CFH #19 - Mike Hamilton

[00:00:00] Populating the Talent Pipeline through Professional Development and Work from anywhere, securing the blurry edges of your network. That and the latest news and trends in the managed security space coming right up, on Cyber For Hire. Building bridges between managed security providers and their clients, it's the podcast

[00:00:22] where MSPs, VCsos and end users take a United stand against cyber crime. This is Cyber For Hire. Struggling to monitor the growing threat landscape, pressure to reduce costs, security skill gaps, facing compliance issues, these issues can translate to operational, financial, regulatory and reputational risks to your business.

[00:00:47] Checkpoint can help. Checkpoint combines an MSSP Enablement Program, Cloud Delivered Multitennet Management, Stock Platform and Superior Threat Intelligence capabilities to give MSSP's the confidence to grow profitably out-of-reduced risk. Checkpoint is 100% channel driven. We partner to deliver the best security everywhere. Visit MSSP Alert.com slash checkpoint.

[00:01:16] All right, welcome friends to episode number 19 of Cyber For Hire has everybody doing today on Bradley Barth with S.C. Media in New York. Enjoying me today on the other side of the continental divide in Utah is my co-host

[00:01:29] and partner in Cyber Crime, Ryan Morris, Principal Consultant with Morris Management Partners. Ryan were actually recording this while the RSA conference is still in full swing. Not much of a surprise that artificial intelligence seems to be one of if not the storylines of the conference.

[00:01:50] So much so in fact that the CEO of RSA security said that a dozen major vendors, plus more than 50 startups, have announced AI powered cyber security products this past week. This according to a report from S.C. Media Editorial Director Tom Spring and this was

[00:02:06] just days after the Department of Homeland Security announced the creation of a new AI task force. So this certainly feels like quite a different circumstance for maybe five or six years ago when AI was an overused buzzword. Yeah, you know it's funny.

[00:02:20] I remember the first time we advocated that cyber security should leverage the capabilities of artificial intelligence. We had big data, we had machine learning but the first time you know that six or seven years

[00:02:35] ago somebody said AI, most of the professionals in the room rolled their eyes and were like whatever. I know what I'm doing, you don't know what you're doing. That machine will never replace me.

[00:02:47] Based just on the volume of announcements coming out of RSA this week, I beg to differ and we all need to figure out what makes us human and unique and essential to this process so that we don't just get automated out of existence. That's right.

[00:03:06] This is actually the perfect lead into what is our top of mind story for today because honestly some news just can't wait. That's why we want to share this with our viewers today. The story comes out of RSA and while it's certainly not the biggest headline from

[00:03:20] the show, I still think it'll make for a thought provoking discussion. So here's your headline, a nine year old user of an automated AI powered pen testing product has challenged a prominent cyber security CTO instructor and purple teamer to a hackathon

[00:03:40] contest after this security leader tweeted a negative comment about this particular solution during the RSA conference. Now in this head to head scenario, the child would use the automated product while the security veteran would use his own manual based hacking tools.

[00:03:59] This is all according to a press release issued by the provider of the solution to which I was referring before. I'm keeping the parties anonymous here, Ryan for numerous reasons for starters to my knowledge as of this recording.

[00:04:12] The contest hasn't even been agreed to yet plus there's a kid involved. And really for our purposes, the who isn't important. What is important is this notion of human lead pen testing versus automated pen testing.

[00:04:25] Is this a Paul Bunyan versus the logging machine type situation where Paul Bunyan finally meets his tree chopping match? And the tweet that started all this, the expert took on bridge with the vendors claim that the tool equal to power of a 20 year pen testing veteran.

[00:04:43] So explain why this is top of mind for you. See, I think you've hit it with the Paul Bunyan reference. It is an acceleration of capability. It's not a replacement for humans. The the most savvy way I've heard this described in the last couple of weeks is AI

[00:05:00] is not coming for your job and won't replace you. But someone using AI will replace you if you don't get on board with these new kinds of technologies. This is, you could remove pen testing and AI automation and insert the description

[00:05:17] of literally any technology in the history of human kind from the lever and the incline plane to the railroad spur to cyber security technology amplifies human effort. Now, I don't agree that we could replace the context filtering of 20 years of experience

[00:05:39] because I think that that savvy, that a person with that many years of experience would bring to be able to not have to test every variable in order to find the right one. But might do some pattern recognition and say, wait a minute,

[00:05:52] this feels familiar and I can fast forward into a resolution. I think that will always be valuable, but when nine year olds are even worth the competition, it's a completely different world. Now let's be very clear here at cyber for hire.

[00:06:10] We absolutely positively have it distinct opinion about not having nine year olds in the workforce, not for competition reasons for childhood reasons. But outside of that, I legitimately think the contest might be fair because what these

[00:06:26] tools bring to us, it's like everybody you've been hearing in the last month or so chat GPT will replace you in your job if you're a writer. No, it'll make you more prolific. It can help you accelerate the process but it still needs the spark of inspiration and

[00:06:43] still needs the polish of grammar because it doesn't have very good versions of that. But all of these tools will eventually bring us to a point where, you know, the business gurus in the world refer to this phenomenon as the least cost resource.

[00:06:58] And what they mean is you don't have to pay a genius to do this job, you can get a barely capable individual at minimum wage, give them a powerful tool and off you go to get the same kind of an output.

[00:07:09] I think that's going to be the story of the next several years and it doesn't solve our problem of needing more humans in the industry but boy, it does remind those of us already in

[00:07:22] the industry that we should probably continue reading and studying and staying sharp on our continuing ed because if we don't that nine year old he's coming. Well, all I know is my 10 year old nephew asks me questions about cybersecurity all the time

[00:07:37] and now he's taking on coding classes so he better not be coming after my job. That's all I gotta say about that but in the mean grammar is your secret weapon exactly.

[00:07:49] But in the meantime, you know if anybody has any thoughts or opinions on this please write to us it's cyber for hire at cyberriscalcience.com. That's going to be our top of mine hot take for

[00:07:58] the day more news later in the show but first it's time for our feature to MSSP industry and market strategy topic of the week presenting our big idea in business populating the talent pipeline through professional development. The cyber talent shortage is well documented

[00:08:18] and rather than just trying to outbite each other in a competitive job market wouldn't it be nice if MSSP is we're also able to build out their talent pipelines through professional development programs.

[00:08:30] This session will look at strategies for creating an assembly line of ready to go cyber professionals to add to your matted services team including coordinating with cyber universities and boot camps and sponsoring apprenticeships, mentorships and internships. To discuss this further we'd like

[00:08:46] to welcome in our guest speaker Mike Hamilton founder and see so off critical insight a cybersecurity as a service provider in a career spanning more than 30 years Michael served as a cybersecurity policy advisor for Washington State vice chair of the state local state local tribal and

[00:09:04] territorial government coordinating council. See so of the city of Seattle and managing consultant for vericine global security consulting in previous life we developed algorithms for a hyper spectral remote sensing as an ocean scientist at the NASA NASA Jet Propulsion

[00:09:22] Laboratory to ask him more about that later after the show because that sounds super cool. In the meantime welcome Mike I'm so glad that you could join us and as always we're going to jump

[00:09:34] right into things so let me try out a sports analogy here on you and see if it fits. If you want a sustainable and affordable ball club you can't entirely rely on signing away expensive

[00:09:49] free agents from all of your competitors you need to scout and develop players within the miners recruit them from high schools and colleges similar premise for cybersecurity is it not? Yeah I think that's actually a pretty apt analogy there right the training and the professional

[00:10:05] development as a means of circumventing you know the the fist of cuffs that are going on out there to to hire you know a population of people that's in very short supply and you know highly attracted by

[00:10:20] giant bags of cash you know you gotta do something as a as a managed service provider we are the focal point for a lot of resources that are hard for everybody else to get so it was

[00:10:32] important that part of our strategy was to to crack the code on people so yeah that's great analogy see and I think it's fascinating Mike as you as you talk we've talked often on this program about

[00:10:45] the problem of the lack of human resources it is very good to move into the world of solutions where we can actually do something about it I find it very interesting based on your comment right there

[00:10:56] being good at cybersecurity is nice being good at selling cybersecurity services that's better being able to run the business hey these things are the are the table stakes the human resources side of it was that's something that you figured out that you needed to focus

[00:11:12] on from day one when did that come into the core of your business strategy yeah well so it the our farm team method started long before the company was around it was when I was still the

[00:11:26] CSO for the city of Seattle and if you are the CSO of the city of Seattle you can go get grant money for interesting things you want to do and so I had just been the managing consultant for

[00:11:39] Veracin Global Security so I went to work on an airplane I lived in hotels I ate in restaurants and I drove rental cars and then my daughter was born and if you're going to be bad you can't

[00:11:49] go to work on an airplane anymore so I took the job at the city of Seattle and really started to get into the the criticality of the things that your local government does for you right

[00:12:02] that's your flushing toilet and your drinking water and you know making sure the fire department gets to your house for it burns down and IT holds all that up well in the in the

[00:12:10] Puget Sound Metro area I started to meet all the IT people working in local governments and metaphorically they were kind of buying firewalls and calling it good that's not good and I said

[00:12:21] we need to monitor the network I had just been with Veracin Veracin bought an MSSP that I was part of so I got some grant money and we created a regional monitoring project we monitor small

[00:12:33] governments for free in the Puget Sound area as well as a bunch of maritime ports on Puget Sound so we had one place where we could see the attack surface of our region then later after I

[00:12:46] ran screaming out of government converted that to a system by where we would continue to monitor local governments for free small ones and use the data that we collect as live fire curriculum for what is now 14 universities and that's a number that's growing so analysts are being trained

[00:13:05] yes any universities that are in there getting their book learned in their test taken but they set their butts in seats as operational analysts with critical infrastructure events happening in real time and when they roll off that assembly line that's our farm team.

[00:13:21] Yeah so I certainly want to you know deeper into this program that you established which I know is called Pisces as part of this discussion though I do want to ask you know do you

[00:13:35] feel like since you know you obviously have this very unique program where you're working with all these different universities uh is there enough being done between private industry and colleges universities vocational schools boot camps to really prep the the world of

[00:13:57] academia and those residing in it for real life cyber professional jobs it obviously getting an academic education is enough being done to actually prep them for the workforce in your mind

[00:14:12] it's it's growing um two years ago I would have said no way but as I interact with a lot of universities community colleges around the country what I'm finding is there are private sector organizations

[00:14:28] that are supporting sock operations at universities and doing whatever they can to to get them real time data and a lot of them just are not able to bring in the real time data but that exposure

[00:14:43] to actual event traffic means a whole lot more than passing the tests um it's this this whole issue of live fire I think is a really growing trend and as we can really uh purpose our university students as potential analysts in training and use them for monitoring underserved

[00:15:08] organizations whether that's government like we do or some of them do the private sector small businesses that is a trend that's growing and I think that is paying off I'm starting to see green

[00:15:20] shoots around that all over the place as I go talk you know for example um metrostate university in Denver um they have a big student sock operation and you know this is exactly the kind of training

[00:15:33] that you need when when somebody is approaching a job in cyber you know what what employers look for is a degrees some kind of certification and experience and we we've all known the you know the crazy

[00:15:44] job applications for an entry level position that say you have to have five years of experience okay that's absurd but some kind of experience that you can demonstrate right I have seen live fire

[00:15:54] very powerful on that entry level resume see and that is that is the truth I I absolutely 100 the life fire dimensions of that right I'm looking at quantity right when we talk about job openings

[00:16:11] and the lack of humans in cyber security the numbers spiral to silly pretty quickly right like oh we need 100 000 of these and 600 000 of those and globally we might need three million more of

[00:16:23] something else in the industry those are numbers beyond the scope of you and me and some individuals you may have come in earlier about the idea of MSPs we often get treated like the farm team for

[00:16:38] larger organizations with bigger bags of cash the university philosophy where you can go and establish that kind of farm team that the pipeline of talent do I need to be a large organization

[00:16:51] to pull that off is that something that a small local MSSP can do on their own what what's the scale conversation that you find gets you the credibility with those institutions?

[00:17:05] Well I think not so much the the the university side of it but the who are you going to monitor and what does that statement of service look like that becomes the trickier conversation

[00:17:19] you know there is a level of service that can be provided by these student operations that is not there at Christmas time right so there's there's nuance around this and having that discussion about we'd like to monitor your network and it's a community service that's

[00:17:39] we're going to perform for you for free and it is about infrastructure protection but it's also about workforce development and your region benefits from us creating these practitioners which and frankly you know cyber analyst is the tenth fastest growing job in the country it's the only

[00:17:59] cyber job on that top 10 list projected out to 2029 by the Bureau of Labor Statistics so we we need to flood the market with these practitioners and so having that conversation like I have in government

[00:18:14] is all around you're doing a community service yes we're doing this for free for you it's basically a happy meal but the outcome of this down the road if we project this out

[00:18:27] is we will be neck deep in these cyber practitioners and we'll be able to hire our way out of some of these problems rather than continuing to get our back sides handed to us and that conversation

[00:18:40] is one that if it's conducted in the right way is brings a lot of credibility to it right we're doing this you know for the United States of America and really the the municipalities that are also

[00:18:55] involved with this as part of the program you know the key benefit for them is that their budgets are small to begin with so they can't obviously generally afford to go with a high-end professional

[00:19:07] service so they're actually you know getting more than they otherwise would be getting because otherwise they they couldn't afford the service to begin with with that said how do you ensure with a program like this if there was another organization out there who wanted to do something similar

[00:19:23] and follow the same model how do you make sure at least that the students who are still lacking in some level of experience are supported enough that they're not making mistakes at the expense of the various municipalities that are participating. Yeah that's a great question

[00:19:43] so part of that is in the language of the statement of service right this is a happy meal but when so we realize there's a very good question we realize that we need to provide some

[00:19:55] oversight of those students because even the instructors in these universities they do not come from a background that allows them to drop right in and be able to teach this they have to come up

[00:20:04] to speed as well so we provide the Pisces organization provides oversight analyst who goes through all the student tickets provides feedback looks like you swapped source and destination ports here port 80 will never be a source port and in the beginning of a quarter or a semester

[00:20:25] you know everybody's kind of making the same mistakes and by the end because they have this support you mentioned they're doing much much better and it becomes easy to identify the ones that really

[00:20:35] get it because you know this is this is one class this you know how to be an analyst this Pisces class and you know students are attracted all kinds of moving parts in cybersecurity right so I mean some

[00:20:47] of them want to be sales engineers I'm gonna let him on a hand someone to be red teamers right to the sexy side of this so about 30 40 percent of the students end up being really good at this

[00:20:58] and then in continuing to support that we have along with DHS and Pacific Northwest National Lab come up with a certification that we're trying to get nationally recognized so that if you have this Pisces certification it will be known that you've handled real-time data in critical

[00:21:16] infrastructure and have you know put out little fires before they got big so you know we think that today that's an adequate amount of support we're gonna have to scale that as you know more

[00:21:29] universities join on which I mean and that that's the best possible problem that you could create is there's too many universities participating we need to scale our support function that multiplier effect

[00:21:44] might actually get to the point of solving our problem right so we we hope that you can go fast enough in there we mentioned it earlier in the farm team sports analogy the free agent marketplace is active

[00:21:57] lots of brain drain that happens in organizations when senior level or like just really good experienced people get pulled away for a bag of cash how do we ensure that we are not just bringing

[00:22:13] in the new talent but that we are maintaining that you know the the tribal knowledge that level of expertise of where we've got how does an organization keep attracting new but not losing the brain

[00:22:26] power of the ones that might get recruited to that is the the key question right there and so when we when we bring them in at an entry level I mean it's entry level you know you're reasonably good

[00:22:39] at doing this analyst thing and we're gonna develop you as an analyst and then you can be promoted up the analyst food chain but because our firm is cyber security as a service we've got all these

[00:22:49] other things going on we've got consultants to do risk assessments and penetration testing and security awareness training and social engineering to all these things and we engineer our own collector devices that we have to put on customer networks and we have a customer success team and so

[00:23:05] as the analysts are introduced to all these other moving parts we start to identify where they are attracted and we've had them turn into red teamers and we've had them turn into executive management because continuing to help them develop their careers not just having the solution

[00:23:25] where you can source your talent bring them in at an entry level but then develop them provides context to every part of the organization we have so many people that work in so many

[00:23:37] jobs that if they had to could jump in and be analysts again and that becomes very powerful you know surge capacity so it's it's it's really thinking this all the way through not just the

[00:23:51] sourcing but the development and the retention which is really highly dependent on your culture as well you know I've heard of sock operations that you know the way that they treat their

[00:24:05] analysts is they take them out in the indie race car driving and things like that okay indie race car driving is cool three on four off is way better and that's how we do yeah and I know that you've

[00:24:18] told me you know Mike that because of the fact that you know you're you're working you know with these students at at developing them and and reading them for you know professional jobs everything that

[00:24:30] it does also result in better loyalty and and better retention and that you've seen the results there which is great obviously there's also more than one way to skin a cat and I want to also make

[00:24:44] sure that we spend a little bit of time talking about some of these other methodologies for building out the pipeline talking really about the the three ships the apprenticeships the mentorships

[00:24:57] and the internships and so I would be interested in hearing you know a little bit about your thoughts on on these approaches and if you you know find any particular trends or best practices developing

[00:25:12] in these three strategies so two sectors that are extremely critical to the scale at which we live our lives are local government and the health sector so specifically small local governments rural hospitals things like that they cannot afford people technology or a service okay but if they

[00:25:35] get knocked over you can have to drive 150 miles to get to a hospital you know toilet won't flush for three days and we have public health emergency right all those things are bad in my view

[00:25:47] and working with universities and starting to help develop a more of a two-year program that looks a lot more like trade school that we teach directly to this role this analyst role

[00:26:02] and as part of that degree program make it mandatory that you do a year internship in either a local government or a rural hospital setting and in that way you've not only you know pulled out

[00:26:16] the the operational experience of working with real data you've now had to drop into an organization and work in an organization for a year and if that is a condition of getting your degree all of a sudden we are providing assistance to these really critical organizations and

[00:26:36] providing a much better education and work experience for the students and when they pop out of that internship they are on fire and so I took a lot of interns when I was at City of Seattle

[00:26:51] because we this was you know 2008 when the economy went off clear from all that stuff happens like I need some help and to a person I would bring in these students from regional colleges and

[00:27:05] they were astonished when they saw real data oh my god we're being attacked by the Chinese yeah it's day of the week and why exactly so you know this this this bit about an internship

[00:27:18] and having someone be part of an organization and learn how to navigate around that as well as seeing the real deal those two parts together are incredibly powerful there are you know the American apprenticeship initiative and the apprentice program and things like that you know I don't

[00:27:38] track those very well but I do believe that internships are extremely important apprenticeships I think and this is just my personal view would work much better in things like public utilities because if you work in a public utility you came up through the trades you're a well-drew pipe

[00:27:56] fitter and you're in that control room now you're not an IT person those organizations know exactly how to handle apprentices because they've done it forever and that's as another sector where we need

[00:28:08] eyes on so you know maybe a little more effort to direct apprentices into some of the organizations that know how to handle them and really need them right I don't want water utilities

[00:28:23] getting knocked over waste treatment plants you know see and that's I love the practical nature of where you're going with this because the the general context we need a lot more people

[00:28:37] true but not actually helpful right we're not solving the problem in order to do that we need specific action guide people to the right kinds of formats of engagements to the right industries the live data part of it I love that but hopefully everybody listening into us today

[00:28:54] is also catching the other side to have technical skills and be able to do your job having seen live data that's great but to know how to be a person in an organization

[00:29:06] to have a job to be a professional to show up every day that that part of it's equally important and then you wrap around that the career development one does not need to run an MSSP

[00:29:19] with hundreds of employees to make that method a part of your basic business culture right that's not we don't have to we don't have to wait until we are huge to get good at the farm system approach

[00:29:34] everybody needs to start participating in this so Mike it's it's terrific and tactical information we're getting close on time so I want to ask you a question just as as we move into the next

[00:29:47] part of our conversation here we find in this industry that it's it's good to know which feathers we birds share and so we often ask you know as as fellow travelers in the cybersecurity

[00:30:00] industry we nerd out on certain things so we ask a question in a segment that what that we like to call we speak so Mike in your world very background lots of job experience you've been here and

[00:30:15] done that what do you geek out about? So I found that I need a crazy hat that I need to put on periodically that that turns me into someone completely different from you know being serious about

[00:30:31] keeping bad guys out of networks and things like that so at 50 I picked up drumsticks and now I play in a couple of performing bands one is a very punk band the other one is a little more creative

[00:30:47] and slow I'm almost 63 I should probably slow down the punk stuff but that's that's my crazy hat that's awesome now I know you sent us a photo actually which I've waited to look at until we

[00:31:01] have this discussion so I could be surprised and there it is oh my god that's amazing so citizen Z alright so you have to tell us what's the origin of the the band name here?

[00:31:14] With the origin of every band name is the same you look for something that's not already taken that's really what they did you know I want to smug druglers taken you know I mean it's like

[00:31:27] everything we looked at you know and so finally the guitarist in that band who is the director of training for AWS customer service came up with that name. Alright very good yeah it's so it's

[00:31:42] it's a little bit like trying to register your own website and all the good website names are taken same premise for for a good band name what's the other what's the other band name.

[00:31:52] Another band name is the Outliers Club LIA RS and that's okay I'm like you saw the keyboard in a vocalist and you know citizens Z is three guys doing punk music and you know by the time

[00:32:05] word we get off stage I have a quarter water in my underwear. See that's that's the thing right you uh you as a fellow traveler in the punk rock world I will tell you you should never be too old

[00:32:18] but your elbows are going to hurt more after a while but continue to thrash sir that is fantastic now especially in the Seattle environment right so yeah of course it's being being uh so I

[00:32:33] lived up there in the Pacific Northwest for a bunch of years and you know we all know in the 90s world of rock and roll was was born and bred in the Pacific Northwest not so many

[00:32:45] Pacific Northwest bands out there anymore and and I've often wondered like did we just forget how to play music up in the Pacific Northwest or are those bands out there just striving for recognition.

[00:32:58] That's you so I live in Bramerton right across the water from Seattle there are a lot of bands over here and they all we all play with each other in you know all of the venues around here and some

[00:33:09] of these venues are dives dives they were just you know feet stick to the floor but that is so much fun and as I listen to the other bands some of the music is of such high quality that I know some

[00:33:21] of these are going to break out and you know I'm proud to have played with them um we will not be one of those because uh I don't need a band career. It's it's still nice it's nice to hear though

[00:33:36] that the music scene still thriving from the grunge days of the 90s but the last thing I have to ask you about this though Mike is so are you a cover band do you play originals and if you

[00:33:48] have originals are there any songs about cyber security? It's very interesting question so we play all originals there's like there's a couple of cover tunes we do one by the buzz

[00:34:00] Cox which was a punk band in the kind of late 70s in the UK so on citizens these second album available on band camp um we do a song called government drone which is about being surveilled by the

[00:34:14] NSA. Oh very cool contemporary talk. All right yeah it was the writing those lyrics probably wasn't the the hardest creative journey you ever had it was just source material from the day job you

[00:34:27] knew that just picking it out of the news. Good to call it 702 right yeah awesome all right 100% 100% can have to go listen to that now we're going to have to look it up and listen that's just

[00:34:42] amazing and awesome and thanks for sharing that with us because so that's that's a lot of fun with that unfortunately we're out of time so we're going to have to wrap up the first half of our show

[00:34:53] but and and we'll have to talk about your whole days at NASA another day here. But in the meantime for everybody else please return for the second half of our episode featuring our big idea in

[00:35:04] security work for many where securing the blurry edges of your network that plus our info techniques run down and our de-er cyber for highway advice column segment all coming up so we'll see you in

[00:35:15] a moment on the other side. Welcome back to cyber for higher than managed security podcast once again I'm Bradley Barth with SC media and the first half of our show we talked with Mike Hamilton at critical insights about populating the talent pipeline through professional development opportunities. But right

[00:35:39] now I'd like to welcome back my co-host Ryan Morris from Morris Management Partners because it's time for us to examine our info sec news and trends topic of the week presenting our big idea

[00:35:50] in security work for many where securing the blurry edges of your network. In the last few years many companies have found that their home offices and their internal on-prem networks are no longer always the central core around which their business operations revolve

[00:36:08] even with more employees returning to the office now remote and hybrid workforce models are here thanks to an exponentially increased reliance on cloud-based architecture and services as well as edge computing practices that allow for the processing of key data closer

[00:36:25] to remote edge devices all of which means that critical data and business functions are constantly taking place right at the network's edge. A perimeter that these days is becoming difficult to define. In this segment we'll just examine how cyber security models must adapt in order to

[00:36:42] accommodate this recent shift in network dynamics and architecture. And so Ryan once again we're going to jump right to the heart of things as we always do. I want to hear from you on

[00:36:53] why has the network edge become so difficult to define and ultimately because of that protect? See we touched them in earlier in our conversation with Mike and he indicated you know there's a lot of people whose core cybersecurity philosophy is by a bunch of firewalls

[00:37:10] build a great big fence around the edge and we're fine right everything is going to be good and we learned a long time ago no that's not okay but the philosophy of perimeter defense

[00:37:21] has persisted it's something that that we all like to think this is my building these are my resources owned controlled managed by us therefore we ought to be in more control of these assets

[00:37:33] than we could be in any uncontrolled or public computing environment that defies logic in a modern world. I as I buy into the philosophy of locationless computing I subscribe to cloud services I store stuff here and there I utilize all of this remote technology and I don't care

[00:37:57] where it is physically located at least within legal and regulatory bounds right that is the new context of computing and I think we've arrived at a world where the perimeter is essentially infinite especially when you send actual employees with corporate data with secure communication requirements

[00:38:21] into the hithor and yarn right when that happens it was not it didn't start with the pandemic accelerated with the pandemic I personally have not worked in an office like nine to five job since

[00:38:35] like 1999 or 98 something like that whether it was I had a territory responsibility a field job by travel to client locations and get on stages and stuff like that I started remote working

[00:38:51] when it was dial up modems and text based emails where attaching a photo was a serious no no because it was going to knock the network out right we've evolved tremendously with the caliber

[00:39:05] of connectivity but I think from a cybersecurity professionals point of view we have to just make baseline mental shift there is no perimeter and the perimeter does not exist we need a new philosophy for how to manage cybersecurity and then figure out how to keep people productive

[00:39:25] and doing good work here respective of where they happen to be sitting physically at the moment so explain where specifically our problems going to start to significantly surface for those organizations that are still relying on classic network architectures perimeter based

[00:39:49] architectures where are the biggest flaws and problem starting to bubble up and you know and becoming obsolete because of today's realities of so much going on at the edge and then sort of as part two of that question now then explain how can you then modernize that situation

[00:40:10] or help your clients if you're an MSSP you know modernize accordingly see and and to your second point there this is it is a technical challenge to be secure in an everywhere computing world

[00:40:25] but that means it's just tremendous opportunity for MSSP's this ought to be the single best market driver that leads to sales opportunities for service providers like us this is a catalyst for consuming our services because the complexity that is created by people doing things

[00:40:47] important things not just you know kind of browsing the web but doing their jobs from everywhere that's beyond the skill set of most end user organizations especially those that are in a traditional perimeter architecture we are more important more indispensable to this opportunity than ever before

[00:41:07] the good news is there are technologies and there are solutions that can do this see I think the first challenge that you were that you were focused on where things go wrong is lack of standardization it's a question of we have one local facility where we designed the

[00:41:26] network we we we beta tested all of the components and devices we engineered all of these protocols and therefore we ought to know what's going on but then you put somebody in their house somebody

[00:41:38] in a coffee shop somebody in a hotel room someplace else and a thousand iterations in between there is zero standardization of architecture or even end point devices right we get to that network edge and wireless apes become an absolute schmorgasport just at the simplest level of

[00:42:00] architecture you know it's like somebody has one from the cable company somebody bought one at best by somebody else has one that their neighbor recommended who works in IT there's there's absolutely

[00:42:14] too much variety in this world so what we have to do is to adopt a philosophy of controlling what we can control and where an MSP might be keen to standardize some of their internal tools

[00:42:29] the way that we manage our clients environments right our PSARRMM are monitoring tools and all of the other technologies for cybersecurity we tend to standardize those things internally we need to impose that kind of philosophy on the endpoint to the degree that it's possible right

[00:42:48] we may find that for mobile people who it's not just remote work but it's many different locations of remote at various times there are things beyond your control so we we can standardize endpoint devices and VPNs and login credentials and MFA and all of that stuff right control

[00:43:09] what you can control and then admit that there are things beyond your control I think this might be the best justification for a zero trust philosophy that we will come across it's not just that

[00:43:24] it's a broad threat surface it's not just that it's a complex attack environment it is that we literally don't know the brand and the configuration and the patch status of a thousand pieces

[00:43:40] of physical hardware between us and our people and that's something that we just all have to an embrace therefore wherever we can control it we need to be in control of just everything is shut down denied by default then let's start to work on our internal approved environment

[00:44:02] and allow people in as is necessary to do our jobs you know in terms of modernizing solutions to accommodate the activity going on at the network edge one of the concepts that you hear bandied about a lot lately and it goes a little bit hand in hand with

[00:44:25] the zero trust principles that you were just talking about before and espousing is sassy and so you know and and that's a burgeoning concept that that also kind of goes along with the concept

[00:44:38] also of a software defined wide area network I'd be curious to hear your thoughts a little bit on how things are trending in the space if you're seeing the start to really prove itself as a

[00:44:57] viable methodology for helping to you know protect these as you said almost you know infinite networks that the where the perimeter is disappearing and and so what are your thoughts on sassy see I I absolutely buy the philosophy you know from the roots of the software defined world

[00:45:18] that is an opportunity to define a configuration irrespective of the environment right the whole virtualization concept allows us to say whatever platform I am running on whatever devices may be attached whatever other things I either can't control or literally don't even know about that's all fine

[00:45:38] because within the walls of my virtual environment I can control the data I can control the transit I can control access and the actual utilization of information resources right so I buy that philosophy

[00:45:54] and I think what you're seeing in the world right now tail of two cities right those organizations that have legit cyber capabilities or are partnered with an actual professional MSSP those environments are absolutely adopting that kind of technology it's it's not rocket science but it is

[00:46:14] it is advanced and it is effective this the other side of the street however either small businesses that don't have on staff resources or they don't pay for a professional service like an MSSP those that don't perceive the the mission critical nature of cybersecurity they're just

[00:46:36] still disappointing and disturbing numbers of white open networks out there in the world you know that we we chuckle all the time it's like come on just turn on MFA it's not that hard right and yes you

[00:46:47] do have to do a second step to to get into your email and every sales guy and CEO in the world just suck it up you're gonna have to do those kinds of things right it's not that hard

[00:46:58] it's simple technology that makes a major improvement I think that the network design philosophy in a virtual environment takes a little work to configure there is some administration going forward but I think it's not like the payback of effort to reward in this situation is it's a phenomenal

[00:47:19] return on investment I think what it does is it leads me like let's if you if you if you defined it as philosophies right originally we we secured devices and then we designed systems

[00:47:33] and then we've been moving lately to the concept of data centric cybersecurity I think the step that is correct in this work from anywhere world is human centric right like don't define me by my laptop on my smartphone and which directories I have access to and

[00:47:51] and what is normal acceptable behavior for when I log in and download things like I get that from a systems design point of view but humans have functional responsibilities and when technology prevents them from doing their job people find worker rounds and the last thing we need

[00:48:13] is to manufacture a new generation of remote workers who say yeah your cybersecurity controls are cute but I found my own way to get around all of that stuff and still be able to do my job right

[00:48:26] we all know there's certain jobs that can be done remote and certain that can't there are certain that should be done within the four walls and there's certain that it's totally okay

[00:48:36] to do them from wherever I think the pendulum is swinging in the direction of wherever we do finance work we do cyber security work we do R&D we we share like legitimate intellectual property assets

[00:48:53] from people in their living rooms in hotels and coffee shops everywhere when IT is a business prevention function and we make it so people can't do their jobs that's when people go rogue

[00:49:08] and leave us in the dust when we are there designed around the human when it's human centric and we know what their function is and what devices and what resources they need access to

[00:49:20] I think we can become an abler we are a business multiplying function not a prevention function and not only is that a more robust way to secure our environments but quite frankly it's way more

[00:49:35] popular in the non-technical world right your CFO your CEO your VP of sales who roll their eyes whenever the cyber guys walk in the room like oh here we go again we feel that we are not being taken seriously

[00:49:51] because we are the nag in the corner gone you guys aren't doing it correctly we can get on the same side of the table and we can make them more effective when we designate around the human in

[00:50:02] the role as opposed to the device the system and the data so I think that's going to be a philosophical shift for the industry but we're already seeing cool technology to enable human centric cyber

[00:50:15] security so I don't think it's I don't think it's fantasy land out there in the two three four year future I think it's here now we just need to explore the philosophy final question before

[00:50:26] we wrap Ryan which is that if you are an organization that is doing human identity based perimeter right basically going off of the philosophy as you just prevented it then to what extent doesn't

[00:50:41] matter at all what devices are being used as endpoints because we talked a little bit about the concept of you know we're seeing also more you know edge computing where more of the processing

[00:50:57] power that's taking place sometimes happens closer to the device in the core network so maybe then some ways makes the device more important but if you're otherwise doing this philosophy like you just said

[00:51:10] then maybe it still isn't so I'd be curious to just hear your thoughts on again if they if they kind of follow the the program as you just laid it out then does it really matter

[00:51:20] which or how many devices or how disparate the devices are that are being used. As long as they are functionally connectable and can pass data back and forth the device literally doesn't define the environment anymore and that's true again at the edge the end point as well

[00:51:39] as in the network protocol as well as in the network core in the data center right we grew up in a world of proprietary technology platforms whether it was operating system, application interfaces etc technology companies imposed proprietary boundaries my technology is only compatible with my

[00:52:02] technology once you buy one of my devices you are locked in for the future and you must buy all of my other devices that is absolutely ancient thinking and data is transferable I believe

[00:52:16] that when you get cybersecurity right from the human into the environment and around the data that is shared we can get to a world where you want to drive a PC I want to drive a Mac you want

[00:52:29] to use this phone somebody else uses that phone we have different wireless protocols we have different network protocols etc standards exist right like we we have an iEE function in the industry for a reason for transportability for compatibility it exists and I think that's another

[00:52:51] generational shift that is going to blow the minds of very many senior engineers in the cyber world right we were born and bred in a compatibility mindset everything's compatible with everything when it is hosted in the cloud and lives in a browser window and data formats are universally

[00:53:12] transferable and applications have APIs right everything can connect to everything which one do you want to use and by the way that that is not counter intuitive to my concept of standardization right I'm not saying standardize the device I'm saying standardize the platform protocols and that virtual

[00:53:34] software defined environment and then you can log in on whatever you can connect to a network that's fine right I don't think that's anywhere near the biggest problem that we have in cyber security

[00:53:47] anymore and it does free us to build some like like very heterogeneous environments that are driven by functional requirements or economic realities right like I don't need to buy the most expensive

[00:54:03] thing in the world just because everything in my data center and my network happens to be one color or another let's let's move into a world of let's use the best device for the specific human

[00:54:16] function and then connect it virtually on software I don't think that's a problem anymore all right that's our thought process on the work from anywhere world of cyber security what do you think

[00:54:30] we would love to get your thoughts and some some input so reach out to us on our email address cyber fore hire at cyberriskaline.com visit our show page drop in some comments we love to get that

[00:54:42] kind of interaction from the audience so let us know what your thoughts are right now we want to shift into our next segment which is our relationship management opportunity we get to be the human counselors that broker these relationships between MSPs and their clients we call this segment

[00:55:03] dear cyber fore hire we are focused on a real issue that absolutely exists out there in the world but we've anonymized the the names and the participants to protect the innocent so with that setup

[00:55:16] Bradley what do we need to know in the world of cyber relationships right now all right well I'll tell you Ryan because we are back with even more juicy MSSP melodrama and this one comes from

[00:55:28] the provider side of the relationship so fellas keep the music dear cyber fore hire enough already I've been trapped in a never-ending engagement with my partner to be and it seems as if they'll

[00:55:44] never be ready to take that next big step could it be my would be client is getting cold feet I'd hate to lose them after everything I've invested into making this relationship work our pre-sales engineering team has already spent many hours responding to the company's repeated requests for

[00:56:04] different solution packages configurations and pricing quotes yet we just can't get past the proposal stage at some point we need to set a date time to sign the dotted line impatiently yours perturbed by postponed prolonged and protracted perspective partnership in Pensacola

[00:56:28] Ryan what's a reasonable amount of work for a perspective client to ask if your sales and pre-sales engineering teams and at what point do you consider them a tire kicker and finally for those who may be

[00:56:41] are legitimately on the fence what's the best way to in-chim toward a commitment see this is this is a massive problem recent research that we've participated in looking at will call it activity based accounting right like your people in a service organization in the cybersecurity world

[00:57:00] what activities do they do how long do they take how many units can they complete right we worked up with an organization that was doing some research to get right down to the you know 15

[00:57:11] minute increment level of what do service professionals do with their time it was an interesting thing in terms of you know managing productivity and setting KPIs for productivity we can tie that back into the organizational efficiency right I think that's a very good idea one of the really

[00:57:31] interesting things that we learned through the side of that research was that the fastest growing category of time allocation in in a pre-sales post sales blended environment is is just reconfiguring and re-quoting right the customer comes back and says okay so I know I asked for this vendor

[00:57:51] now let's look at this vendor and I know I said I wanted this set of this stack of technology and this configuration and now I want to look at it a different way it is mind blowing how long it can

[00:58:05] take to just come up with a new configuration and quality God bless our friends and distribution in the industry who are trying to streamline that process and make it easier to create complex

[00:58:18] quotes and and configuration with all their with all their design tools and and such that's progress but I think it's less a technical problem and more a human problem that is imposed on the environment

[00:58:34] I think it is a question of getting we're trying to get to the altar too quickly before we have qualified whether this committed relationship is even interesting to the other party I believe it begins with the sales organization to qualify these deals and identify decision making authority

[00:58:56] and and precipitating events budget authorization and availability the fact that they actually have money political and organizational dynamics that lean into the momentum for making a decision we have to be much better disciplined about the question of sales qualification

[00:59:15] and then we have to be willing as an industry as individual organizations to actually believe in the value of our intellectual property and the work that we do your familiar with the idea in the legal industry right first consultation is free

[00:59:36] is the second consultation with a lawyer ever free no it's not now what's the difference between the work that a lawyer does and the work that a cybersecurity organization does in situation analysis in in design configuration the presales engineering the quoting

[00:59:56] what's the difference in our work and their work is it that they do stuff that's valuable and we don't no is it that they do things that are technically complicated and we do things that are simple

[01:00:09] no it is absolutely not that difference is the difference between they get to charge for presales activities and we do them for free is that just a self confidence question or is that just a

[01:00:25] well that's the way it's always been done around here so you know why rock to the boat kind of the question at an industry level I think it is an industry maturity factor lawyers have been around

[01:00:37] and they figured out a long time ago that if you don't force somebody to be serious and consider their financial commitments in this process if you don't force them to do that man they will

[01:00:51] eat your cycles for hours and days and just bleed you for free advice guess what customers of cybersecurity services and all other professional services are those exact same kinds of humans they will bleed you dry if you do not impose the structure of value and financial commitment

[01:01:13] into it now the pushback you know that I get every time I give that piece of advice to a services organization is well none of our competitors do it so how can we possibly get there you

[01:01:24] can't charge for presales work in the technology industry my answer to that is maybe you can't but it can be charged for it's a question of standardization it's a it's a question of packaging it's a question of the confidence with which we can present our expertise and our

[01:01:49] easy access to pre-designed and trusted solutions it's the opposite of it's a really hard situation we're going to bring our smartest people in here and we're going to figure it out and then you will buy something from us opposite engineering right we need to believe in the

[01:02:07] value that we bring to these relationships we need to impose a free consultation and then you're actually using the brain power of our expensive human beings so you don't just get free access to

[01:02:21] those people and then we need to admit that that might make tire kickers walk away and go to our competitors and you know what I would say in that situation thank you very much I would much

[01:02:32] rather have somebody who's going to believe me drive for free advice I'd rather have them walk away today then in six months after I finally gotten exhausted by those requests right I it begins with

[01:02:47] self belief what you do is valuable it's hard you went school for a lot of years to learn how to do a pre-design and an engineering config and a price quote on this technology if it's hard if it's

[01:03:01] valuable charge for it all right great advice as always Ryan another relationship saved hopefully our listeners have learned from this and don't make the same mistake and remember if you've been struggling with your managed security services relationship whether you're the user or the provider

[01:03:21] we want to hear from you so please write to us at cyber for hire at cyberriskliance.com and we might use your letter in a future episode in the meantime is any security practitioner

[01:03:32] can tell you there's no shortage of headlines filling up the cyber news feeds every single day so we wanted to highlight a few items that we curated just for you when this lightning round that we call

[01:03:43] the security detail and headline number one goes to U-Rion industrial security vendors are collaborating on a new Intel sharing initiative focused on critical infrastructure threats tell us more you know I think this is a very good example of how nature will find the way right remember that

[01:04:05] line from from the Jurassic Park movies life will find the way there's so many threat vectors so many attack surfaces so many technologies that it's it's very hard to create standards in this environment at least from the vendor side because the vendor wants to be universally compatible

[01:04:25] with everybody and they don't want to have configuration changes from one vertical to another so the industry is doing it themselves and I think this is a well-a critical infrastructure so it's really important but it's also a very good example of how even competitors can collaborate

[01:04:47] when we get down to things that are super important right so we're linking to an article from the folks over at cyber scoop and it's focused on a platform that's emerging called ethos which is the emerging threat open sharing environment and it's designed to eliminate the proprietary

[01:05:06] communications or information sharing boundaries that might exist and it is demonstrated to dramatically accelerate the awareness of and the response times two emerging threats in a critical security environment I think this is a great example many industries I'm thinking financial services health

[01:05:27] care etc could probably also learn some lessons here this is something that I think is a very positive development so let's encourage this this path of action and let's see if we can't get more industries to go this direction headline number two to you Bradley papercut servers exploited

[01:05:47] to download remote management software on the on victims networks what do we need to know all right well this ties back in pretty nicely actually to the big idea discussion that we just had Ryan because sometimes when you're trying to accommodate a remote workforce of the threat lies

[01:06:03] not always on the network edge but sometimes within the network core on let's say an application server so papercut for those who don't know is a popular cloud based print management software solution that allows employees to to to work from any device at any location and remotely print

[01:06:23] out a document at their company's home office researchers at trend micro initially discovered and reported two vulnerabilities which adversaries are now exploiting in unpatched internet exposed servers in order to compromise them with the unapproved RMM software now the latest research from

[01:06:40] Microsoft is attributed these attacks to a Russian actor linked with the club and lockbit ransom wears so as always get patching headline number three back to you Ryan Microsoft's edge browser is leaking the websites that users are visiting to its being search engine so in a world of

[01:07:01] artificial intelligence that is based on large language models that are trained on publicly available data this rises now from a that's an annoying thing that people know what's going on to mission critical status right so there is a function in the edge browser that is it's called

[01:07:23] follow creator and it's turned on by default call to action everybody that uses this or has it deployed anywhere in their operating environment please go ahead and turn that function off now I get what

[01:07:37] it was intended to do it's another one of these internet assumption protocols that says you know I can give you a better experience if I know where you go so that I can profile you and serve you

[01:07:48] up more relevant information and ads that's nice but when you tell the entire world where we go that creates a pattern that is that is available to be analyzed to expose competitive threats proprietary intellectual property threats and even some of the the mergers and acquisitions data

[01:08:11] that goes on in this world it's amazing how you can use this information for illicit purposes and it's just turned on and by the way now it's going to be part if it goes to being in an AI

[01:08:26] enabled world it's going to be part of everybody's large language model so chat GPT etc are going to have an opportunity to analyze you and then just spit it back out to the wide world in an automated

[01:08:41] fashion not cool that is something that we need to turn off so please let's so let's be paying attention to our browsers again next one headline number four for you Bradley Google authenticator

[01:08:54] unveils 2FA code sink with a catch what is the catch all our patience Ryan will get there we'll get it's been a long-awaited feature for this popular authentication application users can now ensure that there one time to a FA pass words are backed up to their Google

[01:09:14] accounts such that multiple devices are supported and this is important because if you lose the only device that holds the codes then it can be very difficult to gain access to your two FA protected

[01:09:23] accounts as a journalist who once or twice in the past has had trouble gaining access to my authentication app protected content management system to file a story because by phone with the one-time codes went dead for example i can understand that pain in the convenience that sinking

[01:09:39] brings to the table however we mentioned there's a catch right so bleeping computer reported that researchers at miss warned against leveraging the new feature because the secrets are not end-to-end encrypted while being uploaded to Google servers which means Google can see the

[01:09:56] if there's a breach or a leak caused by an employee then that information could fall into the wrong hands now Google for its part said that it plans to also roll out ea and

[01:10:06] to end encryption for this feature the company says they've been cautious so far about doing so because if you lose your key in password you could get locked out without a lot of viable options

[01:10:17] so then go back and access it so when the time comes perhaps they'll end up being a choice that companies and users will have to make enhance their Google authenticator protections that the risk of

[01:10:27] being locked out if something happens and they lose the key or it continue to live without the sink feature and so that finally Ryan takes us to drum roll please our irrelevant news item

[01:10:42] of the week this is a real news pitch that Ryan or I have received in our inboxes for reasons that are entirely inexplicable to us are you ready Ryan always ready for these all right well here

[01:10:55] goes hi Bradley a new report asked Americans what they really prefer when it comes to renting a vacation property along with their good and not so good experiences for instance one in four Americans have actually found a camera in their vacation rentals it is additionally 74% believe

[01:11:17] it is unfair for hosts to ask guests to clean before leaving and 69% of respondents are less likely to rent a property if a host has strict rules now as usual I have some thoughts here and

[01:11:30] I want to hear yours too Ryan first of all there is of course a lesson here about privacy I guess went in doubt assume there may be a camera on you when you're staying in someone's home

[01:11:40] too if you make a big mess my opinion you should be cleaning it up the cleaning fee they're charging is for standard cleaning okay not for like you leaving a trail of orange cheese doodle

[01:11:52] crumbs and figure prints all over the couch Ryan do you have thoughts on any of this have you ever had any weird or unsettling experiences staying in a vacation rental home where any strange rules or restrictions or unpleasant discoveries see as a person who travels a lot

[01:12:13] and stays in very many destinations I'm a big fan of the vacation rental philosophy that sharing economy and the technology that underlies it I think is a brilliant advancement for human

[01:12:26] kind I think it's great I also happen to be like you know lifetime platinum level in a couple of different hotel branded environment programs and and I can tell you that it's often

[01:12:38] just a question of a better lived experience right sometimes it's nice to stay in a hotel but other times it's nice to have a kitchen and it's nice to kind of be in a home and not just

[01:12:50] in the corporate neighborhoods that are constructed around a lot of these destination downtown right so I'm a big advocate of this but I'm also a zero tolerance person for shenanigans like putting cameras inside the rental property I understand that it has been explained that some people

[01:13:08] do this because well you know we don't want to see any damage you want to monitor for parties and and we want to be able to you know have a paper trail if you will a digital record of bad

[01:13:18] behavior if things get damaged and stand your rationalization find a different way cameras inside a rental property not cool and something that will actually get you sued in many jurisdictions so don't do that I will say to your point however I've had some funky experiences

[01:13:39] in rental properties in any of some in the domestic environment some internationally stuff goes on out there and you know when you go to a branded hotel same towels same shampoo same bed linens

[01:13:53] you know consistency can be a good thing sometimes it's the surprises that make vacation properties really fun sometimes surprises with critters or resident pets for example or you know things that are not maybe a sanitary as you wish that they might have been I have had some

[01:14:14] experiences and I have learned we refer to the phenomenon as lying with photography that's amazing how well where the camera and some digital editing you can make just about any environment look

[01:14:28] homie and inviting yeah more bigger consumer or like bigger you know like the pool that looks like this amazing lagoon is actually just a tiny little you know concrete trench yeah you know the bear with photography that's not nice and host needs to stop that stuff but

[01:14:49] I do still think that it is a burgeoning part of the human experience I think that you know large corporations have been telling us what is acceptable for hospitality for a lot of years

[01:15:03] and most of us are not quite thousand percent satisfied with that stuff right let's let's bring that back to the masses let's crowdsource the concept of hospitality I believe that will lead to much better experiences than what we are allowed to have in a corporate hotel all right

[01:15:22] no weird experiences of mine that I can think of at least off the top of my head although I do sometimes wonder when you go to one of those vacation homes and they say you have access to everything

[01:15:32] except this room did not go in this room which always makes me think okay well that's where the bodies are stuffed or you know if not maybe quite that extreme you know it's probably a room

[01:15:43] filled like florida stealing ceiling with like stuff that they didn't know what to do with and if I open the door I'm going to be like buried in the avalanche of jumps it's just going to come yes you know

[01:15:54] jump without a home for spare paper towels and hands so right like that but you know human nature right you you put a lock on a door and say don't go in there now I want to go back like that's just

[01:16:06] that's just the nature of humans so let's let's be careful and be let's be polite to the owner in the host and not snooping their stuff but that's where you want to that's right it's like telling

[01:16:17] malicious hacker you know you can't go in there but just speaking of vacation rentals it's time for us to check out Ryan because we've run out of time but don't worry we'll be back again for episode

[01:16:29] number 20 meanwhile feel free to check out even more cybersecurity podcast content on the S.C. media MSS P alert and channel E to E websites until next time I'm Bradley Barth

[01:16:41] and I am Ryan Morris and we again would love to hear from you guys to keep this conversation going so send us your comments your questions your thoughts on what we got right and other ideas we didn't get

[01:16:53] you can reach us at cyber core hire at cyberriscalines.com and our show page and then we will keep this conversation going on the next episode of cyber core hire your inside source or cyber outsourcing