Speaker 0 | 00:09.545
please interrupt me so i’m hoping today will be a an okay day for that you get a lot of drive bias oh
Speaker 1 | 00:16.909
yeah it’s they don’t care interesting because the podcast i did the other day was i i think the title of it i can’t remember if i did this title or not but it was How to make end users care.
Speaker 0 | 00:31.870
That’s a good one. Answer, please let me know.
Speaker 1 | 00:38.316
That’s what I said. So everyone out there, I hit record, by the way. I was trying to, you know, I like to try to capture as much realness as possible. Everyone listening, we are speaking with Thomas. Is it Goral or Goral? I don’t want to, you know. I have this insecurity with names. I usually always pick the wrong pronunciation because subconsciously I must know. We’re going to start off with a post that you posted, which is the 10 layers of the OSI model. I thought there were seven layers, but now we’ve got 10 layers. So I don’t know, can you explain me this? Can you explain me this? Sure,
Speaker 0 | 01:28.428
sure. So it’s kind of interesting, right? Because the theoretical approach is that there are seven layers. And that’s kind of funny you mentioned that because I, you know, in textbooks, I’ve only heard of the seven myself, but I received a request from the IT director of, what was it again? Argonne National Laboratory. to where he wanted something that had 10 and going back and forth i’m like what are the other three so you know i was provided some kind of details in reference to it and uh yeah i designed a poster uh per his request so um yeah it’s it’s it’s you know obviously it’s different it’s something that people are probably so did you design this with what i’m looking at yes this is by the way
Speaker 1 | 02:24.460
This little website or what is this anyways? It’s wicked cool. Cause I usually every now and then I’m looking up different things. It would be cool to put up in, you know, an MSP’s office or something like that. Maybe I want to send someone, you know, picture of an OG Apple computer, something like that. But this is great. There’s no, no one can see because this is an audio show. You have no clue what I’m looking at right now, but we’re looking at is the shopping cart. Is this your site?
Speaker 0 | 02:55.448
Yeah, Tomgirl.net. That’s a kind of a site I created for myself just as a hobby.
Speaker 1 | 03:02.050
No, no, no. This is cool. So, you know, it’s basically stuff that if you’re in IT and kind of nerdy, you should put this up in your office. And you should have a hat on here, by the way, that’s dissecting popular IT nerds. And we’ll just swap this around. We’ll keep the glasses and just put a beard. Just turn it around. Good idea too. You know what I mean? I’ve got to put together, I’ve already got the nerd glasses, which I haven’t sent out yet. They’re in the box right now. I’ve got like a ton of pairs of like, you know, like horn-rimmed glasses with tape in the middle that I’m going to send out to special people. But you know, this is really cool. So look, you got the seven layers of the OSI model, which is probably what I’m going to order to put up in my office. And then we’ve got this 10 layers and you’re putting the eights, layer. By the way, for a little bit of education, if there’s anyone out there that’s actually listening to this show that for whatever reason that might have no clue, what does OSI stand for?
Speaker 0 | 04:04.553
Oh, you’re asking me? Oh, I’m sorry. Open Systems Interconnection Module or model, I should say.
Speaker 1 | 04:10.798
Why do you think they named it that? It’s just kind of weird. It just seems like, can’t we just name it something more simple that makes sense?
Speaker 0 | 04:19.136
Well, I mean, everything’s conceptual, right? So you probably have some scientists of sorts that need to make it sound probably fancier than what it is. And that’s probably what ended up happening, right? They’re like, oh, well, we got to standardize this across the board. And we have to come up with a fancy name with it as well. So that would be my concept of it.
Speaker 1 | 04:40.763
Let’s go through the layers. Let’s go through the original seven. And was it always seven? Didn’t we used to just have like four layers or something?
Speaker 0 | 04:49.594
Speaker 1 | 04:50.935
there wasn’t really like an application layer. There’s like, you know, and you hear people say layer three, layer two, layer, you know, Comcast is only layer two. You know, you hear this all the time, but let’s just kind of, this is like an interesting subject. Let’s just go through each layer. So we got first layer, physical layer. And I’m doing this too as for education for people that might want to start out in IT. or uh aka my son who’s 15 i’m going to make him listen to this episode so he so he goes to the different layers of the osi model but layer one is what so i mean if you look at the physical layer right that would be your cabling the coax fiber um that kind of ordeal right it’s something you could physically touch so that that’s probably the best way to look at that that’s kind of where you start right aka your your internet connection i’m holding on to it i’m going to plug it in to a switch
Speaker 0 | 05:41.010
Yes. Yes. That’s, that’s physical, right? Something you can see that that’s the best way I can put it.
Speaker 1 | 05:46.053
Speaker 0 | 05:47.834
And then of course, you know, once you start getting into like, let’s say in this case, the data link layer, right? That’s, that’s something where now you have an ethernet cable and you’re thinking to yourself, well, what passes through the ethernet cable? And the best way to look at that is a frame, right? And then once it gets into the network layer, which you’re now,
Speaker 1 | 06:04.683
let’s explain a little bit more because people aren’t going to understand that. Oh, I get it. So are we talking IP packets? What are we talking here? Let’s explain this on a more simplistic, real layman’s term. We’re explaining this to like, I don’t know. I’m speaking to, I don’t want to say the trash guy because, A, I have a lot of friends that are trash guys and even own junk companies. But yeah, we’ll just say, you got junk, dude. He’s picking up my couches on the street corner. Hey, what do you do, Phil? Oh, yeah. What’s this OSI thing? I need to know. What’s data link layer? How do we explain this to complete layman?
Speaker 0 | 06:42.004
I mean, the simplest way I could think of is think of, boy, see that?
Speaker 1 | 06:50.730
There you go. And there you have it.
Speaker 0 | 06:56.534
Yeah. It’s kind of like…
Speaker 1 | 06:58.055
It’s important too, because this is like a conversation with like an end user. This is like, this is what happens.
Speaker 0 | 07:04.419
Yeah. I mean, it’s kind of interesting, right? Because… Depending on how you learned it and depending on how you memorized it and kind of how you view in your mind, I mean, you can get some potential different discussions on it. But I mean, if I were to really break it down, you know, think of data link as like the switch and think of network layer as the router. Right. And switches send out frames and routers send out packets. Beyond that, I could tell you there are books on. this maybe like data link maybe data link is like that is like like almost like the different roads and paths and highways and the network layer is like what’s riding on it yeah i mean it you know it adds on right i mean you know when a frame turns into a packet i mean you’re talking about information that’s being larger as it’s going through the pipe right it’s it’s starting to add more information i mean data link would be like okay it’s kind of like your preliminary data right whatever you’re sending through And once you get into your router, well, now you’re adding more information, turning into a packet. And now you have, let’s say, routing information, right? So the packet in itself is starting to get bigger as it goes through because not only you’re passing information, but now you’re giving directions, right? That’s probably the best way.
Speaker 1 | 08:23.102
Is there any IP addressing issues, IP addressing issue differences between layer two, layer three?
Speaker 0 | 08:30.646
uh what do you what do you mean by ip i just like sometimes like i’ve deal with like when i’m dealing with isps and stuff we’ve got you know oh they’re only layer two so we can’t really get like a slash 27 from them it’s really more of this weird no you can’t yeah no it’s everything has to be when it comes on to ip addresses it all has to be at the network layer you know data link is more of a dummy it’s i if i’m not mistaken i think it just communicates based on mac addresses you there’s no sophistication when you’re talking about it. Like let’s say a layer two, there’s it’s simply just pushing information around. There’s no control over it. Like there isn’t a layer three switch. And that’s a primary example of why layer three switches are useful. And a layer two switch is like a hub, a dummy hub, or, you know, it’s, there’s not much use form with the exception of maybe trying to, you know,
Speaker 1 | 09:22.807
maybe monitor, monitor. It’s on, it’s on, it’s off.
Speaker 0 | 09:27.002
Exactly. It’s very, I mean, we’re talking, I don’t know, 80s maybe. I mean, I don’t know who uses hubs anymore, but I mean, I guess it’s out there potentially.
Speaker 1 | 09:38.049
I found a bunch of hubs behind a wall on a really bad network with 25 points of failure. And yeah, that was an interesting story. That was like four years ago, but that’s still. new to have hubs in your business four years ago and to,
Speaker 0 | 09:58.367
that’s odd.
Speaker 1 | 09:59.488
And to, and to say you have problems is like, well, what’s the real problem? Do you know what I mean? Like the problem is probably not the hubs. The problem is the reason why there’s still hubs there. Okay. Moving on, we’ve got layer three, which is a more in-depth kind of, I guess, I don’t know, we just say like, I don’t know, information routing protocol or something. Again, now you’re starting to, this is where I, this is like where we’re grading where Phil Howard’s actual real, you know, knowledge stops. You know, we could have like the layers of, the Phil Howard layers of actual knowledge of IT here. So let’s go to network layer and transport layer. session layer. Let’s just kind of breeze through these real quick here, just for anyone listening. And this might make a good conversation topic. I’m sure there’s going to be a lot of, there’s probably a lot of people that would have, well, in different ways of explaining this. This should be like a contest, explaining the seven layers of the OSI model to, I don’t know, whoever, who can do it best. There’s going to be an award.
Speaker 0 | 11:11.899
Yeah. I mean, quite honest, this is every IT professional. in the industry goes through these seven layers. And even in a professional world, you’re always kind of looking back at it and thinking to yourself, okay, in your mind, right? Where, where do you start? Right. There’s a problem. You start at the actual device itself, right? Is it powered on? Right. And then data link would be okay. If it’s powered on and it’s going into a switch or a router.
Speaker 1 | 11:43.735
Is that busted?
Speaker 0 | 11:45.656
Yeah. I mean, it is. Is it moving, right? Is anything communicating? And then,
Speaker 1 | 11:51.599
of course, yeah. This is very useful. Keep going.
Speaker 0 | 11:53.860
Yeah, no, and I’m just going to move up the line, right? And then when you’re talking network layer, okay, you’re talking layer three switch, you’re talking router. You know, is there a VLAN set up that’s causing issues? You know, are you getting packet losses and so on and so forth? Now, if it routes to where it needs to route, and now you’re talking about the transport layer, that’s when you’re talking about, okay. you know, is it a TCP connection, right? And I think if I’m not mistaken, UDC, I don’t even remember anymore. I’m just going off of memory, right? That’s going to be, you’re kind of like, your transport, like, how is the information moving and what protocol are you utilizing, right? What UDP was on, that’s what I was thinking of. And then, of course, once that connection is made, right, and you’re talking about session. Right. And the best way I always think about a session is just like, you know, a connecting to be right, a connection. And that’s kind of how I in my poster, I try to emphasize a bridge. Right. Not not to confuse it with an actual bridge, which is would be a layer or two, but just a bridge that there’s actually communication from an A to B.
Speaker 1 | 13:04.009
Now I’m seeing I love this. Now I’m seeing I’m looking at the little symbol behind it.
Speaker 0 | 13:08.953
Right. And then once that connection is made, now you’re talking about, OK, how is it being?
Speaker 1 | 13:13.817
blade right and that’s kind of like you know presentation and and application i mean there this is why we complain about the gui this is where we’re like who who did this or or wow this is amazing yeah what what kind of pictures are you using which would be presentation and of course applications what what you’re viewing this device on and
Speaker 0 | 13:34.202
then the other eight nine ten is now you’re dealing with the human factor right is it an individual right which would be layer eight which is probably where all your problems are.
Speaker 1 | 13:44.265
Okay, so why did we add this layer eight on? Because… You know,
Speaker 0 | 13:49.288
like I said, it was a request based on a director at Aragon National Laboratory, but as I started researching it, you know, I figured, you know, this is unique. This is different, right? We always talk about the seven, but we never talk about the other three, which in this case would be the individual or the organization. or government.
Speaker 1 | 14:10.538
Yeah, why government?
Speaker 0 | 14:11.698
Maybe it’s a lot more space.
Speaker 1 | 14:13.640
I don’t know. Yo, government. Yeah, so that’s more like, yeah, regulations. Uh-huh.
Speaker 0 | 14:19.384
Speaker 1 | 14:20.264
What is it? GDPR. Remember, what is it? GDPR? Was that, is that, am I getting that right?
Speaker 0 | 14:25.908
GDI. What was the weird,
Speaker 1 | 14:28.070
what was the European thing, you know, that came in and we had to follow all the, you know, the internet, you know, security, like, anyways, I think it was GDPR. Anyways, PCI compliance.
Speaker 0 | 14:37.556
You’re probably right.
Speaker 1 | 14:38.097
PCI compliance, PCI, HIPAA, all that stuff, right?
Speaker 0 | 14:43.006
Well, yeah. I mean, it’s kind of interesting, right? Because you have all these different compliances and the way the world’s heading. It seems like these are… are being applied when they’re convenient.
Speaker 1 | 14:54.241
So these are like theoretical kind of, not really theoretical layers, but they’re not, they’re completely off of the physical at this point, but they touch the physical layer at some place, somewhere. Yeah,
Speaker 0 | 15:04.484
8, 9, 10 is all human, like all human driven. You’re going from a machine driven architecture, give or take a flow to then a human flow. So it’s, you know, they probably don’t teach it because, you know, I don’t know, but it,
Speaker 1 | 15:20.209
nonetheless it’s it’s it’s uh i thought it was kind of cool so nine is great because a lot of people don’t have policies in place they might not have a security policy posture of any sort um which needs to be in place uh yeah and that and that’s the thing right you’re talking about more of
Speaker 0 | 15:38.964
you know it’s kind of funny right organization right how are you organizing your policies right it’s you have any policies in place you
Speaker 1 | 15:49.593
But the other thing amazing about this poster, again, TomGorill.net or.com. Does.com work too? No,
Speaker 0 | 15:58.960
it’s.net. Someone beat me out to.com. So I have.org and.net.
Speaker 1 | 16:03.885
That’s like another debate for another time that I could care less about.net,.com. I think it’s all fine. TomGorill.net. Other people, like I know people that have changed, gone through massive organizational changes just because they finally got a hold of.com. They went from.NET to.com and literally made their life. Just that change alone can be so huge if you have thousands of users.
Speaker 0 | 16:28.601
Yes, because everybody’s aware of.com. No,
Speaker 1 | 16:32.923
no, what I’m saying is from an IT perspective, making that change, like, hey, I finally got.com. I need you to change everything to that.
Speaker 0 | 16:40.746
Oh, I see what you’re saying.
Speaker 1 | 16:41.806
You know, from like all the, you know, I don’t know, I’m assuming there’s a ton of DNS things that change. um, you know, just, you know, I don’t know, migrating, do you have to migrate 365? Do they make that easy? Just changing a domain? I’m sure you can just like,
Speaker 0 | 16:55.587
no, you just update the records. I mean, all you’re doing is pointing things, right? It’s, it’s, it’s, it’s, it’s, it’s much more simpler than that. You’re just, if you do get, you just, you just add to the record that, Hey, if someone goes here, this is where I want them to be routed. So it’s even simpler than what most people think it is. Okay. That’s a record. Most likely.
Speaker 1 | 17:16.017
Revealing myself again. So let’s see, where were we? Individual, organization, government. Oh, policies and procedures. It’s amazing how long we can go without policy and how many people probably don’t. How many organizations do you think don’t have an update, let alone policy alone? But what about updated security policy?
Speaker 0 | 17:40.556
You know, it’s interesting because there are some policies that I’ve… that I have been aware of, and I won’t name them, but there are some institutions that they’ve had policies, right, at one given time, you know, but it was written five, six, seven, eight years ago. And I do know on a governmental side that they’re, you know, they’re pushing for the sieges compliancy, right? So they’ve said, okay, you know, a lot of government agencies that implement a lot of… uh uh kind of like you know they have a lot of like kind of important ssi sense of secure information maybe even top secret right so they they have been trying to implement the sieges compliancy when it comes to two-form authentication placement of computers um you know if you have a laptop in the car um let’s say in this case a police vehicle you know can the can can, can this, you know, can civilians see, you know, critical information when they’re walking past your car. Right. So, you know, this is stuff that is becoming a bigger and bigger issue because information is becoming so wildly available that you have to implement policies in place to make sure that, you know, information that you don’t want the public to see, or let’s say they don’t, there’s no need to know basis, but they’re not just. walking past and, oh, okay, there’s your social security number. That’s great. And, you know, and that’s becoming a, you know, overall pretty big issue because you have a lot of private entities, you know, they’re outsourcing to different countries and that’s fine. But when it comes to like, you know, accountability, you kind of can’t sue someone in a different country because again, their laws could be different than our laws. And that’s where… the issue comes in, right? How important is your information to you? you know, if your social security number is compromised, you just can’t get a new one. You know, it kind of sticks with you your whole life. So, you know, you hear about a couple years back about the government breaches. And I can’t remember off the top of my head what department it was, but in essence, they were compromised. All the information was stolen. And then six months later, then… The fingerprints were compromised. They took the fingerprints. Now, you know what a person’s been doing with fingerprints, I don’t know. But, you know, you’re talking about, you know, and you’re talking about government information. I mean, they have everything about you in there. So it’s kind of a big deal, right? And then when it comes to identity theft, that’s even a bigger deal because if charges are made in different states, you have to hire an attorney in that state. You got to show up to court. I mean, it’s thousands of dollars and years of a headache. So, you know, and that’s where, you know, I feel that when you’re talking about the layer nine in this case, right? Policies and procedures, you know, that’s kind of an important thing, right?
Speaker 1 | 21:00.654
We should have like something, we should just invent some kind of thing with the government where you can just turn off your social security number. Do not allow my social security number to be used for anything other than for the government to. track its investment. I have a friend that said, I don’t know if I’d call it, I don’t want to, I don’t want to insult him by calling this a conspiracy, by calling himself a conspiracy theorist, because he’d say, you know, just look it up. You can look at why the social security number was created, blah, blah, blah. And it’s really for the government to track its investment. I was like, okay, hopefully someone will listen to this and have a lot of comments on that. Let’s talk just a little bit. Just give me a general rundown. You know, what’s your day-to-day job? You know, you’re in Greeley, Colorado. I went to Colorado State University, so this is kind of near and dear to me. You know, when we used to drive through Greeley, we’d see like the brown cloud. You could kind of see it in the summertime if it’s really hot out. You could see the brown cloud and you’d be like, roll up your windows, roll up your windows. And there’s no rolling up your windows when you drive through Greeley, Colorado. It doesn’t matter because when you hit that, like, as far as the eye can see, you see of just cows at the slaughtering factory. I am a proponent of meat by the way You just can’t avoid that smell So there’s that thing There’s that area of Greeley, Colorado That I have a very fond memory of And let’s see Where else I worked for a call center back in the day as well And one of my friends One of my Mexican friends Liked to talk about the chupacabra And let’s see What was that movie? What was that Stephen King movie? The Children of the Corn Wasn’t that based on Greeley, Colorado too? Or a film there or something like that?
Speaker 0 | 22:41.392
Could be, you know, I’m not, I’m not a native, but I would imagine it would be.
Speaker 1 | 22:47.393
There’s a lot of things that are famous in Greeley, Colorado. It’s, you know, so for anyone out there listening, but yeah, near and dear to me, Greeley. And then when I started out with this Cisco startup company, I was right, I was in Longmont, so I was right next door as well. So you’re in Greeley. What’s your day-to-day IT job?
Speaker 0 | 23:07.579
Boy, if I had to go over every individual item. This would be a three-hour podcast, but what I can tell you kind of where IT is heading in my world, you know, due to COVID and the desire to have an organization that’s more remote, I would say that one of the things we’ve implemented here is that we have not a complete, but we’re pushing towards kind of that serverless environment. to where laptops are, you know, utilizing Azure AD to where laptops could be provisioned, you know, and then in essence, what that means is that, you know, once a laptop gets purchased, I could do a direct ship to the consumer or to the employee that’s receiving the laptop and have the process of automation, utilizing autopilot and Intune and whatnot. It pushes out all the software that’s required and there’s very, very little. um customization or configuration at that point um and and that and that’s kind of um one of the things i pride myself on is because it puts down on a lot of uh what i like to call manual labor right taking stuff out of the box uh opening it up updating it configuring it installing it all that fun stuff and that and there are um software out there but still you still have to add it you know If you’re going old school, you still have to add it to the domain controller and do all that kind of fun stuff. And in this particular case, it automates the whole process. So that’s something that’s. taken a lot of time. You know, that’s when I don’t have to quite focus on anymore. I could focus on more things like security. You know, that’s becoming a bigger, bigger thing. Spear phishing is almost a constant occurrence. So I’m always looking at policies to implement to where, okay, what do I, what do I do? Right. What’s the policy if we get hit with malware? What’s the policy if information is stolen? What’s the policy if data needs to be recovered because it’s been maybe deleted, compromised or whatnot? So that’s kind of in my role. Those are the questions that I ask myself and those are the questions I need to come up with answers for because it’s great making sure everything works. But you have to have those contingency plans and a managerial side. You know, that’s kind of like, okay, is this a good policy? Is this a bad policy? Is there a better way of doing it? And, you know, IT is evolving so quickly that it’s really hard to kind of keep up, right? Because when new, let’s say new products come out, I mean, yeah, it works wonderfully. But guess what? You have to learn how to use it. And there are a lot of different academies based on different products. I mean, in this line of work, you know, it’s not a question of learning. It’s a question of finding time to learn it. So that’s kind of the obstacle, right? So like I said, I could go on and on about this particular topic. But the goal is to simplify things as much as possible.
Speaker 1 | 26:35.473
If I could just have a job writing headlines for books, I would love it. It’d just be like the best thing in my life. So this is what your headline of the book that you would write would be.
Speaker 0 | 26:50.360
Well, and that’s the thing too, right? I mean, now going back
Speaker 1 | 26:54.181
10 to 15 years. Check this out. No, seriously, I’m going to write your book title right now. Okay. Well, your book title is going to be whatever, but your book title or sub headline is going to be cutting down on time. So you can focus on security policy.
Speaker 0 | 27:10.990
um without the evolving world of technology making everything you do obsolete well i mean but but but but see and and just pushing back i mean you know adding to it right going back 10 15 years one person could kind of do quite a bit right but every individual profession if it’s you know if you’re a cyber security specialist or if you’re a system administrator or network administrator every specialties becoming so complex to where you just not one person can know at all. It’s too fast changing. It’s evolving constantly, right? Now we’re, I mean, just now, if you look at switches, for instance, right, like we mentioned, now there’s layer seven switches. So again, you know, the evolution of each individual profession, it’s, you know, anybody, I mean, you can learn it, right? It’s just finding a time to learn it.
Speaker 1 | 28:08.354
Yeah, well,
Speaker 0 | 28:09.054
it’s more like 500 pages and then…
Speaker 1 | 28:10.796
It’s kind of like, what do you pick? It’s like, how do you pick what to learn?
Speaker 0 | 28:17.161
And that’s the question, right? That’s kind of the question because this is the thing. I know a lot of people that went to school for switching and routing, right? They wanted to be Cisco people, right? Oh, God. And then they get a job and they don’t even do it. They do something completely different. You know, it…
Speaker 1 | 28:34.476
I tell people that all the time. Yeah,
Speaker 0 | 28:35.997
they do.
Speaker 1 | 28:36.850
When they’re replacing a phone system, right? First of all, I don’t understand why 95% of the world isn’t on Microsoft Teams yet. I did say Microsoft. This is on LinkedIn. I do expect some extra virality of this post or this show because I said Microsoft. There’s probably some, I don’t know, AI thing or robot or something tracking my voice before it’s even reached the internet. So I’m just saying that again, Microsoft and Teams, and I believe 95% of the world should be on it. Now, with that being said… Why would you go to a Cisco call manager? Because I’ve got to go hire five guys. I got to go hire five guys that, you know, like got to go learn, learn this stuff. It’s crazy complicated.
Speaker 0 | 29:19.067
There are, well, that’s the thing, right? There are pros and cons to every, I’m going to just miss the appliance, right? You know, if you’ve been a Cisco person for 10, 15 years, sure. Is it over complicated? Of course it is. Is it powerful? Yes. But, you know… The question is, is that do you want to buy an appliance to where you need an engineer to maintain it, right?
Speaker 1 | 29:45.606
Going back to presentation and application layer, let’s bring this, let’s keep this, you know, we’re going to try to keep to the base that we started. Let’s go back to presentation, layer six and seven. I think there’s other people that are doing layer six and seven a little bit better. At least on the voice perspective, maybe not on the routing side, but at least on the call center, voice, SIP trunking, whatever you want to call it, whatever you want to call it, voice side. Maybe Teams isn’t up to date yet. If you’ve got a really advanced call center, that’s fine. And there’s other people that have APIs and things like that. But just from the presentation and application layer alone, why do I have to hire a team of five people that have gone and studied and gotten a Cisco certification just so they can run the switch?
Speaker 0 | 30:28.946
That’s a good question. That’s a really good question. The only answer that I can come up with is that because it’s complicated, because it’s so customizable on the GLI, you could secure it quite a bit. You have full control. But the more control you have over something, the more knowledge you need to have in order to go ahead and modify it or utilize it. to its fullest.
Speaker 1 | 31:00.462
And then we got, now we can add in. And again, to kind of keep on the, I don’t, I’m usually very ADD. So the fact that I am doing this is like a plus for everybody to take it back to the poster, which I’ve got to go back to your website here. We’ve got to go back to, you know, now we’ve got layer eight, nine, and 10. We’ve got the human layer, correct? And because something so customizable with full control, we got to then go back to the human layer and really the policy and procedure layer as well. Because with such complication, with such customizable controls, you need to stay on top of that. And you need to keep all your certified guys to stay on top of that. Otherwise, your humans are going to screw it up. And your policy that might be fresh and new, which you also have to keep up to date, may not be in alignment with your complicated switching infrastructure. Or whatever. that maybe another company with a complicated background has a name stamped on.
Speaker 0 | 32:02.969
Yeah, I mean, the more, that’s the thing, right? The more secure, the more complex the network is.
Speaker 1 | 32:10.313
The more slow.
Speaker 0 | 32:12.575
Well, I mean, the more difficult it is to maintain. Yeah. Because, you know, now,
Speaker 1 | 32:17.377
granted. Even just to move out change, to make changes, just to make a change.
Speaker 0 | 32:22.080
And that’s the thing, right? You typically don’t want to. go too crazy with your firewall or switch because again you know people have to work company don’t companies do not like downtime and if you don’t if you do run into an issue you know you don’t have three hours to go figure it out during a company you know company hours i mean you typically want to do things you know you know when when an organization is closed but then again you’re gonna you’re gonna find out if you made a mistake when the company opens back up right
Speaker 1 | 32:52.582
I bet you there’s a data scientist out there. There’s a data scientist that can do this. And I got to take notes on this. There’s a data scientist, number cruncher out there. They can probably tell us at what point or at what layer of security do we give up? Now, all the CISOs and security people are going to say like, oh, you’re crazy, right? But there’s got to be a layer where the return on investment stops. So there’s a layer where like, We don’t invest so much in security because it’s going to slow us down and kill profits. But there is a layer where you lose it all. There is a level where you lose it all.
Speaker 0 | 33:31.755
It stops at layer eight,
Speaker 1 | 33:35.598
which is the person. Do you know what I mean? This debate all the time is like, well, why do we allow the C-levels? It depends on the company culture. I think if you’ve got good leadership, the C-level will follow all the security policies and they won’t expect… special, you know, I guess a buy on the security because typically they’re the ones that are probably attacked the most, at least from a spear phishing, since you brought that up earlier.
Speaker 0 | 34:01.657
And that’s, and if I’m not mistaken, I could be wrong, but I believe that 90% of compromises happen from spear phishing attacks.
Speaker 1 | 34:11.764
It’s a human, it’s easy to do.
Speaker 0 | 34:13.726
But he’s trying to mimic somebody else. Hey, this is your boss, whatever that name may be. You change one character out of email. Yeah. Hey, I need you to send a check here. I need you to send whatever it may be.
Speaker 1 | 34:25.852
It’s not that hard. It’s really not that hard. If you’re a criminal and you’re a nefarious, I like that word, nefarious individual. It doesn’t take much to crack the human code of just humans making mistakes.
Speaker 0 | 34:43.931
It’s social engineering. I mean, in essence, what are you trying to do? I mean, it was kind of funny because there was a TV show too where I think it’s called Hack Five, I think is the organization. And they get hired by different organizations to kind of find out where their weak points are. And they dressed up as contractors, held a ladder, and they walked right through security. The security guard even opened the door for them.
Speaker 1 | 35:10.544
Yeah, of course.
Speaker 0 | 35:13.206
Now you’re in a secure area just holding on to a ladder.
Speaker 1 | 35:18.130
Oh, my gosh.
Speaker 0 | 35:19.210
And floating, right?
Speaker 1 | 35:21.052
Packet sniffer, done. All kinds of other things we could do pretty easily. Cool.
Speaker 0 | 35:26.716
And that relates to, that relates to would be layer nine, right? The corporation and stuff, or maybe even layer 10 for that matter, right? What is your policy?
Speaker 1 | 35:34.218
From a human, from a residential.
Speaker 0 | 35:36.818
Yeah. When someone walks through a door, do you just let them on through? Is there any policy? I mean, you know, these are things that, you know, even on an IT level, I mean, you have an IT people writing these policies out right now. We’re like, not only are we physical security, I’m sorry. We’re, um, uh, um, no, I think I’m here. Um, you know, We deal with security on the computer level. Now we’re also dealing with it on a human level. And it’s an oddball thing.
Speaker 1 | 36:04.842
It’s going to come down to biological warfare and changing people’s genetics.
Speaker 0 | 36:09.483
Oh, I see.
Speaker 1 | 36:10.944
It’s going to come down to just genetically modifying humans, genetically modifying the crime out of humans. It was a total recall. It’s going to be like… It’s going to be like Running Man, Total Recall. It’s going to be like every Arnold Schwarzenegger movie ever made, you know, all put into one. And we’re going to call it real life.
Speaker 0 | 36:32.210
Terminator, the IT guy.
Speaker 1 | 36:39.372
It’s, you know, funny how we predict the future based on our own desires. Basically, all we have to do is just take human desire and put it into a movie and add IT and we’re good. I completely forgot where we were. And I had something very important to do with something to do with the human layer. And anyway, spearfishing. And where were we? We were talking about, oh, the complications of Cisco switching. And your day-to-day work. Oh, I know what it was. I know what it was. What would you say? Because everyone wants… I believe… I may be wrong. I may be wrong. I believe every IT leader, director would love to have more time to do the things that matter. But I think there’s tons of competing priorities and what is known as context switching, numerous things throughout the day, which take you off task, interruptions. What is your number one or number two? way of freeing up that time, cutting down on time waste.
Speaker 0 | 37:56.111
So, and that will relate to, I would say, layer number nine, right? Since I work for a private entity, you know, that is coming up with policies of how to deal with things, right? Because, you know, it’s the cell phone orders. It’s the, hey, I need a laptop. It’s all those things that really… you know, take up time. Because if I have to sit on the phone with Verizon for 45 minutes to deal with something, right, because who else is going to deal with it? It’s about coming up with those policies, right? Here’s the form, have everyone sign off on it so I’m not chasing people, put it on my desk. And, you know, maybe it’s going to take two days, maybe it’s going to take three days. I mean, I wish that were the case, right? But, you know, it’s implementing those policies to where, you know. You don’t have people, you know, on the way to the bathroom, someone’s asking you, hey, I need this.
Speaker 1 | 38:54.391
Setting expectations.
Speaker 0 | 38:56.072
I’m not thinking about that one. You know what I mean? It’s kind of those kind of ordeals, the hallway entrapment, right? It’s no, don’t reach out to me in the hallway. Write me an email. So that’s where the policy-driven factor really helps.
Speaker 1 | 39:12.022
Write you an email?
Speaker 0 | 39:12.863
Some nuisances.
Speaker 1 | 39:13.784
Did you just say write you an email? What about enter a ticket? What do you do? I mean, what about like some other like more advanced process of funneling these people through? Maybe you can figure it out on your own before you enter a ticket.
Speaker 0 | 39:25.767
Yeah, I mean, ticketing systems. I mean, that’s of course, that’s definitely necessity. It just depends on the size of your corporation or entity, whatnot. I mean, we hear it’s small to medium size. Um, so I don’t, I have not yet implemented one, but as the organization grows and the demands get a little bit more,
Speaker 1 | 39:46.032
I hope we didn’t just open the, uh, I hope we didn’t just open the floodgates of salespeople that sell ticketing systems to call you or software guys. You’re going to get like 15 requests now in your LinkedIn inbox. Hey, by the way.
Speaker 0 | 39:59.282
Oh, that’s, that’s already, I’m already getting about 50 to a hundred a month. I mean, that’s not going to change, but. it’s kind of interesting because even if we’re going to talk about ticking systems, it’s so bizarre how there’s so many ticking systems and it always lacks a feature, like a critical feature. I don’t know. I mean, every ticking system I’ve ever used, it’s always lacking something.
Speaker 1 | 40:27.675
I hope it is. Yeah, that’s my complaint with Salesforce as well as a, as a database is lacking so much.
Speaker 0 | 40:39.442
Yeah. It’s, it’s, I mean, and it’s, and it’s kind of, it’s kind of crazy because it’s like, you’re always, and I get it, you know, as IT people, we want products to be customizable to the way we handle or conduct ourselves. But in reality it’s, you know, nothing’s perfect. So I understand that for sure.
Speaker 1 | 40:58.138
Yep. Well, not everyone thinks alike either. So we’ve got to. Yeah. We’re going to bring them all together, do a panel on the, on the ticketing systems.
Speaker 0 | 41:07.429
Yeah. Have a, have a kind of like a, um, what do you call it? Like a survey.
Speaker 1 | 41:11.492
Yeah. The, okay. So the policies in place, um, what else we got? Any other, um, okay. How about this? What’s the worst spear? What’s the best spearfishing worst attempt you’ve seen recently as of recent?
Speaker 0 | 41:30.008
Uh, you know, so right now. What I’m noticing is that you receive an email saying, hey, your invoice is ready or something along those lines, right? And you have to click on a link that looks official. And then you look at it, it shows like, hey, it’s an Office 365 email account, right? It looks as if it is. And then the fear is that they actually log in with the real credentials and it turns out to be nothing. But one of the things that have been implemented some time ago is a two-form authentication, which saves companies like you would not believe because this is the kicker, right? If their login is compromised, you still need to get that six-digit code that gets texted to your cell phone in order to log in if it does not recognize the device from which you’re logging into, right?
Speaker 1 | 42:22.177
I would imagine that’s a standard, like, two-form, two-factor authentication.
Speaker 0 | 42:26.420
It’s slowly getting there, but believe me. Really? There are some entities that are still behind. I do talk to people in different industries and, you know, people don’t like change. And it’s kind of one of those ordeals. You know, some people react. They’re very reactive, right? Oh, my goodness, we’ve gotten compromised. And then they go ahead and implement. But I’ve seen it the worst when it comes to government facilities. On a governmental side, I see it pretty bad.
Speaker 1 | 42:54.872
No two-factor authentication on the government side? That’s just crazy.
Speaker 0 | 42:58.793
Well. I mean, they’ve always been behind, but it’s still shocking me to still see it.
Speaker 1 | 43:04.178
They’re behind but ahead. You know, they’re behind but ahead.
Speaker 0 | 43:06.559
You hear people say,
Speaker 1 | 43:10.122
like, if you look at the technology that’s existing in the public right now, like, the government’s usually, like, three years ahead. So why are we behind? You know, there’s this weird irony. There’s this weird kind of, like, thing going on. This, like, thing. I don’t know.
Speaker 0 | 43:25.615
Yeah, I’m not, like I said, I’m not going to bash anybody. But there are. you know, some agencies out there that are utilizing technology from a very long time ago. And, you know, there’s the whole, well, we don’t have money to, you know, hire a firm to update it. But then you look at the information like, well, this is so critical to where you almost don’t have a choice, but you know, it, I don’t know. It’s, it’s, it’s really weird. It’s very, very weird, but nonetheless, it’s, you know, it’s always like that. So. I mean, hopefully I have noted changes, but it changes slow.
Speaker 1 | 44:02.237
Yeah, gotcha. You were a transportation security officer at one point in the past, U.S. Department of Homeland Security. What was that like? It just seems interesting.
Speaker 0 | 44:14.729
It was a stressful job. You know, it wasn’t particularly one I was happy with, but, you know, I did my part. I did my part, you know, and I contributed to the… the safety of the country and the way I knew how, but.
Speaker 1 | 44:28.012
What was stressful? If you don’t mind me asking, what was stressful?
Speaker 0 | 44:31.700
Well, I would tell you, we screened about, I don’t know. 12 to 18, 20,000 people on a daily basis. And in essence, you know, when, when someone is missing their flight or running late and they have to go through the, our procedures, right. The policies that were set forth and voted on and agreed on and whatever, you know, people don’t seem to, it’s kind of like it, right.
Speaker 1 | 44:56.594
People lose their mind. People, people lose their mind.
Speaker 0 | 45:00.575
Yeah. So. you know it you know it’s it’s a tough job i mean i you know i feel for all the officers out there it’s not easy i understand what they go through and yeah and you know i respect what they go through because it’s it’s definitely not an easy job it’s it’s tough tough one for sure is um would you have any suggestions there for travelers i mean what about uh should
Speaker 1 | 45:20.524
you get your pre-screening um you know i had the what is it called where you just get to walk through the line pre-check yeah yeah is that helpful i mean
Speaker 0 | 45:29.052
I mean, if you travel a lot, it definitely helps, right? Because the whole premise behind it is to speed up the line for people that travel a lot. Because, I mean, if you’re traveling all the time, and yeah, it’s definitely useful, right? It is worth the cost because it gets you through line quicker, right? It’s like a premium pass, give or take. You still get screened, but, you know, it’s something to where, like, if you travel once a year, is it worth it? No, of course not, right? I mean, you could wait a little bit, just get there earlier. But if you’re traveling two or three times a week, then yeah, it definitely helps put on time. And I would say even stress, because in that sense, you’re kind of paying to be put in front of the line, right? Or a different line, in this matter. That was like,
Speaker 1 | 46:15.017
you know, 70 bucks for like five years or something. It’s not that bad.
Speaker 0 | 46:18.559
Yeah, and it’s not bad, right? Whatever they do on the back end to verify that you’re safe, I have no idea what it is. But whatever they do, you know. you’re pretty much paying for that check, right? And then they look at you and say, okay, you’ve been approved. You know, you’re not a bad person or potentially a bad person or how it really makes a determination, I have no idea. But yeah, it’s definitely a good thing. And the premise behind it is to speed up, you know, speed up traffic for those that travel a lot.
Speaker 1 | 46:45.499
For anyone out there, you know, just general advice, maybe someone getting started in IT, is there anything that you struggled with a lot that you wish you had known prior to that you know now?
Speaker 0 | 46:56.804
Speaker 1 | 46:59.586
In other words, go through the pain, okay? There’s going to be a lot of pain. Just deal with it.
Speaker 0 | 47:06.492
No. I mean, so if you’re getting into this industry, I’m going to say it’s the human factor, right? It’s a stressful job because people are coming to you with problems, right? And even though some things because they’re on a computer and it may not even be technology related in the sense that it’s something that you should even be looking at anyway but you’re that person that they rely on right so it could be hey i can’t log into my email account and let’s say it’s even personal right and you’re showing them how to do like a pass reset i mean sure they could have done themselves but you know it’s you’re going to have those people that don’t know anything about computers and and yeah it kind of gets frustrating because you think to yourself well come on i mean it’s It’s almost 2022. I mean, you don’t know how to do this yet, right? But there are those that don’t know how to do it. And even a more complex end, it’s the best advice that I could give people is that you’re just one person. You’re not gonna know everything, okay? You’re gonna stumble into situations where you don’t have an answer. But look at the OSI model, if it’s something that you’re trying to physically figure out, like let’s say an appliance of sorts, right? network, utilize your resources and just take it at your pace, right? Because anxiety builds up, you want to get it resolved. People are anxious, but again, you’re one person. You’re not going to solve all the world’s problems on your own. So, you know, take it at your pace, try to calm yourself as much as you can and just think it through, right? Think it through. Everything will get solved. We’ll get resolved. We’ll get fixed. It’s just… You know, I, when I got into IT, it was kind of like that, right? Call comes in and you’re panicking. Oh my God, I got to get this fixed right away. Blah, blah, blah. You know, you’re just one person, right? And you just do the best you can. The fact that you’re there to pick up the phone and you’re handling the customer, you’ve already done a great job, right?
Speaker 1 | 49:09.188
Just pick up the phone is like a huge, it’s a huge piece.
Speaker 0 | 49:11.809
Yeah. Pick up the phone, find out what it is and just go through the process. Whatever your mental process is or whoever you need to reach out to that’s about, you know. like i said there’s no itt manager or director in the field that’s going to know everything you just don’t you don’t have the time to know everything you know and it’s you know So individuals that are, let’s say they’re network engineers, they’re not going to know the same level as a system engineer, right? Because, again, you’re dealing with two different things on a constant basis and you’re not going to know it all. So that would be my advice to individuals. Just remember, you’re not going to know it all. Just do your best and, you know, try to manage that stress level as best as you can. Because if you are at that point where you’re constantly stressed, it’s just not worth it. Yeah. at the end of the day,
Speaker 1 | 50:03.533
it’s just a job. Well, thank you very much for being on the show. And everyone out there listening, I always forget to do this. If you appreciate the job that we’re doing over here at Dice Weekend Puppet, our IT nerds, please go to iTunes. Because the iTunes reviews, believe it or not, are the ones that matter the most. Probably most of you are Droid device people. I don’t know. You’ve got to have someone that has an iPhone. Borrow their phone. Go to iTunes. Scroll to the bottom. Rate Dissecting Popular IT Nerds on iTunes because, believe it or not, Apple is one of the fourth largest producers of internet traffic in the world, especially when it comes to podcasts. So I would greatly appreciate it, especially if you like it. Leave a review. Write us. And this. Tom did not plug me to do this. He did not reach out to me on LinkedIn and say, please advertise my website. He did none of the sorts. I found this on my own all by myself today, and I thought it was really, really cool. And you just happened to be on my podcast the same day. So TomGoral.net, T-O-M-G-O-R-A-L.net, buy the seven layers of OSI model or the 10 layers of OSI model. which we’re going to try and push, I guess, into the future. Really cool poster. It’d be even cooler if you framed them, and I could pay like $300 to get this thing sent out framed. Maybe think about that. It’s probably way too much work to do for this fun little hobby of yours.
Speaker 0 | 51:35.820
You could, on Amazon, actually had really good frames made in the U.S. Pretty good wood, pretty good frame. I think it’s like $30 or $20. I mean, I don’t know what it is now with the client chain issues, but you don’t even have to. cover that much. It’s not even that much.
Speaker 1 | 51:51.009
I think you should add a link back. I think you should add a link back to me and I’ll link back to you. Let’s do this on the show. And as heard on Dissecting Popular IT Nerds. Okay. Thank you very much, sir. You have all of my best to you in the future and future leadership.
Speaker 0 | 52:14.461
Philip, thank you so much for having me, bud.
Speaker 1 | 52:16.423
Yeah, man.