Own the Cybersecurity Conversation, Drive Sales - Alex Ryals - Channel Security Secrets - Episode #6
September 4, 2025 • 44 mins
How can trusted advisors and channel leaders turn cybersecurity challenges into growth opportunities? In this episode of Channel Security Secrets, I sit down with Alex Ryals, Chief Information Security Officer at MicroAge, to explore actionable strategies for aligning sales, security, and continuous learning.
Alex shares how matching sales skills with security solutions, creating structured partner programs, and leveraging AI can help resellers and service providers thrive. From hands-on experience building cyber ranges to navigating global cybersecurity threats, this episode is packed with insights.
Takeaways
- Why aligning sales team skills with security solutions is critical for revenue growth and partner success.
- How starting small with focused vendor partnerships helps Trusted Advisors build confidence and expertise.
- What a well-structured partner program, including training, rules of engagement, and deal registration, can accomplish.
- How continuous learning and engagement with industry groups or conferences accelerates knowledge and network growth.
- Why regular maintenance of security tools and strategic AI use helps prevent threats and misconfigurations.
Quote of the Show
- “ If you're day one, my recommendation would be build a network of third party service providers that you can resell.” - Alex Ryals
Find all episodes, show notes, and resources at: https://www.cdg.io/podcast/
Partner with us: https://www.cdg.io/partner-with-cyber-defense-group/
Links
- LinkedIn: https://www.linkedin.com/in/alex-ryals-cyber/
- Company website: https://microage.com/
- Cybersecurity Decyphered: https://www.youtube.com/@CybersecurityDecyphered
Ways to Tune In
- Spotify: https://open.spotify.com/show/1gIKsOyorKMzQA7wxck4dH?si=ff617df387aa401c
- Apple Podcasts: https://podcasts.apple.com/us/podcast/channel-security-secrets/id1826825461
- Amazon Music: https://music.amazon.com/podcasts/8703d3a3-4128-4691-8862-cb847f53f776/channel-security-secrets
- YouTube: https://www.youtube.com/@ChannelSecuritySecrets
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Lou (00:01):
Welcome to Channel Security Secrets. I'm Lou Raban. On this
show, we expose the untoldsecrets and critical insights
from the people shaping thefuture of cybersecurity sales in
the trusted adviser channel. Ifyou're looking to up your game
around selling security, stickaround. Channel Security Secrets
is brought to you by CyberDefense Group on a mission to
shift cybersecurity fromreactive to resilient.
(00:38):
I cannot wait to speak withtoday's guest. He's a channel
leader, CISO, main stagespeaker, and solutions innovator
with more than twenty years ofexperience in technology. At TD
Cynix, he drove global sales ofsolutions from 250 plus
cybersecurity vendors to morethan 20,000 channel partners
worldwide. He currently leads ateam of cybersecurity solutions
(01:02):
engineers and oversees strategicpartnerships with top industry
vendors. He's the chiefinformation security officer at
MicroAge.
Alex Ryals, welcome to the show.
Alex (01:12):
Thank you. Really good to be here, Lou.
Lou (01:15):
So so, Alex, what's what's the biggest secret to your
success in the channel andsecurity in general?
Alex (01:22):
Well, I think out of all the years, I've been at a
vendor. Customer, I've been at apartner, I've been at a
distributor, I think what I'velearned is that the secret to a
reseller service providerbuilding a security practice is
to align your security solutionsthat you sell with the skills of
(01:43):
the sales reps who are going tosell it. Too many times I've
seen those be at odds, thosegoals, and I've seen, resellers
and service providers struggleto grow their revenue around
security. So the secret is makesure you're not selling
something that your sales teamis incapable of selling.
Lou (02:03):
That's an interesting point because I think in the channel,
what we're seeing is a lot of alot of sellers that are new to
security. So how that thatadvice wouldn't totally gel with
someone that hasn't soldsecurity before. So what do you
say to a trusted adviser that,you know, maybe sold Bandwidth
or telecom, and now they wannaget into selling security?
Alex (02:25):
So to answer that question, me tell you a quick
story. I spent about twelveyears in distribution at Abnet,
and then later, they got boughtby Tech Tech Data merged with
SYNNEX to create TD SYNNEX. Andat Tech Data and TD SYNNEX, I
ran the global cybersecuritybusiness there. And one of the
programs I launched for thebenefit of our trusted advisers
(02:48):
and our TAs is is a practicebuilder program specifically for
security. To address the exactquestion you're asking, we had a
lot of partners.
I had 20,000 partners that wouldbuy some type of cybersecurity
from us throughout the year. Andso many of them were pivoting
from other disciplines. Theymight have been a network TA or
(03:09):
they might have focused onserver or storage or something
else, some type of service. Theywanted to sell cybersecurity.
They didn't know how to do it.
So our Practice Builder programwas a multi step process that
went through a series of weekswith each one of our partners to
help them think about,rationalize, you know, how to
build a security practice. Youknow, what's really interesting
(03:30):
is we found a couple of thingsthat I think are important As we
went and spent days in roomswith these guys trying to build
business plans, we we figuredout that, number one, a lot of
the partners that had startedpractices, like, a year before
and just weren't growing weren'tsuccessful. The reason was the
(03:51):
very secret I just talked about.They had come from a network or
storage partner. That's allthey've sold for years.
Their sales team they hired knewhow to sell storage, but yet
they had picked, like, sellingSIEM solutions like Splunk or
Arctic well, excuse me, Splunkor Microsoft Sentinel as a SIEM
(04:11):
solution. The sales reps justsimply didn't know how to how to
talk about that. Right? So oncewe aligned the security be
network security or in the caseof storage vendors, data
security, then it all seemed tofall into place. But some of the
other things we learned fromthis exercise in this program
was, don't pick too manyservices or too many vendors to
(04:33):
partner with right away.
You know, get get some feetunder you. Pick a couple of
vendors that align to your salesteam. Pick a couple of vendors
that have good, solid channelprograms. They all are not the
same. We could talk about thatmore if we want to, but, we also
figured out that the servicesyou pick, you know, pick one or
two services to start, make sureyou're really good at them, and
(04:56):
dial them in so that you candelight your customers with
those services around security.
And too too many many providerswe were working with seemed to
want to pick five, six, seven,eight services and 10 to 20
vendors, and when you'restarting out, that just gets too
overwhelming, and you can't begood at anything. So that's kind
of the summary of this multiyearexercise we did with our
(05:20):
security practice program.
Lou (05:21):
Yeah. There's a lot of wisdom and and probably some
definitely some pain behind thatas well where you had to figure
that out. So you talked aboutthe channel. Yeah. You know,
maybe speaking about what's agood channel program look like
then for some of these vendors?
Alex (05:37):
You know, spent an awful lot of time in distribution
educating our vendors on exactlythat question. It's funny how
many vendors misunderstand therole of distribution and the
role of building a channel.Startups in particular, they get
their VC funding, and they theycome straight to a distributor
and think that's where thepartners are, the resellers. And
so if I just sign with them,I'll be okay. Unfortunately, it
(05:59):
doesn't work quite that way.
So what what I would the adviceI always gave, ISVs that were
starting up or, big enough tofinally start thinking about
channel is number one, you needfour things. But number one, you
need a partner program with aguide that explicitly lays out
what the rules of engagementare. So what's the protected
(06:21):
margin for the reseller orservice provider, that's gonna
sell your technology? You needthat partner program to be on a
partner portal. That's numbertwo.
So resellers and serviceproviders, the channel wants
self-service. Right? So, theyhave to be self-service with a
partner portal. You need dealregistration on that partner
(06:43):
portal so that if I have anopportunity, I can bring it to
my ISV, and I can tell themabout it and protect myself so
no one else can come in andscoop a deal. Right?
If I'm first in, I get thehighest discount in theory. And
fourth, these vendors have tohave self-service education and
training. It's if you expectpeople to go to training classes
(07:04):
you offer once a quarter orclasses you offer online, it's
just not gonna work for mostresellers and service providers.
They don't have the bandwidth.Me at Microwage, I have 75
secondurity vendors we dobusiness with regularly.
I can't possibly schedule myteam to go to training for all
of them. Right? But if it'sself-service, a lot of these
guys are taking training atnight, on the weekends, laying
(07:25):
in bed with their iPads. So ifit's self-service, we can make
it work. So partner portal,clear partner program with clear
rules of engagement and rules ofhow to make money, deal
registration, and, andself-service training.
Those are the the advice I giveISVs as they're building up a
channel.
Lou (07:41):
Yeah. I'm taking notes on this because we, we we only have
a couple of those, and I thinkespecially the self-service. We
we always feel like, hey. If wedo it in person and and or at
least, you know, jump on a call.But to your point, I mean,
everyone's too busy, especiallyduring the day.
They they should be out therehaving meetings and stuff trying
to get revenue through the doorand deals through the door
(08:02):
versus listening to training foran hour or half an hour. So I'm
taking that advice back to theteam to do that. What about,
like, an individual TA? Youknow, there's some a lot this
channel has a lot of smaller TAshops that that don't have, you
know, 70 sellers or a plus,etcetera. What about the the
(08:23):
people that wanna make thattransition?
I I guess from your advice, theywould definitely get enabled
through the channel the thevendor's channel program and
maybe some of the enablementthat they're doing. What about
when they're having theconversation and security starts
coming up? The other thing yousaid, which is really relevant,
is don't try to boil the oceans.Right? Like, don't try to do
(08:45):
eight, ten vendors when you'venever even really sold security.
So what do you think an easystarter, service is for
security? And then, you know,how can they start to have those
conversations?
Alex (08:57):
Yeah. So there's a couple of things that come to mind.
First of all, make sure youstart getting involved in your
local security interest group.Most cities have local interest
groups around security where youcan be around like minded
people, and you can kinda startto figure out which area of
security might be good for you.They bring in presenters all the
time.
I go present at a lot of thesearound the country, and they're
(09:19):
really great environments foryou to fine tune your strategy
just by seeing what other peopleare talking about, like minded
peers, right, so that's onethought. Another thought is
leverage your distributor. Ifyou're a service provider
reseller, if, you know, ifyou're going to market with an
Avant type of aggregator or a TDSYNNEX type of legacy
distributor, they all haveamazing resources, training
(09:44):
around security. They've gotconnections into a lot of the
vendors and suppliers and helpyou think about which ones might
be good to build relationshipswith. They're the ones who have
all the good dirt on on whichvendors have the best margin
beneficial programs.
Right? So you don't wanna wasteyour time with someone who you
you're not gonna make a lot ofmoney with. So use your, you
(10:08):
know, your your AVANCE of theworld, your your TDSN Xs, Ingram
micros of the world in order toto give you a leg up because
they've got tons of programs andresources that are generally
free that you can leverage. Theother thing is go to the big
security conferences. I was justat Black Hat two weeks ago.
You know, we can talk the wholepodcast about Black Hat, but, so
(10:30):
many great opportunities tolearn from that community, not
only in sessions, but justmeeting the vendors in person.
You get a rapid fireunderstanding of who does what
and and things just as I walkthrough the showroom at RSA or
Black Hat, the thought comes tomind of, oh, I bet this solution
will be good for this client ofmine.
Lou (10:49):
Right.
Alex (10:50):
Or, hey. I've never had this thought before. I didn't
even know this technologyexisted. Maybe that's someone I
should reach out to after theshow. So, those are a couple of
things that come to mind thathelp me figure out not only
which technologies to sell, butalso which services to invest
in.
And we can go down and chatabout services more if you'd
like as well.
Lou (11:07):
Yeah. For sure. But I I love this advice about going to
Black Hat or RSA because oftenthe vendors will get you'll get
free passes. It's not really amatter of even trying to get in.
So it's like if you can get toVegas or San Francisco for those
conferences and you can find aplace to say that might be a
challenge to bring on whereyou're staying.
When you get there, those, youknow, you saw it. The sellers
(11:30):
are so hungry to speak toanyone. You know, it's they'll
they'll scan your tag, and thenthey'll they'll give you a free
education on security. So I Ilove that advice, and it's it's
it's really a good idea. And forthe seller or for the services,
I'm sorry, the the like, yeah.
The services that they can getinto. I mean, MDR is kind of a
(11:53):
table stakes kind of thing. Doyou do you think like, what are
some of the things that you youfeel a a trusted adviser could
sell day one that they wouldn'thave to understand too much
about?
Alex (12:04):
Yeah. If you're day one, my recommendation would be build
a network of third party serviceproviders that you can resell.
Mhmm. Because you're not gonna,on day one, have the skills,
morale, the people, theresources, the funding to build
an MDR, you know, capability, aSOC as a service capability,
your own pin testing team. Youknow?
(12:25):
So spend your time firstbuilding up a network of
providers that can deliver thosethings for you, and you become
the front end of that with yourclient. You leverage your client
relationships and all of yourhistorical accounts, and you can
go in and sell MDR day one as anexample. And whether you're
selling CrowdStrike or or Rackinseven or, you know, there's so
(12:49):
many Arctic Wolf. There's somany examples. You can you can
just sell someone else's stuff,and then you could figure out
value add you can provide aroundit.
For instance, maybe you do a gapassessment before you sell the
NDR service. Help gap someone tothe NIST cybersecurity framework
as an example. Not terribly hardto do that. Does it take a lot
(13:11):
of resources? And your output ofthe gap assessment could be,
hey, we noticed you don't have aSOC as a service.
You need to think about MDR, andhere's a couple of vendors we
should set up demos for you, andwe'll find a solution that
works. So starting there, andthen pin testing is another
great example. Everybody needsto do pin tests every year to
(13:31):
stay compliant with their cyberinsurance. So you may not have
the team to do that internallyjust yet, but I mean, I could
probably list 10 off the top ofmy head, you know, people that
do that, that you could goresell and build some
credibility momentum. And thenonce you figure out what your
client base tends to buy, maybethat's the area you invest in
hiring your own people andbuilding it out yourself so you
(13:52):
can keep a little more of themargin.
Lou (13:54):
Yeah. Yeah. That's great advice. And why? Why should they
sell security?
What we've seen in the trustedadvisor channel is that they are
used to maybe UCaaS, CCaaS, someof the other solutions,
bandwidth, stuff like that. Sosome of them are just like, Hey,
security may be the next bigthing, but I'm not sure I want
(14:16):
to get into it because it's amore complex sale. So what are
your thoughts on that?
Alex (14:20):
Security can be a more complex sale, but it doesn't
have to be. What I tell myclient, my sales team, is that
every single customer youapproach, I don't care who they
are, they're all struggling witha couple of challenges. Number
one, they know that is thattheir cyber risk is increasing
(14:41):
daily. The threat actors aregetting smarter. They're using
AI to write malware now and to,purposefully mask themselves so
they can get around traditionalsecurity measures.
So clients all know that they'refacing a really challenging
battle. The second thing theyknow is they've all got too many
security tools today. Theaverage SMB customer has
(15:03):
somewhere between fifteen andtwenty secondurity tools. A mid
sized customer has somewherebetween twenty and forty five
secondurity products. Anenterprise customer can have
upwards of 75 unique securitytools.
Yep. So they're all facing thisreal challenge of how do I
integrate them? How do I makesense of them? Is it possible to
consolidate to a platformapproach? And the third thing
(15:24):
that every single client we talkto is going to face is they
can't find enough securitypeople to help them figure out
the first two.
Right? So there is a massivesecurity shortage of skilled
resources here in The US andglobally, actually. So even
though customers want to do morearound security, they can't find
(15:46):
people who know enough about thetopic, so they tend to use IT
people
Lou (15:51):
Right.
Alex (15:51):
As security experts. And, unfortunately, what I found in
my career, having managed stocksand I built a cyber range at
Tech Nuda, One of thefascinating outcomes of all that
was IT people don't make greatcybersecurity experts. And the
reason is because IT peoplethink very structured. We're
very logical thinkers. We'retypically programmers.
Right? If this, then that. Butcybersecurity requires a
(16:16):
nonlinear thinker. Hackers aretypically somewhere on an autism
scale slightly because they theythink of solutions that are hard
to think about. They'reconstantly ideating on
fascinating new ways to hackinto your environment, and so
security researchers also arebest if they come from the arts,
(16:38):
liberal arts in particular.
If you're an artist, if you're amusician, that makes great
cybersecurity people becausethey think nonlinearly, and they
expect the unexpected. They'renot expecting that a hacker's
gonna follow the instructionmanual for how to compromise
Palo Alto firewalls. They'regonna think outside the box. And
so, you know, these kinds ofthings are are some of the
(17:00):
things that I've learned, youknow, just along the way.
Lou (17:02):
Yeah. That's brilliant, and I totally, you know, relevant as
well, coming from someone withan arts background, which is
where I got my degree. But the,the other thing about IT people
that I noticed, is that they'realso technology focused. Right?
Obviously, that's the wholepoint.
But, it's gotta be people inprocess too, and I think that's
(17:25):
the part that they kinda skipsometimes and, or or just don't
have the experience for. So wewe we are constantly having that
battle where it's like, yeah.Your IT guy can do it. He's
already got enough to do or yourIT team. However, you know, to
your point, they're not the bestplace for this.
And also there's always atension, right, between the
(17:46):
cyber, team and the and the ITteam depending on the size of
the company. So, yeah, we we'vefound we've done a bunch of,
incident responses where we'veseen the IT team has actually
created the incidentunfortunately. Usually an
outsourced MSP that's maybesharing passwords across clients
or there's because they're onlyhired for a small scope or a
(18:08):
certain scope, they're notpatching certain devices like
firewalls and things like that.You know, they're only
responsible for the endpoints,whoever M365 is installed on. So
it leads to some real problems.
And, I think that, luckily, youmight be seeing this as well.
The the industry is kind ofevolving past that, but they
(18:30):
don't really have a choicesometimes either depending on
the size of the company. So,what what's a challenge that you
and and the team at MicroAgehave have had to solve recently
around security?
Alex (18:42):
A challenge we've had to solve around security. So, I
would say part of it is helpingclients recover from ransomware
attacks. It's always a challengebecause they're not always the
same. We've got a big saleskickoff is actually this week
(19:03):
later this week in Phoenix, andI'm doing a main stage. And at
the end of my main stagepresentation, I'm telling a
story about a particular clientthat, they got hit with, IKEA
ransomware.
And, you know, that's aransomware as a service, as you
might know. And and so hackersjust pay a certain monthly fee
and get access to this platformthat can send out attacks and
(19:26):
multiple variants of ransomware,and then they can check-in after
work, you know, to see ifanybody got on the hook from the
phishing email or something thatgot got attacked. This
particular customer, you know,got a ransomware variant, and
this variant of ransomwaretypically is a double extortion
variant of ransomware. So youmight pay the ransom to get you
the decryption key, but thenthey tell you they exfiltrated
(19:48):
your data too, and now they'regonna put it public if you don't
pay it again. So, you know, justthat that was a really unique
scenario to walk through withour client and figure out how to
help them.
They did not have a lot ofsecurity in this particular
example. We ended up sellingthem a bunch of firewalls and
resegmented their network andsold them our managed MDR
(20:09):
service to help them out. But Ifind it's a challenge. Customer
we talk to is in a differentstate because they all have
different levels of securitydeployed. Some take it more
seriously than others.
I find that companies that areunder some sort of regulation,
healthcare under HIPAA, retailunder PCI, managed service
(20:30):
providers under SOC two,government under CMMC or ISO
27,001, those are a littlebetter off because at least
there is a playbook to follow inorder to be compliant, but a lot
of our clients don't have aplaybook. They don't know they
can use the NIST cybersecurityframework and just follow the
best practice and and check theboxes, and you'll be in much
(20:51):
better shape. So it's it's justsad on how we have to constantly
reiterate the importance of whatI consider to be table stakes
security controls, but a lot ofour clients just aren't there.
Lou (21:04):
I think that's one of the biggest secrets in in
cybersecurity is it's actuallyto do it right can be somewhat
boring. It's, brushing andflossing. It's just, you know,
doing the the the small thingsrepeatedly in a structured
manner, and then having a a away to to to find when things
fall out of configuration andthings like that.
Alex (21:25):
I mean, just basics. The basics are email security. Don't
rely on just Microsoft's emailsecurity. You know, get you a
Mimecast or Proofpoint or AdminRoom or something. It's make
sure MFA is turned on for everysingle account.
Make sure you're doingprivileged access for privileged
accounts. Make sure you haveendpoint security on every
(21:45):
single endpoint device. Youknow, these these things are
just table stakes nowadays, andit's no different in our
personal lines. Right? I mean,how many of your family members
still use the same password forall their accounts and don't use
a password manager and have itfrozen their credit?
And, you know, it's it's we dothis in our personalized way,
and we carry that over into ourbusiness lines.
Lou (22:05):
Yeah. Yeah. There's an inverse curve between con
convenience and security,unfortunately. So more
convenience, less security. Youknow, that's just the way it
goes.
But it's funny too becauseyou're talking about I I just to
kinda geek out a little bit onthe more, technical side of of
the security, you know,discussion. And it's not even
(22:25):
that geeky, but with Proofpointand and all of that, those are
great to add for for email. ButMicrosoft, from what I've seen,
actually has gotten, better withits kind of core security
products. Now they put it behinda paywall and stuff, and we can
have that conversation. Butwell, I believe they should
just, you know, let the all thethe companies use it.
But long story short, we sawwhere one, provider had
(22:49):
misconfigured the email, thethis you know, that email
provider that was securityprovider that wrote on top of
Microsoft. And they, actually,Microsoft caught a phishing
email, but then it released itto this other, tool, which then
released it to the user, whichis which then led to,
compromise. So Yeah. I thinkdefinitely I I the the story
(23:12):
there is not to not get emailsecurity, but, yeah, determine
the efficacy of the controls youhave. You know, if it's a
provider, it makes sure that,you know, they've got a good
history of of doing good stuff,but also make sure it's
configured correctly.
You know, how many of of the,breaches and and and things that
you've seen are due tomisconfiguration of actual
(23:34):
security tools that have beenpaid for?
Alex (23:36):
A lot. Yeah. And in the case of email security, a lot of
people don't realize that you'vegotta you've gotta kinda
maintain that daily and weekly.An email security tool is not
something you just turn on orlet go. You know?
You you gotta be looking at thephishing emails coming in, and
if someone reports a phishingemail, you gotta make sure it's
not going to any othermailboxes. Like, there's a lot
(23:58):
of active work that goes intotruly doing that, and especially
in our world, we we focus on SMBmid market, less so the large
enterprise at MicroAge. So inour world, a lot of a lot of our
clients tend to buy a secureemail security product as an
example and set it up once andnot maintain it, and the
configuration can quickly getget inaccurate. Right? So you
(24:21):
gotta maintain all thesesecurity products.
Lou (24:23):
Oh, yeah. And I think that's another mark against the
IT providers sometimes is thatthey have that it's kinda like,
okay. We're gonna sell thestack. Right? It's ConnectWise,
whatever their RMM is, Labtech,you know, Huntress, SentinelOne,
like, you know, insert stackhere, per seat license, maybe do
some work for an hour on it,when they're onboarding the
(24:46):
client, and then set it andforget it.
And to your point, you can'tforget it. You you gotta set it
right the first time, and thenyou have to check it. What
excites you about the future ofcyber?
Alex (24:57):
AI. So it both excites me and Frank's bitty does. Mhmm.
Right? Because on one hand, I'mseeing some amazing use cases
for AI being embedded in a lotof the security products we use
every day.
Vendors that was the number onetheme in Black Hat. Obviously,
two weeks ago, AI. It wasmisused a lot in terms of
(25:19):
marketing, messaging, of course.But there are absolutely a lot
of really cool use cases, forinstance, particularly with SIEM
solutions or XDR solutions,where you can take in and adjust
large amounts of data and use anAI engine to do better
correlation than we've done inthe past, more importantly, to
then write up the remediationplan in real time based on the
(25:42):
particular threat you're seeing.That's a huge step for incident
response.
So I think that there's a lot ofreally amazing things that I'm
excited about there. But at thesame time, I'm I'm watching some
of this malware that's beingwritten by AI now, and written
without as many human error inthe code as a human might make.
(26:04):
And we're seeing ransomwarethat's got polymorphic, and it
can change its skin as it movesaround your network and presumed
to be different types of codeand software so that it's harder
to detect. That part is veryscary, not to mention we used to
have to have humans do pintesting to of find all the
(26:27):
points of infiltration in anetwork, and there were scripts
that could do some veryprescriptive steps to try to log
into a network as if I'm athreat actor. But now with AI,
these these hackers are writingcode that is is trying a
penetration, looking at theresult of ideating on a better
(26:48):
way to try and trying again, Andused to, you would have to
rewrite your script and rerunit, and now I can kinda figure
all this stuff out in real timeon its own, and that's that's
the frightening part.
Lou (26:59):
Yeah. Oh, yeah. Because what that means is the the cost
of that is really low too. It'snot like you need a $200 per
month, you know, subscription tochat GPT for that. You can use a
lot of the free tools out thereto to at least get to better
than a basic level and, youknow, what we used to call
script kitties now that they'reAI kitties, I guess.
(27:23):
And, it's you're right. There'sthat's where the conversation
with these customers with withorganizations that are, not
investing in cyber. To yourpoint, you know, we see this all
the time. The regulatedindustries, have the best,
protection and finance, which isa regulated industry, but they
also have a very directcorrelation between a a breach
(27:44):
and losing, dollars. Some ofthese other companies that
haven't gotten, with the game,we're seeing, like, you know,
not even retail stores, but kindof, you know, services that were
more even blue collar, butlarge, like plumbing
organizations or things likethat that are now realizing that
(28:06):
or even oil and gas, right,that, hey.
We pull, dead, you know, fossilsout of the ground. It's like,
no. No. You've got OT on youroil wells. You're doing all
these these other things thatinvolve technology.
No one can go back to paper.Right? Like, I don't think
there's any
Alex (28:22):
Yeah.
Lou (28:23):
Yeah. There's not one industry that can just say,
okay. If we go down, we'll justgo back to paper. It's it's
almost everything is online now,so pretty crazy. And by the way,
yeah, Black Hat AI slapped oneverything.
I just swooped in for twentyfour hours, and it was pretty
crazy to see right next to eachother. I don't know if you did
(28:45):
the you walked the perimeterbecause I those are the more
interesting ones. Right? That'sthe up and comers and and Yeah.
Yeah.
It was like, two or three AIsuck. I mean, there were
probably 50 of them, but just inone row, you would see two or
three right next to each other,advertising the same thing. It
really, you can tell there's alot of money sloshing around.
Alex (29:06):
Well, yeah, I've got a couple of friends in the VC
community, and I work with a lotof startup CEOs in security as
they're trying to build outtheir go to market and build
channels. And what I've learnedis that at this point, the VCs
won't even give you money if youdon't have an AI angle on your
security product. So I I Iwasn't surprised at all to see
all the AI focus in brandingthere in the, the area that the
(29:31):
show that was focused on all thestartup guys because they they
have to do that to get money.
Lou (29:35):
Yep. Yeah. Makes sense. So, yeah, a personal story. You have
one that demonstrates kind ofhow cybersecurity has had a
direct impact on your life orpeople you know?
Alex (29:48):
Yeah. I mean, I would say one of the more interesting
stories, is is how I kinda cameto learn a lot about cyber and
then how I ended up applying it.I I built a cyber range at t at
Tech Data before it became TUSYNNEX in Phoenix, Arizona. So
it's still to this day, I think,the only cyber range of
(30:10):
distribution. It's a it's aroom, a facility where we can
showcase the power of cyber, andand we would host events there.
Vendors would bring clients inthere. We would do lock pick
villages and teach people how topick locks. We would showcase
different types of security. Wewould demonstrate hacking
exercises. We did facialrecognition hacking.
(30:32):
And then when I built a lightkit on the ceiling so that
anytime we hack something in theroom as part of a demo, the
whole room would turn red. Andpeople would come in from all
over the country and host eventsthere, and it was it was kind of
a destination kind of eventcenter. It was a lot of fun. But
in order to build it, I had tohire a couple of guys who are
(30:53):
very unusual. So I randomly ranacross a guy at a an event he
was speaking at, and I had justmoved to Phoenix, Arizona, and I
heard that there's a speakergonna speak across the other
side of the city over inGoodyear.
So I drove all the way overthere that morning, took me an
hour to get there, just to hearthis guy speak. And and when I
(31:16):
got and sat down, I noticed allthese guys in suits came in and
sat down all over the room. Oneof them sat next to me, and I I
just leaned over and said, hey.I'm Alex. You know, what are you
doing here?
What who are you with? He said,we're with the FBI. And I said,
okay. And what are you doinghere? And he said, well,
honestly, we we learn more aboutthe state of cyber from this
(31:38):
speaker coming up than we dofrom our own cyber team.
So I thought, well, okay. Well,this is gonna be an interesting
presentation. And so this guygets up and speaks, for a little
bit. And afterwards, I went upto talk to him because I had
just been tasked with building acyber range at Tech Data, and I
didn't know where to start. Andthis guy talked about how he had
built a non profit cyber rangethere in the Phoenix area.
(32:01):
And so long story short, he waslooking for a job, and I ended
up hiring him.
Lou (32:06):
Nice.
Alex (32:06):
And he built a range. But what was interesting is I found
out the depth of his, I'll say,experience working with
government agencies over twentyyears doing cyber and all the
the activity he did around theworld related to that. And
what's what's fascinating is, ashe taught me over the next two
(32:28):
or three years, all the behindthe scenes of how cyber really
works, how hackers really think.We we diagnosed a lot of malware
code together, classifyingdifferent attackers. It it was a
fascinating experience.
He brought in two friends of hisfrom his world, I'll just say,
(32:51):
that also built some unique techfor our cyber range that were
really in the middle of actualcybersecurity, not just sellers
of technology, not justimplementers of you know,
installers of of firewalls, butguys who are really battling the
the threat actors in in thefield. And it was fascinating.
(33:13):
So, I got invited to go toRussia, to a conference in
Moscow, for Kaspersky. Theyinvited me to their global
channel event. And so my teamgot so excited about prepping me
for this.
They taught me countersurveillance techniques and all
kinds of things, and then theygave me a burner laptop and a
(33:33):
burner phone. So off I go toMoscow, not knowing what I was
gonna get into. And so I getover there, and, of course, they
took my luggage at the airport,gave it back to me the night I
came home five days later. Oh.So I had to go find clothes for
the week.
They followed us everywhere wewent from the hotel. And a long
(33:54):
story short, they brought theyput malware on my phone, but not
my laptop, and we're prettyconfident it came in through the
hotel network. So when I gothome, my guys are super excited
to to try to investigate all thelatest ransomware or, excuse me,
malware that was on my phone andsee if they knew about it
before, if it had been caught inthe wild or not. And so, you
(34:15):
know, just that whole experienceof working in the cyber range,
getting to work with real cyberspecialists, and and learning
from them. It was justfascinating.
It's probably the most fun I'vehad in my career.
Lou (34:30):
Yeah. That sounds awesome. You know? Building the cyber
range and then being able to dothe budget that you would have
had to to put that together andmake it, you know, super cool.
And then these guys workingwith, people at that level,
that's phenomenal.
Very cool. So and you'repersonally you know, you're in
(34:52):
Alabama, Birmingham?
Alex (34:54):
I am. I'm in Birmingham right now. Moved from Phoenix a
little while ago. Grew up herein Birmingham, but, my company,
Microwave, is based in Phoenix.I'm in Phoenix an awful lot.
Lou (35:05):
Okay. Yeah. This year, special forces is not in
Phoenix, I guess. It's in,Dallas, the Yvon, channel event.
So I don't know if you'll bethere, but would've been easier
in Phoenix, I think, for you.
How'd you get here? It lookslike you've you've had, you
know, technology leadershippositions at pretty significant
(35:29):
companies for most of your life.And so so how'd that lead you
into the to the cyber world?
Alex (35:36):
So I I was computer science background, in college.
I went to Auburn University, andand I went straight from there
to the customer community. Iwent to FedEx to work as a
system administrator and learn,and that's where I really
learned the technical side ofIT, system admin for a whole
bunch of operating systems andnetworking and that kind of
thing. From there, I went to areseller where I learned a lot
(35:58):
about the sales cycle. How doyou sell?
I was a presale solutionarchitect and eventually ran
software development there for awhile and became their CTO. But
when we moved into we sold thecompany actually to Abnet, a
distributor, and at Avnet, theywere looking to invest in in
four new practice areas thatseem to be up and coming in the
(36:21):
market, IoT, cybersecurity, dataanalytic, and mobility. And back
then, those were kind of newerconcepts for distribution.
Customers were really asking alot of questions, and partners
were trying to figure out how dowe sell this stuff. So they came
and asked if someone would bewilling to start a practice at
tech data at AvMed at the timearound cybersecurity?
(36:43):
And I raised my hand, and I waslike, I don't know
cybersecurity. You know, I'vebeen doing cyber for a long time
and on my personal life. Mhmm.And so they gave me a shot to
build a cybersecurity practicethere at Avnet. And later, when
AMNET got acquired by Tick Data,they asked me to run the full
North America cyber business andeventually doable, and it kinda
(37:03):
went from there.
But it it came from a particularleader giving me a chance to to
help them build a business,which is which was really,
really great.
Lou (37:13):
That's awesome. That's really cool. It's a good way to
get into. I think you have to betechnical. Right?
I I don't I don't believe youcan be successful at cyber these
days. You know, at least have along career if you're if you
don't have technical skills.
Alex (37:28):
I agree. Software development in particular is
important to understand howmalware might behave and what
type of security you need todefend against it. And the scary
part about AI is that we arereplacing that great skill set
of software development thatpeople go through as a rite of
passage in IT with AI. And so Ithink about how we're moving
(37:50):
more toward a new role ofsoftware architect where humans
will architect a softwareoffering but probably use AI to
build the modules for it. Butthen over time, am fast forward
eight to ten years, who has theskill to be a software architect
if no one went through theprocess of writing code and
understanding code?
Lou (38:10):
Oh, yeah.
Alex (38:11):
So it's, it'll be an interesting sticky wicket, as
they say. Yeah. We'll figurethat out.
Lou (38:17):
Yeah. We will see. It's a brave new world. We're still
trying to figure out how this AIis gonna impact us. And and in
some ways, I think, you know,humans are not going to be
replaced.
It's just we'll be able to useit as a tool, and those who stop
using it as a tool or don't knowhow, those are the ones that
might be left behind. You know?So, what do you do outside of
(38:38):
work? I know that, you've got apropeller behind you. So
Alex (38:43):
Yeah. Hobby my main hobby is aviation. I have an airplane.
I have a Mooney. It's a 1993Mooney m 20 m bravo.
For any of you Mooney fans outthere, it's a long long body
Mooney, big four six cylinderengine. Can go to 25,000 feet.
Comes with oxygen. Wow. Notpressurized.
(39:05):
Oxygen. It's a traveling plane.So my wife and I like to go on
the weekends. We'll fly indifferent cities and have dinner
and come back. We'll fly to thebeach.
We're from Birmingham quite abit and have to see food. Come
back. We just, I like littlemissions. Most weekends, you'll
find me taking my buddies andtheir kids up.
Lou (39:22):
That's really cool. So you've got a a lot of hours
under your belt?
Alex (39:26):
I've got a little over three hundred hours. I'm
instrument rated. Very It's ahigh performance complex
airplane. Those areclassifications of a of a
license, so it's fun. It's ait's a great hobby.
The reason I love aviation isjust like IT, you can never or
cybersecurity, you you neverstop learning. Right. Every
(39:47):
single night, I'm in bed on myiPad for about an hour watching
a combination of cybersecurityor or aviation videos on
YouTube. Right? Just learningabout the craft.
There's always something more tolearn about an airplane, about
flying, about the rules andregulations, how to be safe. It
(40:08):
it's a never ending journey, andI need that distraction because
otherwise, I would spend all mytime, you know, at work.
Lou (40:14):
Yep. Yeah. That's great. And it's true too. I we had an
earlier episode where we spokeabout how what makes a good
cyber professional, and I thinkdefinitely constant learning.
You know? The the if you're ifyou wanna get into this
industry, that's the best adviceis to to to be someone who
constantly learns. If you'reintimidated by that or, you
(40:36):
know, it's it's it doesn't feelgood to to be confused when you
show up at work, it had nomatter how much you know, then
probably not the right, fieldfor you.
Alex (40:46):
I get a lot of questions. A friend of mine bring their
teenage kids or their collegekid, and they say they wanna get
into security, they wanna get tohim to lunch and figure out what
they should do. And my answer isalways, you need to understand
that cybersecurity is theculmination of multiple
disciplines. You networking. Youneed to study computers and
(41:06):
operating systems.
You need to to study softwaredevelopment, scripting at the
very least with stuff likePython, and then you learn
cybersecurity becausecybersecurity really requires
all those disciplines to be goodat it, and you can do all of
that for free. I'll point peopleto cyberary.it. It's an amazing
free website. It's just tailoredto cybersecurity training.
Lou (41:29):
Oh, yeah.
Alex (41:29):
If you're going after your CompTIA Security plus or your
CISSP, most of the resources youneed can be free and online.
Lou (41:38):
Yeah. Yeah. In including AWS or spitting up
infrastructure somewhere whereyou can test you know, build a
network and test it. You know,you're you're probably a little
bit younger than me, but aroundthe same time frame where you
had to have a rack, you know, avery noisy server in your house
and, you know, to be able andand a bunch of routers and
(41:59):
switches to be able to play withthis stuff. And now you can do
it online for you know, withfree, free credits here with
AWS.
So there's no excuse.
Alex (42:06):
The only difference is I could, I could get equipment
donated from lots of places. Atone point, I had Yeah. 10
servers in my house in Iraq, andI had dedicated PowerRun to my
office and the house. And soonce you buy, you kinda have it
all, but you're with cloud, yougotta pay
Lou (42:23):
Yeah.
Alex (42:24):
Regularly. Or it can be a little more expensive nowadays,
but you have access to bettertech nowadays because I was
running old AIX servers andSolaris servers and Oh, yeah.
Lou (42:33):
You know? Oh, yeah. And then also if you, you have a
wife, or a partner, they're notgonna they don't they don't
suffer that very long.
Alex (42:42):
Right. Noise.
Lou (42:44):
Yeah. The noise and the heat. Yeah. So so, Alex, where
can people find you?
Alex (42:49):
I have a YouTube channel.
Lou (42:50):
Okay.
Alex (42:51):
So my YouTube channel is cybersecurity deciphered, d e c
y p h, And I post content outthere regularly. Lately, what
I've been doing for Microwage, Istarted doing it just internally
for our reps, but I publishthese on LinkedIn and my YouTube
channel every month. I release avideo I call the CyberByte
(43:11):
video, Byte as in b y t e.They're short. They're ten
minutes.
They're on one topic, like whatis, zero trust, or I talk about
the difference in the EDR, MDR,and XDR in video. So each video
is one topic around cyber.They're ten minutes. They're
easy to consume, and then mymarketing team cuts them up into
(43:34):
shorts, you know, and puts themon LinkedIn throughout the
month. So follow me on LinkedIn,and you'll check out my
CyberByte videos.
Lou (43:41):
That's awesome, and we'll put the, the link in in, any of
the places that you find thispodcast. So thank you, Alex
Ryals. Thanks to those that arealso watching or and or
listening. If you learnedsomething today or laughed,
please tell someone about thispodcast. Thanks again, Alex, and
(44:01):
this has been another excitingepisode of Channel Security
Secrets.
We'll see you the next time.That's a wrap for this episode
of Channel Security Secrets.Thanks for tuning in. For show
notes, guest info, and moreepisodes, visit us at
channelsecuritysecrets.com.Channel Security Secrets is
sponsored by Cyber DefenseGroup.
When it comes to protecting yourbusiness, don't settle for
(44:24):
reactive. Partner with expertswho build resilience from the
ground up.
Welcome to Channel Security Secrets. I'm Lou Raban. On this
show, we expose the untoldsecrets and critical insights
from the people shaping thefuture of cybersecurity sales in
the trusted adviser channel. Ifyou're looking to up your game
around selling security, stickaround. Channel Security Secrets
is brought to you by CyberDefense Group on a mission to
shift cybersecurity fromreactive to resilient.
(00:38):
I cannot wait to speak withtoday's guest. He's a channel
leader, CISO, main stagespeaker, and solutions innovator
with more than twenty years ofexperience in technology. At TD
Cynix, he drove global sales ofsolutions from 250 plus
cybersecurity vendors to morethan 20,000 channel partners
worldwide. He currently leads ateam of cybersecurity solutions
(01:02):
engineers and oversees strategicpartnerships with top industry
vendors. He's the chiefinformation security officer at
MicroAge.
Alex Ryals, welcome to the show.
Alex (01:12):
Thank you. Really good to be here, Lou.
Lou (01:15):
So so, Alex, what's what's the biggest secret to your
success in the channel andsecurity in general?
Alex (01:22):
Well, I think out of all the years, I've been at a
vendor. Customer, I've been at apartner, I've been at a
distributor, I think what I'velearned is that the secret to a
reseller service providerbuilding a security practice is
to align your security solutionsthat you sell with the skills of
(01:43):
the sales reps who are going tosell it. Too many times I've
seen those be at odds, thosegoals, and I've seen, resellers
and service providers struggleto grow their revenue around
security. So the secret is makesure you're not selling
something that your sales teamis incapable of selling.
Lou (02:03):
That's an interesting point because I think in the channel,
what we're seeing is a lot of alot of sellers that are new to
security. So how that thatadvice wouldn't totally gel with
someone that hasn't soldsecurity before. So what do you
say to a trusted adviser that,you know, maybe sold Bandwidth
or telecom, and now they wannaget into selling security?
Alex (02:25):
So to answer that question, me tell you a quick
story. I spent about twelveyears in distribution at Abnet,
and then later, they got boughtby Tech Tech Data merged with
SYNNEX to create TD SYNNEX. Andat Tech Data and TD SYNNEX, I
ran the global cybersecuritybusiness there. And one of the
programs I launched for thebenefit of our trusted advisers
(02:48):
and our TAs is is a practicebuilder program specifically for
security. To address the exactquestion you're asking, we had a
lot of partners.
I had 20,000 partners that wouldbuy some type of cybersecurity
from us throughout the year. Andso many of them were pivoting
from other disciplines. Theymight have been a network TA or
(03:09):
they might have focused onserver or storage or something
else, some type of service. Theywanted to sell cybersecurity.
They didn't know how to do it.
So our Practice Builder programwas a multi step process that
went through a series of weekswith each one of our partners to
help them think about,rationalize, you know, how to
build a security practice. Youknow, what's really interesting
(03:30):
is we found a couple of thingsthat I think are important As we
went and spent days in roomswith these guys trying to build
business plans, we we figuredout that, number one, a lot of
the partners that had startedpractices, like, a year before
and just weren't growing weren'tsuccessful. The reason was the
(03:51):
very secret I just talked about.They had come from a network or
storage partner. That's allthey've sold for years.
Their sales team they hired knewhow to sell storage, but yet
they had picked, like, sellingSIEM solutions like Splunk or
Arctic well, excuse me, Splunkor Microsoft Sentinel as a SIEM
(04:11):
solution. The sales reps justsimply didn't know how to how to
talk about that. Right? So oncewe aligned the security be
network security or in the caseof storage vendors, data
security, then it all seemed tofall into place. But some of the
other things we learned fromthis exercise in this program
was, don't pick too manyservices or too many vendors to
(04:33):
partner with right away.
You know, get get some feetunder you. Pick a couple of
vendors that align to your salesteam. Pick a couple of vendors
that have good, solid channelprograms. They all are not the
same. We could talk about thatmore if we want to, but, we also
figured out that the servicesyou pick, you know, pick one or
two services to start, make sureyou're really good at them, and
(04:56):
dial them in so that you candelight your customers with
those services around security.
And too too many many providerswe were working with seemed to
want to pick five, six, seven,eight services and 10 to 20
vendors, and when you'restarting out, that just gets too
overwhelming, and you can't begood at anything. So that's kind
of the summary of this multiyearexercise we did with our
(05:20):
security practice program.
Lou (05:21):
Yeah. There's a lot of wisdom and and probably some
definitely some pain behind thatas well where you had to figure
that out. So you talked aboutthe channel. Yeah. You know,
maybe speaking about what's agood channel program look like
then for some of these vendors?
Alex (05:37):
You know, spent an awful lot of time in distribution
educating our vendors on exactlythat question. It's funny how
many vendors misunderstand therole of distribution and the
role of building a channel.Startups in particular, they get
their VC funding, and they theycome straight to a distributor
and think that's where thepartners are, the resellers. And
so if I just sign with them,I'll be okay. Unfortunately, it
(05:59):
doesn't work quite that way.
So what what I would the adviceI always gave, ISVs that were
starting up or, big enough tofinally start thinking about
channel is number one, you needfour things. But number one, you
need a partner program with aguide that explicitly lays out
what the rules of engagementare. So what's the protected
(06:21):
margin for the reseller orservice provider, that's gonna
sell your technology? You needthat partner program to be on a
partner portal. That's numbertwo.
So resellers and serviceproviders, the channel wants
self-service. Right? So, theyhave to be self-service with a
partner portal. You need dealregistration on that partner
(06:43):
portal so that if I have anopportunity, I can bring it to
my ISV, and I can tell themabout it and protect myself so
no one else can come in andscoop a deal. Right?
If I'm first in, I get thehighest discount in theory. And
fourth, these vendors have tohave self-service education and
training. It's if you expectpeople to go to training classes
(07:04):
you offer once a quarter orclasses you offer online, it's
just not gonna work for mostresellers and service providers.
They don't have the bandwidth.Me at Microwage, I have 75
secondurity vendors we dobusiness with regularly.
I can't possibly schedule myteam to go to training for all
of them. Right? But if it'sself-service, a lot of these
guys are taking training atnight, on the weekends, laying
(07:25):
in bed with their iPads. So ifit's self-service, we can make
it work. So partner portal,clear partner program with clear
rules of engagement and rules ofhow to make money, deal
registration, and, andself-service training.
Those are the the advice I giveISVs as they're building up a
channel.
Lou (07:41):
Yeah. I'm taking notes on this because we, we we only have
a couple of those, and I thinkespecially the self-service. We
we always feel like, hey. If wedo it in person and and or at
least, you know, jump on a call.But to your point, I mean,
everyone's too busy, especiallyduring the day.
They they should be out therehaving meetings and stuff trying
to get revenue through the doorand deals through the door
(08:02):
versus listening to training foran hour or half an hour. So I'm
taking that advice back to theteam to do that. What about,
like, an individual TA? Youknow, there's some a lot this
channel has a lot of smaller TAshops that that don't have, you
know, 70 sellers or a plus,etcetera. What about the the
(08:23):
people that wanna make thattransition?
I I guess from your advice, theywould definitely get enabled
through the channel the thevendor's channel program and
maybe some of the enablementthat they're doing. What about
when they're having theconversation and security starts
coming up? The other thing yousaid, which is really relevant,
is don't try to boil the oceans.Right? Like, don't try to do
(08:45):
eight, ten vendors when you'venever even really sold security.
So what do you think an easystarter, service is for
security? And then, you know,how can they start to have those
conversations?
Alex (08:57):
Yeah. So there's a couple of things that come to mind.
First of all, make sure youstart getting involved in your
local security interest group.Most cities have local interest
groups around security where youcan be around like minded
people, and you can kinda startto figure out which area of
security might be good for you.They bring in presenters all the
time.
I go present at a lot of thesearound the country, and they're
(09:19):
really great environments foryou to fine tune your strategy
just by seeing what other peopleare talking about, like minded
peers, right, so that's onethought. Another thought is
leverage your distributor. Ifyou're a service provider
reseller, if, you know, ifyou're going to market with an
Avant type of aggregator or a TDSYNNEX type of legacy
distributor, they all haveamazing resources, training
(09:44):
around security. They've gotconnections into a lot of the
vendors and suppliers and helpyou think about which ones might
be good to build relationshipswith. They're the ones who have
all the good dirt on on whichvendors have the best margin
beneficial programs.
Right? So you don't wanna wasteyour time with someone who you
you're not gonna make a lot ofmoney with. So use your, you
(10:08):
know, your your AVANCE of theworld, your your TDSN Xs, Ingram
micros of the world in order toto give you a leg up because
they've got tons of programs andresources that are generally
free that you can leverage. Theother thing is go to the big
security conferences. I was justat Black Hat two weeks ago.
You know, we can talk the wholepodcast about Black Hat, but, so
(10:30):
many great opportunities tolearn from that community, not
only in sessions, but justmeeting the vendors in person.
You get a rapid fireunderstanding of who does what
and and things just as I walkthrough the showroom at RSA or
Black Hat, the thought comes tomind of, oh, I bet this solution
will be good for this client ofmine.
Lou (10:49):
Right.
Alex (10:50):
Or, hey. I've never had this thought before. I didn't
even know this technologyexisted. Maybe that's someone I
should reach out to after theshow. So, those are a couple of
things that come to mind thathelp me figure out not only
which technologies to sell, butalso which services to invest
in.
And we can go down and chatabout services more if you'd
like as well.
Lou (11:07):
Yeah. For sure. But I I love this advice about going to
Black Hat or RSA because oftenthe vendors will get you'll get
free passes. It's not really amatter of even trying to get in.
So it's like if you can get toVegas or San Francisco for those
conferences and you can find aplace to say that might be a
challenge to bring on whereyou're staying.
When you get there, those, youknow, you saw it. The sellers
(11:30):
are so hungry to speak toanyone. You know, it's they'll
they'll scan your tag, and thenthey'll they'll give you a free
education on security. So I Ilove that advice, and it's it's
it's really a good idea. And forthe seller or for the services,
I'm sorry, the the like, yeah.
The services that they can getinto. I mean, MDR is kind of a
(11:53):
table stakes kind of thing. Doyou do you think like, what are
some of the things that you youfeel a a trusted adviser could
sell day one that they wouldn'thave to understand too much
about?
Alex (12:04):
Yeah. If you're day one, my recommendation would be build
a network of third party serviceproviders that you can resell.
Mhmm. Because you're not gonna,on day one, have the skills,
morale, the people, theresources, the funding to build
an MDR, you know, capability, aSOC as a service capability,
your own pin testing team. Youknow?
(12:25):
So spend your time firstbuilding up a network of
providers that can deliver thosethings for you, and you become
the front end of that with yourclient. You leverage your client
relationships and all of yourhistorical accounts, and you can
go in and sell MDR day one as anexample. And whether you're
selling CrowdStrike or or Rackinseven or, you know, there's so
(12:49):
many Arctic Wolf. There's somany examples. You can you can
just sell someone else's stuff,and then you could figure out
value add you can provide aroundit.
For instance, maybe you do a gapassessment before you sell the
NDR service. Help gap someone tothe NIST cybersecurity framework
as an example. Not terribly hardto do that. Does it take a lot
(13:11):
of resources? And your output ofthe gap assessment could be,
hey, we noticed you don't have aSOC as a service.
You need to think about MDR, andhere's a couple of vendors we
should set up demos for you, andwe'll find a solution that
works. So starting there, andthen pin testing is another
great example. Everybody needsto do pin tests every year to
(13:31):
stay compliant with their cyberinsurance. So you may not have
the team to do that internallyjust yet, but I mean, I could
probably list 10 off the top ofmy head, you know, people that
do that, that you could goresell and build some
credibility momentum. And thenonce you figure out what your
client base tends to buy, maybethat's the area you invest in
hiring your own people andbuilding it out yourself so you
(13:52):
can keep a little more of themargin.
Lou (13:54):
Yeah. Yeah. That's great advice. And why? Why should they
sell security?
What we've seen in the trustedadvisor channel is that they are
used to maybe UCaaS, CCaaS, someof the other solutions,
bandwidth, stuff like that. Sosome of them are just like, Hey,
security may be the next bigthing, but I'm not sure I want
(14:16):
to get into it because it's amore complex sale. So what are
your thoughts on that?
Alex (14:20):
Security can be a more complex sale, but it doesn't
have to be. What I tell myclient, my sales team, is that
every single customer youapproach, I don't care who they
are, they're all struggling witha couple of challenges. Number
one, they know that is thattheir cyber risk is increasing
(14:41):
daily. The threat actors aregetting smarter. They're using
AI to write malware now and to,purposefully mask themselves so
they can get around traditionalsecurity measures.
So clients all know that they'refacing a really challenging
battle. The second thing theyknow is they've all got too many
security tools today. Theaverage SMB customer has
(15:03):
somewhere between fifteen andtwenty secondurity tools. A mid
sized customer has somewherebetween twenty and forty five
secondurity products. Anenterprise customer can have
upwards of 75 unique securitytools.
Yep. So they're all facing thisreal challenge of how do I
integrate them? How do I makesense of them? Is it possible to
consolidate to a platformapproach? And the third thing
(15:24):
that every single client we talkto is going to face is they
can't find enough securitypeople to help them figure out
the first two.
Right? So there is a massivesecurity shortage of skilled
resources here in The US andglobally, actually. So even
though customers want to do morearound security, they can't find
(15:46):
people who know enough about thetopic, so they tend to use IT
people
Lou (15:51):
Right.
Alex (15:51):
As security experts. And, unfortunately, what I found in
my career, having managed stocksand I built a cyber range at
Tech Nuda, One of thefascinating outcomes of all that
was IT people don't make greatcybersecurity experts. And the
reason is because IT peoplethink very structured. We're
very logical thinkers. We'retypically programmers.
Right? If this, then that. Butcybersecurity requires a
(16:16):
nonlinear thinker. Hackers aretypically somewhere on an autism
scale slightly because they theythink of solutions that are hard
to think about. They'reconstantly ideating on
fascinating new ways to hackinto your environment, and so
security researchers also arebest if they come from the arts,
(16:38):
liberal arts in particular.
If you're an artist, if you're amusician, that makes great
cybersecurity people becausethey think nonlinearly, and they
expect the unexpected. They'renot expecting that a hacker's
gonna follow the instructionmanual for how to compromise
Palo Alto firewalls. They'regonna think outside the box. And
so, you know, these kinds ofthings are are some of the
(17:00):
things that I've learned, youknow, just along the way.
Lou (17:02):
Yeah. That's brilliant, and I totally, you know, relevant as
well, coming from someone withan arts background, which is
where I got my degree. But the,the other thing about IT people
that I noticed, is that they'realso technology focused. Right?
Obviously, that's the wholepoint.
But, it's gotta be people inprocess too, and I think that's
(17:25):
the part that they kinda skipsometimes and, or or just don't
have the experience for. So wewe we are constantly having that
battle where it's like, yeah.Your IT guy can do it. He's
already got enough to do or yourIT team. However, you know, to
your point, they're not the bestplace for this.
And also there's always atension, right, between the
(17:46):
cyber, team and the and the ITteam depending on the size of
the company. So, yeah, we we'vefound we've done a bunch of,
incident responses where we'veseen the IT team has actually
created the incidentunfortunately. Usually an
outsourced MSP that's maybesharing passwords across clients
or there's because they're onlyhired for a small scope or a
(18:08):
certain scope, they're notpatching certain devices like
firewalls and things like that.You know, they're only
responsible for the endpoints,whoever M365 is installed on. So
it leads to some real problems.
And, I think that, luckily, youmight be seeing this as well.
The the industry is kind ofevolving past that, but they
(18:30):
don't really have a choicesometimes either depending on
the size of the company. So,what what's a challenge that you
and and the team at MicroAgehave have had to solve recently
around security?
Alex (18:42):
A challenge we've had to solve around security. So, I
would say part of it is helpingclients recover from ransomware
attacks. It's always a challengebecause they're not always the
same. We've got a big saleskickoff is actually this week
(19:03):
later this week in Phoenix, andI'm doing a main stage. And at
the end of my main stagepresentation, I'm telling a
story about a particular clientthat, they got hit with, IKEA
ransomware.
And, you know, that's aransomware as a service, as you
might know. And and so hackersjust pay a certain monthly fee
and get access to this platformthat can send out attacks and
(19:26):
multiple variants of ransomware,and then they can check-in after
work, you know, to see ifanybody got on the hook from the
phishing email or something thatgot got attacked. This
particular customer, you know,got a ransomware variant, and
this variant of ransomwaretypically is a double extortion
variant of ransomware. So youmight pay the ransom to get you
the decryption key, but thenthey tell you they exfiltrated
(19:48):
your data too, and now they'regonna put it public if you don't
pay it again. So, you know, justthat that was a really unique
scenario to walk through withour client and figure out how to
help them.
They did not have a lot ofsecurity in this particular
example. We ended up sellingthem a bunch of firewalls and
resegmented their network andsold them our managed MDR
(20:09):
service to help them out. But Ifind it's a challenge. Customer
we talk to is in a differentstate because they all have
different levels of securitydeployed. Some take it more
seriously than others.
I find that companies that areunder some sort of regulation,
healthcare under HIPAA, retailunder PCI, managed service
(20:30):
providers under SOC two,government under CMMC or ISO
27,001, those are a littlebetter off because at least
there is a playbook to follow inorder to be compliant, but a lot
of our clients don't have aplaybook. They don't know they
can use the NIST cybersecurityframework and just follow the
best practice and and check theboxes, and you'll be in much
(20:51):
better shape. So it's it's justsad on how we have to constantly
reiterate the importance of whatI consider to be table stakes
security controls, but a lot ofour clients just aren't there.
Lou (21:04):
I think that's one of the biggest secrets in in
cybersecurity is it's actuallyto do it right can be somewhat
boring. It's, brushing andflossing. It's just, you know,
doing the the the small thingsrepeatedly in a structured
manner, and then having a a away to to to find when things
fall out of configuration andthings like that.
Alex (21:25):
I mean, just basics. The basics are email security. Don't
rely on just Microsoft's emailsecurity. You know, get you a
Mimecast or Proofpoint or AdminRoom or something. It's make
sure MFA is turned on for everysingle account.
Make sure you're doingprivileged access for privileged
accounts. Make sure you haveendpoint security on every
(21:45):
single endpoint device. Youknow, these these things are
just table stakes nowadays, andit's no different in our
personal lines. Right? I mean,how many of your family members
still use the same password forall their accounts and don't use
a password manager and have itfrozen their credit?
And, you know, it's it's we dothis in our personalized way,
and we carry that over into ourbusiness lines.
Lou (22:05):
Yeah. Yeah. There's an inverse curve between con
convenience and security,unfortunately. So more
convenience, less security. Youknow, that's just the way it
goes.
But it's funny too becauseyou're talking about I I just to
kinda geek out a little bit onthe more, technical side of of
the security, you know,discussion. And it's not even
(22:25):
that geeky, but with Proofpointand and all of that, those are
great to add for for email. ButMicrosoft, from what I've seen,
actually has gotten, better withits kind of core security
products. Now they put it behinda paywall and stuff, and we can
have that conversation. Butwell, I believe they should
just, you know, let the all thethe companies use it.
But long story short, we sawwhere one, provider had
(22:49):
misconfigured the email, thethis you know, that email
provider that was securityprovider that wrote on top of
Microsoft. And they, actually,Microsoft caught a phishing
email, but then it released itto this other, tool, which then
released it to the user, whichis which then led to,
compromise. So Yeah. I thinkdefinitely I I the the story
(23:12):
there is not to not get emailsecurity, but, yeah, determine
the efficacy of the controls youhave. You know, if it's a
provider, it makes sure that,you know, they've got a good
history of of doing good stuff,but also make sure it's
configured correctly.
You know, how many of of the,breaches and and and things that
you've seen are due tomisconfiguration of actual
(23:34):
security tools that have beenpaid for?
Alex (23:36):
A lot. Yeah. And in the case of email security, a lot of
people don't realize that you'vegotta you've gotta kinda
maintain that daily and weekly.An email security tool is not
something you just turn on orlet go. You know?
You you gotta be looking at thephishing emails coming in, and
if someone reports a phishingemail, you gotta make sure it's
not going to any othermailboxes. Like, there's a lot
(23:58):
of active work that goes intotruly doing that, and especially
in our world, we we focus on SMBmid market, less so the large
enterprise at MicroAge. So inour world, a lot of a lot of our
clients tend to buy a secureemail security product as an
example and set it up once andnot maintain it, and the
configuration can quickly getget inaccurate. Right? So you
(24:21):
gotta maintain all thesesecurity products.
Lou (24:23):
Oh, yeah. And I think that's another mark against the
IT providers sometimes is thatthey have that it's kinda like,
okay. We're gonna sell thestack. Right? It's ConnectWise,
whatever their RMM is, Labtech,you know, Huntress, SentinelOne,
like, you know, insert stackhere, per seat license, maybe do
some work for an hour on it,when they're onboarding the
(24:46):
client, and then set it andforget it.
And to your point, you can'tforget it. You you gotta set it
right the first time, and thenyou have to check it. What
excites you about the future ofcyber?
Alex (24:57):
AI. So it both excites me and Frank's bitty does. Mhmm.
Right? Because on one hand, I'mseeing some amazing use cases
for AI being embedded in a lotof the security products we use
every day.
Vendors that was the number onetheme in Black Hat. Obviously,
two weeks ago, AI. It wasmisused a lot in terms of
(25:19):
marketing, messaging, of course.But there are absolutely a lot
of really cool use cases, forinstance, particularly with SIEM
solutions or XDR solutions,where you can take in and adjust
large amounts of data and use anAI engine to do better
correlation than we've done inthe past, more importantly, to
then write up the remediationplan in real time based on the
(25:42):
particular threat you're seeing.That's a huge step for incident
response.
So I think that there's a lot ofreally amazing things that I'm
excited about there. But at thesame time, I'm I'm watching some
of this malware that's beingwritten by AI now, and written
without as many human error inthe code as a human might make.
(26:04):
And we're seeing ransomwarethat's got polymorphic, and it
can change its skin as it movesaround your network and presumed
to be different types of codeand software so that it's harder
to detect. That part is veryscary, not to mention we used to
have to have humans do pintesting to of find all the
(26:27):
points of infiltration in anetwork, and there were scripts
that could do some veryprescriptive steps to try to log
into a network as if I'm athreat actor. But now with AI,
these these hackers are writingcode that is is trying a
penetration, looking at theresult of ideating on a better
(26:48):
way to try and trying again, Andused to, you would have to
rewrite your script and rerunit, and now I can kinda figure
all this stuff out in real timeon its own, and that's that's
the frightening part.
Lou (26:59):
Yeah. Oh, yeah. Because what that means is the the cost
of that is really low too. It'snot like you need a $200 per
month, you know, subscription tochat GPT for that. You can use a
lot of the free tools out thereto to at least get to better
than a basic level and, youknow, what we used to call
script kitties now that they'reAI kitties, I guess.
(27:23):
And, it's you're right. There'sthat's where the conversation
with these customers with withorganizations that are, not
investing in cyber. To yourpoint, you know, we see this all
the time. The regulatedindustries, have the best,
protection and finance, which isa regulated industry, but they
also have a very directcorrelation between a a breach
(27:44):
and losing, dollars. Some ofthese other companies that
haven't gotten, with the game,we're seeing, like, you know,
not even retail stores, but kindof, you know, services that were
more even blue collar, butlarge, like plumbing
organizations or things likethat that are now realizing that
(28:06):
or even oil and gas, right,that, hey.
We pull, dead, you know, fossilsout of the ground. It's like,
no. No. You've got OT on youroil wells. You're doing all
these these other things thatinvolve technology.
No one can go back to paper.Right? Like, I don't think
there's any
Alex (28:22):
Yeah.
Lou (28:23):
Yeah. There's not one industry that can just say,
okay. If we go down, we'll justgo back to paper. It's it's
almost everything is online now,so pretty crazy. And by the way,
yeah, Black Hat AI slapped oneverything.
I just swooped in for twentyfour hours, and it was pretty
crazy to see right next to eachother. I don't know if you did
(28:45):
the you walked the perimeterbecause I those are the more
interesting ones. Right? That'sthe up and comers and and Yeah.
Yeah.
It was like, two or three AIsuck. I mean, there were
probably 50 of them, but just inone row, you would see two or
three right next to each other,advertising the same thing. It
really, you can tell there's alot of money sloshing around.
Alex (29:06):
Well, yeah, I've got a couple of friends in the VC
community, and I work with a lotof startup CEOs in security as
they're trying to build outtheir go to market and build
channels. And what I've learnedis that at this point, the VCs
won't even give you money if youdon't have an AI angle on your
security product. So I I Iwasn't surprised at all to see
all the AI focus in brandingthere in the, the area that the
(29:31):
show that was focused on all thestartup guys because they they
have to do that to get money.
Lou (29:35):
Yep. Yeah. Makes sense. So, yeah, a personal story. You have
one that demonstrates kind ofhow cybersecurity has had a
direct impact on your life orpeople you know?
Alex (29:48):
Yeah. I mean, I would say one of the more interesting
stories, is is how I kinda cameto learn a lot about cyber and
then how I ended up applying it.I I built a cyber range at t at
Tech Data before it became TUSYNNEX in Phoenix, Arizona. So
it's still to this day, I think,the only cyber range of
(30:10):
distribution. It's a it's aroom, a facility where we can
showcase the power of cyber, andand we would host events there.
Vendors would bring clients inthere. We would do lock pick
villages and teach people how topick locks. We would showcase
different types of security. Wewould demonstrate hacking
exercises. We did facialrecognition hacking.
(30:32):
And then when I built a lightkit on the ceiling so that
anytime we hack something in theroom as part of a demo, the
whole room would turn red. Andpeople would come in from all
over the country and host eventsthere, and it was it was kind of
a destination kind of eventcenter. It was a lot of fun. But
in order to build it, I had tohire a couple of guys who are
(30:53):
very unusual. So I randomly ranacross a guy at a an event he
was speaking at, and I had justmoved to Phoenix, Arizona, and I
heard that there's a speakergonna speak across the other
side of the city over inGoodyear.
So I drove all the way overthere that morning, took me an
hour to get there, just to hearthis guy speak. And and when I
(31:16):
got and sat down, I noticed allthese guys in suits came in and
sat down all over the room. Oneof them sat next to me, and I I
just leaned over and said, hey.I'm Alex. You know, what are you
doing here?
What who are you with? He said,we're with the FBI. And I said,
okay. And what are you doinghere? And he said, well,
honestly, we we learn more aboutthe state of cyber from this
(31:38):
speaker coming up than we dofrom our own cyber team.
So I thought, well, okay. Well,this is gonna be an interesting
presentation. And so this guygets up and speaks, for a little
bit. And afterwards, I went upto talk to him because I had
just been tasked with building acyber range at Tech Data, and I
didn't know where to start. Andthis guy talked about how he had
built a non profit cyber rangethere in the Phoenix area.
(32:01):
And so long story short, he waslooking for a job, and I ended
up hiring him.
Lou (32:06):
Nice.
Alex (32:06):
And he built a range. But what was interesting is I found
out the depth of his, I'll say,experience working with
government agencies over twentyyears doing cyber and all the
the activity he did around theworld related to that. And
what's what's fascinating is, ashe taught me over the next two
(32:28):
or three years, all the behindthe scenes of how cyber really
works, how hackers really think.We we diagnosed a lot of malware
code together, classifyingdifferent attackers. It it was a
fascinating experience.
He brought in two friends of hisfrom his world, I'll just say,
(32:51):
that also built some unique techfor our cyber range that were
really in the middle of actualcybersecurity, not just sellers
of technology, not justimplementers of you know,
installers of of firewalls, butguys who are really battling the
the threat actors in in thefield. And it was fascinating.
(33:13):
So, I got invited to go toRussia, to a conference in
Moscow, for Kaspersky. Theyinvited me to their global
channel event. And so my teamgot so excited about prepping me
for this.
They taught me countersurveillance techniques and all
kinds of things, and then theygave me a burner laptop and a
(33:33):
burner phone. So off I go toMoscow, not knowing what I was
gonna get into. And so I getover there, and, of course, they
took my luggage at the airport,gave it back to me the night I
came home five days later. Oh.So I had to go find clothes for
the week.
They followed us everywhere wewent from the hotel. And a long
(33:54):
story short, they brought theyput malware on my phone, but not
my laptop, and we're prettyconfident it came in through the
hotel network. So when I gothome, my guys are super excited
to to try to investigate all thelatest ransomware or, excuse me,
malware that was on my phone andsee if they knew about it
before, if it had been caught inthe wild or not. And so, you
(34:15):
know, just that whole experienceof working in the cyber range,
getting to work with real cyberspecialists, and and learning
from them. It was justfascinating.
It's probably the most fun I'vehad in my career.
Lou (34:30):
Yeah. That sounds awesome. You know? Building the cyber
range and then being able to dothe budget that you would have
had to to put that together andmake it, you know, super cool.
And then these guys workingwith, people at that level,
that's phenomenal.
Very cool. So and you'repersonally you know, you're in
(34:52):
Alabama, Birmingham?
Alex (34:54):
I am. I'm in Birmingham right now. Moved from Phoenix a
little while ago. Grew up herein Birmingham, but, my company,
Microwave, is based in Phoenix.I'm in Phoenix an awful lot.
Lou (35:05):
Okay. Yeah. This year, special forces is not in
Phoenix, I guess. It's in,Dallas, the Yvon, channel event.
So I don't know if you'll bethere, but would've been easier
in Phoenix, I think, for you.
How'd you get here? It lookslike you've you've had, you
know, technology leadershippositions at pretty significant
(35:29):
companies for most of your life.And so so how'd that lead you
into the to the cyber world?
Alex (35:36):
So I I was computer science background, in college.
I went to Auburn University, andand I went straight from there
to the customer community. Iwent to FedEx to work as a
system administrator and learn,and that's where I really
learned the technical side ofIT, system admin for a whole
bunch of operating systems andnetworking and that kind of
thing. From there, I went to areseller where I learned a lot
(35:58):
about the sales cycle. How doyou sell?
I was a presale solutionarchitect and eventually ran
software development there for awhile and became their CTO. But
when we moved into we sold thecompany actually to Abnet, a
distributor, and at Avnet, theywere looking to invest in in
four new practice areas thatseem to be up and coming in the
(36:21):
market, IoT, cybersecurity, dataanalytic, and mobility. And back
then, those were kind of newerconcepts for distribution.
Customers were really asking alot of questions, and partners
were trying to figure out how dowe sell this stuff. So they came
and asked if someone would bewilling to start a practice at
tech data at AvMed at the timearound cybersecurity?
(36:43):
And I raised my hand, and I waslike, I don't know
cybersecurity. You know, I'vebeen doing cyber for a long time
and on my personal life. Mhmm.And so they gave me a shot to
build a cybersecurity practicethere at Avnet. And later, when
AMNET got acquired by Tick Data,they asked me to run the full
North America cyber business andeventually doable, and it kinda
(37:03):
went from there.
But it it came from a particularleader giving me a chance to to
help them build a business,which is which was really,
really great.
Lou (37:13):
That's awesome. That's really cool. It's a good way to
get into. I think you have to betechnical. Right?
I I don't I don't believe youcan be successful at cyber these
days. You know, at least have along career if you're if you
don't have technical skills.
Alex (37:28):
I agree. Software development in particular is
important to understand howmalware might behave and what
type of security you need todefend against it. And the scary
part about AI is that we arereplacing that great skill set
of software development thatpeople go through as a rite of
passage in IT with AI. And so Ithink about how we're moving
(37:50):
more toward a new role ofsoftware architect where humans
will architect a softwareoffering but probably use AI to
build the modules for it. Butthen over time, am fast forward
eight to ten years, who has theskill to be a software architect
if no one went through theprocess of writing code and
understanding code?
Lou (38:10):
Oh, yeah.
Alex (38:11):
So it's, it'll be an interesting sticky wicket, as
they say. Yeah. We'll figurethat out.
Lou (38:17):
Yeah. We will see. It's a brave new world. We're still
trying to figure out how this AIis gonna impact us. And and in
some ways, I think, you know,humans are not going to be
replaced.
It's just we'll be able to useit as a tool, and those who stop
using it as a tool or don't knowhow, those are the ones that
might be left behind. You know?So, what do you do outside of
(38:38):
work? I know that, you've got apropeller behind you. So
Alex (38:43):
Yeah. Hobby my main hobby is aviation. I have an airplane.
I have a Mooney. It's a 1993Mooney m 20 m bravo.
For any of you Mooney fans outthere, it's a long long body
Mooney, big four six cylinderengine. Can go to 25,000 feet.
Comes with oxygen. Wow. Notpressurized.
(39:05):
Oxygen. It's a traveling plane.So my wife and I like to go on
the weekends. We'll fly indifferent cities and have dinner
and come back. We'll fly to thebeach.
We're from Birmingham quite abit and have to see food. Come
back. We just, I like littlemissions. Most weekends, you'll
find me taking my buddies andtheir kids up.
Lou (39:22):
That's really cool. So you've got a a lot of hours
under your belt?
Alex (39:26):
I've got a little over three hundred hours. I'm
instrument rated. Very It's ahigh performance complex
airplane. Those areclassifications of a of a
license, so it's fun. It's ait's a great hobby.
The reason I love aviation isjust like IT, you can never or
cybersecurity, you you neverstop learning. Right. Every
(39:47):
single night, I'm in bed on myiPad for about an hour watching
a combination of cybersecurityor or aviation videos on
YouTube. Right? Just learningabout the craft.
There's always something more tolearn about an airplane, about
flying, about the rules andregulations, how to be safe. It
(40:08):
it's a never ending journey, andI need that distraction because
otherwise, I would spend all mytime, you know, at work.
Lou (40:14):
Yep. Yeah. That's great. And it's true too. I we had an
earlier episode where we spokeabout how what makes a good
cyber professional, and I thinkdefinitely constant learning.
You know? The the if you're ifyou wanna get into this
industry, that's the best adviceis to to to be someone who
constantly learns. If you'reintimidated by that or, you
(40:36):
know, it's it's it doesn't feelgood to to be confused when you
show up at work, it had nomatter how much you know, then
probably not the right, fieldfor you.
Alex (40:46):
I get a lot of questions. A friend of mine bring their
teenage kids or their collegekid, and they say they wanna get
into security, they wanna get tohim to lunch and figure out what
they should do. And my answer isalways, you need to understand
that cybersecurity is theculmination of multiple
disciplines. You networking. Youneed to study computers and
(41:06):
operating systems.
You need to to study softwaredevelopment, scripting at the
very least with stuff likePython, and then you learn
cybersecurity becausecybersecurity really requires
all those disciplines to be goodat it, and you can do all of
that for free. I'll point peopleto cyberary.it. It's an amazing
free website. It's just tailoredto cybersecurity training.
Lou (41:29):
Oh, yeah.
Alex (41:29):
If you're going after your CompTIA Security plus or your
CISSP, most of the resources youneed can be free and online.
Lou (41:38):
Yeah. Yeah. In including AWS or spitting up
infrastructure somewhere whereyou can test you know, build a
network and test it. You know,you're you're probably a little
bit younger than me, but aroundthe same time frame where you
had to have a rack, you know, avery noisy server in your house
and, you know, to be able andand a bunch of routers and
(41:59):
switches to be able to play withthis stuff. And now you can do
it online for you know, withfree, free credits here with
AWS.
So there's no excuse.
Alex (42:06):
The only difference is I could, I could get equipment
donated from lots of places. Atone point, I had Yeah. 10
servers in my house in Iraq, andI had dedicated PowerRun to my
office and the house. And soonce you buy, you kinda have it
all, but you're with cloud, yougotta pay
Lou (42:23):
Yeah.
Alex (42:24):
Regularly. Or it can be a little more expensive nowadays,
but you have access to bettertech nowadays because I was
running old AIX servers andSolaris servers and Oh, yeah.
Lou (42:33):
You know? Oh, yeah. And then also if you, you have a
wife, or a partner, they're notgonna they don't they don't
suffer that very long.
Alex (42:42):
Right. Noise.
Lou (42:44):
Yeah. The noise and the heat. Yeah. So so, Alex, where
can people find you?
Alex (42:49):
I have a YouTube channel.
Lou (42:50):
Okay.
Alex (42:51):
So my YouTube channel is cybersecurity deciphered, d e c
y p h, And I post content outthere regularly. Lately, what
I've been doing for Microwage, Istarted doing it just internally
for our reps, but I publishthese on LinkedIn and my YouTube
channel every month. I release avideo I call the CyberByte
(43:11):
video, Byte as in b y t e.They're short. They're ten
minutes.
They're on one topic, like whatis, zero trust, or I talk about
the difference in the EDR, MDR,and XDR in video. So each video
is one topic around cyber.They're ten minutes. They're
easy to consume, and then mymarketing team cuts them up into
(43:34):
shorts, you know, and puts themon LinkedIn throughout the
month. So follow me on LinkedIn,and you'll check out my
CyberByte videos.
Lou (43:41):
That's awesome, and we'll put the, the link in in, any of
the places that you find thispodcast. So thank you, Alex
Ryals. Thanks to those that arealso watching or and or
listening. If you learnedsomething today or laughed,
please tell someone about thispodcast. Thanks again, Alex, and
(44:01):
this has been another excitingepisode of Channel Security
Secrets.
We'll see you the next time.That's a wrap for this episode
of Channel Security Secrets.Thanks for tuning in. For show
notes, guest info, and moreepisodes, visit us at
channelsecuritysecrets.com.Channel Security Secrets is
sponsored by Cyber DefenseGroup.
When it comes to protecting yourbusiness, don't settle for
(44:24):
reactive. Partner with expertswho build resilience from the
ground up.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Betrayal: Weekly
Betrayal Weekly is back for a brand new season. Every Thursday, Betrayal Weekly shares first-hand accounts of broken trust, shocking deceptions, and the trail of destruction they leave behind. Hosted by Andrea Gunning, this weekly ongoing series digs into real-life stories of betrayal and the aftermath. From stories of double lives to dark discoveries, these are cautionary tales and accounts of resilience against all odds. From the producers of the critically acclaimed Betrayal series, Betrayal Weekly drops new episodes every Thursday. Please join our Substack for additional exclusive content, curated book recommendations and community discussions. Sign up FREE by clicking this link Beyond Betrayal Substack. Join our community dedicated to truth, resilience and healing. Your voice matters! Be a part of our Betrayal journey on Substack. And make sure to check out Seasons 1-4 of Betrayal, along with Betrayal Weekly Season 1.