooded right now. I think it’s like so many people trying to go. I want to go into cyber. I want to go into cybersecurity. I want to be an ethical hacker. I want to be this. You know, like I want to be a pen tester. I just want to, you know, like to me, like I feel like there’s an overload of those people. So I don’t know. And, and products and vendors, my gosh, there’s an overload of security vendors calling me on a day. Can I be on your show? Can I do this? No, you can pay. Well, maybe, I guess if you want to, you know, come on in a vendor agnostic standpoint and battle it off with all the other guys and you guys each can pay me $5,000. And yeah, we’ll do a podcast, but no, um, for anyone listening out there that wants to come on the show and, uh, but really, I mean the, the security, I don’t even like when people ask me for stuff, I’m like, look. you know, whatever. Mike Johnson on show 259 said he only needs three vendors and these are his top three. I was like, so maybe, you know, I don’t even, I don’t even try to get into suggesting I do have a top five, I would say top five, you know, security vendors, and you probably only need five and those five will probably take care of the majority of the, and everything else is kind of up to you to manage your particular organization and all the security policy. And I don’t know if you’ve got certifications and all that other type of stuff. Um, no before is definitely probably, you know, they’re, they’re up there on the list. Um, I don’t know where I’ve totally forgot where we were going with this. Oh, your shortage of security. Why do you think there’s a shortage of security people? So

Speaker 1 | 32:21.474

I think, I think there’s a shortage of qualified people going into these security positions. Now that’s not to like throw stones and say, you know, just cause you want to be an ethical hacker, you can’t do it. but the, I mean,

Speaker 0 | 32:38.320

there’s a shortage of positions. Let’s put it that way. There’s a shortage of well-paid positions where they don’t, it’s like the, have you read the Phoenix project or listen to the Phoenix project? If you haven’t, you need to everyone listening. If you have not heard the Phoenix project yet, again, I should get paid for advertising this way. It’s like, you just got, it’s like the brave heart or the star Wars of, you know, the it world books that you need to read or something. You know what I mean? But security is kind of like, you know, like this, the redheaded stepchild, you know, like in every organization type of thing, you know,

Speaker 1 | 33:10.815

and it’s,

Speaker 0 | 33:11.675

and that exists and that exists in that book, you know, as like, you know, so it’s kind of like, oh, get out. Oh, great. So here comes security screwing up the whole, like, you know, implementation of, you know, we just got all the coding done and here comes security, you know? So anyways.

Speaker 1 | 33:26.580

So, and it’s, it’s, but the thing is that’s not a love about security is it’s so it is this. I had a friend who told me this when I was first really trying to break in IT. He’s like, IT is like a vast ocean, right? Like if we have all the oceans of the world, IT is like all the oceans of the world. And cybersecurity is like, you know, pick an ocean, right? Within security, you know, you’ve got your ethical hackers and your pen testers. I would say that’s probably the most visible type of position that people want because, you know, everybody wants to be a hacker. I’ve talked with folks who do that. That’s their job. It’s not just hacking. They will literally go break into a building. They will walk into buildings. They will be like, how far can I get into this building without getting stopped?

Speaker 0 | 34:12.595

Oh, I love it. I love it. Your dad is a salesperson. You’ve probably got all kinds of… I started out at a Cisco startup years ago, years ago, when I first stopped working for Starbucks, because that’s the only job you could get right out of college, which… probably a lot of people relate to nowadays. Why did I pay for all this college education? I’m working at Burger King. Nothing wrong with, I could use a Whopper right now.

Speaker 1 | 34:38.351

Yeah.

Speaker 0 | 34:38.651

And the vegans are like, hey.

Speaker 1 | 34:43.176

Yeah. I mean,

Speaker 0 | 34:43.996

you mean the, what do they call that? Zero meat? Anyways, miracle something. Anyways. Very off topic, but yeah, there you go. Train of thought completely gone. I don’t know where we’re going. Remind me, where was I going with that?

Speaker 1 | 34:59.403

We’re talking about the ocean that is cyber.

Speaker 0 | 35:02.265

Yes. So when you said the ocean, but just real quick, I just want to know you, I’m a very visual guy. So these things went, this is what went through my mind when you said the ocean, you’re probably too, again, too young. May the Lord above bless you. The, did you ever see that movie Waterworld? Do you remember that movie? water world never saw it but i’ve seen this is what i imagined like water world is microsoft and then there’s like all these other like little products and security things that are like the pirates you know like battling uh microsoft to uh get some give a seat at the table anywho okay go on so now back to reality which

Speaker 1 | 35:37.347

but within within cyber security itself as a field you know i i would say there might there’s probably a shortage of people wanting to do compliance where you’re kind of a lawyer in a lot of ways. You’re looking at these standards. You’re looking at, how do we do this? Are we doing this? Are we compliant with this? If an auditor comes to me today and asks me these hard questions, am I going to pass or not?

Speaker 0 | 36:02.859

Definitely not. No one’s passing.

Speaker 1 | 36:05.520

Yeah. Say what you want about cybersecurity standards. They provide a good baseline for what you can. look forward to and achieve because generally they’ve been collaboratively looked at and constructed by professionals from all different industries and all different fields. And I mean, you know, if you’re talking about people think security, I think like, you know, corporate cybersecurity, there’s operational technologies, you know, factories that if an attacker gets into their network, they can, you know.

Speaker 0 | 36:44.655

damage heavy equipment they can cause heavy equipment to malfunction yeah i mean you see this with so this is what actually got me they can hack a radiation machine they can have a literally in a hospital like some sort of iot radiation machine that’s like supposed to be targeting uh i’ve heard that a pacemaker’s been hacked i don’t know how i don’t know why ransomware has shut off or it’s locked down like monitors at hospitals there was a

Speaker 1 | 37:12.784

story a couple years back where these attackers ran somewhere to hospital and the hospital told them dude there’s a guy on life support here and i can’t i can’t monitor him or help him so they the attackers gave them the key for free for once back to actually like unlock it right but the person passed away so you know it’s real life ramifications um But going back to the whole shortage.

Speaker 0 | 37:42.933

My sister’s an RN. Her hospital was hit by ransomware and they refused to pay the ransom. But they were down for like 10 days. Yeah. Like something, like just something, like a hospital. I mean, it wasn’t Vermont. So I mean, how many people actually live in Vermont? So I think it wasn’t as bad as it was. but it was a hospital, like a full fledged hospital down for like days. And I remember, I just remember what I thought of the physical attack, because I used to have fun. Just like, let’s just see how far I can get in for my clients. Like, let’s just see, Hey, you want to just check your, um, you know, let’s just check your current providers and see if they’re secure. And I would just call up XYZ provider or vendor and just say that I’m not that person. I’m hi, I’m I’m so-and-so calling in. I need our, I need our, and I’m really in a hurry because we got to, we’re redoing this like, you know, network or something, blah, blah, blah. I need the, I need all the static IP ranges. I need blah, blah, blah. Okay, sure. Here they are.

Speaker 1 | 38:47.385

Yeah.

Speaker 0 | 38:47.685

Just like so easy. So easy.

Speaker 1 | 38:50.007

Introduce a stressful situation, you know, with very little time or like room to argue and, you know, social engineering, well, it defeats.

Speaker 0 | 38:59.375

What’s your address, sir? Yes, it’s here. Zip code this. Oh, okay. Here’s your information. It’s really like, I think vendors, I think vendors could be one of the weakest links. Yes. And ironically, also a sales people that want to try and sell a deal that will give out customer information very easily. I’ve seen that. I’ve seen people just haphazardly unplug things physically in a data center. And, you know, it’s just like, whoops.

Speaker 1 | 39:33.306

Yeah. Or it’s like. My favorite I’ve heard, which is kind of like an outdated solution, is, well, I’ll unplug the infected computer from the network. And I’m like, it’s over already. You know, it’s all over. If it’s ransomware, it’s all over the network already. It’s worming its way through the whole thing. It doesn’t matter if you unplug the infected endpoint.

Speaker 0 | 39:55.886

Speaking of vendors, I had a personal one myself that I’m really still really, really, I’m really irked, really ticked off about this. I can probably think of some other words to describe these people. I had personally a malware attack that took down our website. that was like, I was literally losing my mind because we had all, we had like podcasts that had just gotten released. And it was, it was again, trying to find someone that wants to come on the team at Dissecting Popular IT Nerds and be our coder and web developer looking for that. This is an advertisement, trying to find the right guy. It’s not a WordPress guy because WordPress has so many plugins and everything. So there’s one vulnerability on one of the plugins that wasn’t updated. Malware comes in, takes down the website. Here’s what the vendor does. We’re going to bring in whatever other security vendor to clean up all the malware and blah, blah, blah, blah, blah. So great, we got security cleaning up the malware. That’s awesome. Got to take a backup. Got to take a mirror image. Multiple backups. Everything’s cleaned. Everything’s backed up. Now we suggest that you move to better servers, more secure, faster, more resources, blah, blah, blah, blah. Yeah, yeah, sounds great. Sounds great. I’ll get an extra $100 like a month. Okay, no problem. What do they do but restore the older backup and bring all of the malware back? And all of the malware back. So now, got to go back to the security vendor again, clean up the malware, all that stuff. And that guy’s like, well, we just got done working for you in an emergency situation. This is not an emergency again because you guys are idiots. So you just have to wait in line. That’s the type of thing that vendors… That even though it’s not your fault, it’s another vendor’s fault, they still look at it as your fault. So, anyways.

Speaker 1 | 41:51.155

Yeah.

Speaker 0 | 41:52.156

That’s my gripe. No, it’s fine. It’s one of my personal gripes.

Speaker 1 | 41:55.497

But the thing is, it’s challenging. It’s challenging because a lot of vendors, depending on who they are, they’re probably dealing with issues and attacks. Not justifying their actions against you, Phil. Oh, yes. But it’s the skill set needed to… be in cybersecurity. And this is kind of why I say there is a quote unquote shortage, right? You really do kind of have to have some level of technical depth to really get into security, or you have to be able to get into the compliance side of things and be able to kind of comprehend how to apply standards and such.

Speaker 2 | 42:32.513

At Dissecting Popular IT Nerds, we expect to win and we expect our IT directors to win. And one of those areas where we know that we can help you win. is internet service providers. As an IT director tasked with managing internet connectivity, few vendor relationships can prove more painfully frustrating than the one with your internet service provider. The array of challenges seems never-ending, from unreliable uptime and insufficient bandwidth to poor customer service and hidden fees. It’s like getting stuck in rush hour traffic. Dealing with ISPs can try one’s patience even on the best of days. So… Whether you are managing one location or a hundred locations, our back office support team and vendor partners are the best in the industry. And the best part about this is none of this will ever cost you a dime due to the partnership and the sponsors that we have behind the scenes at Dissecting Popular IT Nerds. Let us show you how we can manage away the mediocrity and hit it out of the park. We start by mapping all of the available fiber routes. And we use our $1.2 billion in combined customer buying power in massive economy of scale to map all of your locations, to overcome construction fees, to use industry historical data, to encourage providers to compete for the lowest possible pricing, to negotiate the lowest rates guaranteed, and to provide fast response times in hours, not days. And we leverage aggregators and wholesale relationship to ensure you get the best possible pricing available in the marketplace. And… On top of all of this, you get proactive network monitoring and proactive alerts so that you’re not left calling 1-800-GO-POUND-SAN to enter in a ticket number and wonder, why is my internet connection down? In short, we are the partner that you have always wanted, who understands your needs, your frustrations, and knows what you need without you having to ask. So we’re still human, but we are some of the best and we aim to win. This all starts with a value discovery call where we find out what you have, why you have it, and what’s on your roadmap. All you need to do is email internet at popularit.net and say, I want help managing all of my internet garbage. Please make my life easier and we’ll get right on it for you. Have a wonderful day.

Speaker 0 | 44:52.637

Maybe the final point, which I would love your input on, unless you ascribe to any conspiracy theories that we would like to talk about on the show, because we usually have the conspiracy theory section. I pretty much subscribed to them all, except for the lizard people one. That one’s a little bit too far for me. What I find is very interesting because there’s like, okay, What you’re saying is kind of like, well, if I’m going to go to medical school, I’m going to go to general medical school. I’m going to go to medical school. I’m going to go to college first. I’m going to focus on whatever. Then I’m going to graduate college and I’m going to go to medical school. I’m going to go through the general securities, right? General security. You’ve got to have a roadmap. You’ve got to have security policies in place. You’ve got to know what this is. You’ve got to know what that is. There’s all these different layers of security. And then you go to the general first two years of medical school. And then eventually you pick, I want to be a urologist or I want to be a, I don’t know. Any other, my dad was a urologist. That’s why I thought, that’s why that came to mind. You know what it’s like growing up in a house with a urologist? It’s very funny. The, so then you pick that. So that’s kind of like my, the metaphor that I’m thinking of, like where you’re going with this, but here’s something else that’s very interesting, which might be different because a lot, and I think this is beneficial to the listeners to the show is many IT directors are the IT director or the IT leader. The more that you study or have, I don’t know, whatever you want to call it, certifications or a knowledge base in a specific layer of security, the more valuable you are to any given company. Because that company,

Speaker 2 | 46:25.766

because most likely,

Speaker 0 | 46:28.107

most likely, you guys do not have, or it would take a lot for you to budget a CISO role. At a petroleum company, maybe maybe that maybe that maybe they would maybe you know what I mean, but I doubt it in in mid-market Manufacturing technology retail space all these different places in America You have to do IT has to do a lot with a little and they have to support a lot of people and they have To create the digital revolution and make people believe in it and they have to show people that you can do more with technology and it’s a business force multiplier not a Cost center that should be pigeonholed in a light item on the just a small percentage line item on the P&L. So I like it. I like what you’re saying. And I think, what would you say are the most important layers of security that any IT director or IT leader should go get?

Speaker 1 | 47:23.998

I mean, I think the most important layer of security at the end of the day is being able to communicate the importance of security to the rest of the company. I mean, on a technical level, you know, you have your endpoint layer, you have your backups. Biggest… The biggest threat I would see outside of kind of an endpoint layer problem would really be, you know, data exfiltration, insider attacks, that sort of thing. Identity and access management is massive. Most of the time, if an attacker does get into a system, they’re going to use credentials that are somewhere in the system that they can use. And it really covers their tracks because it might look like normal activity, quote unquote.

Speaker 0 | 48:08.702

It’s very good. Yeah. Very good. So how, you know, I’m just like, how does, it’s kind of like, how did a hospital get taken out? Exactly.

Speaker 1 | 48:17.910

I mean, there was, I got into cybersecurity. I took a class my last year of my bachelor’s and what hooked me was, have you ever heard of Stuxnet?

Speaker 0 | 48:29.980

Yes.

Speaker 1 | 48:31.121

So for anybody.

Speaker 0 | 48:32.022

Wait a second. Is that the Iranian thing where we threw the, that’s where we threw the little. The USB outside.

Speaker 1 | 48:39.923

Yeah, we totally didn’t do that.

Speaker 0 | 48:43.264

No, I thought it was like common knowledge that we just dropped that little USB outside.

Speaker 1 | 48:48.086

It’s attributed.

Speaker 0 | 48:49.347

We have a show on that. We have a show on that, by the way.

Speaker 1 | 48:51.308

Yeah, but Stuxnet really showed me, it’s like, look, this has impact. It really, I mean, think about that. Nuclear uranium refinement equipment just gets, it gets a little wobble from a program. And then it just destroys, you know, hundreds of millions of dollars of equipment or however much it was. I don’t know.

Speaker 0 | 49:11.701

Yeah.

Speaker 1 | 49:12.601

All of that.

Speaker 0 | 49:13.482

And it was so easy. And look at how it happened, too. It wasn’t like I just I just I just dropped a USB. If that’s really the story. Yeah. Yeah. Just outside the building.

Speaker 1 | 49:22.767

Never plug a USB in that you found in those.

Speaker 0 | 49:26.008

Those handfuls. There’s like handfuls of USBs. Why is there so many USBs outside today? I don’t know. Let’s see what’s on one of these. Is this from a vector? Is this from a vendor? Yeah. And we used to give those out. People used to give those out at, at like it expo or something here, take our USB and plug this in with all of our information on it’s free. You know what I mean?

Speaker 1 | 49:46.326

No.

Speaker 0 | 49:46.507

It used to be like the give out. That was the giveaway.

Speaker 1 | 49:49.538

No. Well, and I tell people too, it’s like, this wasn’t, you know, the nature of cyber attacks has changed. It really used to be more so like they wouldn’t steal crazy, huge amounts of money. And now you have attackers who are like, Hey, I mean, I’m just going to blow up your entire infrastructure and all of your backups and have a nice day. There’s attacks that are just that malicious. I mean,

Speaker 0 | 50:14.839

I just retire and I’m sure a lot of companies would too. Like someone just kind of do a grinding halt. Me, I’d just be done. I don’t care. So whatever. I’m done with the podcast. Days are done. Have fun, guys.

Speaker 1 | 50:23.993

Yeah.

Speaker 0 | 50:24.694

We’re starting from zero again.

Speaker 1 | 50:26.575

Don’t care. Just like, you know, double extortion. They’ll take all your data and then they’ll tell you, hey, I’m going to publish this on the dark web. I’m going to publish everything unless you pay us. So it’s not it’s no longer, hey, your stuff’s locked down. Pay me. It’s your stuff’s locked down and I’m going to publish it for the world to see. Pay me.

Speaker 0 | 50:44.854

Yeah. And I have no, and you really have no way of knowing whether they will or will not anyways.

Speaker 1 | 50:48.755

Correct.

Speaker 0 | 50:50.055

The yes. Yes. We used to talk, I just remember back in the day we used to talk about packet sniffers. Yeah. You never know. Someone could put a packet sniffer on there and sniffing packets off. You gotta put headers and putters on that and shut that down. Yeah. Yeah. Well, it has been a pleasure having you on the show. What is the, um, what’s the, um, What’s the key to you? Because, you know, what’s the key to having fun, I guess, in IT? I guess yours was like, just like it from day one. But any advice to anyone out there?

Speaker 1 | 51:19.353

I would say the key to having fun in IT is just being open to learning, you know, new parts of IT, learning new tools, learning new technologies. I mean, I had a really good conversation with one of my best friends. This was back in college. And it was like, you have to be a lifelong learner. Because the stuff that I learned in college… the basic core concepts are the same the application of said concepts is just completely different now it just evolves constantly that is the number one advice that everyone gives lifelong learner i would say that if we had to like match it all together like that would be it yeah

Speaker 0 | 51:58.565

um for sure but i i think layer and like you and that goes hand in hand with being able to add we used to uh before and The show has been around for what, three years now. So we used to talk about like, oh, does certifications really matter? Does an MBA really matter? In your case, I’m sure you’d say, I don’t know. Did the MBA matter? I don’t know. Probably. Definitely makes you look, you’re definitely a big deal. You’re definitely a bigger deal. Yeah. But now I’m going to be start leaning more towards, I think certifications matter when it makes you more of a well-rounded leader. Like, I don’t think, you know, like the Cisco certification or this certification, but the security certs. The maybe if you’ve got security clearance, things like that, an extra layer of security clearance, CMMC, which I ran into the other day, different security. Yeah, all of that matters.

Speaker 1 | 52:54.143

Yes, I think, you know, it really just depends on what direction you want to take. Do you want to be more well-rounded in security? Do you want to be an ethical hacker only? You know, they like.

Speaker 0 | 53:06.170

No, no, no. Do not do that. That’s too hard. It’s not, it’s a dream. That’s like, just like, yeah, I’m going to be an ethical hacker. Yeah. Okay. I’m sorry. Everyone’s mad at me. What are you talking about? I am an ethical actor. I’m already doing it, Phil. Like come on the show. Any ethical actors making a lot of money out there right now. I want to have you on the show. That is your invitation. But you know, it’s, it’s layered on top of a general leadership piece. If you want to have, if you want to. me i’m just saying for people that want to get to a c level or want to be in a leadership position or want to build a business and why not someday have a way of maybe not just having a job your whole life and you want to i don’t know be part of a startup or start your own company and cash out with billions eventually i don’t know that would be cool the are you a golf fan did you watch the masters i don’t know i don’t follow there’s some closely i am aware i need to get into golf because no no no i’m not saying you have to get into golf i’m a jujitsu guy so like i grew up but i grew up from a family of doctors. So everyone golfed, you know, like.

Speaker 1 | 54:05.702

Yeah, my brothers and my dad golf. I want to be golfing with them more because it is a fun time.

Speaker 0 | 54:11.704

And all the vendors golf, all the, you know, all that stuff. But yeah, I can’t remember who the, I can’t remember who the like caddy was this week. But there was like a billion dollar caddy. Like he filled in for the caddy or something, but he was like a billionaire. So it was kind of funny that the caddy was, you know, was like the richest guy on the course. But he like, you know, had some cloud company that he sold or something. Probably. Yeah. making myself look very ignorant right now. Thank you so much for being on Dissecting Popular IT Nerds. It was a pleasure.

Speaker 1 | 54:39.523

Yeah, thank you, Phil.

Share This Episode On:

HOSTED BY PHIL HOWARD

Dissecting Popular IT Nerds Podcast

Weekly strategic insights from technology executives who understand your challenges

Are You The Nerd We're Looking For?

ATTENTION IT EXECUTIVES: Your advice and unique stories are invaluable to us. Help us by taking this quiz. You’ll gain recognition good for your career and you’ll contribute value to your fellow IT peers.

QR Code