In this episode of Ransomware Rewind:
iphone & BYOD best practices for businesses for cybersecurity, Crypto meme coin rug pulls, cloud security mistakes, legacy software vulnerabilities, and more.
Dave Tuckman from Fr Secure joins us to discuss everything from digital currencies, including the infamous "Hawk Tuah Girl" meme coin, to the evolving landscape of cloud security. We also chat about some wild predictions—like the possibility of time travel using quantum computing...
Tune in for fascinating insights, fun tangents, and expert analysis on cybersecurity and beyond. Topics Covered:
- Smartphone and Cloud Security
- The rise and fall of meme coins: "Hawk Tuah Girl"
- How meme coins are impacting the crypto world
- Predictions for the future of tech (including time travel!)
Make sure to subscribe and never miss an episode of the Ransomware Rewind Podcast!
Follow us on LinkedIn for daily tech and cybersecurity insights:
Get a hold of Joe for Cybersecurity Insurance
https://www.linkedin.com/in/joeerle/
Get a hold of Mike for Cloud Security and Management Solutions https://www.linkedin.com/in/mikedowdy/
Dave Tuckman for IT consulting and strategy and IR services
https://www.linkedin.com/in/davetuckman/
Take advantage of FR Secure's free resources here:
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
the hawk to a girl
I was just gonna go there
you know yeah still my thunder
she have a meme does she have a meme coin now or something
oh yeah
I love I love Elon I love Spacex
I love The Boring Company
I don't think it's boring
(00:20):
and we all bow to our AI overlord
welcome to the Ransomware Rewind podcast
hi and welcome to the Ransomware Rewind podcast
we're here with Dave Tuckman from Fr Secured
he has over 30 years of high t experience
(00:43):
he is a excellent strategist and also a bit of a philosopher
I think you'll find out later
we go on a different a bunch of different tangents
but I think you'll love the show
if you're into
Netflix documentaries there's one that's on right now
it's called the biggest Heist
(01:03):
it's about the bit Phoenix hack back in 2016
where they stole 120,000 bitcoin
oh I gotta watch that
I'm not familiar with that one
so it was worth 71 million at the time
now it's worth you know 12 billion right right
(01:25):
um do they know who has it or
yeah they were able to um
catch the people in 2022 and
and they were able to find the keys to the
to a bunch of the wallets
and they were able to get 3.86 billion worth of Bitcoin back
(01:46):
at the time
so at the time was worth 4.5 billion when they caught the guys
so they got about 75% of it yeah
bad wow man
and it's just I mean I guess it's not monopoly money
but it's fat
the hawk to a girl
(02:07):
I was just gonna go there
you know yeah still my thunder
she have a mean does she have a meme coin now or something
oh yeah
yeah yeah
I basically there's so much
white noise in our industry that you'll just catch headlines
and so I'll read that article
(02:28):
but then you miss the others yeah
she came up with a um uh digital currency is that what we call it
it's a meme coin but like he had all her homies get together
cause she has an audience and they said hey
we're gonna create this meme coin and then she went out there and said
hey if you're a fan of hot to E girl
(02:48):
you need to buy my meme coin
and then she checked the price up
and she had fees of $15 that you had to buy
I mean who paid
but they paid the fees that's how they made their money
so she ran it up
and then when she got to the point where she was around 4 million
where her that's her net profit
her team and the legal councils like oh
(03:11):
that went to her team well who's the team
it's hot to e girl and her homies about five guys
so they run pulled it and now the hot to e coin is not worth anything
and
she rug pulled her own pants she rug pulled her own pants wow
yeah
yeah yeah yeah yeah
just
just and and I didn't even know it was happening until it was like oh
(03:34):
and then it was just like
within this like three or four day period that just
did that whole pump and dump
no that's what I'm a big fan of regulation
I think the SEC should start getting involved
there was another article where a teenager
created some coin did you hear about this one
(03:55):
yeah that was awesome yeah
I'm on video flipping everyone off as he rug pulled them yeah
well and then he went downstairs and told his parents
I think I just made like $50,000 and there were like
well what were you talking about and everything
and they were very dismissive yeah
of of what he was saying just you know
(04:17):
as a teenager kind of and
and what made it start to validate
was when people started calling to complain
when they're getting death threats to their house yeah
and then it was okay
let's bring our son back down and tell us what happened
it's time to apologize to everybody yeah
(04:38):
yeah yeah
so you're gonna take all this vapors value supposedly find it again
but I think that they people that
the community that held the coin kind of got the last laugh on that
cause um they kind of relented and bought up the coin even more
raised the value even even more and his 50,000 yeah
(05:00):
yeah would have uh given him 3 million yeah
if you would have held on to it okay
so they
they kind of like we're able to rally and get the coin up again
whatever coin it was called community yeah
yeah I don't remember what
there's just like so many of them that it falls outside my
(05:24):
random access memory do you guys have any points
I don't know I do not
I have Doge Doge is Doge is doing good right now okay
good has absolutely no value
I mean it's like forty five cents per point
but when and um yuan got elected to whatever he was elected to
to the Doge committee I was like oh
(05:44):
I'm gonna buy some Doge a total it's like 100 bucks or something
long time the point by my dogecoin haha wow
yeah hang on to it for four years once it becomes the official
campaigning yeah
for the next election in about three years
(06:04):
and they they mine like about 1 million coins a day
so I don't think it'll ever be worth anything
what's with 45 cents now yes
it was worth like point three cents
that's true so it's
it's got a lot of value to it
that's true uh
when when it uh
becomes the official uh money for Mars
that's when you wanna yeah
(06:26):
that's that's good yeah
yeah yeah
official emotion currency yes
I mean even if he made it the official currency
of Twitter that would be huge
damn it
yeah that's fucking brilliant
so how many that's what you would do
how many of you guys been doing the podcast about seven episodes or so
(06:49):
around five months okay yeah
just imagine if you guys started this
this time last year and would have asked yourself hey
fast forward 12 months
and we're gonna talk about the hot to a Girls Mean Coin yeah
you know UFOs and yeah yeah
(07:10):
things have gotten a little bit dicey
yeah it just yeah
a little bit dystopian
yeah yeah
without even getting into the election
on whichever side of the fence you're on
you know yeah
I'm on Elon side
okay yeah
Elon Joe Rogan
yeah you guys ever want to be guests on the podcast
(07:32):
we're here for you that's right
I know that's yeah
you can have this
I love I love Elon I love Spacex
I love The Boring Company
I don't think it's boring
and we all bow to our AI overlord
just to have that as a recording yes
(07:54):
they will be transcribing this
they know what we're talking about
that's funny
but yeah just so point being if you think about
what the topics are now versus 12 months ago
and trying to project what they like
(08:15):
if you guys want we could try and make our predictions
of what we'd be talking about this time next year oh
that's fun yeah
let's do it like that like what the Simpsons do
they've got a few things right right yeah
they got pretty much everything right Trump coming down the escalator
(08:37):
unreal right
unreal I don't remember that one yeah
let's look it up uh they go way before the election by the way
there's Trump before he even like this is like 2008 or something
before he even like went on Oprah to talk about politics
he was coming down this escalator running for president
(08:59):
and like he dropped a piece of paper or something
and it went like flying down and like the exact same thing happened um
like even even like the falling paper it was unreal oh wow
it was almost like that pressing it yeah
like the same
like the same angle and everything it was it was really unreal
here's what I think we'll be talking about next December
(09:22):
is time travel becomes real
now
do you wanna
elaborate on why you picked that
or cause physicists say that it doesn't defy the laws of physics
and I it's way over my head
(09:42):
but like if you look at quantum computing
how 0 and 1 can be a 0 and 1 at the same time
we'll think of that means anything pretty much be at the same time
and I just think that we're getting so advanced that it could be
reach a certain point where we could say okay
we're gonna go back six months because it's not linear hmm
(10:05):
like quantum level it's not on linear level and again
way over my head sure
but I think the brainiacs will figure out a way to time travel
so you think time travel through quantum entanglement
yes
okay um
that's a good way to go into quantum computing
isn't that isn't that how quantum computing works
(10:26):
yes
and I heard that once quantum computers come online
our whole encryption oh wait
everything that we encrypt now will be very easy yeah crap
yeah yeah
it's not necessarily my prediction uh
uh for a year from now
what we talked about but you
(10:48):
your point being if you look at where AI is
quantum computing and some other things
society is so unready
for what's coming and we haven't even talked about the UFOs yet
(11:11):
no but
but but seriously if you think about
just even looking at like
like I'll try and look at things from based on a trajectory
where was it two years ago
a year ago so we're gonna be two years from now
and if you look at deep fakes
(11:33):
you know whether it's video audio
everything we're seeing that can be used by an adversary in some way
um it's where we're at today
it's in its infancy and
you know all
even when I'm doing what I'm doing
and you brought set very similar to what you do
(11:55):
you know look at the clients we try and serve and we're will sometimes
you know really work to just help them
get things foundationally organized and and
and that can be a heavy lift
and you try and explain to them that we don't have time to do this
(12:17):
slowly I
I get it if budgets don't exist and
and there's other resource limitations
but you need to be aware of what's around the corner
and the better you understand that
the more you'll get what you have today
and if you don't yeah you know
(12:39):
it's you know I hate to be that guy
but bad things gonna happen you know
yeah I mean
that sounds like it's like
surprised
how many people are just running end of life operating systems
not even just on premise but in data centers
and it's like I can tell you the absolute certainty
certainly you're running Windows 2008
you were compromised and they'll swear up and down they're not
(13:02):
and I'm finding accountants
attorneys people in medical industry and just like no
you know I'll run Barracuda if there was anything wrong
Barracuda would tell me that it's like no
it's you tell you
if you're running an end of life OS on your server is compromised
and it's gonna get really ugly as time goes on
(13:22):
cause they're gonna it's
it's like a Trojan horse they've got all your data yeah
they're just gonna hold it ramps and when it asserts their needs
it's really sophisticated now
how often you see that
at least 3 times a week how about you Dave
do you see it compromises uh no uh legacy software oh um
(13:42):
well when we help client
the first thing we'll do is an assessment
just to kind of quantify where they're at
get everybody on the same page or apples to apples
and pretty much every assessment is gonna come back with something
that's end of life you know going into that um
going into that
(14:03):
I think we should do a quick like what we do break yeah
I um do you wanna start Dave
just tell us about fr secure and what you guys do for customers
yeah sure sure
um yeah
I the company is effort secure uh
it's out of a dyna Minnesota uh
been around since I believe 2008
(14:25):
I've started I'm coming up on two years there
Effort Secure focuses on three things that fall
under the umbrella of information security
it's really three deliverable departments
one is think Red Team will do pen testing
scanning vulnerability testing all that kind of stuff um
(14:49):
next department is Blue Team Incident Response
we will work with clients that will support
our clients
will work with insurance companies to hopefully be on record
so if a client gets impacted
were there and we can jump into to assist
(15:12):
and then the third department is consulting
I am will do risk assessments VC so type of stuff and
and that's what I said I get the opportunity to sit as a
the role as information security consultant
and at that point you're doing a lot of strategy right
yes yeah
it's uh uh were vendor and kind of industry agnostic uh
(15:39):
what what
what makes the company special is
the mission is to fix a broken industry
and it is mission over money so um
we do need to make enough to keep your doors open but um
but when I get to work with a client
we can kind of say leave all of that at the door
(16:01):
let's talk about where you're at where
what what is our definition of success
and and that answer can be as unique as each client
because maybe it was some
I think the statistic is
four out of five organizations will do security
(16:23):
because they have to
so you got that one
that one that says I just want to do the right thing
I care that's what my driver is and
but then you get other ones and you're seeing more regulations
you know whether it's CMC's you know the new
(16:45):
four letter word that begins with the C yeah
2.0 right uh
but yeah you know everybody thought we'll deal with it when it
materializes and and it has materialized right October 15th right
um something like that yeah
yeah cause I think it's next week the final review window closes on it
(17:11):
but it's been written into contracts so and
and and
and the DOD was smart enough
or insightful enough to start putting in a contract earlier saying
you will be bound by this and
and you have God I'm gonna butcher the numbers
but it there there's tens of thousands of
(17:33):
organizations that fall under the defense industrial base
is a primers a sub and
and they're all being held on it so now as this is rolling out
there aren't enough auditors to to you
you have companies that are trying to be ready
(17:55):
and the estimation is 12
24 months to get things ready and you've got people going
what we needed three months and you
and you don't even have enough auditors out there
to support the ones that say that they are ready
but you've got that
if you look at what the SEC came out saying last year um
(18:16):
there's just regulatory stuff everywhere some is gonna turn
so that's where a lot of the strategy comes in
gotcha you know um
and yeah so it is strategy and um woo woo
business and technical strategy you know yeah
(18:37):
it's all all related you know cyber risk is enterprise risk yeah
true yeah yeah yeah
so that's what I do that's where I do it
yeah awesome who are you
just just to give some 30 here
I've worked for Dave for years when I was running data centers
(18:58):
and Dave would be in the data center
like 3 o'clock in the morning
to make sure that there was integrity in the data
moving data from a sand over to the nether sand
so really I didn't know you guys work together
oh well no
I I worked at carrying at
Dave worked at another place
and then he would stay up late at night making sure
like doing migrations and so forth oh
(19:19):
rather than just saying peace out
he was definitely there for every step of the process
so he he's saying he worked for me cause I was the customer yeah
gotcha we collaborated on a lot of stuff we did I got it
yeah
I've seen your data yeah
(19:40):
that may be what ties all three of us
now I'm at rapid scale and a rapid scale
our mission is to move all the tech uncertainty
all the tech overwhelm out of the business
a lot of MSP and it stabs they can't keep up with the scope cream
(20:02):
they get the blame for everything
so what we do is move from on premise into the cloud that we
managing the cloud we also work on the security side
but not to the level that Dave does for example
Dave could work with like DLD
that's kind of stuff we're not gonna touch um
we're more focused on uh midmarket enterprise um
(20:26):
our concern is keeping the data secure
keeping it in compliance with um
ISO compliance and then
our whole goal is just to take all the tech overwhelm
out of the business so that the engineers can focus on innovation
cause a lot of times engineers
even though it's like a high level DBA
they're getting paid really well
(20:47):
but they show up to work and get tickets all day
and they're doing tech support
despite the fact that it's a DBA with a master's degree in CS
so that's our main focus
is just have them offload everything over to us
as far as management security
the infrastructure sir you kind of like an MSSP
yes in that capacity exactly okay
(21:09):
are you guys doing cloud migrations stuff like that
we're doing cloud migrations um
what's the why would you do a cloud migration
it depends on your situation
but the reason why you do a cloud migration
especially here in California
cause 1 you pay for what you use in the cloud and 2
the cost electricity is so expensive here
(21:29):
like let's say you have like a Toko files here with a few servers
that thing could run you $800 a month in electricity
especially if they're older servers running the saddle drives
so that's the number one thing is the cost
the other one is there's a lot of applications where this
the API is specific to the cloud
especially with AWS and Google
(21:51):
so that you don't have to have anything on premise
you don't have to manage anything
and the developers can just push up to the cloud
so those are the main reasons and the clouds not for everyone
you know let's take that out
but the majority of people that are saying enterprise
midmarket
people that are not have something where it's heavy GPU usage
that's why video went up you just can't throw
(22:13):
it up into the cloud
because the physical layer of the connection from here to there
that alone kind of breaks it
but the main reason is
cause the cost and compliance on the compliance site
they'll just say hey here's the audits from AWS
so the persons have to deal with them
cause if it's on premise or in the data center
you're gonna have to deal with it
(22:33):
yeah a lot of times you'll have become an organization
I mean there's supposed to be a technology refresh
in some capacity on some sort of cadence
and what we saw in similar to you are the clients we serve
(22:53):
or what we call small to mid size
we don't get in enterprise
so it can be if you look at it from a head count
anywhere from 50 to 25 people kind of a thing
but that's where our that's our happy place
but show you what would ended up happening
or at least what we were seeing a lot of um
(23:14):
and this is even back when I had well
after you after you and I were together
but before I went to F R Secure is
if that technology refresh would have happened during the pandemic
so many things were budgets were cut things were being done
(23:39):
it was really keep the doors open in so many ways
so you kind of came out of that pandemic where
let's say it's every three years or every five
or whatever you
you you now would have those that were further behind
and while at the same time
you got that next wave where they're hitting their window
(24:00):
and during the pandemic what you can do in the cloud now
just the functionality grew exponentially
especially in what Microsoft made available um
so you would then say okay
now if we're gonna do this technology refresh
it was a little different
(24:20):
comparing what we would do with a legacy mindset of having it on site
versus being able to migrate to the cloud and
and to your point you could transfer a lot
not all but a respectable amount of responsibility to that other
to the cloud provider and not have to absorb the hardware
(24:43):
infrastructure cost that would go into total cost of ownership
and it made that so in that smaller organization
it became more of a no brainer
it it
more of a no brainer
and the ability to support a more distributed workforce
(25:05):
gotcha than it had been yeah
what about you Joe
uh what about me
well you're not just rule the world doing these pod yeah
I just make videos for a living
besides you know
(25:25):
making videos for LinkedIn
I don't know yeah
I'm in cyber insurance I run the cyber insurance department here at C3
Risk and insurance in San Diego California
um we take a strategic approach
we're also uh
insurance company agnostic
uh we
we have a seven step proven process we take people through uh
(25:47):
we try to answer the question how much insurance do you actually need
which is kind of hard to quantify
and we look at the different risks
of the business in order to match them to the right company
and coverages
that's it that's pretty important well
he does a great job yeah too
he's being incredibly modest um yeah
(26:10):
and it just suggesting like
I think a touch on is like how important cyber insurance is
because what are you gonna do when you do have to pay the Ransom
and what are you gonna do after the fact
cause people don't really think about it but it's really easy to okay
I'm gonna take a step back almost every company is not its assets
(26:34):
it's its data especially now that we know with finance and everything
almost every company is that way
even if it's
let's say you own a company that's made up of electricians
you have your database of customers
you have payroll if someone grabs that database and holds it Ransom
you're out of business yeah
and I think a lot of people don't understand how
important cyber insurance is
(26:55):
that's my two cents well
it's interesting to see how much your industries evolved yeah
over the last few years you know
and I think when it first came out
you know there was that oh
well if I have insurance I can transfer everything
transfer the risk over you know
(27:16):
and and and the security questionnaire was like five yeah
right you know yeah
okay
got your name and you know your address and if I got a firewall yeah
I mean analogy to that is like
just because you have auto insurance doesn't mean you
you shouldn't drive like unsafely right
exactly exactly yeah but
(27:37):
but in your industry
has actually matured to the point that some scanning will take place
to monitor how you are driving
you know and and have it in there that you know
if you're driving that bad poorly
you know yeah it doesn't care if you have a policy
(28:01):
you know that liability falls back on you yeah
it and and I was supporting a client that had an insurance
policy renewal questionnaire from the underwriter
and it was 280 questions what yeah yeah
(28:26):
it was literally almost the equivalent of doing a risk assessment
for what detail it got into
and everything
Dang yeah
yeah yeah yeah
it was kind of you know bit of an eye opener because again
if you take stuff like that like I said I mentally
(28:49):
live in through trajectories
so if you see where that was two years ago well
three years ago today
we're we're in candy telling you maybe time traveling in December well
I don't have any 280 question applications so don't worry
because they were like can we go through it together
(29:10):
it's gonna take a few hours yeah
I charge by the hour so okay
um yeah
it's uh
it's interesting how cyber insurance has changed in the last 2 years
cause you were talking about the pandemic
yeah there was a lot of cloud infrastructure that was developed
(29:31):
but also
the hackers pretty much doubled the amount of money that they made
yeah
there was not just a blip of like 20% more hacking
yeah it was exponential because I think it I mean
I mean the adversaries and the hackers
(29:56):
knew how unprepared organizations were
and you know
I that's the challenge with security is it's
there's a well
even like you were talking about earlier
you know you take somebody's virtual environment
and it's had so much sprawl that you don't have an accurate inventory
(30:19):
how do you protect that
people don't even know what they have
a lot of companies will go in there silly
most companies where you have like 50 or more people
they don't realize they have BM sitting out there
that they're paying for every month
that no one's accessing and that the bad guys will look at that like
okay great
I can get rid of access to this BM and it's to die point is yeah
(30:43):
it's we run a toll called RV Tools just to do inventory
every time we do that people go
oh shit I didn't know I had all these Vms like yeah
you're paying for him every month
and what happens is developers will spin up DMs
forget all about them and just leave them out yeah
all the time yeah
we have a ransomware hack that came in through a Amazon Web Services
(31:07):
demo server
or demo um hmm
or you call it what do you call it
probably that just a demo
yeah
and they just never closed it just a temporary
you know instance
uh huh yeah
yeah you'll see that and like what we'll see a lot of is
(31:29):
okay so like if you go to the cloud
there's a good opportunity to inventory and audit what you have and
and build it
kind of get a fresher start on things
so we'll work with a client that has some legacy servers
(31:51):
and you're gonna have go back
let's say the server's been in place
6
7 years
the guy that ran it's probably not there anymore
and the culture back then was I got to create a service account
I got to create a user account that marketing's asking for
(32:13):
let me just give it enough permission
so I know marketing is gonna leave me alone and it'll work
but there never was that perspective of over
promising that account and they all named the same thing right
admin and password
(32:34):
they all had the same name
so you didn't know like which where was anything
you know and yeah
they all had like default passwords
god damn it let's go with the default I've been password yeah
just get this damn thing going well hey
I got 30 tickets after this yeah
you know
and in some places like talking about Evans Bees earlier you know
(32:57):
one of the metrics is how many tickets time per ticket
things like that you know
that inevitably can cause someone to lose perspective
you know for where we're coming from sure
cause they get rewarded by how many tickets they close yeah
the incentives are misaligned with the mission yeah
(33:20):
so that's let me say I had time travel for we were talking about this
yeah December
I think um the hats with AI are gonna get more sophisticated
not really from a technical perspective
but with AI phones
could you take like a think about you had thousands of phone numbers
so you had thousands of phone numbers calling people
(33:40):
that authentic voice you always have this voice of authoritarian okay
give me my username and password and that they're calling like
I don't know secretaries office assistance everybody
everybody yeah a lot of people
will just give you the info to get you off the damn phone
and I see the AI
is gonna be using hacking for social engineering more than anything
(34:03):
yeah cause sure we always talk about heart that
you know that the hard stuff
like there's Inpoint security
there's you know
you can set up this really complicated system with fortegate
with all these different inpoints
but if that person picks up a phone says oh
Joe's username and password is this
and cause they think they're talking to Joe
(34:25):
and Joe's gonna be presenting real soon
guarantee they're gonna get through
so that that was the second predictions
AI is gonna be doing social engineering more than ever
I had a statistic 1,265% increase in fishing emails after um
Chat CBT launched wow
(34:46):
yeah wow just from the capabilities that Chat GPT empowered yes
and with yeah
yeah yeah yeah
you know I mean it's the whole AI thing like right now
a majority of the clients we support are really were say scrambling
(35:12):
but we're in that state of general raising awareness and education
simply by what goes into the acceptable use policy
just that awareness that what you put into that LLM
(35:35):
you're feeding it and and if you
will pick on marketing you know if you're not agnostic or
generic and what your questions are and stuff like that
you're feeding that that that's why
(35:57):
did you guys see the news article where Google's Gemini
told someone to go kill itself
yeah yeah
I forget what LED them to it
but they were just kind of asking questions
it was like the hell have got tired of them it just started saying
(36:20):
look if you're asking this
you have no value you should be doing something else you know
you might as well just go off yourself the person's kind of like
that was that was rough
yeah is there liability there for the AI
if that person actually killed himself
and that's that's a liability on the AI company
(36:43):
well and and
and there you go where nobody's thinking about those things you know
human natureism trying to do this
I'm already under pressure short on time and stuff I'm just you know
and I don't share with you guys it was funny I had to
(37:05):
I did a presentation on APIs just for the consulting team at work
and that's a neat rabbit hole to go down to
if you want to talk about how one
prepared organizations are and ignorant what's going on
but statistically 83% of internet traffic flows through an API
(37:30):
hmm any client out there
you got developers that just say
we need to make these two platforms communicate
but no one's checking the data
no one's doing so I literally to put my presentation together
cause I was time challenged
I use co pilot so I put in
you know what explain to me what is an API and what does it do
(37:55):
the person from India
it was a joke yeah
no no
it didn't sorry
um
and it came back with like a real technical answer
hmm this platform
you have this platform
it is the coding technology that allows us to communicate blah blah
(38:18):
blah and I looked at and I said
this is it's not wrong
but I can't
if I say this in front of everybody
I'm not adding value yeah I'm just
talking white noise to people
I said please explain it to me like I'm a CEO
(38:42):
hmm that's good
the difference was it said sure
and it came back and and yeah
it made it much simpler
but it also suddenly did it in terms of value to the business
(39:02):
for that it just
it flat out said okay
here's an example you have your phone
you just got a new phone you
I don't do you know how many apps you have on that phone
okay
whatever the number is but there's one app will be weather
(39:22):
and that app uses an API to pull in that data
now
if you have an app that you downloaded to play solitaire or something
you know you can be pulling it stuff
but it may have an API to pulls its ads
you know it because you wanted the free app
(39:43):
so you there's like a certain number and I forget what it is
but on average every app has X number of APIs say it's three
so if you got 50 apps
that thing's running statistically on average
150 APIs out through that
(40:05):
now I don't know if that's a company owned device
or if it's a personally owned one
but if it's a personally owned one
and it has access to the corporate network
you and it's
doesn't have an agent
or it's not hardened to the standard the C3 wants um
you now have something that can connect to the corporate network with
(40:32):
that isn't to that known acknowledge standard that the company has um
and it's it's accessing it with 150 APIs
I don't know how many agents or people you have here
say it's thirty say take that multiply one 50 * 30
(40:55):
that's what's get that's what has access to the network
and if one of those APIs gets compromised
that that's an attack vector
and that's where I kind of sound like that guy
but it is where organizations just don't know right
and they don't think about it when you think of bring your own device
(41:17):
you're thinking laptops
but the phones are just as much computers well
it was easier to draw the line on laptops like
like when the pandemic hit companies didn't have laptops
for everybody it was just we just need you to work from home yeah
so we can keep the doors open so you have whether it was a laptop
(41:38):
a desktop whatever but it was something that was running a
PC based operating system that has those sort of
benefits and vulnerabilities um
if you take and at that point
(41:59):
because companies were scrambling to
maybe provision laptops in that way
and figure out how we're gonna set all of that up
all mobile devices were just deal with that next yeah
you know
I got this crap to deal with now and and so it never went away
but you just run into that and and and
(42:22):
and I do think this is not a prediction
but I do think you're gonna start to see
cyber insurance policies starting to look at ways like that
hmm and so yeah it's it's interesting so how would a company keep uh
(42:43):
somebody's personal cell phone um from affecting the network
like how do you harden it
like what what do you do
you put like a antivirus on it or a VPN or yeah
well there's there's a handful of things that you can do um
I mean ideally
if you can provide the device
(43:03):
then you can harden it to whatever you want
cause it's company property yeah
um if
if you're gonna allow those
then you dance that line of saying
you can access the network if you agree to these conditions
(43:23):
and that has to go into the acceptable use policy
so you so it has some tea through HR and what not
and then what you can do is you can say it should have antivi
anti malware on it um
uh you can limit what it has access to um
if it if it's company on device
(43:46):
normally it'll be what they call MDMP like mobile
device management um
the next step is where you can do m a m
which is mobile application management so it's basically saying
if I'm C3 I will give you let's say you guys use Microsoft yeah
I do okay so we can create an encapsulated space on your phone where
(44:13):
you have to use outlook for email
and maybe if you guys use teams and anything like that yeah
so I have the team app and I have the Microsoft app yeah
you would put those under
management of the mobile application management
so if something happens to the device or the individual
(44:33):
you know when you win the lottery so I'm out of here um
that now you at least have control over the access to that data
being able to do a remote wipe
just remove that and there's a whole end and you just
if you don't have executive leadership saying
(44:55):
this is how it's gonna be
you're just you you you got you
you're just gonna have a mutiny because HR can't enforce it and
and it just goes sideways cause it's gonna be well
I it's my phone
you can't put anything on it and and so you either say look
(45:17):
then we're just not going to do it
I've got one client we're talking through this
so it's earlier this week is it's Friday days blur together
but the angle that that company found to justify okay
we did an assessment with them
and I had the exact same conversation with them
(45:39):
that I just had with you guys
and I said so at the end of the day
somebody owns that risk I don't
it ain't me
yeah you told them about it
that's where it stops for you
somebody owns it and it's not it
it's somebody higher up the ladder
that makes the executive decision
(46:01):
on what the company's position on this is gonna be
so what we ended up putting together is the narrative
to communicate it to executive leadership
so they could make the decisions that they deem appropriate
was that anybody that was using their own personal device
was getting a monthly statement from the company
(46:24):
oh yeah
we do that it's a cellphone step in yeah yeah
it's very common yeah
but but that becomes a potential way of saying
because we give you this
we have not only do we have a vested interest in the company
its data the Protection of its data
so you still have a job um
(46:45):
but that were supporting the
were find were collaboratively
financially supporting the use of that device
gotcha you know
I think the reason we did it was for HR reasons
because if people are using their phones for work
then we have to pay them for a part of it
(47:08):
or else we can be in trouble with like
yeah like we're law yeah
but I didn't think about it and a security way because yeah
you're paying part of the use of the phone is for company use
so the company should be able to
takes a reasonable amount of security and
(47:30):
to protect the company's data yeah
well and and it puts leadership in a position like I said
somebody owns this so it ends up putting leadership saying
I need you to understand these things
because we can at least quantify how many devices are there
how many people are there um
what is the amount of the stipend
(47:51):
what is the total cost of ownership for that stipend
what would that compare to if you were to say
we're gonna provide you with a phone
uh to do this
I think it's a better idea just have the company pay for the phone
because that way you have control over the whole environment
it's it's
(48:12):
it's kind of why I don't say the only way it's but it
it it's the best way to encapsulate what you're trying to do yeah
like I can
as you can put in tune on the people's phones
and in tune could look at the Microsoft applications like Teams
Outlook hey
this person got terminated
(48:33):
we can delete that on the phone
that's that's what I would see
but rather were just has the whole phone and you can just
you know
break the phone really quick because as soon as people get fired
they're gonna be in an angry state of mind and guess what
they got all the companies info right there in their hand
it's not like the old days where you had to walk up to your
to your desk
(48:53):
but that's I've used in tune in the past and it works but ideally
I'd like everyone to have a phone
this property of the company that that's what I would like to see
that way you can track the property
right haha
you can't track the people but you can track your property right
exactly yeah this says it's very similar to um
(49:18):
like when companies have business autos um
rather than people driving their own cars yeah
the only difference and says
the car today doesn't have access to the corporate network
right but you have a lot of liability out there
(49:40):
that I'm thinking of like a liability way
like if people are using their own cars
you have no control over the maintenance
you don't know like the last time they did an oil change
you know if the brakes are good and you know
you can make that analogy to technology sure yeah
well to your point you're absolutely right
(50:03):
it whether it's the vehicle or a laptop or a mobile device
it becomes it's an asset and you know
then you can make business decisions on the best way to
cover the cost of the assets
(50:26):
because it ends up being a business decision and then those days right
yeah um so like if some if somebody gets into my phone um
and I just have like the outlook app
it probably has like a lot of access to like
(50:46):
Sharepoint Teams and messages and stuff like that right
like probably yeah like if I were
let's see if I were to hack your phone
and I'm with that and opposing insurance company
first thing I would do is go to one drive and say hey
what causes Joe have out
I mean that that's yeah I slide up you're an evil insurance broker
(51:08):
haha haha
the evil insurance broker would do
because that data is worth a lot more than a damn car yeah
can see that or uh
you know you want to get into like the intellectual property
just look at it this way
especially in like the Microsoft stack
(51:30):
because it's going to depend on how the organization has things
configured but 99 out of 100
your credentials that give you access to that email
or the same credentials that give you access to Teams
Sharepoint one drive so true
and and even with the emails
(51:53):
think about attachments and and other stuff like that
you know all of that can be argued to be
company property right
it's not only company property but it's PII
you know it's can be any of that yeah
(52:14):
yeah so and that's why you hear me and I you guys know I'm an optimist
yeah but that's why you hear me say organizations are so for whatever
for a variety of reasons are so unaware of this stuff
and if we take what we're talking about on that here and now
(52:35):
and then we look at that trajectory of where AI and
and other things are going
that gap gets bigger and that's why I say people are um
not as prepared you can academy with SSO
cause like with
you think about if you had access to someone's secure sign on it
(52:57):
and keys the kingdom
yeah so that's kind of argument for like zero trust
where you like
confirming people over and over again as they go through the network
go ahead I'm sorry
oh no
I I
I'm just saying like
(53:17):
aren't there like programs like Zero Trust where like
every time you go into like a new part of the network
they ask you for your like credentials again
yeah
or like which is we have a key to the front door
then to hear keys to each room
I bitch about it like when I'm doing it
but it makes total sense like
so my world if I go in the salesforce
(53:39):
I gotta authenticate the salesforce
I go into outlook
I gotta authenticate the outlook and it makes total sense
cause let's say I was compromised that person
the city got access to my outlook thing
okay great
let's go into Salesforce they wouldn't be able to authenticate
cause the potentials are completely different
and it's completely different system
unless you had your credentials in an email
(54:00):
well
label passwords
yeah
I don't think I'd last too long of my job if I did that
all right
um pussy notes are a lot safer than some
piece of paper under the keyboard
starting to come full circle yeah
I mean it's it's funny
but like
the physical world is a lot safer than like having an email label
(54:23):
passwords well
it just ironically and that whole kind of coming full circle
you can start to argue
because like a big thing is having what are called immutable backups
yeah you know
and like for example
couple things I can share with you guys is at work
(54:46):
the IR team
put together kind of just like a word DOC
of sharing what they're seeing as the more common
types of attacks
so we couldn't turn around share that with our clients and
and so with your zero trust
(55:08):
the way that you have those layers of security is
if you can manage the user
if you can manage the device and
and things along those lines um
one thing so because like an in tune you can configure it see like
(55:28):
like when we do an assessment
one of the questions is if you're at home
can you use your personal computer to log into the company network
and you already you are you
you know the username
you know the password you have access to the MFA um
(55:50):
so can any device with those credentials get into the network and
and if they can
then it's the same risk or similar with the mobile devices
enable to access it
so you can define trusted devices right
(56:10):
especially if the MFA is via text message
because then if they have your phone
then they can use the MFA to get into the network
oh yeah yeah yeah
so one of the things that the IR team was sharing
and I think it was called evil proxy
um uh
where and it's been around well
(56:32):
what it can do and and it targets Microsoft
but what it'll do is it can if it can get in even if there's MFA uh
if it if it can bypass that
it'll capture that active session
and then you can transfer that active session
from the original source device
(56:53):
to another device to
to your own personal device
and that's how you can keep that connection persistent
for longer of a period of time
because it would kill it on nuts
how could we kill it on the first one
but it's still running active on your computer right
yeah and then the way to protect against that
is that you only allow trusted devices well
(57:15):
it's not the only way but it's one of the mitigating capabilities
that if they switch it over to a non trusted device
and they can um
uh
that that would kill the session because that's not a trusted device
have you come across SIM card hacking where someone say hey
(57:36):
I lost my SIM card and I mail it to a different person
SIM swapping SIM swapping yeah
yeah but not
yes but statistically
it's not as common or something that we see as frequently
I feel like
you see more of that ones are like financial crime
(57:58):
yes where you find out that somebody has a lot of bitcoin and you know
you want to hack into their account and get it
I think that's when people will take the extra step and
yeah
you know what you're right
because that tends to be a little bit more targeted
(58:18):
but I've seen that
I had a couple calls of people and it's super easy to do
and the guy was like hey
it was just my Coinbase account
there wasn't much in there
but it scared me because it didn't work with my BVA
but the SIM card had did work
they did clear out my Coinbase account and he's all
why is that I can't tell you
(58:39):
but my bank is fine my credit cards fine
but it went to someone else here in the United States
they got a SIM card
I lost my phone and they were able to drain my Coinbase account damn
and I said well
did you call Coinbase seems like yeah
but it was 600 bucks wasn't worth it
he's already made your points like I can
(59:00):
but it's worth a hundred thousand now
yeah because all it was
was Dogecoin that he bought it like point zero zero three % ¢3
you know
my name is John or whatever and then you and my address changed too
yeah yeah
well take yeah I think that tends to see like that evil proxy thing
(59:27):
you can kind of automate it
and and so you can do it at a larger scale
and then anybody that falls into it
you you're cast in a wider net
and there's an easier chance with a bigger net to get more fish yeah
good point so it's sort of thing
(59:48):
what you're describing is a little more targeted
but spearfishing you yeah
but the trajectory in that isn't good
because think about the advancements and defects and AI capabilities
to be able to call Verizon and say
I lost my device and I'm out of my cousins
(01:00:11):
right and the ability of AI to research people to research them
perhaps even to emulate their voice
you know the things like that
they can scrape your
your social media accounts and find out what your birthday is
where you used to live and all the stuff
yeah it's kind of funny
(01:00:32):
my wife and her sitting down and I use chat GPT a lot so it knows me
and she said okay
ask it what they should get you for Christmas or for the holidays
or whatever your birthday is
like I typed it on what should I get my daddy
holy shit it came up pretty accurate
just like my daddy has been thinking about sale
so get him a sales book my daddy is trying to lose weight
(01:00:53):
so get him the Atkins book and it hit like hit like a hole
wow damn
this thing knows me yeah
how creepy so is that your account that you've been in putting in
yeah exactly
okay and when it came
I was like I wanna take the awser for AI just so I can prove that sure
cause when you go take these certs
I Learned not that that goes too much
but like I Learned about networking just from getting a Cisco surge
(01:01:16):
really good so point being
it even said hey
my dad he could benefit from this program on AI
uh for the AWS
AWS practitioners this thing knows me better than my wife
thank you for listening to the podcast
please remember to like and subscribe
if you are in the market for cyber insurance
cloud security
(01:01:38):
cloud strip cloud and internet
cloud strip cloud and internet
information information security and consulting and strategy
please reach out to us
you can leave a comment below if you like the podcast
and we will see you at the next one
the hawk to a girl
I was just gonna go there
you know yeah still my thunder
she have a meme does she have a meme coin now or something
oh yeah
I love I love Elon I love Spacex
I love The Boring Company
I don't think it's boring
(00:20):
and we all bow to our AI overlord
welcome to the Ransomware Rewind podcast
hi and welcome to the Ransomware Rewind podcast
we're here with Dave Tuckman from Fr Secured
he has over 30 years of high t experience
(00:43):
he is a excellent strategist and also a bit of a philosopher
I think you'll find out later
we go on a different a bunch of different tangents
but I think you'll love the show
if you're into
Netflix documentaries there's one that's on right now
it's called the biggest Heist
(01:03):
it's about the bit Phoenix hack back in 2016
where they stole 120,000 bitcoin
oh I gotta watch that
I'm not familiar with that one
so it was worth 71 million at the time
now it's worth you know 12 billion right right
(01:25):
um do they know who has it or
yeah they were able to um
catch the people in 2022 and
and they were able to find the keys to the
to a bunch of the wallets
and they were able to get 3.86 billion worth of Bitcoin back
(01:46):
at the time
so at the time was worth 4.5 billion when they caught the guys
so they got about 75% of it yeah
bad wow man
and it's just I mean I guess it's not monopoly money
but it's fat
the hawk to a girl
(02:07):
I was just gonna go there
you know yeah still my thunder
she have a mean does she have a meme coin now or something
oh yeah
yeah yeah
I basically there's so much
white noise in our industry that you'll just catch headlines
and so I'll read that article
(02:28):
but then you miss the others yeah
she came up with a um uh digital currency is that what we call it
it's a meme coin but like he had all her homies get together
cause she has an audience and they said hey
we're gonna create this meme coin and then she went out there and said
hey if you're a fan of hot to E girl
(02:48):
you need to buy my meme coin
and then she checked the price up
and she had fees of $15 that you had to buy
I mean who paid
but they paid the fees that's how they made their money
so she ran it up
and then when she got to the point where she was around 4 million
where her that's her net profit
her team and the legal councils like oh
(03:11):
that went to her team well who's the team
it's hot to e girl and her homies about five guys
so they run pulled it and now the hot to e coin is not worth anything
and
she rug pulled her own pants she rug pulled her own pants wow
yeah
yeah yeah yeah yeah
just
just and and I didn't even know it was happening until it was like oh
(03:34):
and then it was just like
within this like three or four day period that just
did that whole pump and dump
no that's what I'm a big fan of regulation
I think the SEC should start getting involved
there was another article where a teenager
created some coin did you hear about this one
(03:55):
yeah that was awesome yeah
I'm on video flipping everyone off as he rug pulled them yeah
well and then he went downstairs and told his parents
I think I just made like $50,000 and there were like
well what were you talking about and everything
and they were very dismissive yeah
of of what he was saying just you know
(04:17):
as a teenager kind of and
and what made it start to validate
was when people started calling to complain
when they're getting death threats to their house yeah
and then it was okay
let's bring our son back down and tell us what happened
it's time to apologize to everybody yeah
(04:38):
yeah yeah
so you're gonna take all this vapors value supposedly find it again
but I think that they people that
the community that held the coin kind of got the last laugh on that
cause um they kind of relented and bought up the coin even more
raised the value even even more and his 50,000 yeah
(05:00):
yeah would have uh given him 3 million yeah
if you would have held on to it okay
so they
they kind of like we're able to rally and get the coin up again
whatever coin it was called community yeah
yeah I don't remember what
there's just like so many of them that it falls outside my
(05:24):
random access memory do you guys have any points
I don't know I do not
I have Doge Doge is Doge is doing good right now okay
good has absolutely no value
I mean it's like forty five cents per point
but when and um yuan got elected to whatever he was elected to
to the Doge committee I was like oh
(05:44):
I'm gonna buy some Doge a total it's like 100 bucks or something
long time the point by my dogecoin haha wow
yeah hang on to it for four years once it becomes the official
campaigning yeah
for the next election in about three years
(06:04):
and they they mine like about 1 million coins a day
so I don't think it'll ever be worth anything
what's with 45 cents now yes
it was worth like point three cents
that's true so it's
it's got a lot of value to it
that's true uh
when when it uh
becomes the official uh money for Mars
that's when you wanna yeah
(06:26):
that's that's good yeah
yeah yeah
official emotion currency yes
I mean even if he made it the official currency
of Twitter that would be huge
damn it
yeah that's fucking brilliant
so how many that's what you would do
how many of you guys been doing the podcast about seven episodes or so
(06:49):
around five months okay yeah
just imagine if you guys started this
this time last year and would have asked yourself hey
fast forward 12 months
and we're gonna talk about the hot to a Girls Mean Coin yeah
you know UFOs and yeah yeah
(07:10):
things have gotten a little bit dicey
yeah it just yeah
a little bit dystopian
yeah yeah
without even getting into the election
on whichever side of the fence you're on
you know yeah
I'm on Elon side
okay yeah
Elon Joe Rogan
yeah you guys ever want to be guests on the podcast
(07:32):
we're here for you that's right
I know that's yeah
you can have this
I love I love Elon I love Spacex
I love The Boring Company
I don't think it's boring
and we all bow to our AI overlord
just to have that as a recording yes
(07:54):
they will be transcribing this
they know what we're talking about
that's funny
but yeah just so point being if you think about
what the topics are now versus 12 months ago
and trying to project what they like
(08:15):
if you guys want we could try and make our predictions
of what we'd be talking about this time next year oh
that's fun yeah
let's do it like that like what the Simpsons do
they've got a few things right right yeah
they got pretty much everything right Trump coming down the escalator
(08:37):
unreal right
unreal I don't remember that one yeah
let's look it up uh they go way before the election by the way
there's Trump before he even like this is like 2008 or something
before he even like went on Oprah to talk about politics
he was coming down this escalator running for president
(08:59):
and like he dropped a piece of paper or something
and it went like flying down and like the exact same thing happened um
like even even like the falling paper it was unreal oh wow
it was almost like that pressing it yeah
like the same
like the same angle and everything it was it was really unreal
here's what I think we'll be talking about next December
(09:22):
is time travel becomes real
now
do you wanna
elaborate on why you picked that
or cause physicists say that it doesn't defy the laws of physics
and I it's way over my head
(09:42):
but like if you look at quantum computing
how 0 and 1 can be a 0 and 1 at the same time
we'll think of that means anything pretty much be at the same time
and I just think that we're getting so advanced that it could be
reach a certain point where we could say okay
we're gonna go back six months because it's not linear hmm
(10:05):
like quantum level it's not on linear level and again
way over my head sure
but I think the brainiacs will figure out a way to time travel
so you think time travel through quantum entanglement
yes
okay um
that's a good way to go into quantum computing
isn't that isn't that how quantum computing works
(10:26):
yes
and I heard that once quantum computers come online
our whole encryption oh wait
everything that we encrypt now will be very easy yeah crap
yeah yeah
it's not necessarily my prediction uh
uh for a year from now
what we talked about but you
(10:48):
your point being if you look at where AI is
quantum computing and some other things
society is so unready
for what's coming and we haven't even talked about the UFOs yet
(11:11):
no but
but but seriously if you think about
just even looking at like
like I'll try and look at things from based on a trajectory
where was it two years ago
a year ago so we're gonna be two years from now
and if you look at deep fakes
(11:33):
you know whether it's video audio
everything we're seeing that can be used by an adversary in some way
um it's where we're at today
it's in its infancy and
you know all
even when I'm doing what I'm doing
and you brought set very similar to what you do
(11:55):
you know look at the clients we try and serve and we're will sometimes
you know really work to just help them
get things foundationally organized and and
and that can be a heavy lift
and you try and explain to them that we don't have time to do this
(12:17):
slowly I
I get it if budgets don't exist and
and there's other resource limitations
but you need to be aware of what's around the corner
and the better you understand that
the more you'll get what you have today
and if you don't yeah you know
(12:39):
it's you know I hate to be that guy
but bad things gonna happen you know
yeah I mean
that sounds like it's like
surprised
how many people are just running end of life operating systems
not even just on premise but in data centers
and it's like I can tell you the absolute certainty
certainly you're running Windows 2008
you were compromised and they'll swear up and down they're not
(13:02):
and I'm finding accountants
attorneys people in medical industry and just like no
you know I'll run Barracuda if there was anything wrong
Barracuda would tell me that it's like no
it's you tell you
if you're running an end of life OS on your server is compromised
and it's gonna get really ugly as time goes on
(13:22):
cause they're gonna it's
it's like a Trojan horse they've got all your data yeah
they're just gonna hold it ramps and when it asserts their needs
it's really sophisticated now
how often you see that
at least 3 times a week how about you Dave
do you see it compromises uh no uh legacy software oh um
(13:42):
well when we help client
the first thing we'll do is an assessment
just to kind of quantify where they're at
get everybody on the same page or apples to apples
and pretty much every assessment is gonna come back with something
that's end of life you know going into that um
going into that
(14:03):
I think we should do a quick like what we do break yeah
I um do you wanna start Dave
just tell us about fr secure and what you guys do for customers
yeah sure sure
um yeah
I the company is effort secure uh
it's out of a dyna Minnesota uh
been around since I believe 2008
(14:25):
I've started I'm coming up on two years there
Effort Secure focuses on three things that fall
under the umbrella of information security
it's really three deliverable departments
one is think Red Team will do pen testing
scanning vulnerability testing all that kind of stuff um
(14:49):
next department is Blue Team Incident Response
we will work with clients that will support
our clients
will work with insurance companies to hopefully be on record
so if a client gets impacted
were there and we can jump into to assist
(15:12):
and then the third department is consulting
I am will do risk assessments VC so type of stuff and
and that's what I said I get the opportunity to sit as a
the role as information security consultant
and at that point you're doing a lot of strategy right
yes yeah
it's uh uh were vendor and kind of industry agnostic uh
(15:39):
what what
what makes the company special is
the mission is to fix a broken industry
and it is mission over money so um
we do need to make enough to keep your doors open but um
but when I get to work with a client
we can kind of say leave all of that at the door
(16:01):
let's talk about where you're at where
what what is our definition of success
and and that answer can be as unique as each client
because maybe it was some
I think the statistic is
four out of five organizations will do security
(16:23):
because they have to
so you got that one
that one that says I just want to do the right thing
I care that's what my driver is and
but then you get other ones and you're seeing more regulations
you know whether it's CMC's you know the new
(16:45):
four letter word that begins with the C yeah
2.0 right uh
but yeah you know everybody thought we'll deal with it when it
materializes and and it has materialized right October 15th right
um something like that yeah
yeah cause I think it's next week the final review window closes on it
(17:11):
but it's been written into contracts so and
and and
and the DOD was smart enough
or insightful enough to start putting in a contract earlier saying
you will be bound by this and
and you have God I'm gonna butcher the numbers
but it there there's tens of thousands of
(17:33):
organizations that fall under the defense industrial base
is a primers a sub and
and they're all being held on it so now as this is rolling out
there aren't enough auditors to to you
you have companies that are trying to be ready
(17:55):
and the estimation is 12
24 months to get things ready and you've got people going
what we needed three months and you
and you don't even have enough auditors out there
to support the ones that say that they are ready
but you've got that
if you look at what the SEC came out saying last year um
(18:16):
there's just regulatory stuff everywhere some is gonna turn
so that's where a lot of the strategy comes in
gotcha you know um
and yeah so it is strategy and um woo woo
business and technical strategy you know yeah
(18:37):
it's all all related you know cyber risk is enterprise risk yeah
true yeah yeah yeah
so that's what I do that's where I do it
yeah awesome who are you
just just to give some 30 here
I've worked for Dave for years when I was running data centers
(18:58):
and Dave would be in the data center
like 3 o'clock in the morning
to make sure that there was integrity in the data
moving data from a sand over to the nether sand
so really I didn't know you guys work together
oh well no
I I worked at carrying at
Dave worked at another place
and then he would stay up late at night making sure
like doing migrations and so forth oh
(19:19):
rather than just saying peace out
he was definitely there for every step of the process
so he he's saying he worked for me cause I was the customer yeah
gotcha we collaborated on a lot of stuff we did I got it
yeah
I've seen your data yeah
(19:40):
that may be what ties all three of us
now I'm at rapid scale and a rapid scale
our mission is to move all the tech uncertainty
all the tech overwhelm out of the business
a lot of MSP and it stabs they can't keep up with the scope cream
(20:02):
they get the blame for everything
so what we do is move from on premise into the cloud that we
managing the cloud we also work on the security side
but not to the level that Dave does for example
Dave could work with like DLD
that's kind of stuff we're not gonna touch um
we're more focused on uh midmarket enterprise um
(20:26):
our concern is keeping the data secure
keeping it in compliance with um
ISO compliance and then
our whole goal is just to take all the tech overwhelm
out of the business so that the engineers can focus on innovation
cause a lot of times engineers
even though it's like a high level DBA
they're getting paid really well
(20:47):
but they show up to work and get tickets all day
and they're doing tech support
despite the fact that it's a DBA with a master's degree in CS
so that's our main focus
is just have them offload everything over to us
as far as management security
the infrastructure sir you kind of like an MSSP
yes in that capacity exactly okay
(21:09):
are you guys doing cloud migrations stuff like that
we're doing cloud migrations um
what's the why would you do a cloud migration
it depends on your situation
but the reason why you do a cloud migration
especially here in California
cause 1 you pay for what you use in the cloud and 2
the cost electricity is so expensive here
(21:29):
like let's say you have like a Toko files here with a few servers
that thing could run you $800 a month in electricity
especially if they're older servers running the saddle drives
so that's the number one thing is the cost
the other one is there's a lot of applications where this
the API is specific to the cloud
especially with AWS and Google
(21:51):
so that you don't have to have anything on premise
you don't have to manage anything
and the developers can just push up to the cloud
so those are the main reasons and the clouds not for everyone
you know let's take that out
but the majority of people that are saying enterprise
midmarket
people that are not have something where it's heavy GPU usage
that's why video went up you just can't throw
(22:13):
it up into the cloud
because the physical layer of the connection from here to there
that alone kind of breaks it
but the main reason is
cause the cost and compliance on the compliance site
they'll just say hey here's the audits from AWS
so the persons have to deal with them
cause if it's on premise or in the data center
you're gonna have to deal with it
(22:33):
yeah a lot of times you'll have become an organization
I mean there's supposed to be a technology refresh
in some capacity on some sort of cadence
and what we saw in similar to you are the clients we serve
(22:53):
or what we call small to mid size
we don't get in enterprise
so it can be if you look at it from a head count
anywhere from 50 to 25 people kind of a thing
but that's where our that's our happy place
but show you what would ended up happening
or at least what we were seeing a lot of um
(23:14):
and this is even back when I had well
after you after you and I were together
but before I went to F R Secure is
if that technology refresh would have happened during the pandemic
so many things were budgets were cut things were being done
(23:39):
it was really keep the doors open in so many ways
so you kind of came out of that pandemic where
let's say it's every three years or every five
or whatever you
you you now would have those that were further behind
and while at the same time
you got that next wave where they're hitting their window
(24:00):
and during the pandemic what you can do in the cloud now
just the functionality grew exponentially
especially in what Microsoft made available um
so you would then say okay
now if we're gonna do this technology refresh
it was a little different
(24:20):
comparing what we would do with a legacy mindset of having it on site
versus being able to migrate to the cloud and
and to your point you could transfer a lot
not all but a respectable amount of responsibility to that other
to the cloud provider and not have to absorb the hardware
(24:43):
infrastructure cost that would go into total cost of ownership
and it made that so in that smaller organization
it became more of a no brainer
it it
more of a no brainer
and the ability to support a more distributed workforce
(25:05):
gotcha than it had been yeah
what about you Joe
uh what about me
well you're not just rule the world doing these pod yeah
I just make videos for a living
besides you know
(25:25):
making videos for LinkedIn
I don't know yeah
I'm in cyber insurance I run the cyber insurance department here at C3
Risk and insurance in San Diego California
um we take a strategic approach
we're also uh
insurance company agnostic
uh we
we have a seven step proven process we take people through uh
(25:47):
we try to answer the question how much insurance do you actually need
which is kind of hard to quantify
and we look at the different risks
of the business in order to match them to the right company
and coverages
that's it that's pretty important well
he does a great job yeah too
he's being incredibly modest um yeah
(26:10):
and it just suggesting like
I think a touch on is like how important cyber insurance is
because what are you gonna do when you do have to pay the Ransom
and what are you gonna do after the fact
cause people don't really think about it but it's really easy to okay
I'm gonna take a step back almost every company is not its assets
(26:34):
it's its data especially now that we know with finance and everything
almost every company is that way
even if it's
let's say you own a company that's made up of electricians
you have your database of customers
you have payroll if someone grabs that database and holds it Ransom
you're out of business yeah
and I think a lot of people don't understand how
important cyber insurance is
(26:55):
that's my two cents well
it's interesting to see how much your industries evolved yeah
over the last few years you know
and I think when it first came out
you know there was that oh
well if I have insurance I can transfer everything
transfer the risk over you know
(27:16):
and and and the security questionnaire was like five yeah
right you know yeah
okay
got your name and you know your address and if I got a firewall yeah
I mean analogy to that is like
just because you have auto insurance doesn't mean you
you shouldn't drive like unsafely right
exactly exactly yeah but
(27:37):
but in your industry
has actually matured to the point that some scanning will take place
to monitor how you are driving
you know and and have it in there that you know
if you're driving that bad poorly
you know yeah it doesn't care if you have a policy
(28:01):
you know that liability falls back on you yeah
it and and I was supporting a client that had an insurance
policy renewal questionnaire from the underwriter
and it was 280 questions what yeah yeah
(28:26):
it was literally almost the equivalent of doing a risk assessment
for what detail it got into
and everything
Dang yeah
yeah yeah yeah
it was kind of you know bit of an eye opener because again
if you take stuff like that like I said I mentally
(28:49):
live in through trajectories
so if you see where that was two years ago well
three years ago today
we're we're in candy telling you maybe time traveling in December well
I don't have any 280 question applications so don't worry
because they were like can we go through it together
(29:10):
it's gonna take a few hours yeah
I charge by the hour so okay
um yeah
it's uh
it's interesting how cyber insurance has changed in the last 2 years
cause you were talking about the pandemic
yeah there was a lot of cloud infrastructure that was developed
(29:31):
but also
the hackers pretty much doubled the amount of money that they made
yeah
there was not just a blip of like 20% more hacking
yeah it was exponential because I think it I mean
I mean the adversaries and the hackers
(29:56):
knew how unprepared organizations were
and you know
I that's the challenge with security is it's
there's a well
even like you were talking about earlier
you know you take somebody's virtual environment
and it's had so much sprawl that you don't have an accurate inventory
(30:19):
how do you protect that
people don't even know what they have
a lot of companies will go in there silly
most companies where you have like 50 or more people
they don't realize they have BM sitting out there
that they're paying for every month
that no one's accessing and that the bad guys will look at that like
okay great
I can get rid of access to this BM and it's to die point is yeah
(30:43):
it's we run a toll called RV Tools just to do inventory
every time we do that people go
oh shit I didn't know I had all these Vms like yeah
you're paying for him every month
and what happens is developers will spin up DMs
forget all about them and just leave them out yeah
all the time yeah
we have a ransomware hack that came in through a Amazon Web Services
(31:07):
demo server
or demo um hmm
or you call it what do you call it
probably that just a demo
yeah
and they just never closed it just a temporary
you know instance
uh huh yeah
yeah you'll see that and like what we'll see a lot of is
(31:29):
okay so like if you go to the cloud
there's a good opportunity to inventory and audit what you have and
and build it
kind of get a fresher start on things
so we'll work with a client that has some legacy servers
(31:51):
and you're gonna have go back
let's say the server's been in place
6
7 years
the guy that ran it's probably not there anymore
and the culture back then was I got to create a service account
I got to create a user account that marketing's asking for
(32:13):
let me just give it enough permission
so I know marketing is gonna leave me alone and it'll work
but there never was that perspective of over
promising that account and they all named the same thing right
admin and password
(32:34):
they all had the same name
so you didn't know like which where was anything
you know and yeah
they all had like default passwords
god damn it let's go with the default I've been password yeah
just get this damn thing going well hey
I got 30 tickets after this yeah
you know
and in some places like talking about Evans Bees earlier you know
(32:57):
one of the metrics is how many tickets time per ticket
things like that you know
that inevitably can cause someone to lose perspective
you know for where we're coming from sure
cause they get rewarded by how many tickets they close yeah
the incentives are misaligned with the mission yeah
(33:20):
so that's let me say I had time travel for we were talking about this
yeah December
I think um the hats with AI are gonna get more sophisticated
not really from a technical perspective
but with AI phones
could you take like a think about you had thousands of phone numbers
so you had thousands of phone numbers calling people
(33:40):
that authentic voice you always have this voice of authoritarian okay
give me my username and password and that they're calling like
I don't know secretaries office assistance everybody
everybody yeah a lot of people
will just give you the info to get you off the damn phone
and I see the AI
is gonna be using hacking for social engineering more than anything
(34:03):
yeah cause sure we always talk about heart that
you know that the hard stuff
like there's Inpoint security
there's you know
you can set up this really complicated system with fortegate
with all these different inpoints
but if that person picks up a phone says oh
Joe's username and password is this
and cause they think they're talking to Joe
(34:25):
and Joe's gonna be presenting real soon
guarantee they're gonna get through
so that that was the second predictions
AI is gonna be doing social engineering more than ever
I had a statistic 1,265% increase in fishing emails after um
Chat CBT launched wow
(34:46):
yeah wow just from the capabilities that Chat GPT empowered yes
and with yeah
yeah yeah yeah
you know I mean it's the whole AI thing like right now
a majority of the clients we support are really were say scrambling
(35:12):
but we're in that state of general raising awareness and education
simply by what goes into the acceptable use policy
just that awareness that what you put into that LLM
(35:35):
you're feeding it and and if you
will pick on marketing you know if you're not agnostic or
generic and what your questions are and stuff like that
you're feeding that that that's why
(35:57):
did you guys see the news article where Google's Gemini
told someone to go kill itself
yeah yeah
I forget what LED them to it
but they were just kind of asking questions
it was like the hell have got tired of them it just started saying
(36:20):
look if you're asking this
you have no value you should be doing something else you know
you might as well just go off yourself the person's kind of like
that was that was rough
yeah is there liability there for the AI
if that person actually killed himself
and that's that's a liability on the AI company
(36:43):
well and and
and there you go where nobody's thinking about those things you know
human natureism trying to do this
I'm already under pressure short on time and stuff I'm just you know
and I don't share with you guys it was funny I had to
(37:05):
I did a presentation on APIs just for the consulting team at work
and that's a neat rabbit hole to go down to
if you want to talk about how one
prepared organizations are and ignorant what's going on
but statistically 83% of internet traffic flows through an API
(37:30):
hmm any client out there
you got developers that just say
we need to make these two platforms communicate
but no one's checking the data
no one's doing so I literally to put my presentation together
cause I was time challenged
I use co pilot so I put in
you know what explain to me what is an API and what does it do
(37:55):
the person from India
it was a joke yeah
no no
it didn't sorry
um
and it came back with like a real technical answer
hmm this platform
you have this platform
it is the coding technology that allows us to communicate blah blah
(38:18):
blah and I looked at and I said
this is it's not wrong
but I can't
if I say this in front of everybody
I'm not adding value yeah I'm just
talking white noise to people
I said please explain it to me like I'm a CEO
(38:42):
hmm that's good
the difference was it said sure
and it came back and and yeah
it made it much simpler
but it also suddenly did it in terms of value to the business
(39:02):
for that it just
it flat out said okay
here's an example you have your phone
you just got a new phone you
I don't do you know how many apps you have on that phone
okay
whatever the number is but there's one app will be weather
(39:22):
and that app uses an API to pull in that data
now
if you have an app that you downloaded to play solitaire or something
you know you can be pulling it stuff
but it may have an API to pulls its ads
you know it because you wanted the free app
(39:43):
so you there's like a certain number and I forget what it is
but on average every app has X number of APIs say it's three
so if you got 50 apps
that thing's running statistically on average
150 APIs out through that
(40:05):
now I don't know if that's a company owned device
or if it's a personally owned one
but if it's a personally owned one
and it has access to the corporate network
you and it's
doesn't have an agent
or it's not hardened to the standard the C3 wants um
you now have something that can connect to the corporate network with
(40:32):
that isn't to that known acknowledge standard that the company has um
and it's it's accessing it with 150 APIs
I don't know how many agents or people you have here
say it's thirty say take that multiply one 50 * 30
(40:55):
that's what's get that's what has access to the network
and if one of those APIs gets compromised
that that's an attack vector
and that's where I kind of sound like that guy
but it is where organizations just don't know right
and they don't think about it when you think of bring your own device
(41:17):
you're thinking laptops
but the phones are just as much computers well
it was easier to draw the line on laptops like
like when the pandemic hit companies didn't have laptops
for everybody it was just we just need you to work from home yeah
so we can keep the doors open so you have whether it was a laptop
(41:38):
a desktop whatever but it was something that was running a
PC based operating system that has those sort of
benefits and vulnerabilities um
if you take and at that point
(41:59):
because companies were scrambling to
maybe provision laptops in that way
and figure out how we're gonna set all of that up
all mobile devices were just deal with that next yeah
you know
I got this crap to deal with now and and so it never went away
but you just run into that and and and
(42:22):
and I do think this is not a prediction
but I do think you're gonna start to see
cyber insurance policies starting to look at ways like that
hmm and so yeah it's it's interesting so how would a company keep uh
(42:43):
somebody's personal cell phone um from affecting the network
like how do you harden it
like what what do you do
you put like a antivirus on it or a VPN or yeah
well there's there's a handful of things that you can do um
I mean ideally
if you can provide the device
(43:03):
then you can harden it to whatever you want
cause it's company property yeah
um if
if you're gonna allow those
then you dance that line of saying
you can access the network if you agree to these conditions
(43:23):
and that has to go into the acceptable use policy
so you so it has some tea through HR and what not
and then what you can do is you can say it should have antivi
anti malware on it um
uh you can limit what it has access to um
if it if it's company on device
(43:46):
normally it'll be what they call MDMP like mobile
device management um
the next step is where you can do m a m
which is mobile application management so it's basically saying
if I'm C3 I will give you let's say you guys use Microsoft yeah
I do okay so we can create an encapsulated space on your phone where
(44:13):
you have to use outlook for email
and maybe if you guys use teams and anything like that yeah
so I have the team app and I have the Microsoft app yeah
you would put those under
management of the mobile application management
so if something happens to the device or the individual
(44:33):
you know when you win the lottery so I'm out of here um
that now you at least have control over the access to that data
being able to do a remote wipe
just remove that and there's a whole end and you just
if you don't have executive leadership saying
(44:55):
this is how it's gonna be
you're just you you you got you
you're just gonna have a mutiny because HR can't enforce it and
and it just goes sideways cause it's gonna be well
I it's my phone
you can't put anything on it and and so you either say look
(45:17):
then we're just not going to do it
I've got one client we're talking through this
so it's earlier this week is it's Friday days blur together
but the angle that that company found to justify okay
we did an assessment with them
and I had the exact same conversation with them
(45:39):
that I just had with you guys
and I said so at the end of the day
somebody owns that risk I don't
it ain't me
yeah you told them about it
that's where it stops for you
somebody owns it and it's not it
it's somebody higher up the ladder
that makes the executive decision
(46:01):
on what the company's position on this is gonna be
so what we ended up putting together is the narrative
to communicate it to executive leadership
so they could make the decisions that they deem appropriate
was that anybody that was using their own personal device
was getting a monthly statement from the company
(46:24):
oh yeah
we do that it's a cellphone step in yeah yeah
it's very common yeah
but but that becomes a potential way of saying
because we give you this
we have not only do we have a vested interest in the company
its data the Protection of its data
so you still have a job um
(46:45):
but that were supporting the
were find were collaboratively
financially supporting the use of that device
gotcha you know
I think the reason we did it was for HR reasons
because if people are using their phones for work
then we have to pay them for a part of it
(47:08):
or else we can be in trouble with like
yeah like we're law yeah
but I didn't think about it and a security way because yeah
you're paying part of the use of the phone is for company use
so the company should be able to
takes a reasonable amount of security and
(47:30):
to protect the company's data yeah
well and and it puts leadership in a position like I said
somebody owns this so it ends up putting leadership saying
I need you to understand these things
because we can at least quantify how many devices are there
how many people are there um
what is the amount of the stipend
(47:51):
what is the total cost of ownership for that stipend
what would that compare to if you were to say
we're gonna provide you with a phone
uh to do this
I think it's a better idea just have the company pay for the phone
because that way you have control over the whole environment
it's it's
(48:12):
it's kind of why I don't say the only way it's but it
it it's the best way to encapsulate what you're trying to do yeah
like I can
as you can put in tune on the people's phones
and in tune could look at the Microsoft applications like Teams
Outlook hey
this person got terminated
(48:33):
we can delete that on the phone
that's that's what I would see
but rather were just has the whole phone and you can just
you know
break the phone really quick because as soon as people get fired
they're gonna be in an angry state of mind and guess what
they got all the companies info right there in their hand
it's not like the old days where you had to walk up to your
to your desk
(48:53):
but that's I've used in tune in the past and it works but ideally
I'd like everyone to have a phone
this property of the company that that's what I would like to see
that way you can track the property
right haha
you can't track the people but you can track your property right
exactly yeah this says it's very similar to um
(49:18):
like when companies have business autos um
rather than people driving their own cars yeah
the only difference and says
the car today doesn't have access to the corporate network
right but you have a lot of liability out there
(49:40):
that I'm thinking of like a liability way
like if people are using their own cars
you have no control over the maintenance
you don't know like the last time they did an oil change
you know if the brakes are good and you know
you can make that analogy to technology sure yeah
well to your point you're absolutely right
(50:03):
it whether it's the vehicle or a laptop or a mobile device
it becomes it's an asset and you know
then you can make business decisions on the best way to
cover the cost of the assets
(50:26):
because it ends up being a business decision and then those days right
yeah um so like if some if somebody gets into my phone um
and I just have like the outlook app
it probably has like a lot of access to like
(50:46):
Sharepoint Teams and messages and stuff like that right
like probably yeah like if I were
let's see if I were to hack your phone
and I'm with that and opposing insurance company
first thing I would do is go to one drive and say hey
what causes Joe have out
I mean that that's yeah I slide up you're an evil insurance broker
(51:08):
haha haha
the evil insurance broker would do
because that data is worth a lot more than a damn car yeah
can see that or uh
you know you want to get into like the intellectual property
just look at it this way
especially in like the Microsoft stack
(51:30):
because it's going to depend on how the organization has things
configured but 99 out of 100
your credentials that give you access to that email
or the same credentials that give you access to Teams
Sharepoint one drive so true
and and even with the emails
(51:53):
think about attachments and and other stuff like that
you know all of that can be argued to be
company property right
it's not only company property but it's PII
you know it's can be any of that yeah
(52:14):
yeah so and that's why you hear me and I you guys know I'm an optimist
yeah but that's why you hear me say organizations are so for whatever
for a variety of reasons are so unaware of this stuff
and if we take what we're talking about on that here and now
(52:35):
and then we look at that trajectory of where AI and
and other things are going
that gap gets bigger and that's why I say people are um
not as prepared you can academy with SSO
cause like with
you think about if you had access to someone's secure sign on it
(52:57):
and keys the kingdom
yeah so that's kind of argument for like zero trust
where you like
confirming people over and over again as they go through the network
go ahead I'm sorry
oh no
I I
I'm just saying like
(53:17):
aren't there like programs like Zero Trust where like
every time you go into like a new part of the network
they ask you for your like credentials again
yeah
or like which is we have a key to the front door
then to hear keys to each room
I bitch about it like when I'm doing it
but it makes total sense like
so my world if I go in the salesforce
(53:39):
I gotta authenticate the salesforce
I go into outlook
I gotta authenticate the outlook and it makes total sense
cause let's say I was compromised that person
the city got access to my outlook thing
okay great
let's go into Salesforce they wouldn't be able to authenticate
cause the potentials are completely different
and it's completely different system
unless you had your credentials in an email
(54:00):
well
label passwords
yeah
I don't think I'd last too long of my job if I did that
all right
um pussy notes are a lot safer than some
piece of paper under the keyboard
starting to come full circle yeah
I mean it's it's funny
but like
the physical world is a lot safer than like having an email label
(54:23):
passwords well
it just ironically and that whole kind of coming full circle
you can start to argue
because like a big thing is having what are called immutable backups
yeah you know
and like for example
couple things I can share with you guys is at work
(54:46):
the IR team
put together kind of just like a word DOC
of sharing what they're seeing as the more common
types of attacks
so we couldn't turn around share that with our clients and
and so with your zero trust
(55:08):
the way that you have those layers of security is
if you can manage the user
if you can manage the device and
and things along those lines um
one thing so because like an in tune you can configure it see like
(55:28):
like when we do an assessment
one of the questions is if you're at home
can you use your personal computer to log into the company network
and you already you are you
you know the username
you know the password you have access to the MFA um
(55:50):
so can any device with those credentials get into the network and
and if they can
then it's the same risk or similar with the mobile devices
enable to access it
so you can define trusted devices right
(56:10):
especially if the MFA is via text message
because then if they have your phone
then they can use the MFA to get into the network
oh yeah yeah yeah
so one of the things that the IR team was sharing
and I think it was called evil proxy
um uh
where and it's been around well
(56:32):
what it can do and and it targets Microsoft
but what it'll do is it can if it can get in even if there's MFA uh
if it if it can bypass that
it'll capture that active session
and then you can transfer that active session
from the original source device
(56:53):
to another device to
to your own personal device
and that's how you can keep that connection persistent
for longer of a period of time
because it would kill it on nuts
how could we kill it on the first one
but it's still running active on your computer right
yeah and then the way to protect against that
is that you only allow trusted devices well
(57:15):
it's not the only way but it's one of the mitigating capabilities
that if they switch it over to a non trusted device
and they can um
uh
that that would kill the session because that's not a trusted device
have you come across SIM card hacking where someone say hey
(57:36):
I lost my SIM card and I mail it to a different person
SIM swapping SIM swapping yeah
yeah but not
yes but statistically
it's not as common or something that we see as frequently
I feel like
you see more of that ones are like financial crime
(57:58):
yes where you find out that somebody has a lot of bitcoin and you know
you want to hack into their account and get it
I think that's when people will take the extra step and
yeah
you know what you're right
because that tends to be a little bit more targeted
(58:18):
but I've seen that
I had a couple calls of people and it's super easy to do
and the guy was like hey
it was just my Coinbase account
there wasn't much in there
but it scared me because it didn't work with my BVA
but the SIM card had did work
they did clear out my Coinbase account and he's all
why is that I can't tell you
(58:39):
but my bank is fine my credit cards fine
but it went to someone else here in the United States
they got a SIM card
I lost my phone and they were able to drain my Coinbase account damn
and I said well
did you call Coinbase seems like yeah
but it was 600 bucks wasn't worth it
he's already made your points like I can
(59:00):
but it's worth a hundred thousand now
yeah because all it was
was Dogecoin that he bought it like point zero zero three % ¢3
you know
my name is John or whatever and then you and my address changed too
yeah yeah
well take yeah I think that tends to see like that evil proxy thing
(59:27):
you can kind of automate it
and and so you can do it at a larger scale
and then anybody that falls into it
you you're cast in a wider net
and there's an easier chance with a bigger net to get more fish yeah
good point so it's sort of thing
(59:48):
what you're describing is a little more targeted
but spearfishing you yeah
but the trajectory in that isn't good
because think about the advancements and defects and AI capabilities
to be able to call Verizon and say
I lost my device and I'm out of my cousins
(01:00:11):
right and the ability of AI to research people to research them
perhaps even to emulate their voice
you know the things like that
they can scrape your
your social media accounts and find out what your birthday is
where you used to live and all the stuff
yeah it's kind of funny
(01:00:32):
my wife and her sitting down and I use chat GPT a lot so it knows me
and she said okay
ask it what they should get you for Christmas or for the holidays
or whatever your birthday is
like I typed it on what should I get my daddy
holy shit it came up pretty accurate
just like my daddy has been thinking about sale
so get him a sales book my daddy is trying to lose weight
(01:00:53):
so get him the Atkins book and it hit like hit like a hole
wow damn
this thing knows me yeah
how creepy so is that your account that you've been in putting in
yeah exactly
okay and when it came
I was like I wanna take the awser for AI just so I can prove that sure
cause when you go take these certs
I Learned not that that goes too much
but like I Learned about networking just from getting a Cisco surge
(01:01:16):
really good so point being
it even said hey
my dad he could benefit from this program on AI
uh for the AWS
AWS practitioners this thing knows me better than my wife
thank you for listening to the podcast
please remember to like and subscribe
if you are in the market for cyber insurance
cloud security
(01:01:38):
cloud strip cloud and internet
cloud strip cloud and internet
information information security and consulting and strategy
please reach out to us
you can leave a comment below if you like the podcast
and we will see you at the next one
Popular Podcasts
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.