Speaker 0 | 00:02.648
Hi nerds, I’m Michael Moore hosting this podcast for Dissecting Popular IT Nerds. I’m here with Maximo Bredfeld, Chief Information Officer at Longship. Maximo, how are you doing today?
Speaker 1 | 00:13.272
Hey Michael, I’m doing fantastic, thank you. What about yourself?
Speaker 0 | 00:16.613
I’m doing great. We’re recording this around the holidays, so everybody that celebrates Christmas is going to be off for the next couple days apparently.
Speaker 1 | 00:31.740
Yeah, it’s too bad that we don’t have video because I would love for everybody to see. Michael is wearing a fantastic, the most Christmassy shirt I’ve seen ever. We got snowflakes, candy canes, snowmen. You got everything going, man. I absolutely love it.
Speaker 0 | 00:47.664
Yeah, I walked out of the house today and my girlfriend just shook her head.
Speaker 1 | 00:54.626
Because of all the elves that were following you? Yeah.
Speaker 0 | 01:00.244
All right, we’re going to start things off with random access memories. It’s our icebreaker segment. I ask a question and then you respond with the answer that comes to your head first. The first question you have is, what is the most helpful or supportive IT related person or mentor that you’ve ever had?
Speaker 1 | 01:23.537
Oh, gosh, that is that is that is a tough one. I’ve had I have. very many fantastic mentors, thankfully. I’ll have to give you the latest one. A great friend of mine and great leader and fantastic mentor, his name is Steven Jones. I worked with him at my last job at Dataprize for three years and he’s the kind of guy that I vibe the best with. So a down-to-earth, a good person, a good leader. Uh, and, uh, I, I sucked so much out of that man, uh, you know, like I said, information wise that I don’t know if he has any left. Uh, so he has been a tremendous help in my, my life, my career the last couple of years.
Speaker 0 | 02:13.378
Shout out to him. Uh, uh, Maximo, uh, um, uh, that’s a, that’s fantastic. If you get a good, um, Max, or you get a good, uh, mentor, right? You definitely want to suck him out as much as possible and get all the information you can out of them. That’s a it’s always a great thing to have. So I’m glad that you were able to kind of give him a shout out there. If here’s the second question we got, if you could improve or enhance any IT related skill or ability, what would it be and why?
Speaker 1 | 02:50.369
For me or for everybody else? Because for everybody else is like, don’t click on. Don’t click on stupid stuff. That’d be great.
Speaker 0 | 02:56.653
Now, let’s go ahead and focus on you on this question.
Speaker 1 | 02:59.996
Okay. A helpful skill in IT. I remember when I was interviewing… I’m going to skew your… To give you a more interesting answer, I’m going to skew your question a little bit because I remember when I was interviewing for this podcast. Well, thank you. Because I said, like, a lot of IT people… I feel I’ve struggled with confidence. So I would like a magic pill for getting the confidence that we need in those tough moments. I’ve had to learn that the tough way. So that would be a nice skill to have is like to to get the confidence to say no when you have to.
Speaker 0 | 03:42.183
It’s a it’s a it’s a tough one. Yeah. You know, confidence is interesting, too, because you have, you know, as you as you kind of progress through IT. You start off and you’re very confident, then you learn all the things that you don’t know, and then you become less confident. Well,
Speaker 1 | 04:01.551
yeah, I think you’re right. But I also think it depends very heavily on the path that you take or where your path takes you. Because in my case, it’s been very much up and down when it comes to that. You feel great and then you meet this one person or there’s one situation that humbles you right down. to planet earth right and then you start dust yourself off you get the backup again and you try harder and then yeah it’s been a cycle of feeling great and feeling oh my god i don’t know anything about anything you don’t have to tell me that i talked to a lot of it folks doing this podcast right and a lot of them know a lot more than i do so you
Speaker 0 | 04:43.589
know um i always think that if we go back to the first question uh you meet somebody like that and then you have that ability to learn from them. Right? And so that’s always a fun thing. I think the confidence is not really in what you know. But it’s in your capacity to learn.
Speaker 1 | 05:05.330
Yeah, I couldn’t agree more with that.
Speaker 0 | 05:08.892
So the confidence always has to be in that capacity to learn and knowing that even though you don’t know something, you can learn it.
Speaker 1 | 05:18.838
Yeah, no, absolutely. And I think that paired with trying not to be terrified of screwing up. And if you’re smart. But you can learn and listen for your wins and your losses. Yeah. So add those. Great point. Yeah. If you start adding those up like a piggy bank and you invest them well, that’s going to fuel your confidence in the future too.
Speaker 0 | 05:45.398
Yeah. To anyone listening, you will screw up. It will happen. Yeah,
Speaker 1 | 05:48.120
you will screw up.
Speaker 0 | 05:49.341
You will screw up multiple times. And that’s okay if you learn from it and make sure you can kind of change your… change yourself so that you don’t in that situation, right? So yeah, no, great answer, Maximo. Here’s your last question of this lightning round here. If you could choose any IT-related theme or genre for some party or event, what would it be and why?
Speaker 1 | 06:19.218
Ooh, for an event, is it meant to be educational or entertaining?
Speaker 0 | 06:26.068
You can just decide, you know, whatever you want. You know, if it wants to be a party or just an event or…
Speaker 1 | 06:33.850
Well, I think you can never get people bored with cybersecurity. There is always… If you haven’t had the chance or the curse of being involved in cyber, I think you can entertain any table or terrify them or a little bit of both. So, yeah.
Speaker 0 | 06:50.295
Are you just going to… You’ll throw a cybersecurity… themed birthday party and put everywhere that people under like the cupcakes just controls, right?
Speaker 1 | 06:59.641
Right, yeah. Then watch that nobody shows up or the only people that show up are the people that have no idea what’s going on.
Speaker 0 | 07:09.269
Probably because you didn’t publish the address because you’re trying to be secure.
Speaker 1 | 07:13.252
There you go. Yeah, that’s a good point. Fantastic, yeah.
Speaker 0 | 07:16.295
Alright, now yeah, let’s get into it. You know, I have We were talking earlier and you had kind of mentioned some of the stuff that you’re great at. And I was laughing at some of the answers, but we’re going to dive into it and it’s going to be great. Because one of the things you mentioned was breaking stuff. You’re really good at breaking stuff, right?
Speaker 1 | 07:43.036
Yeah.
Speaker 0 | 07:43.737
And I think I actually love that answer because I think that every IT person needs to be really good at breaking stuff. right and you kind of need to break stuff so you know how to put it together you know how to uh fix it when it when it ultimately does break for real um tell me a little bit about this uh great quality of yours of breaking stuff well
Speaker 1 | 08:08.144
uh so it started when when i was very little um i i would take apart every toy that my mom would get um and i’m i’m to put it into perspective about 45 uh so when when i was little we’re talking you know early 80s um when i’m right there with my mom so i am right yeah but i’m trying to put this into perspective because the toys nowadays you know a kid will get an iphone a tablet and stuff like that toys back in in my days were more simple you know a little rc car was like the most technology you would get and i would take those thing apart things apart like all the freaking time to the point that my mom hated giving me anything like a you a water gun anything that had a tiny motor or light i would take them apart and uh i hardly ever put them back together the right way um but yeah that that’s uh that’s what got me started um and why
Speaker 0 | 09:05.682
is it by the way when you put when you why is it that when you take something apart you always end up when you put it back together with like two screws left over like what is well it works well two screws left over what what is that you
Speaker 1 | 09:19.588
Look, my best answer that I can give you is that the engineer that put it together could have saved a couple of screws, man. That’s it. That’s the best answer that I got. Not efficient engineering going on right there. Because for the most part, I could put them apart and put them back together. And they would work, you know. But yeah, I had always a handful of pieces left over that are obviously not necessary. So there you go. Inefficient engineering is my answer. But to go back to your question. So that’s why I think that’s generally one of the things that got me interested in computers. The computer, like the personal computer, was the first thing that I assembled. by parts that worked. And that fascinated me. And ever since, I think I had my first computer when I was six. And ever since then, I was the one that helped my friends put computers together or fix them. And at some point, I realized that it was a marketable skill. So here I am, pretty much.
Speaker 0 | 10:32.173
I love it. I love it. Breaking stuff. But you can put it back together because you have a magic touch.
Speaker 1 | 10:42.996
I like to think that I do. And the people that know me closely, they get a little bit freaked out by that. And it’s I guess some some people have a talent for certain things. I have an intuition for. nowadays fixing stuff or figuring stuff out um it’s it’s hard to explain i’m not gonna sit here and tell you oh i’m super smart and i know everything it’s like no i’m really good at googling stuff that’s that’s true um but uh i guess the more that you get into it you you get a little bit of like the whisper right let’s like every now and then i’m facing an issue where you have tried everything nothing works and you have this one hell mary thought that you’re like, there’s no way that’s going to work. And you hit enter and boom, it’s there. It comes back up or whatever it is that you were trying to fix. So that is an uncanny thing that I wish I could figure out because I think I would be a very, very rich man if I could multiply that.
Speaker 0 | 11:47.733
Tell us an example. Maybe you have a story or two of one where you applied this magic touch and transferred to a computer to turn it back on. Oh, yeah. tell me a little bit about about this uh because i you know because here’s why and i’ll explain a little bit i have uh um i’ve seen in my career uh tons of people with this just you know innate ability to just go oh this is the problem right and uh you know the rest of us have to just troubleshoot through it and uh and uh um and and or try and figure out you know what’s happening but you know i have seen people you know it’d be like six in the morning you’ve been going all night and it’s like people are going to start coming in like an hour and all of a sudden they’re like oh wait how about we do this and it’s just like what what how did you figure that out right well actually talking hearing you talk i i remember a very beautiful story um beautiful
Speaker 1 | 12:49.045
for me because i i i got the winning uh the winning guess on that one uh it wasn’t it wasn’t a big deal but it was a very interesting So I was working as a tech, an IT tech in a company in Germany. And we did mostly commercial stuff. But every now and then we had either old clients, because that company had started super small with private clients. So we had a couple of those still. But we were focusing mostly on other businesses. And we had this one old guy. His name was Manfred. And he was like… I don’t know, he was way too old to have a computer, if you ask me. But he had been complaining for months that he had bought a computer from us and it wouldn’t work. And it was a laptop, and he would always complain that he couldn’t work, that was the best description that he could get. And I think by that time, I was doing more like… heavier engineering stuff, infrastructures and servers and that. And I just got wind of this ticket because it became the joke. Literally every engineer had been there and every single one of them came back saying, hey, every time that I go there, everything works perfectly fine. We don’t know what this guy is talking about. And it got really bad to the point my company used to be in a little town and this old guy, very German, put a complaint in the newspaper, okay, that we were not good at what we did, you know, we’re not able to help in months after. So my boss asked me like, have you looked at it? I said, no. I said, why don’t you go take a look? And I don’t know what it was, man, I don’t know what it was, because I got there and I look at this laptop and literally everything worked, you know, absolutely everything. And I said, can you show me what doesn’t work? And he got pretty aggravated, you know. there was still this large gap in age, you know, so he was trying very hard to explain the situation to me and I told him You know what? I want to believe you, but why don’t we do this? Why don’t you just pretend that I’m not here? Show me what you do when you walk into this room. And someone’s standing in the corner and he’s very annoyed with me. And he grabs the computer and sits down on his couch, not on his desk, on his couch. And pops it open and says, see, it doesn’t work. The internet doesn’t work. And I go look and lo and behold, it wasn’t working. And I was like, well, that’s wild. You know, we’re talking about it was two minutes. It was working on the desk and now it wasn’t working when he was sitting. And I thought, and we’re talking, this was six feet away from his desk. So not far, not a wall in between that you could have something, oh, the Wi-Fi, you know, black hole of anything. No. So I’m like, okay, that’s wild. I grabbed his laptop. I sit down at the desk with the laptop and everything’s working again. I’m like, no way. I grab it and I sit on the couch myself with the laptop in my lap. And the internet goes off. You know, it’s just dark again. And I’m like, I guess this guy has a cursed couch. Cursed. Cursed. Sorry.
Speaker 0 | 16:23.808
Cursed couch. Right. Yeah. It was cursed and cursed.
Speaker 1 | 16:27.130
Yeah. Of course he has a curse. Chris, there you go. And I look behind the couch, and it so happens that when this guy would sit down, the power supply of the router was right behind his couch. So every time that he would sit back and lean back on his couch, that would push just enough for his router to blip out and reset. And this was like months and months of every single engineer there. I cannot remember how many laptops we gave him and how many routers we gave him. And it was like, I figured out just by that. And don’t ask me what made me ask him that, but I figured it must be something that this guy does differently, right? So yeah, that’s one of the nice stories that I remember.
Speaker 0 | 17:15.801
You told this guy that, hey, every time you sit down, your couch presses against the router and turns it off so your internet doesn’t work. uh what did uh what do you say the scouch in german but yeah that’s pretty much what he said oh my gosh that’s great well at least it wasn’t the i.t people at that point right hey listen your course cursed couch is to blame all right no that’s i mean that’s fantastic but you know what’s great about that is um you did something in which, which I think was a great thing. You said, hey, I’m just going to observe you. I’m going to sit back in this corner, pretend I’m not here. I just want to see exactly what you do. And that’s, that’s hard to replicate. In fact, it’s hard to replicate today and the days of kind of going around and not going around and go to people’s places anymore, but actually just being virtual, right?
Speaker 1 | 18:18.461
Yeah, yeah, absolutely. Yeah. And not just that, honestly. Paying attention, not to have tunnel vision. You know, I think in IT, we get too used to everything being bits and bytes on and off kind of thing that we sometimes forget to think either about the person or about the situation or simply just taking perception into consideration. I think that a lot of us could do a better job at listening, you know, just paying attention. Many, many times I went into… a room or into a server room for that matter uh fully confident that i knew exactly what was going on right uh just to find myself the second all-nighter in a row still having no freaking clue what i was doing um there you go again you know arrogance cockiness and being hungry you know it’s um uh no it makes sense and um i think i’ve uh i think i’ve told this
Speaker 0 | 19:18.952
story probably on this podcast before and forgive me if I have. But, you know, I once was talking back and forth and there was a server problem going on and I wanted to have the person reboot the server. And they’re like, and I said, I need you to go over and reboot the server, right? Because we kept having problems. It was really strange. And then they said, well, I can’t do that right at the moment. I said, why not? And the answer was The bathroom’s in use. And I said, hold on, hold on.
Speaker 1 | 19:54.208
All right.
Speaker 0 | 19:55.029
I go, how do those two correlate, right? And then they told me that, well, that’s where the server is. The server is in the bathroom. I quickly took a note as to make sure if that server ever got back to me that I don’t, I have disinfectant, right? But I was like, okay, well, we should probably not put the server in the bathroom. That’s probably not the best place for it, right? And so, but yeah, I mean, like having that situational awareness, being able to see not just the bits and bytes, like you mentioned, right? But able to see the situation that’s going on. um uh really is a good part of troubleshooting that um that is uh um extremely important um and i think you’re right i i think that’s a um it’s hard to teach sometimes yeah it’s hard to teach and and honestly uh i started learning that um uh
Speaker 1 | 20:50.378
in german where we have a saying uh it’s like i’ve seen pigs fly or i’ve seen horses fly uh the more weird stuff that you come across uh the more sober you get and the more, or at least me, you know, that’s what taught me to look at everything first, you know, like gave me a holistic view of that. Honestly, talking about this, I remember another story that I really, really like to share because this one happened here in the States too. A very, very, not a similar situation, but the same learning. tidbit at the end, right? Which is to look at everything. And this was, I was doing an assessment for a new client. I was looking to work for a small credit unit in my hometown. And while I was running an assessment, I was working for an MSP, I was doing sales. And this was my discovery phase. I wanted to know what they had to be able to give them an accurate quote. And so one of the things that I asked them to do, I said, I wanted to interview people. And I wanted to talk to everybody. I wanted to, and I said, I want to talk to everybody. I want to talk to the general manager. I want to talk to the CFO, the CTO, and I want to talk to the tellers too. And one of the people in the room was a little bit taken back by that, was like, you know, why do you want to talk to the tellers? You need to talk to us. You know, we have all the information. And I said, no, yeah, I understand, you know, from a technical perspective, but I’m going to guess you have, those are the guys that do all the work, right? They have client facing interactions and they operate in a much different way that you do. So I insisted and I got my way and I talked to them. I’m going to skip to the juicy part. So I come back with my assessment. I talk to everybody. And so I come back to the executive board. And I said, hey, before I prep my quote for you, I do have to ask you about this thing that I learned that’s slow Saturdays. And they’re like, what are you talking about? I said, well, I was expecting you to tell me because everybody that I ask… you know, in the three locations, they all mentioned that when I, one of the questions that I asked, by the way, was like, is there anything on your day-to-day life that you wish you wouldn’t have to do or anything that annoys you or any process that you have to do that is involving computers, uh, that you don’t like? And the, the answer was universal. It said that they, they, they hated slow Saturdays. Um, and when I gather a little bit of info, so what was happening was that every Saturday from 8 AM till about 11 AM, people couldn’t work. You know, like certain aspects of the bank were unavailable to the users. I don’t remember exactly what it was, but a specific type of transactions that they couldn’t do. So they kept having to send people home. And you should have seen the look on people’s faces because they were like, we have no idea what you’re talking about. And like, what is this all about? So to the point that they got so irritated with me that the entire board was like, Peter- nine people in this room, we all went downstairs to talk to the teller to get like first-hand answers from the tellers what this was. And they said the exact same thing, they repeated the same thing that they had told me that every day, I mean every Saturday from 8 till, you know, a little past 10, close to 11, nobody could do this. They freaked out, you know, like why? why haven’t you reported this? Like, well, because it’s been going on for years, you know? And I’m never going to forget the face of this, of a CFO, because I knew this guy was doing the math, you know? Like, okay, this has been going on for, I don’t know, three, four, five years and in three locations. And, you know, all these tellers that they couldn’t work. And it ended up being the backups. The backups were bleeding into the next day. And nobody had a clue. And it was so bad that, yeah, a new hire would come in. They would get trained. And the first Saturday that they couldn’t work, they would be like, hey, what’s going on? Oh, yeah, don’t worry about it. It’s a little Saturday. So everybody, everybody in this bank, they were just used to not being able to do that. And all it took was ask that question. So, right, that was one of those like, wow moments for me too. And in fact, at my new job that I just started a couple months ago, one of the things that I insisted on, and interestingly enough, they wanted me to do that too, is to do the basic training. You know, like I wanted to, we do freight brokerage at Longship. So I had the luxury. that I was able to work the board like a broker, moving freight for three months-ish. So I get the firsthand experiences like, hey, 90% of our guys, this is what they do. I want to know what their challenges are, how they operate, how they use computers, how they use technology, how everything that they do affects them. Because guess what? Now I know exactly how it’s like for them. And I can relate to what they go through. day in and day out. And now I have a much better idea to better support them.
Speaker 0 | 26:37.905
I think it’s a great way to approach it. And knowing and understanding the business process is such a critical component. Not just in troubleshooting, but also in cybersecurity. That’s a big one. You mentioned cybersecurity earlier. And maybe we’ll chat about this because cybersecurity is one of those things where you can have all the tools, right? But if you don’t know how those tools are applied to the business, right, you’re going to run into trouble. You’re not going to be able to secure the right data. You’re not going to be able to secure these things. Let’s talk about you. You have a love of cybersecurity. uh um and stuff like that and uh and it can talk about and do well with it let’s talk about cyber security for for a minute and let’s sure let’s jump into that um what do you there’s so much right now with cyber security is going on it’s a ton of stuff right i mean uh um i mean i feel like it always is but it’s just it just keeps getting like bigger and bigger every year uh and like we keep upping the ante right on stuff um when you think about cyber security you and uh and applying it to uh your um environment um what are the biggest things you do first uh well um we
Speaker 1 | 28:11.160
we just talked about it the first thing that i do is is understand ask questions understand my environment understand um the business uh i understand uh our our exposure um and look at what I have as in not just from, hey, this is my situation, but what are the tools that I have right now in place? And are they deployed to their maximum potential? Before I ask, hey, is this the right tool? It’s like, you know, if it’s there, let’s look at it. And is it even deployed? And I say that because that was a perfect leeway, what you said earlier. I’ve kind of… I’ve seen so many companies that have so many tools and many of them not even deployed or poorly deployed or sometimes not even the right tool. So the first thing that I do is always listen. It’s crazy hard to me because I’m a super impatient guy. I get… negative anxiety when when there’s a problem as in my anxiety is to to resolve it you know i want to jump right into it um so uh one of my mentors uh bill um i love him to death um he he’s been teaching me patience so this entire year i’ve been dedicated dedicating it to patients and like my current job um of course there’s stuff when i see something that’s oh my god you know we need to address this we’ll do that you But I’ve been trying really, really hard to be patient and to focus exactly on what I’m trying to tell you is to listen, to learn, to ask the questions. Yeah, that’s the first thing that I do.
Speaker 0 | 30:04.412
Yeah, I think that’s huge. Understanding kind of the business itself, which we alluded to earlier, and the processes and where the data is stored and how people access it, that’s so fundamental. And I think, based on what you said about all these tools, but they’re not deployed correctly or they’re not even deployed at all, I feel like a lot of times that happens. Because people don’t understand the beginnings of where to go. Yeah. They just want a tool to turn on and be like, yeah, it’s protecting me. Right. And, uh, but it’s protecting what? Like, you know, you know.
Speaker 1 | 30:49.175
Yeah, no, absolutely. And, um, to, to give a little bit of context, uh, to, to the people listening. So, uh, I think I’ve been very lucky because I’ve worked, this is the first job that I have, um, where I’ve been working with an end customer. My entire career, I’ve always been with MSPs or MSSPs. And this was my choice. I guess you could argue that it’s the harder route to take. You know, many people would agree with me and I’m sure some would disagree with me. But that gave me a lot of insight into a whole lot of companies. Yeah, agreed. And a whole lot of people. I’m talking. into the thousands. I’ve been doing this for over 25 years. So yeah, I’ve been in touch with thousands of people and thousands of companies. And you see that so much. Let’s be honest, the more complex your environment, the more complex your team, you’re going to run sometimes in a lot of… People, the typical situation, there’s a problem, there’s a guy that’s implementing this one thing, and if something happens, he leaves and that gets left there and nobody touches it. And then the next guy comes and he tries to do that and tries to pick it up. Oh, this doesn’t work. I’m going to try to do this other thing. Now you have two things that are kind of half-assed working, right? And the companies tend to grow and those small problems tend to escalate and to scale. as much. And some of them dip down and come back to bite you in the ass, you know, years down the road. So yeah, I’ve run into a lot of two things. One, too many tools. And B, people who really don’t understand what they’re doing. And they take some tremendous risks. Because in my opinion, they don’t ask the right questions.
Speaker 0 | 32:52.584
Great point. On top of that, too, you have things that are not fully deployed. You have things that are deployed incorrectly. And then you have things that are deployed partially. And let me give you an instance. A lot of times, I’ll see that something will get deployed. But since it’s a security thing, executives at the company will go, you don’t need to put that on mine. just make sure that everyone else has that protection. And oddly enough, if I were to secure anybody, it would be the executives, right?
Speaker 1 | 33:32.707
Oh, wow. Yeah, you touch a sore nerve because I’ve been in meetings. I remember this. This wasn’t too long ago, which is terrifying. Yeah, just an example to what you just said. This was a company. They literally, like, I’m not making this up. They had… dodge a bullet with like compromised accounts, executive accounts where this was a new client that we’re working with and we were still onboarding them and we had this instant it wasn’t a big deal, a couple accounts compromised, we caught it early and the first thing that I do is throw training for them. Of course, after everything had settled I schedule these guys for training. Not a single one of the executives shows up. And this was three guys that literally clicked on the wrong stuff because they weren’t paying attention, you know, and top execs of the company. And I’m not making this up. They didn’t want to use MFA because it was inconvenient for their executive assistants because they wanted to share their passwords and they didn’t want to go to training. So at that point, you know, like the question is like, how do you? how do you deal with that? You know, how do you, and I’m asking this out loud for everybody to think about it. How do you deal with that? And my answer to that was write it down. Make people accountable. Have your wrist registered, even if it’s like a crappy looking one. What are you, exec? Stolen. Okay, yeah. I’m going to, I mean, thank you. He just held up a little paper to remind me that I have a good story to tell.
Speaker 0 | 35:20.658
You have a good story. You need to tell it.
Speaker 1 | 35:22.740
I have a good story. I’m going to tell that too after this.
Speaker 0 | 35:24.702
I didn’t want to give it away completely to the audience.
Speaker 1 | 35:26.603
No, Yeah, but let me, so to wrap this one up, one of the tricks that I’ve learned to make executives accountable is write it in a risk register and tell them, hey, today, you know, December 23rd at 8 p.m., I made you aware that, you know, you were part of an incident that I offered you training. You refused it. And here, you know, please sign here that you refused this. And you would be surprised how quickly people show up to your training when you start doing that. you know and then oh yeah oh yeah or when you when you tell one of the executives that oh fine i’ll go tell your boss that you thought this wasn’t a big deal you know when you when you’re fixing it so um talking about executives being careless uh yeah thank you for the leeway uh this is another story that that i wanted to share um this is hopefully far enough uh away and long ago enough that uh nobody will come back
Speaker 0 | 36:23.008
It changed the details a little bit. Yeah,
Speaker 1 | 36:25.309
no, I’ll change the details a little bit. No, but thinking about it, because this was still in my Germany times when cybersecurity wasn’t its infancy. Let’s be real about that. So I’m talking about 15-ish, 18 years ago, where if you had a firewall and you had antivirus, your cybersecurity was great. It was awesome.
Speaker 0 | 36:48.782
So those were the days, right?
Speaker 1 | 36:50.263
Oh yeah, those were the days. It was awesome. So this is a story for everybody listening, particularly if you own a small or medium business. And if you think that this Hollywood level stuff doesn’t happen to small companies, I hope this changes your mind or at least makes you think about it. So we’re talking about a company, they did, think of KitchenAid mixers, but big time. So big chemical mixers. And this was a small-ish company, about 200 employees. near a small town in northwestern Germany. And it was a pretty niche business. There was only a handful of companies that made the kind of stuff, the machines that they made. So they enjoyed a pretty good, not just reputation, but a pretty good customer base. And they had been in business for decades. And this one time, every two years… these guys would organize an expo. They would take part of an expo somewhere in China. I think it was Shanghai. And this one time, the CEO… I was a technician in the account. My best buddy was the account lead. I was the lead engineer. And the CEO gives us a call from China and sends us pictures. And he’s like, WTF? what is going on. And these pictures, and I’m not making this up, and I wish I could show this to you, but he sends us pictures of this big hallway, you know, and on one side you see all their machines, all blue, you know, like in, I mean, we’re talking a couple thousand square foot of machines built together, right in front of them, like literally across the hall, the exact same machine, and to the bolt identical to their machines. Just yellow, painted yellow. And I wish we had more time to give you all the nitty gritty details of this because it’s fascinating. We put this stuff together working with the German FBI. Not that we did much, we just provided data for them. But what had happened was that one of the senior executives had gone on a business trip to Berlin. And he met a lady in the hotel lobby. Things must have happened because the next morning his laptop and his cell phone were gone. And this guy, instead of, you know, doing the right thing, hey, my stuff got stolen. Instead, he just called us and said, hey, you know, like I wanted an upgrade. So I went to the, you know, I bought a new computer and a new phone and you guys set it up for me. Not even bothered changing the password. Nothing. That was it. So what I thought was insane was that, at least according to the story that was put together after the investigation, that it only took about 11 months for these guys to steal the plans and build up an entire company and build all these machines from scratch based on the plans that they had stolen. So yeah, very quickly that company, they made it, but they had some really rough times ahead because guess what? These machines, they were a third of the price and they were identical. It’s not like, oh, they were a little bit… Yeah. I mean, yeah, they… quality-wise, you could argue, but if you can save yourself, these machines are millions of dollars each, right? And if you can buy three for the price of one, what do you care about? So much is on quality,
Speaker 0 | 40:46.278
right? It’s like a corporate espionage spy story that you could make a movie out of that.
Speaker 1 | 40:55.663
You can make a movie out of that. That was the first time that I got a… that I got in touch, like that I was so close to something so wild, you know, because that was like, oh my God, it was like, I had only, yeah, like I said, I had seen that kind of stuff in movies. And we had never done that. Not so close to me. Yeah. And in reality, that’s like, there was nothing that we could have done then. Right. But we weren’t doing anything when it came to cybersecurity. We didn’t, there was no training, there was no policies, there was no procedures, there was like, no. nothing. So that was the first time that I said, oh, man, I guess we don’t do we don’t know cybersecurity after all. Right.
Speaker 0 | 41:39.102
But I hold out held up the sticky note on that one. You tell that story.
Speaker 1 | 41:43.363
Yeah. Well, thank you for that. You know, yeah,
Speaker 0 | 41:44.984
you had a good thought going. I was trying to keep it going. But no, I mean, that’s that’s just that’s it’s amazing. Do you while we’re on this topic, cybersecurity topic. Do you have any other good stories for us? Because you’re an excellent storyteller.
Speaker 1 | 42:04.014
Well, yeah. That made me remember. I remembered another one that was also really, really cool. Again, not a huge company. This guy, it was so funny because he just texted me the other day after I had talked to your guy about this podcast. And I asked him, hey, can I tell you a story? And he said, hell, go for it. So this guy’s name is… Herbert and he had a partner in the same town that this was in BofL and this guy did industrial light setups you know so not a big company it was just two partners maybe you know 15 people working there small business you know like maybe 10-15 million dollar euro revenue so not a huge company right my client They get in a fight. The two partners separate, right? And they separate Amicable. They split the clients. They were still sharing offices, right? As in they had the lease going, so they were still sharing office space. And this was a, like I said, an Amicable thing. They decided that they were going to start splitting the companies. You know, they were going to form two companies. They were going to split everything through the middle. And I helped my client. Like I said, great relationship. between them. They had some differences and they wanted to go each their way, but they were not FU or whatever.
Speaker 0 | 43:38.774
It was just nice and easy.
Speaker 1 | 43:42.935
So it took a couple months and then they finally ended the lease. My client, the guy that stuck with me, I’m going to call him friend so you can differentiate them. So my buddy and I, I helped him set up a new company in a different part of town. And months later, he calls me and he said, hey, I need to talk to you. Yeah, what’s up? And I said, no, come over. I want to speak to you in person because I don’t trust anything and anybody. And so we went to a different place. And he sits down and said, I think they’re spying on me. And I think it’s my partner. And I don’t know how or why. And. I checked everything. I checked, man, absolutely everything. At first, they were still using the same exchange server. But this came almost a year after they had decided to split up. And me, my buddy, and another engineer, we looked at absolutely everything. We couldn’t find a darn thing that was wrong. And what was happening was very simple. He would send out a quote. And within a day or so, there would be… another quote or two quotes for the exact same stuff that would reach that client just cheaper and not from his old partner and so again i’m gonna fast forward a big investigation big lawsuit a bunch of stuff the the the german uh fbi involved again on the same thing what had happened and they they went back on the videos and you A guy dressed as DHL, you could see he walked into the office, you know, you saw him from behind with a package. He delivers the package. You see the front desk person getting up and going to do something. And at that moment, you see the guy like reaching over and plugging something into the side of her laptop. Very clearly, like a little white thing, a thumb drive, right? Took. Eight seconds, you know, like plug it in. He was looking around and took it out. That was a tiny little bit of payload. That was very simple. Every email that was going out was sending a copy to a competition, which his partner, his old partner had created a sister company to be not affiliated with that. And that’s how he was stealing his business.
Speaker 0 | 46:29.838
This is why you disable autoplay on USB.
Speaker 1 | 46:32.919
Yes. So that is so crazy because that’s one of the things that nobody wants to do because they think it’s like, oh, this doesn’t happen. You know, this doesn’t happen. And let me tell you to wrap it up because this is beautiful. It just happened. The other day at my work, someone comes over and hands me a tiny little thumb drive. And he said, hey, I found this. And do you know what it is? And I look at it. It’s like, this looks wild. It ended up being harmless. It ended up being a jewel charger. It just looked funky. And I asked him, did you plug it in? And he’s like, no, why would I do that? I say, well, because most people are curious. He’s like, no, I don’t care about that. And then we started talking what could happen. I told him the same story. And he’s like, oh, that’s wild. And. This reminds me, when I was in school in Germany, my thesis was that I grabbed a thousand thumb drives. They were the cheapest ones that I could get. Me and my buddy, we bought a thousand thumb drives. And we drew a girl’s name on the drive. And all that payload, we put a payload in it. And all it did was call home. And so each one had a serial number. And it would just tell us, hey, you know, drive number 772 just got plugged in. We toss them everywhere around town, you know, in the trams and the metro and cabs and the university bathrooms, clubs, whatever. How many do you think made it home from a thousand?
Speaker 0 | 48:15.908
Oh, my gosh. Let’s let’s just say because I’m I feel like when it comes to this stuff that at least a quarter of them made it.
Speaker 1 | 48:25.354
More than three quarters.
Speaker 0 | 48:26.875
More than three quarters?
Speaker 1 | 48:29.037
About 80%. It was like 76 point something. More than three quarters. Yep. And I guarantee you that most of the ones that didn’t make it home just got lost. You know, someone kicked them into… Yeah. So, yeah, that is such an easy threat to get rid of by just blocking peripherals. And do it. It’s a pain in the ass to do it. It’s like, yeah, the combination between being curious and how easy it is to put payload on a thumb drive, I mean, anybody can do it.
Speaker 0 | 49:06.201
That’s remarkable. Well, I mean, this just shows you why cybersecurity is so crucial. And, I mean, you mentioned how simple it was years ago, right? But we’re edging up on our last segment, which is the IT crystal ball. this is the future of it and so i want to i want to do the opposite i it was so simple years ago i you know cyber security and we thought it was complicated but it was like oh no so simple uh and now uh in the present has gotten extremely complicated um and uh and i want to know what is cyber security right gonna be like five years from now that’s that’s the and you an awesome question man um i are you asking me what what my my vision of this oh yeah this is you this is it’s all you this is your vision of what cyber security is going to be five years from now You can later on, you can listen to this podcast and then you can go, was I right?
Speaker 1 | 50:13.959
Yeah. Um, well, this is, this is tricky because I think I remember some of the instructions that you gave me was don’t talk about religion. Don’t talk about politics. And I think I’m going to say, Oh Lord.
Speaker 0 | 50:24.929
Well, unless it’s, you know, yeah. Okay. That’s,
Speaker 1 | 50:28.111
uh, no, but, but let, let me try to give you an end.
Speaker 0 | 50:31.874
Um,
Speaker 1 | 50:33.716
I think, I think that. you cannot talk about cybersecurity without sadly having to drag AI into the equation, right? And it terrifies me. And it terrifies me at a whole bunch of different levels. Starting with the fact that AI terrifies me. I studied that. I went to school for applied robotics. Let me tell you, what I learned in school has nothing to do. what the stuff that we’re doing today. I understand nothing from my language models. My machine learning was completely… It was a Steam machine versus a Tesla now, right? But truth, I think truth is going to be the key word moving forward. And I don’t know what that’s going to look like. Because you’re already seeing… what I can do as a force multiplier. And this is what I think that a lot of people that are not in our industry, the part that they don’t understand or they don’t think about is that the guys that we are fighting in cybersecurity are, for the most part, way better at it than we are. And they not only get a much bigger budget, But they’re not bound by policies. They’re not bound by laws or by any kind of restrictions whatsoever. They don’t give a shit.
Speaker 0 | 52:07.645
It’s that classic good versus evil, right? Good always has to kind of play within these boundaries and evil gets to do anything they want, right?
Speaker 1 | 52:16.210
Right, absolutely. But it’s such an unequal fight, you know, because you have all these incredibly smart guys, right, that have every tool at their disposal. They have free range to do anything they want. at any point in time. And your first line of defense is what? Is your analyst that you’re paying 50k to? That’s your first line of defense. So now think about what this means. If AI is a force multiplier, which it is, I think in my point of view, this is the next steam engine. It’s like, what do we do as we amplify energy? How? By… making cool stuff. AI is a new cool stuff around the block that we’re adopting at a terrifying rate. And I made a post that I felt like it didn’t get a lot of love, but I think it was an interesting thought, right? If you think about it this way, we are putting AI into everything right now. Okay. We have toasters with AI. We have like literally every, you have no idea how many, I get so many emails, so many calls of people trying to sell me all this stuff because it has AI on it. Guess what we’re doing? If the AI overlords are going to take over, we’re paving the road for them. We’re putting this shit everywhere without understanding what it does or how it works. You know? So all AI needs to do at some point is flip the switch. Guess what? All our cars are going to be. in it, all our computers, everything, every service that we have, we’re cramming AI into it, okay? So it’s going to have an easy time taking over. But going back to your question, what do I think cybersecurity is going to be like? I think trust and truth are going to be very, very different concepts in the future because I think very, very soon I mean, we already live in a world that you don’t know what the heck is true or not anymore. And even I’m the kind of guy that that likes to know facts, and it’s getting increasingly difficult to get there. So when you apply…
Speaker 0 | 54:32.597
If you fact check it with AI…
Speaker 1 | 54:35.760
Even when you fact check it with AI, it’s a difficult thing to do. Like going into rabbit holes to try to, you know, figure out do masks help or not, you know? It’s like the… Whatever you go and research, you know, and research… It means just that it’s researching someone that was already researched.
Speaker 0 | 54:56.908
I mean, what are you going to do? Go and research articles that were generated by AI?
Speaker 1 | 55:00.973
When you’re right.
Speaker 0 | 55:03.316
That were generated by AI and they don’t exist. precisely it’s already happening that’s there yeah it’s happening right now it’s like the ai is wrong all the time and you can watch videos of people that look like people that talk like people we can kind of see that they’re not right but it’s all but it’s real close and it fools a lot of people oh
Speaker 1 | 55:27.064
yeah and and yeah it fools a lot of people and a lot of people get fooled without ai right so I think it’s going to be very, very interesting what truth looks like in the future. And how is that going to be a thing? We already live in such a lazy society where I think most people get their news from Facebook or TikTok or Twitter or whatever instead of doing due diligence. And honestly, it’s sad for me to see that. Guess what happens if you try to search on news? Most journalistic articles are now behind a paywall. OK, so. Where are you getting your information? Are you doing your due diligence that the information that you’re ingesting is legit, is the truth, right? So yeah, that’s a terrifying thought, man. Between cybersecurity and AI, I don’t know what that’s going to look like, but it’s going to be very, very interesting to see what comes out of it.
Speaker 0 | 56:26.597
Well, thanks for terrifying us. I appreciate ending on that note. Nerds, I’m Michael Moore. This has been… the podcast Dissecting Popular IT Nerds with Maximo Bredfelt, Chief Information Officer at Longship. Maximo, thank you so much for joining us. We had great conversations and great stories from you until you told us about the evil AI overlords that are going to take over.
Speaker 1 | 56:53.137
Well, thank you for having me. To end up in a good note, happy holidays for everybody. Thank you for having me. This was a lot of fun, Michael. thank you so much for your time. Thank you to everyone listening. Have a wonderful rest of the year and an awesome 2025.
Speaker 0 | 57:11.554
Same to you. Please come back.
