Speaker 0 | 00:08.021
Yeah, see, so I’m an English major and I’ve learned to really non-speak the literacies over the years. And yeah, so, you know, unsquare the screen. I think we say that’s minimizing in IT, minimize the screen. I’m like, yeah, unsquare it. Can we unsquare the screens, guy, and learn to, can we learn them the literacies? That’s me, creative writing major in technology. And yeah, this is the reality of this. So welcome everyone back to Dissecting Popular IT Nerds. Today, Cyber Mike is on the show. We’re going to talk some, I don’t know, hacking stuff, how to protect your company, possibly. We might even have, do you have any advice on how to deal with auto mechanics? Just curious, you might have some advice.
Speaker 1 | 00:54.425
Auto mechanics. Yeah. Very, very experienced in that. Yeah.
Speaker 0 | 00:59.096
How do I pronounce your last name? Is it Brangwine? Is your last name Brangwine?
Speaker 1 | 01:02.799
It’s Brangwin. Yeah, it’s a doozy. That’s why I’m Cyber Mike. That’s, you know.
Speaker 0 | 01:09.925
No, but really, for anyone out there that’s dealing with car mechanics, you must have some advice. I mean, it just sounds like maybe you’ve dealt with something like that as of recent. Yeah,
Speaker 1 | 01:19.132
try to avoid them if possible. If not, keep saying no until your face turns blue.
Speaker 0 | 01:27.880
oh you mean no no to their price or whatever yeah exactly whatever they’re charging you what do we want to do what do we have to fix lately i’m just curious i don’t know six things to go to you know that guy could stick a virus on you yeah yeah i thought that was true too i could see a virus on you and shut your shop down in two seconds i’m sorry mike that’s also true it’s also true yeah now cars overheating and it’s just not
Speaker 1 | 01:48.387
a good thing i don’t want it to catch on fire especially it’s You know, the car for the wife and the kids. So we get a,
Speaker 0 | 01:53.617
oh yeah, that’s not,
Speaker 1 | 01:54.337
you got to fix that.
Speaker 0 | 01:55.078
I’ve had a van catch on fire. I used to have a Chevy 3500, uh, back left brake pad welded itself shut going down the highway. And then all of a sudden people were like beeping their horns and we were stuck. And then we got stuck in a traffic jam and the car started like, people were like, people are like, your car’s on fire. Your car’s on fire. It literally was, everyone get out of the van. All eight kids, like everyone. We’re on the side of the road in the middle of the summertime. It’s super hot in a traffic jam. Somehow got over the side. I think, I don’t know how we got the fire out. Somehow we got the fire out and then I managed to drive it to a break place and then I had to deal with mechanics. So there’s your mechanic story. Yeah. And they probably bent me over for whatever they did because I was stuck halfway between my destination and a bunch of kids sitting in a waiting room. So they’re kind of laughing like,
Speaker 1 | 02:43.145
oh, yeah. Yeah. They know you’re in trouble at that point. You’ve lost all the cards.
Speaker 0 | 02:51.248
So anyways, director of technology and cybersecurity, we have to do both. We have to do both because it’s just the nature of the business. Not everyone can have a CISO. I’m sure you’d love to just be the CISO and maybe not the director of information technology or the other way around, or we love doing both.
Speaker 1 | 03:06.072
Well, we’re working on it. We’ll get there eventually.
Speaker 0 | 03:09.033
So today, but the beauty of this is there’s a lot of people that are director of information technology and they’re kind of like, I know we need to do something about our security. I think we do. I think we do. I just have this feeling that, you know, things are insecure. And they’re probably right about that. Would you agree?
Speaker 1 | 03:26.275
Yeah, no doubt. There’s definitely always room for improvement.
Speaker 0 | 03:30.598
So I really want to, the point today is to give back, is to give back. So I want Cyber Mike to go over whatever you want to go over with security. Like when we come in, where should we begin? What should we do? What are people dealing with? What are, I don’t know. I’m going to open it up to you. But actually, before we do that, let’s go back in time a little bit more. How’d you get started in this whole gig?
Speaker 1 | 03:51.316
Yeah, I was one of those kind of elevate myself, you know, through the IT realm. You know, I started when I was young, just doing IT things at school, you know, fixing the computers, getting pulled out of class because I was a computer nerd that liked computers. And then, you know, went from that to help desk, started doing some things in networking, started. getting certified for servers so it was really just my overall like interest in all things computers um you know and through different jobs that i had eventually i landed at cyber security and it was like wow this is amazing i love this so
Speaker 0 | 04:32.245
just my background of wanting to be curious and learn more about computers just kind of uh it’s coming up a lot like curiosity is coming up a lot it came up yesterday on um, a show that’ll probably be released in two weeks, but the, cause we’re, we’ve got so many shows now that we’re backed up. I think Greg, the Frenchman, my Greg, the Frenchman, he’s the, he’s the guy behind the scenes doing my production for the team of people. So Greg, the Frenchman, maybe we should start releasing, you know, three or four shows a week, not just two a week. Cause we’ve got so many, but. But guy, you went to UMass Dartmouth, guy. How, in writing, guy, you learned to write in UMass. That’s in Dartmouth, so that’s not Zoomass. That was Amherst, right? We used to call that Zoomass.
Speaker 1 | 05:16.873
Yeah, yeah, not Zoom.
Speaker 0 | 05:18.734
So someone’s going to know what I’m talking about. So there’s a lot of people are talking about curiosity being that that’s one of the number one things you should hire for when you’re looking for someone to hire in the future. technology. I don’t know if you agree or not, because they’re saying people that are curious will want to figure out how to fix broken crap. And they’ll want to figure out how this stuff works. And you were saying, I was just really curious. And that’s what led you down the line. And now you love this security stuff. We’ll get to that in a second. But there’s got to be some link between that and writing in English.
Speaker 1 | 05:52.172
Yeah, writing in English was a little bit different. So I started actually in computer engineering, doing a lot of coding. uh you know just stuck in the dark room and uh i think there’s really two people you either like coding or you don’t like coding and i’m not a particular fan of coding uh coders or you don’t like yeah but the type of coding that i do like uh is really like css and like html and web pages which you know wordpress and all that fun stuff that did it for you wasn’t around when i was you know so it was very code centric and making web pages for people um And so that’s kind of where the writing came in was a focus in online marketing and advertising to do like web pages and web advertising for people. And while still using the credits from when I did engineering to graduate, you know, most free electives is the writing major. So that’s kind of how it like all kind of tied together. Cause you know, when I was young, I was putting flyers up at the grocery store saying, Hey, I’ll design your company’s webpage for you for cheap. You know, I’m. you know, a high school student, college student. So it was just like one of the many things that I did. Like I said, just interest all over, you know.
Speaker 0 | 07:08.347
Our biggest struggle right now is our webpage. Our webpage is like, I’d give it like a C plus to a B minus, but I am struggling probably like you’ve struggled with mechanics on finding a really good web designer. I mean, we’re on WordPress right now, but WordPress can be, I’m sure you have some thoughts on security around WordPress right now with the number of plugins and just weak. points and stuff like that um we definitely got hit with a really bad malware virus later in the summertime and then our host was there’s such a joke they they’re like okay well we’ll migrate you well we’ll remove all the malware right we’ll use another third party let’s use uh i can’t remember what we used to clean off all the malware but then we’ll back up your website and we’ll reload it on a more secure faster server blah blah okay yeah whatever So let’s back up the website with all the malware on it. Let’s clean the malware off, and then let’s restore the website with all the malware back on it. How genius was that? That one was really stupid. We’ll do the backup with all the malware on it. Then we’ll clean all the malware off. And then we’ll migrate you back, and we’ll use the backup that had all the malware on it. That’s probably one of the most moronic things I’ve ever had happen. Yeah,
Speaker 1 | 08:14.249
backups is key, and WordPress is really, you know, it’s kind of like that whole Mac versus PC debate where… PCs get more viruses, they dominate the market. And WordPress has kind of fallen into that, I think, too. Big target on their back. You see it with Microsoft now, too. They’re in the news every other week. Just a lot of these big companies have really, really big targets. And I think it’s just getting more and more lucrative. So I think that breaking point, we’re getting closer to closer to just everyone’s getting hacked every day. I hope we never get there, but it’s just… It’s just really crazy right now.
Speaker 0 | 08:52.403
What, you don’t think we’re not already there? Everyone getting hacked every day?
Speaker 1 | 08:55.946
Yeah, we probably are and just don’t know it. Yeah, you’re right.
Speaker 0 | 08:59.009
So, okay. So what was so passionate? What was so awesome when you went over to, like, why did you love cybersecurity so much? Or like when you found it, like you felt like you found your landing, your place, or you felt like I found where I’m meant to be. Like, why do you love it so much?
Speaker 1 | 09:14.263
I feel like cybersecurity more than anything else really. encompasses everything. It’s really protecting everything and being the superhero kind of your company where it looks at servers, it looks at networking, it looks at people’s personal computers. So it kind of brings all those things that I’m interested in all into one thing so that I can learn everything, I can do everything. And that kind of comes back to when you were saying with people that are curious and want to know things, I think… They’re right. And that is very valuable. And one of the most valuable things in IT is not just people with the experience that have done things and know the answers, but really people that have gone out to search for answers and are good at finding the answers because no one’s going to have the answer to every problem. But having the ability to pivot. and find the answers, I think that’s really the key. If you find someone that’s good at solving problems and good at finding the answers to problems, they’re going to be very valuable in the IT field.
Speaker 0 | 10:16.460
Yeah, or any field, period. I would love to just know that we can put people… It would be great if, as an employer in general, or a family member, or a father, or anyone, if we could just trust people to figure it out. I don’t know, figure it out. That’d be awesome. Come back to me when you think you got the idea. That’s a great idea. No, that’s terrible. Try again. So let’s go over your first line of defense. Let’s go over this, that you’ve brought to the show so that we can give back to the community and for any other IT directors out there that may not have the same love or have not found their seat in security yet or are wondering, maybe there’s some very aha moments that we can provide for them. and give back to the community. So I don’t know where you want to begin. User training?
Speaker 1 | 11:09.940
Yeah, user training, I think, is the big point, especially email training, because that’s, you know, over 80% of attacks are happening through email, which, you know, you don’t blame them because it works. So I think a lot of people are using this as like a checkbox, and they’re kind of like, hey, here’s this blueprint A of training. I put everyone’s email address on it and sent it out. We send phishing alerts using a base template without any thought behind it. So I think that’s really something the cybersecurity and companies need to focus more on than they already are. They almost see it as like a checkbox. And since they’re doing a thing that the checkbox is checked.
Speaker 0 | 12:00.348
Right. So. Don’t be a lame IT director and just do something because we have to do it to check a box. Actually put some thought into it, I guess. I don’t know what to say. And I’m not saying accusing people of doing that. But a lot of times I would say, hey, yeah, well, we did this. We checked the box. Look, it didn’t work. Or it may not work. So what are you saying around the email stuff? So what should we do? Modify? Should we use like a no before and then modify? Or what should we do? A lot of people are really big fans of KnowBe4. I don’t know. Are you a fan of KnowBe4?
Speaker 1 | 12:33.058
Yeah, I’ve been using KnowBe4 for a long time with a few different companies, actually. So I’m pretty aware of what they do, and they do a lot of really great things. They do have kind of that, like, here’s the user training. Send it to everyone. It’s 30 minutes of a guy talking about cybersecurity, and that’s really what it is to your users. You know, it’s not. world famous hacker going over uh hacking things so that you’re aware it’s like some guys talking about some stuff there’s no examples it’s half hour 45 minutes long like i have books signed by him and i’m bored by the training so i can’t imagine people not into cyber security going through this it’s almost like the peanuts cartoon right so what so what should we do to make it fun
Speaker 0 | 13:24.125
We should do it. We should do our own little, let’s do a side gig. Let’s put together a side gig, like fun security program.
Speaker 1 | 13:29.166
Short, fun, engaging videos. And they have some of those on KnowBe4. Make a list. Make the topics that you want to cover that are vital to your organization to cover. Finding red flags. If you’re a physical site, then going over some of the physical security stuff. Get a list. of things that are going to be important, vishing, you know, SMS, text messages. That’s a huge thing. Get them all the time. People pretending to be, you know, the CEO sending you a text message. Like those are things that you should be covering. Make them short, simple, sweet. If you can make them funny, that’s key, right? It gets people talking about that ridiculous video that Cyber Mike sent last week. If they’re not talking about it, they’re going to forget about it. If they’re talking about it and it’s on their mind, then it might trigger some of those decision points of, I got an email, there’s a link. Oh, that ridiculous video Cyber Mike sent me. This is a perfect example that I need to click the button.
Speaker 0 | 14:37.983
Yes. So many thoughts flooded my mind just then. Text messages and things that might be completely HR inappropriate that you could send that people would click on. Did you see the picture of the CEO? He got caught with his pants down during a Zoom call. Click.
Speaker 1 | 14:52.293
click here click did you see it john did you see that picture of mike with his pants down on the zoom call uh what click yeah and there’s and there’s and there’s a lot of that out there especially there you know i i think back to one that i had released recently that a video that they had Uh, and it was over, uh, barcodes and scanning barcodes, which, you know, is, is a thing coming in emails. And you think about all the restaurants use them now to be safe and pay attention to what you’re doing, clicking there. But the video was like a poster with a guy on his walk and his dog, uh, you know, when dog walking services, uh, poster, and he was about to scan it. And you know what I mean? It’s like, it was a humorous thing and they almost made a, uh, they made like a joke on doing number two, you know, it was like a one minute video and it wasn’t like hysterical, hilarious, but it’s going to draw people’s attention more than the other things are, especially with the cute dog in there. Everyone loves dogs.
Speaker 0 | 15:52.915
And it was, um, yeah, it was like mild enough that it wasn’t too over the top, but it seemed very, very like harmless.
Speaker 1 | 16:00.377
Yeah. Right. And then I have people talking to me about it, which is exactly what you want and make sure to have something to talk about. when they mention it to you, right? And a lot of times I’ll try to prep myself when I release these videos to think, okay, what’s a real world example that I can use that maybe I ran into or something that I saw recently in the news about barcode scanners for when they talked to me about this video, right? Because I want to try and get them to relate to it and make the villain real to them and not like somebody get clicked a thing, this is never going to happen to me.
Speaker 0 | 16:38.684
show them it’s real you know so cyber mike has a very good first line of user defense training sheet that we are going to provide for everyone out there listening so if you listen to this episode all the way to to the end then you make through to the end then which of course you are because this is crazy exciting stuff and you’ll get this download from you’ll be able to get this download so number one was um it’s very simple too it’s a do and a don’t it’s a do this don’t do that so set yourself for success Make them not hate the training. Don’t is long and boring. Do short, engaging, memorable, silly. Get some talking. Real-life examples for when employees talk to you. Ooh, what’s a real-life example? Yeah, remember Sheila? She’s dead.
Speaker 1 | 17:25.472
Yeah, there’s a bunch of different ones where it’s like, hey, you know, two years ago I had this happen. Or, hey, did you see recently in the news? Someone had clicked the barcode and it took over and downloaded all their photos and put them onto the web. It’s just, you know, do your research and have like, if you don’t have one specifically yourself, an example that’s kind of funny and gets them to remember it. Because a lot of times it’s just the thread isn’t real to them. They’re like, oh, that happened to those guys. That idiot must have clicked it. Some dumb guy. I’m not dumb. I’m never going to click on these. And then they do. And it’s like, where did we fail?
Speaker 0 | 18:12.765
You work for a really cool company, by the way, that does signage or billboards and other signage and numerous other things. But we should have a big billboard that’s like, don’t click. It should be like, you got hacked. I mean, we should do it. Your company should have a CyberMike billboard for you. It’s going to promote your company. And of course, dissecting popular it nerds we should have our guy was on dissecting popular it nerds can we run that up the chain i’d love i would love a billboard yeah just on that we should do we’ll call brand or something you know i mean like uh we don’t click at wilkins do you i don’t know we need something you know yeah no that’s a good idea all her photos are all her photos are gone now yeah that’s cool we need something you know we need some we need a we need a we need a billboard you So shout out to Wilkins. If anyone out there needs a billboard, you know, we call Cyber Mike. You know, that’s the safe way. That’s the safe way. No hacking there. At Dissecting Popular IT Nerds, we expect to win and we expect our IT directors to win. And one of those areas where we know that we can help you win is internet service providers. As an IT director tasked with managing internet connectivity, few vendor relationships can prove more painfully frustrating than the one with your internet service provider. The array of challenges seems never ending from unreliable uptime and insufficient bandwidth to poor customer service and hidden fees. It’s like getting stuck in rush hour traffic. Dealing with ISPs can try once patients even on the best of days. So whether you are managing one location or a hundred locations, our back office support team and vendor partners are the best in the industry. And the best part about this is none of this will ever cost you a dime. due to the partnership and the sponsors that we have behind the scenes of Dissecting Popular IT Nerds. Let us show you how we can manage away the mediocrity. and hit it out of the park. We start by mapping all of the available fiber routes, and we use our $1.2 billion in combined customer buying power and massive economy of scale to map all of your locations, to overcome construction fees, to use industry historical data, to encourage providers to compete for the lowest possible pricing, to negotiate the lowest rates guaranteed, and to provide fast response times in hours, not days. And we leverage aggregators and wholesale relationship to ensure you get the best possible pricing available in the marketplace. And on top of all of this, you get proactive network monitoring and proactive alerts so that you’re not left calling 1-800-GO-POUND-SAN to enter in a ticket number and wonder, why is my internet connection down? In short, we are the partner that you have always wanted, who understands your needs, your frustrations, and knows what you need without you having to ask. So we’re still human. but we are some of the best and we aim to win. This all starts with a value discovery call where we find out what you have, why you have it, and what’s on your roadmap. All you need to do is email internet at popularit.net and say, I want help managing all of my internet garbage. Please make my life easier and we’ll get right on it for you. Have a wonderful day. On your list, you have asked your employees what their favorite cyber training was. What have some of their answers been? I want to know, when you’ve asked, what have people’s favorite cyber training been?
Speaker 1 | 21:41.998
Yeah, it’s a way to make sure that your silly videos are resonating with them, right? If they’re like, oh, I don’t really have one. This is boring. It’s kind of like, okay, I didn’t connect with them. I didn’t make a connection. If the doggy training video, they like that. It’s like, okay, good. I connected them with… with them on that. And if not, then maybe I need to pivot for the next training. So I’ve had users that are talking to me about, you know, one of them was using the fish alert button to make sure that you report emails. Don’t just delete them. It’s not effective for me to be able to block them if you don’t report it. It’s not effective for me to be able to see these reported emails who didn’t report it, but might’ve. been tricked and actually clicked on it and i can search for those and find those so uh it was one where you know john or whatever the guy’s name was had reported the phishing email and the next day he comes in and the it they get confetti blasting all over them and they’re like be the hero be the company hero report the phishing email uh you know what i mean so it’s just like something silly like that and it’s kind of like hey it is important for you to to submit it so then like Like my story afterwards, when they bring that to me, like we said, we get to have that story ready is, hey, someone reported one and I found out that someone else had clicked it. We stopped them from taking over the company, reset the user’s password that got tricked before the attack happened. So they really did save the company. Right. So that’s kind of.
Speaker 0 | 23:15.898
Oh, that’s good.
Speaker 1 | 23:16.738
You’re following up that communication with a real word example to tell them like, hey.
Speaker 0 | 23:23.064
user x this actually happened in real life it’s not one of those stories of it could happen to you like it happened to you you know what i mean yeah we should have we and on top of that we should have um cyber mike’s weekly company hero yeah
Speaker 1 | 23:39.830
yeah no i i agree reward him you know send him a $20 gift card to amazon right uh cyber hero of the month put their face on a little uh cape crusader and you know
Speaker 0 | 23:52.156
put that for the company meeting you know definitely um uh i get mixed reviews around gamification i personally am a fan i love gamification uh i love pitting people against each other i i love um uh management by uh what did we someone accused me of running a a media what did they say uh oh gosh why can’t i think of um oh meritocracy meritocracy phil you were on a meritocracy this was years ago long time ago before I knew anything about human beings and how to interact with people. But I was accused of running a meritocracy. I love gamification and meritocracies. But other IT directors don’t feel, they don’t like gamification. I don’t know if it makes them feel uncomfortable or I don’t know if it’s, I just don’t want to, you know, do that to people or I don’t know what it is. I’m a fan of gamification. Are you?
Speaker 1 | 24:43.828
Yeah, I like gamification. I like it a lot. It gets the juices flowing and it You know, if you’re not as high as some of the other people, it’s kind of like sometimes you want to fill the gap to be better, you know, and then maybe you’re more aware and reporting more and being more active. And I also like villainification, you know, villainizing. the the person hacking you you know when you do phishing emails have it on a landing page of a villain uh i’ve done that before and it gets people more connected it gets them it gets it realer you know what i mean when you send a phishing email and they click it and it’s like you click the thing red flag you know this that and the other thing they don’t really have you know there’s no connection there it’s like again it’s kind of reinforcing like this could happen to you uh if you make it a villain that did it then oh this happened to me i got hacked here’s who hacked me right um you know i’ve done that in the past is very effective for some reason when you said villains all these these uh thoughts i’m not a political guy but a bunch of people
Speaker 0 | 25:52.202
popped into my mind when you when you said that and i thought of hillary clinton’s bez server remember that yeah yeah like how did we how did she have her own blackberry exchange server like no one That just goes to show you how far security has come back in the day. Like, shouldn’t that be like a massive violation of some kind of like security protocol?
Speaker 1 | 26:13.791
Yeah, I don’t. It’s almost like they’re trying to make their own like bastion server to put additional security controls on, but then didn’t. You know, I don’t know.
Speaker 0 | 26:23.078
It’s either that or it just shows you how popular BlackBerry was back in the day. It’s either that or it’s just, man, I loved the BlackBerry Messenger so much I had to go get my own server. There’s just no way. I’m going without a bez.
Speaker 1 | 26:34.346
It might have been someone at Wilkins Media. Maybe there was a billboard about the service and it really sold her on it. You never know.
Speaker 0 | 26:44.254
I wish we could. You know what would be cool? Maybe the next level. Maybe we can figure this out. Maybe we can find the coders that you didn’t want to be. Maybe we can find the coders to make a new security software where we can pit people against each other to try and hack each other. Maybe we can get in. employees so into this that they themselves want to become like hackers and like we can figure out like hey i i hacked jan today and she hacked me can we is there any way we can do that we get different employees to try and like you know like you know i don’t know compromise
Speaker 1 | 27:16.375
other people that sounds like that sounds like tricky grounds we’re going into at this point it sounds like we’re training hackers we’re gonna get we’re about we’re gonna get subpoenaed at this point next thing you know i was like
Speaker 0 | 27:29.202
Hey, Mike, she clicked on my email today. I just want to let you know. Yeah.
Speaker 1 | 27:33.546
No, that’s true. You get points for it or, you know. Okay.
Speaker 0 | 27:36.729
So creating a villain, gamifying user training. We have a once a month do’s and don’ts. What do you think?
Speaker 1 | 27:45.677
Yeah. For me, it’s really thinking ahead. And I think most people don’t think ahead. They’re more reactive with what they’re doing. Me, I like to think ahead. So. Last month, I’m already thinking about Mother’s Day. I’m already thinking about 1-800-Flowers and things like that to prep my users for Mother’s Day and the hacks that they’re getting. Another big one is next month, the weather’s getting nice. Everyone’s getting ready to do vacations and things like that. You’re going to see malicious actors put a lot of emails out there about approving your vacation. So send them an email that says your vacation got denied. Um, they’ll click, they’re going to click it. I’m going to tell you right now.
Speaker 0 | 28:29.879
Click here to re click here to, um, I don’t know what.
Speaker 1 | 28:33.921
Yep. The guy from the week before that said, Mike, your mother’s day one, wasn’t that good. You’re never going to trick me. You’re going to trick him this next month after that. Um, because he’s going to not want to miss out on vacation and wonder why he’s boss.
Speaker 0 | 28:48.507
Your vacation. Yeah. Here to re I don’t know. What do we say? Resubmit your. vacation time.
Speaker 1 | 28:56.166
Yeah. Click here to see the reason why. And then they’re going to be like, Oh, I got to see why I got denied.
Speaker 0 | 29:01.627
Yeah. Oh, that’s good. That is a good one. The, okay. Um, so we’re thinking ahead, you know, all these ideas, maybe I, maybe I am going to start to like cybersecurity because I felt like there’s been this big rush, this big, you know, just not Exodus. I don’t know what you’d call it from just this, like everyone’s going into cybersecurity, everybody. So. And it doesn’t seem like there’s enough seats to fill everyone that’s going into cybersecurity right now. But maybe a lot of people just say that, but they don’t really put the time and effort in or I don’t know. What do you have to say for all the new people out there that are growing up in the world and maybe they’re trying to find a career and they want to do something exciting and they like technology and they’re like, I want to be in cybersecurity. Like, where do you begin? I mean, it just seems.
Speaker 1 | 29:46.973
Yeah, it’s really tough. That’s a great question. For me, I always tell them. Go into it with an open mind. Start off with learning how computers work. And then from there, when you learn how computers work, learn how the networking works and the servers and try to understand from a high level the different aspects. And that’ll help you. find your passion and find out what you’re going to be passionate about a lot of people like oh i want to do a lot of cyber and then they find out most of its documentation and making sure you know that you’re up to date with your security and doing updates and whatever else you need to do there and then they’re like oh my goodness this is boring i wish i did cloud or you know i wish i did uh service desk stuff because i like helping people like uh i wish i did servers because i really like the server application and all that stuff.
Speaker 0 | 30:42.733
Data guys are happy. Look, I’ve never met a data center guy that’s not happy. I really haven’t. I’ve met all the coders I’ve met. I’ve rarely met one that’s not miserable. I’m just being honest with you. Is there a coder out there? Everyone listening, please. Someone out there. Oh, I know a coder. He’s happy. Okay. Please send him. We want to have him on the show. Every data center guy I’ve ever met. just loves his job. I just love walking around and racking and stacking and energy and moving cables and compute power and I don’t know. Migrating stuff. Data center guys love their job. All the security guys tend to love their job too. You have the benefit of also running IT at the same time. Some guys that are only security, sometimes it’s the job that only it’s a thankless job. Right. It’s, it’s like every, we didn’t get hacked. Why do we need you? And then when we did get hacked, like you’re fired.
Speaker 1 | 31:37.763
Yeah, no, that’s a lot of that. It’s the same thing with it. It’s like my computer was working great and I was working and everything was good and I wasn’t thinking about the it guy and then it broke and I’m mad at you. So it’s a lot of that. My computer broke. It’s all your fault. I’m like, I’m sorry.
Speaker 0 | 31:55.175
Um, Let’s go. Okay. So moving down the sheet some more. Once a month, don’t use the same. Oh, I know what it was. It would be great if we just had a really cool. We should just have like a pod of other IT directors where you just make up hacking emails or phishing emails all day and we just phish each other’s companies. That’s maybe an idea. We’ll probably do that cheaper than someone else. That would be fun.
Speaker 1 | 32:15.532
Yeah, that would be gamification, right? To phishing email testing. That would make you really challenge your employees and challenge the other company’s employees, right?
Speaker 0 | 32:25.112
Yeah, let’s put together, everyone that’s been on Dissecting Popularity or is maybe listening to the show, let’s just put together a security company. I don’t know. We’ll just call it a phishing pod. I don’t know. We’ll just phish everyone’s company. Like, hey, I got a guy over here. I know he’s going to click on something that you write. He knows me by now. Can you phish him for me? Don’t use the same from email address. Trick your users with different from email addresses. What are we going to do? Buy different, we’re going to buy in domains now or what are we doing?
Speaker 1 | 32:52.912
Yeah, they’re kind of like spoof ones that you can use, but I find people that set mass ones and they’ll use it at company name dot com or they’ll use HR at company name dot com, like mix it up, change it up, do different things. Sometimes add a funny one in there. I like doing that with the URLs is add funny URLs in there from time to time, because, again, it gets them talking, especially the ones that saw it. They think it’s hilarious when it’s. do not click.com or something like that. People are still clicking it because they don’t read it. Right. And then it’s funny. And you’re like, oh my God, that’s such a funny URL. I’m going to hover over my URLs to see the next funny one. Mike does. Right. So then it,
Speaker 0 | 33:37.021
so you did your job,
Speaker 1 | 33:38.102
gets them in that behavior. Yeah, exactly. Yeah.
Speaker 0 | 33:40.623
That’s the first thing I do is when I get something like that, I look at the, I mean, I look at it and I’m like, it’s, it’s from, it’s like user 25, six, three at gmail.com. And he BCC or CCC like a thousand other people like are they really that dumb are some of these hackers that I mean they’re just really that lazy it must be that easy that their job must be that easy they do that stuff yeah some of them are really easy some of them get a little more advanced where they’re using uh
Speaker 1 | 34:09.180
some behind like cloudflare or some that are hosted on microsoft so it does some of them can look like legitimate links and it’s really tough but if you ever question it I always just say to click the button let me let me Let me click it in my sandbox. You don’t need to click it on your work computer.
Speaker 0 | 34:24.891
Don’t use cookies. No, never mind. Don’t use cookie cutter. Don’t use cookie cutter emails with no relevance. Use time on content, relevant content. Yes, so that would be the Mother’s Day, right? Versus vacation times.
Speaker 1 | 34:40.825
Yeah, exactly, exactly.
Speaker 0 | 34:42.247
Any other good ones? The vacation one’s great. Your vacation’s not been approved. That one’s really good. You got any other good ones?
Speaker 1 | 34:47.748
Yeah, I really like the vacation one. And then some of them a lot of times are like the timing. So like doing like the free turkeys before Thanksgiving. I know it sounds like kind of cliche, but you can have fun with those and, you know, get your paint, your paint skills to test drawing some turkeys and stuff like that and having some fun with it. Like you can still have fun with these and make them fun.
Speaker 0 | 35:11.348
Donate this time of year. Donate.
Speaker 1 | 35:13.990
Yeah.
Speaker 0 | 35:14.190
A lot of emotions, appeal to emotions.
Speaker 1 | 35:16.811
Like they’ll be dropping like PayPal emails right now. And it’s like, save that for the holidays. Like do that before the major holidays, before Christmas and stuff like that is your PayPal emails and your Amazon emails and stuff like that. Or if you do an Amazon one, it’s a swimming pool one now and not like Christmas stockings that you purchased. Right. And don’t always just do the iPads. Like that’s what they do a lot. Like we’re so used to some of that training. by the malicious people have trained us that if you get an email that says you purchased an ipad and it’s a thousand dollars call apple support like most people have been trained now that they know that that’s bs you know all microsoft microsoft
Speaker 0 | 35:59.368
that’s the one that got my dad it still gets them still gets them steve microsoft calls your computer’s been hacked i need to get on your computer give me a go to log me in.com whatever whatever they’re using not log me in. They’re probably using any desk here. I need you to go to any desk and give me this code and we’re going to clean up your computer for you. Send me 600 bucks. And can you go open up a bank account and can we pay you to send email to India?
Speaker 1 | 36:26.223
Yeah. Those are the ones that hurt me. Then I call them like non PC users, some of the older generation that aren’t so savvy and haven’t been trained, you know, um,
Speaker 0 | 36:36.370
that’s a whole industry.
Speaker 1 | 36:37.351
Those are the tough ones. Yeah. It’s, it’s, it’s tough. Those are the ones that hurt me.
Speaker 0 | 36:41.698
hurt me a lot um when when things like that are happening i just ripped my dad’s computer out and got rid of it just threw it away yeah that’s real it doesn’t really use one either so changed his phone number like and literally everything and change his phone number because what because what happened was is he was getting paying some dude like six when i finally figured it out i realized he had probably paid this guy at least three to four grand i would think over like two years over like two years right
Speaker 1 | 37:11.538
Yeah.
Speaker 0 | 37:12.058
And, uh, I, I eventually tried to do like a sting operation. It was a, it was a pretty, um, cause I tried, I was actually gonna get on a plane and fly to like wherever it was in India. I was actually gonna like, I was actually gonna go and then I was like, I might get killed. You never know. I never really know what’s on the other end. Yeah. But I was even tried contacting like the India version of the FBI. We’re trying to, you know, to report these phishing emails and everything. But what, um, what was really interesting was This whole industry of people preying on the elderly that have computers and they still have AOL addresses and they’re on Facebook and stuff like that. It’s the friends of them that get suckered into doing the gift cards and all this stuff. This guy was so good, he would get them to call him back. So he would be like, you know, like. there’s a virus on your computer like whatever he could get on the computer call microsoft right now 1-800 and you know so you’d get him to call that and then i would go on my dad’s computer and remove whatever was in the like i can’t registry or whatever he put on there to like you know have a little blinking number on the bottom right hand corner that was like you know call for support yeah and i would eliminate all that stuff and then i even changed his phone number so the guy would stop calling him like you know doc this is steve from microsoft you know i changed his phone everything then the guy sends him a first-class mail that’s like open immediately he had my dad’s address sends him a first-class mail that says like this is from microsoft we’ve noticed some illegal activity on your computer please call the microsoft support line like immediately he even sent him a piece of mail nuts isn’t that crazy yeah so then my dad calls him from the number that i changed so now he’s got his new number we gotta call the telecom company again, change the number again, tell all the help in the house, block the, don’t let them get the mail. Anytime it’s just, it’s wild. So anywho, so we catch people do something. What’s up with the communication? What’s the coaching? What are the coaching conversations look like? Obviously, IT people, technology people, CIOs, CTOs, IT directors, we have to talk to people. We have to talk to them. What are these coaching conversations look like?
Speaker 1 | 39:28.862
Yeah, it’s a lot of communication that I like to have with the users, especially post phishing email. A lot of people, they’ll release it and then it’s done. We did it and four people clicked and they’re like, okay, hopefully they learned something. You’ve got to have a follow-up post. What percentage of people got tricked by this villain you made? That lets them know. And they’re like, oh my God, I was the 1%. What was I thinking? And they’ll reach out to you again. And then. It gets that communication flowing. Anything that promotes communication, I think, is really big, especially when people are reporting them and there’s been over 10 users or, depending on the size of your company, that got the email, you might want to make a post. I’ve had it happen where… Someone clicked on it. Someone didn’t click on it. They reported it. And then I post a picture of it and say, hey, a lot of people got this email. It was bad. Let me know if you clicked on it or anything. Report it now. It gets reported and then I can change their password or whatever it is before anything really bad happens. So if you don’t send those communications out, you’re never going to know. Same thing with cyber news. It makes it more relevant. If a company that they use has got hacked, right? If they have a Walmart gift card and Walmart gets hacked, they have a Walmart, you know, shopping cart, or they go to Walmart all the time, or they’re a target person and targets like, it just makes it a little bit realer that it’s happened.
Speaker 0 | 41:05.575
The target hack was crazy. The target one, that one was, that was through the HVAC. I was insane. Like smart, smart. That’s my understanding of it was through the HVAC, some kind of, it was through a vendor, actually. I think vendors are one of the biggest weaknesses. Vendors hold a lot of keys to your, they hold a lot of your information. And I can’t imagine that every vendor out there is all their employees. That’s a huge weakness. It’s just as big a weakness as maybe second biggest than your own people.
Speaker 1 | 41:37.843
Yeah, there’s a lot of them like that. I always think of the ring cameras. And then my favorite story that I like sharing with individuals that are kind of talking about this sort of thing with smart devices. I always like talking about the casino that got hacked through the fish tank in the lobby that was automating feeding the fish. They got in through that system that was- Shut up. Yeah. And they never got caught. So I don’t know. I don’t recall how much they stole, but it was a lot of money and it was through- That wasn’t the Caesar’s Palace one,
Speaker 0 | 42:10.345
was it? Fish tank. Okay.
Speaker 1 | 42:12.486
It might have been, but that was always like a good story. Like when someone’s come to you and they’re talking to you about smart devices, like have little things like that for all the different.
Speaker 0 | 42:20.949
What’s up with the ring cameras? Tell me about the ring cameras. I’m curious.
Speaker 1 | 42:23.910
All the ring cameras were too. They were, the credentials were being stored in plain text. So it was easy to get in and easy to get the ring cameras happened a couple of years ago. So it was, you know, changes that they had to make on their end, but it was like, I don’t know how those. type of things happen which is probably why you’re seeing a lot of the crackdown now for um you know made securely that you’re seeing from the government right now too yeah because we don’t care we just want it to work i mean i used to turn my yeah i uh in my old house the oven was a smart oven so
Speaker 0 | 43:00.833
we’d be out for a long day something like that oh what are we gonna do for dinner tonight all the kids are hungry like what do we do i don’t know turn the oven on let’s throw some frozen pizzas in so i’d turn the oven on we’re like half an hour away from home Because I can turn the oven on via smart. There’s no way that thing’s secure. And I was like, maybe it is.
Speaker 1 | 43:16.406
Yeah, there’s got to be lots of that, right?
Speaker 0 | 43:19.348
There’s so many. And I turn on the search for wireless devices or something or smart homes device. I’m like, oh, I didn’t know our dishwasher had a… I didn’t know our refrigerator had that. I’m like, oh, let’s add the refrigerator, add the dishwasher. What am I going to do anyway? Start my dishwasher remotely? Or what do I care? Or it’s going to ding me when it’s done?
Speaker 1 | 43:38.421
Yeah.
Speaker 0 | 43:38.821
Oh, no. Pretty wild. Kind of cool. But I’ve given up. I basically believe that everyone has all my information already. You can have my social security number. You can have it if you want. I don’t know what you’re going to do with it. This is probably the very… Tell me I’m wrong. Tell me I’m wrong.
Speaker 1 | 43:55.888
I agree with you. I feel like everyone’s got everything. Obviously, everyone has some sort of problem with it from some level, but I’m like, hey, I’m not doing anything illegal.
Speaker 0 | 44:08.926
Just have nothing to hide.
Speaker 1 | 44:11.067
Yeah, if you want to get into my video games, I’ll make a new account and level back up again.
Speaker 0 | 44:18.071
Unless they stole your World of Warcraft here. Oh,
Speaker 1 | 44:21.692
that was a big thing too. Yeah.
Speaker 0 | 44:24.454
Remember when people were dying from mining gold in a basement in Japan? Some kid died from that or something. Remember those slaves they would have mining gold?
Speaker 1 | 44:33.339
Yeah, it’s crazy.
Speaker 0 | 44:34.800
Okay, positive feedback. Reward users. um, make them want to do more. Um, any, what’s your, what, what kind of rewards are you going on? What is the $20 Amazon gift card or what?
Speaker 1 | 44:48.256
Yeah. I mean, if you can do that as a company, I definitely think that’s big. If someone reports something, it’s gone to multiple people. And then you find out later on that someone had clicked it. Like he’s saving you a lot of pain and anguish. If you discover that two, three, four weeks later that the account’s compromised. Um, so definitely, you know,
Speaker 0 | 45:07.890
homer lord you know i could send you out some nerd glasses i’ve got a bunch of nerd glasses with tape in between let’s say dice yeah there are nerds on the side we can give those yeah if you have like a monthly meeting
Speaker 1 | 45:18.830
or you have a quarterly meeting do the cyber security hero of the month you know grab the that was easy button press it do the horns you know make it fun make it exciting you know you know how much do you want to see me do that now like that’s actually one i got that from one of the know before trainings uh where they’re like oh you’re gonna do the minute and the cyber security guy goes cyber security minute with like explosions behind him and everything yeah and i recreated that i was like this is so corny and ridiculous like everyone’s gonna remember it it was a company that i worked for before and i got emails after i had left that were like we’re so disappointed because we were looking forward to the explosions and they didn’t do it they they didn’t have the guts that cyber mic did to have explosions in the background.
Speaker 0 | 46:10.104
So my gosh, I, you just brought up some by corporate America life. When I worked in corporate America, we had some crazy stuff, crazy stuff. I remember we had, we had a market. There was this guy, Grant Jennings. We should, we should, we should, we should tag him to this show. His, he’ll probably be mad if I brought this up, but he has, he had a team. He had a team. This was back when we were like, I don’t know. When I started out in. technology i started up selling we started at the cisco startup and we were selling these cisco 2800 series routers and you know it was like a small business solution where you could get you know you could get your internet and your phone and your vpn connection and off-site backup 250 megs of off-site backup you know you know back up your files you could do all this stuff it’s an all-in-one you’re web hosting everything you know and everything all through this like you know cisco startup company it was he had team team rambo and uh He dressed up one of those torsos, those punching bag torsos, you know, that have like the black ball on the bottom and it’s like a punching bag, but it looks like a human. It’s like a torso. So he dressed that up as Rambo and it had like a wig on it and like the scars and like all the, it looked like Rambo, you know what I mean? He had like a bandana around it, all this stuff. And every time he had to like give a talk, he would bring this torso. up and he’d be like okay team rambo this month you know congratulations to so and so blah blah and uh i was on a different team and they were like our arch enemy and uh we were team kick to the face and uh i remember we like beat whatever it was whatever the metrics were like we beat like you know team rambo that month or like whatever market director rambo and i was i looked over at my boss and i was like um can i go drop kick rambo since we’re team since we’re team kick to the face right he’s like please please do it please whatever you do he’s like absolutely you can don’t worry i’ll talk to hr i’ll tell him that i’ll tell him that you know i told him like it was okay it was team building like you know like please please do it there’s like 250 people in this room during people in this room and like you know so i like start stretching doing a few calf stretches and everything and then they’re because in that Everyone had to present their numbers for the month, whatever it was. So when it came our time to present the numbers, we were right after Team Rambo. I was like, please, they’re going to call us next. Can I please get a dropkick? And he was like, yes. I remember I had to come running through the crowd. I literally did like the Karate Kid, like Karate Kid kick to the face, like right underneath the chin of Rambo. I don’t think it could have been executed any better. Rambo came off the bottom torso. The torso came off the base. flew flew up flew up into the air went through the ceiling tiles there’s a ceiling tile and came down through the other ceiling tile like a like a like a dead body i’m like and like 200 people were like cheering forever and like i remember after that meeting like something i was like yeah
Speaker 1 | 49:17.872
that was the best thing i’ve ever seen in my life yeah yeah yeah if you can do stuff like that and make it around. In cyber, people are going to remember it.
Speaker 0 | 49:28.559
I think this was back before. This was back during the Blackberry Exchange days. So this was back in the day. This was back before any, I don’t know, probably anyone cared about security. Yeah, they did, but it wasn’t. How long ago do you think security became a thing? Like when did it really become a thing? 10 years ago, 20 years ago? I mean, yeah, we had people like hacking and email hacking and different stuff like that. But when do you think it really became a really bad thing?
Speaker 1 | 49:55.490
Yeah, maybe like 10 years ago from like the corporate level. And that’s maybe still early.
Speaker 0 | 50:02.614
It’s crazy.
Speaker 1 | 50:03.934
Yeah,
Speaker 0 | 50:04.575
that’s not that old. It’s not that old. Yeah. We act like this is just this is it. This is it now.
Speaker 1 | 50:10.378
Yeah. When you think about nation state hackers, right there. Like now’s the time.
Speaker 0 | 50:15.008
It’s going to get worse.
Speaker 1 | 50:15.688
We’re talking about that a lot now, like the water systems and the government, like stopping and making more regulations to stop things. Like now’s the time of that era of these nation states that are, that are taken over. So it’s just getting more and more profitable. So it’s getting, taking off more and more because the money’s there.
Speaker 0 | 50:36.554
So other than your users, and first of all, it’s been an absolute pleasure having you on the show. A lot of fun. A lot of sidetracking by me, so I apologize for that, but I can’t help talking about Dropkick and Rambo in the head. What other areas of security are like, I mean, so we talked a lot about phishing and kind of the end user weakness piece, but what’s the rest? Where else do people go? Because there’s so much other just stuff, you know what I mean? Like how do we prevent data leaks? I guess it comes through users as well. I mean, what else?
Speaker 1 | 51:12.108
what else is keeping you up at night yeah it’s really uh you know for any company identifying the crown jewels like identifying the data and what’s important for your company and then finding out what touches your data like employees is always going to be one of the answers for touching your data but what applications where’s your data stored like do you have cameras do you have badge access How’s the security of your badge access? Do you have badge access, but someone that got fired three years ago was still in the system and it can be used? It’s a lot of that, a lot of cleanup. Find out your old users and get rid of them. Don’t leave them there. Don’t leave these vulnerabilities, these ghost users in your systems, in your applications, in your programs. Because if they get into those, then they can spread it around. And that’s a lot of what’s happening. I see a lot now, too, with the firewalls are getting hit pretty hard right now. So. I would definitely focus a lot on that because it seems like everyone has it. So it seems like one of those Mac versus Apple, Mac versus PC situations where- Meraki versus Fortinet. Right. Or even just Meraki and Fortinet. Most companies have some sort of firewall somewhere. So if you’re finding a vulnerability there, a lot of people are affected. So make sure that- you have your network flows correctly. Make sure you have your users on point. Make sure you’re blocking things, not allowing everything, different things like that. It’s a lot of cleanup needs to happen. I feel like that’s a big thing too. Set it and forget it. Revisit some of the stuff you haven’t looked at in years. Like, oh, that’s been there for 10 years. I haven’t looked at it in a while. Look at it.
Speaker 0 | 52:57.146
Cyber Mike, thank you so much for being on Dissecting Popular IT Nerds. For everyone out there listening, you can just search. Cyber Mike on LinkedIn, but you can also just listen to the show and go find his URL on our page as well. We’ll have the download for the first line of defense, first line of defense, not the last line of defense training. And I’m sure you’re open to anyone reaching out to you if they need any advice or anything like that. Correct?
Speaker 1 | 53:19.908
Yeah, definitely. Feel free to reach out. Phil, absolute honor to be on the show. Really love it. Been listening. Really great stuff. So I really appreciate the opportunity.
Speaker 0 | 53:28.894
Thank you, sir.