September 16, 2025 • 27 mins
"We're too small to be hacked" might be the most dangerous myth in small business cybersecurity today. As James Baierle, founder of SecurePoint Solutions, asks with a touch of irony – how exactly do you let the bad guys know to leave you alone? The hard truth is you can't, and that's why specialized security services for small businesses are more critical than ever.
The cybersecurity landscape presents unique challenges for the 13 million American businesses with fewer than 10 employees. These organizations – from your favorite coffee shop to your child's daycare center – face the same sophisticated threats targeting Fortune 500 companies but lack the resources for enterprise-level protection. SecurePoint Solutions was born specifically to bridge this gap, providing scaled security solutions that make protection accessible to businesses of all sizes.
For aspiring cybersecurity professionals, Baierle offers refreshingly practical career advice gained from his journey from Navy operations to founding his own security company. "Writing is what gets us paid," he emphasizes, noting that technical skills alone won't advance your career if you can't effectively communicate findings and impacts to non-technical stakeholders. He recommends starting a blog to showcase communication abilities and advises newcomers to manage expectations – you probably won't start as an elite penetration tester, but numerous opportunities exist in areas like Security Operations Centers where demand for talent is high.
Beyond cybersecurity, Baierle shares his passionate advocacy for foster care, having adopted three siblings after years of fostering children. With approximately 200,000 foster beds needed nationwide, he suggests respite care as an accessible entry point for those interested in helping but uncertain about full-time commitment. This personal mission reflects the protective instinct that drives many security professionals to make a difference both within and beyond their technical expertise.
Whether you're a small business owner concerned about cybersecurity, an aspiring professional looking to break into the field, or someone interested in making a broader social impact, this conversation offers valuable insights into protecting what matters most. Ready to chip away at building better security for your business or career? This episode is your starting point.
Socials
- Join our Chipmunk community Discord server: https://discord.gg/9yfWP6evYQ
- Follow us on Twitter: https://twitter.com/SecChipmunk
- You can find us online at: https://securitychipmunks.com
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
is from a cooperative project for acquiring skills
essential to learning.
Welcome to the SecurityChipmunks, the podcast, where we
keep chipping away at it.
I'm your host, edna Johnson,and today we have a special
guest, james Baierle fromSecurePoint Solutions.
Introduce yourself, james.
Speaker 2 (00:19):
Hey, thank you, edna, Appreciate being on the podcast
.
So yes, I'm James.
I am the founder of SecurePointSolutions.
We are a small business focusedmanaged security service
provider, and when I say smallbusiness, I mean like your your
kids daycare center with theirtwo computers, or your favorite
(00:41):
barista.
We.
We help companies as small asone employee all the way up,
just trying to give them as gooda security as a bigger
enterprise environment wouldhave.
Speaker 1 (00:58):
Yeah, that is so important.
We have so many smallbusinesses in the United States.
We have so many smallbusinesses in the United States
and a lot of them they can'tafford like the enterprise level
cybersecurity tools that largercompanies have access to.
So what do you think is thebiggest challenge that small and
(01:18):
medium businesses are facingright now?
Speaker 2 (01:22):
Yeah.
So one thing that we see stilla lot of is that there's still a
lack of awareness that theyindeed are targets.
I get a lot of people to say,well, we're too small to be
hacked.
And then I ask, how do you goabout letting the bad guys know?
Because I could maybe do thatfor all my customers.
Just say, hey, they're toosmall, leave them alone.
(01:43):
It doesn't work like that.
So having to educate, um, smallbusinesses that, yes, those
things uh do exist, they doapply to them as well as the big
companies, Um, and then also,you know, kind of just talking
about just making making thatbudget stretch, where you know
their idea of a security budgetwas five licenses of Norton or
(02:05):
something like that.
Helping them understand thatthat's not going to 100% help
you.
You do need a little bit morethings in this day and age, but
we can help you with that.
And you know, small businessesare likely, or seem to be, most
(02:33):
targeted, especially with socialengineering, phishing, things
like that.
So really trying to keep bademails at arm's length is super
critical.
Speaker 1 (02:40):
Yeah, absolutely, yeah, absolutely.
You know social engineeringthat is like one of the most
targeted things now, with somany new ways that people can be
targeted.
There's, you know, like theClickFix or Cloudflare has like
the social engine well, notCloudflare itself, but threat
(03:03):
actors pretending to beCloudflare or there's like deep
fakes now, yeah.
So what do you think?
Businesses that don't have thebudget to have these awareness
campaigns, what are some of thethings they could do to try to
protect themselves from thesenovel social engineering attacks
(03:26):
?
Speaker 2 (03:27):
So I think one thing is is that if you don't have an
IT representative or company oranything that can help you, go
out and look at some of theinformation that, like the FBI,
puts out about preventing scamsI think even FEMA now has some
(03:48):
of that.
You know social engineeringprevention, or you know phishing
prevention and then print out afew things, have a lunch you
know you're gonna probably hosta lunch for your employees, so
do it as a lunch and learn whereyou just all kind of talk about
that, talk about your concerns.
Don't make it feel like it'sreally training and make it feel
(04:09):
more like it's everyonecollaborating on thinking ahead,
thinking how they could preventfurther issues.
It's a little bit of what we dowith our own clients.
We don't just hand themtraining and tell them good luck
.
We try to have more openconversations about it.
(04:30):
It seems to work.
Speaker 1 (04:36):
Yeah, that's great.
I like the lunch idea, becausewho doesn't love going out for
lunch?
Free lunch is always a good wayto get people to participate.
Speaker 2 (04:48):
Absolutely.
Speaker 1 (04:50):
Yeah, or like coffee.
I love coffee Yay.
Speaker 2 (04:57):
Third cup for the day .
Speaker 1 (04:58):
Nice, I can't drink that much anymore because it
will keep me up all night.
Yeah, I can't drink that muchanymore because it will keep me
up all night.
Yeah, so when you were startingyour company, what was the
motivation for starting thecompany and for getting into
this area of cybersecurity?
Speaker 2 (05:19):
Yeah, so I was already kind of on a security
journey when I had started it,probably for a couple years.
I'd worked for another companypreviously and overall the
security culture, justeverything it was starting to
wear on me.
I became a little bit vocalabout it and they felt that my
(05:44):
talents should maybe goelsewhere and it was sort of a
blessing in disguise.
So I started SecurePointbecause I felt that maybe my way
isn't necessarily better thanother ways, but I feel that it's
going in a direction of how weprovide security and how we look
at it.
It's going in the directionthat it needs to, and we
(06:10):
continue to bring in clients.
We continue to have customersthat are very thankful for the
services that we're able toprovide, and it's just something
that we're going to continue.
Speaker 1 (06:28):
Excellent.
So, looking forward, I knowthat you've been expanding
SecurePoint solutions.
Do you have any big goals forthe future?
What does the next five yearslook like for you?
Speaker 2 (06:45):
goals for the future Like what?
What does the next five yearslook like for you?
So the next five years, um,first off is, I mean, just
continue to grow.
There's there's 13 millionbusinesses in the United States
that have nine employees or less, and a vast majority of those
are like one and two personcompanies.
Now, as much as I'd love to beable to support all of them, we
(07:07):
definitely want to support asmany as we can, as many that we
can reach out to and help outand help them before things get
out of hand.
We all know that proactive isbetter than reactive.
Other goals we want to increaseour work-study cohort program,
(07:28):
our internships, ourscholarships, branch those out
into other areas of the US.
Right now we're kind of focusedon the places where our
employees live, work and play.
So I have an employee inFlorida.
We're helping them out.
But as we grow, try to continueto pay back into this community
(07:55):
and help grow the next crop ofsecurity professionals.
Speaker 1 (08:17):
Very nice.
So that kind of leads me to thenext questions that I wanted to
ask you about.
Was, you know, breaking intothe field and I know that you
run a work study program and doyou think in the current
cybersecurity environment, likewhat should people be doing and
working on trying to break intothe field?
Speaker 2 (08:34):
So the two big pieces of advice I give to everybody
that comes to me is first off,you are not going to be the
super elite red team pen testerfor some company right out the
gate.
You know a company that hasthat does both SOC services and
(08:55):
pen testing.
The SOC service team probablyyou know it's 10 to one the
number of people just becauseyou need so many people to run a
SOC.
But you really only need onepen tester if you're only doing
one pen test at a time.
So have an idea that you'regoing to fall into those junior
(09:16):
level roles and just expect that.
Now there are places where youcan break out into areas that
are maybe considered a littlemore involved than what a you
know entry level person shouldbe.
But just understand that whatyou, what you want to be and
(09:38):
where you're going to start aregoing to be vastly different.
The second piece of advice learnto communicate.
Writing is what gets us paid.
If you're a pen tester and youcreated some really cool exploit
and you popped the box and yougot in and all that, that's
(09:59):
awesome.
You'll get high fives allaround.
But if your report is terrible,they're not going to pay you or
they're not going to pay youthe next time, or something like
that.
If you can't communicate, impact, if you can't communicate to
people that are outside of ourindustry, you need to work on
that.
If you don't have a blog, startone.
(10:20):
If you're doing things like tryhack me, or if you're on some
sort of a journey, just start ablog.
It doesn't have to all be likeTryHackMe walkthroughs, it could
be just other cool things, andthat's the one requirement we
have for our cohort members isthat you have to blog, because
(10:42):
that's how I can at least lookat it, um, look at how you're
doing on things.
So those are, those are the tworeal big things.
And then there's so much freetraining out there.
Just, you know, find, find thefree training that works for you
and, uh, run with it that'sreally good advice.
Speaker 1 (11:07):
So I love that you said you know writing is a good
skill to have, because a lot ofI know that a lot of the stuff
that I do.
When I write about it it getssent up the chain so my
superiors can see what I've beendoing and it reflects back on
me like what activities I'vebeen doing and what they need to
(11:31):
be caring about.
And if things don't get writtendown, they don't know about it
and then they don't see thevalue that you're creating.
So that is such a good advice.
And blogs they do help youstand out professionally as well
and they can get you jobs.
Speaker 2 (11:53):
So I, when I, when I talk to people that are
interested in applying oranything, those are my questions
.
You know, do you have a blog?
Do you, you know, send me alink for it?
I want to look it over.
You know, do you have, do youhave, any sort of a home lab?
(12:18):
Or have you, you know, thoughtabout it or how would you design
it?
Because I also know that, nomatter what what you do, a home
lab is going to cost you more,more money than you currently
expected, so it's never a $0thing, whether it's licenses or
hardware.
So I understand that noteverybody can do a home lab,
which is part of the reason whywe have one for our work-study
(12:38):
program.
But I also I want you to beable to tell me what kind of
stuff, if you had the dream homelab, what would you want to
build out and do?
And it's useful information forus to determine, really, you
know, your interest and where itlies.
Speaker 1 (13:00):
Absolutely.
That's definitely good advice,and I like that you're giving
suggestions on how to start forfree, because when you're trying
to find a job, you often don'thave the money for all of the
things that help you get the joband help you getting the
experience that you get on thejob, so that is a good idea.
When you were breaking intocybersecurity, what was it that
(13:30):
made you passionate about thefield?
Speaker 2 (13:35):
And how was your experience breaking in?
So I think where the passionkicked in was I was previously
in the Navy, so there was alwaysthe going after bad guys kind
of concept.
In the work that I did I didoperations, threat intelligence,
that kind of stuff.
So seeing how security is moreof a, you know, blue versus red,
(14:01):
good versus bad, it really kindof made me realize that I don't
need to learn how to you knowreload firmware for this printer
or I don't need to worry somuch about creating high
availability for VMware.
I was on a system you know,system engineer sysadmin track
with my career and then I gotinto a little bit of risk
(14:24):
assessment work and finally I'mlike no security.
Security speaks to me and my mypath of getting into it in
general was was not not the mostusual.
I ended up having to gooverseas and working to get any
sort of marketable skills in theIT realm and was lucky enough
(14:47):
that I could actually use themand get to stay on.
Speaker 1 (14:54):
Wonderful.
So you and I we first met inperson at a conference.
I believe we had interactedonline before then.
But do you think conferencesare helpful to people breaking
into cybersecurity?
Speaker 2 (15:10):
Yes, they are, and really the ones that I'll throw
out there.
You know, like, find your localB-sides or find a B-sides that
you're willing to drive for.
Typically they're one day only,so, depending on driving, you
don't have to stay over.
The tickets are relativelyinexpensive and they're just.
(15:31):
They're that grassroots kind ofway to get into a conference.
You can go and then, with theprice and with everything, if
you feel that, okay, there's toomany people, I'm out.
You don't have to feel badabout walking away after you
(15:52):
know, spending $20 to go to aconference, um, and also, the
people that you're going to meetare really, uh, you know, they
are your local peers for themost part, especially the
organizers, um, and it's also agreat way to meet, um, uh, meet
people from outside your region.
(16:12):
One person that really got mestarted on this path uh spoke at
a b-sides and he he works foruh cyber arc and lives in texas.
He flew up and actually talkedabout the history of ransomware
and that talk alone.
I was sucked in.
I was like, yes, taking notesjust all the way down, um, so,
(16:36):
yeah, do do a conference.
Um.
Another good thing, too, isvolunteer for a conference If
you're not as people-y um, oryou feel intimidated by sitting
in on talks or something.
Volunteer, help out, help outto set things up and you know
you'll, it'll give you anopportunity to start giving back
(16:57):
into the community.
Uh, but yes, the smallerconferences are amazing.
Don't ever feel pressured tohave to go to like DEF CON, like
you're.
Yeah, they'll be people to say,well, if you haven't made your
pilgrimage to DEF CON, you'renot really a professional.
Now, I'm there's, I'm okay with, with somebody who just
absolutely doesn't want to go toDEF CON, because I get.
(17:19):
I get the reasons why somebodywouldn't, and so stick to the
local stuff, make it fun.
Speaker 1 (17:27):
I can tell you that going to DEcon it's so hot it it
las vegas in august.
It's an oven.
It's like you're in a dry oven.
So, yeah, I I get people notwanting to go there and, uh,
there's also a lot of people.
Speaker 2 (17:46):
I still love going, but, um, I can definitely see
the the drawbacks from it yeah,well, I think too, like for you,
you went to actually do thingsfor defcon, not just walk around
and observe.
So I I think if, uh, you know,if you maybe weren't doing, uh,
(18:07):
doing the social engineeringstuff or the other things, you
might kind of look at it likeokay, this is like the fifth
line.
I've been in all day and um,and I I now have to do this and
um, and I'm sure you experiencedsome of it, because it's not
like you were participating inyour thing the entire conference
.
But I'd have to imagine thatthere were definitely some times
(18:28):
where you're like, can we justskip ahead to the part where I'm
presenting or doing whatever?
yeah, well, I I tend to do a lotat afghan, and sometimes it's
just a little too much we, wehave to, we have to know
ourselves and you know,especially when you're
(18:49):
volunteering and things likethat.
I've definitely burned myselfout from conferences and I've
learned that the hard way.
Speaker 1 (18:57):
Yeah, call that volunteer-itis.
You got the bug, you got thevolunteer-itis.
Don't worry, I have that too.
I volunteer everywhere.
I have that too, I volunteereverywhere.
Speaker 2 (19:14):
Absolutely.
Speaker 1 (19:16):
Yeah, so yeah, and B-Sides you mentioned that.
I love B-Sides.
You know that because I'm thevolunteer coordinator for my
local B-Sides and that is agreat way to get exposure and
meeting people in your communityand networking to get a job.
(19:37):
If your goal is to get a job inyour community, that is a
wonderful way to do it.
Speaker 2 (19:47):
Because people will notice the helpers and they
appreciate it.
Speaker 1 (19:49):
Yeah, yeah, um, all right.
So you have a passion outsideof cyber security and I really
wanted to make sure that you geta chance to uh share that with
our listeners, because I thinkit's a good mission that you
have.
Speaker 2 (20:07):
um, yeah, yeah, so let's jump in talk about that,
sure so, um, my, my wife and I,we made the decision about 10
years ago now that we were goingto get into foster care.
We'd seen other people aroundus, in our neighborhood, in our
(20:28):
church, that were doing it andthey were open about the good,
the, the good things, the badthings, the, the things they
wish they knew.
And so we went through theprocess and going through the
process, you realize, um, yourealize a few things about
yourself, you realize a fewthings about society, and it is
(20:49):
an amazing way to help people.
Um, so I'm just going off ofstatistics that I remember Um,
there's there's about a shortageof 200,000, um foster beds in
the United States.
So, cross the U?
(21:09):
S, there's about 200,000 kidsthat are either in shelters or
they are in not the mostsuitable situations.
Maybe they're still living withtheir biological parents, but
they're old enough to maybe takecare of themselves.
To a point they may be stayingwith elderly grandparents who
(21:33):
it's not that suitable for them.
So there's a massive need.
And I always tell people thefirst rule that they teach you
is know your family, know whatyou're capable of handling.
So, as we went through theprocess, we realized what areas
were going to be difficult forus to do, whether it was because
of our uh, our work lifebalance that was already there.
(21:57):
Uh, at the time my wife and Iboth worked in offices so we
couldn't really take care of auh, a kid that was medically
needy, um, or something we'dhave to.
You know, we'd have to find adifferent path for.
But the other thing you can dois that a lot of um, a lot of
States, they have what they callrespite care.
(22:17):
Respite care is an awesome wayto kind of get your toes into
foster care.
You go through the process, butthen respite care is typically
you watch a foster kiddo, or twoor five, five.
(22:38):
You watch them for, say, like along weekend, because the
foster parents that have hadthem they need to go out of
state for a vacation and thekids can't travel, or they have
to go because there's like adeath in the family.
So it's a break away from theassigned foster care family and
they go to another one that'slicensed.
The cool thing is is that youdon't have to necessarily worry
about getting attached, becauseyou know that those kiddos are
showing up Thursday night andthey're going to go home Sunday
(23:01):
night.
It's almost like hosting aslumber party for new kids.
You know, you can kind of spoilthem a little bit.
Love on them, you know, getthem their favorite snacks,
those kind of things.
The other cool thing about doingrespite care is that you are
getting unfiltered informationabout these kiddos from the
(23:22):
people that have been caring forthem 24 seven we.
When we have spoken tocaseworkers, they don't always
know the story, so they mightsay, well, this kid has this
condition, but we've you know.
So they might say, well, thiskid has this condition, but
we've you know, nobody has seenit for like the last 24 months.
And then the day after, um, thekid, the kid has a seizure
because of his condition andyou're completely like, what the
(23:46):
heck?
Like you know, why did it haveto happen today?
So, and that was actuallysomething that did happen to us
Um, so, uh, usually thelicensing process, um, the
things they look at is they lookat your.
You know how are you raised as akid, how were, uh you know what
were like family traditions?
Um, you go through a variety ofcase studies understanding
(24:07):
different, uh, different groups.
So, um, lgbtq, uh, um, fosterkids are.
Often they've had trouble withplacements over the years, so
that's been a focus of wherethey talk about that.
There's also just the wholething of the kids that are going
(24:32):
to go home to their parents.
So you have to understand thatthere's not always the option to
adopt.
We fostered, we fostered ahandful of kids over the years
and then we had a set ofsiblings that came to us three
of them and we really didn'tknow, like, what was going to
happen.
And probably about 10 months inwas when we realized that they
(24:56):
would be eligible for us toadopt.
And, um, so we, we adopted them.
Um, and although we don't dofoster care, uh, anymore, we're
obviously, we're advocating forit.
Uh, we, we still give our time,talent and treasure into foster
care programs around here.
Um, but absolutely, and itdoesn't matter.
(25:20):
Um, you know, married,unmarried, uh, you know, you
have an apartment, you have ahouse.
Um, I know here in Iowa thethings they were worried about
is is your septic tank too closeto your?
Well, uh, do you havelead-based paint and do you have
an actual bedroom for a kid?
They can't just crash on yourcouch.
So that was it.
Anyone can foster if you havethe heart for it.
(25:44):
And I will step off my soapboxnow.
Speaker 1 (25:49):
Thank you.
I just love hearing about thatum helping foster kids and going
through the adoption processyou did.
That's very heartwarming.
I appreciate what you and yourwife are doing.
Speaker 2 (26:05):
They're they're, they're great kids.
You actually will get to, youget to meet them, as long as
they don't act up.
I've warned a couple of themthat I'm not afraid to cancel
their tickets.
Yeah, I mean all kids, all kidscan be.
You know a pain sometimes andbut yeah, there's, yeah If, if
you see less of us, you'll knowwhy.
Speaker 1 (26:27):
Gotcha.
Yeah, it'll be great to get tomeet the whole family.
Speaker 2 (26:32):
Absolutely.
Speaker 1 (26:34):
All right, and with that, that's our episode.
Thank you so much, james, forbeing on the show.
I appreciate you coming on andtaking the time to be here with
us.
Speaker 2 (26:45):
Thanks for inviting me.
Speaker 1 (26:46):
Yeah, absolutely, and for our listeners at home,
please make sure to like,comment, subscribe, click all
the buttons.
Helps us out with the show andwe'll catch you next time.
Keep chipping away at it.
is from a cooperative project for acquiring skills
essential to learning.
Welcome to the SecurityChipmunks, the podcast, where we
keep chipping away at it.
I'm your host, edna Johnson,and today we have a special
guest, james Baierle fromSecurePoint Solutions.
Introduce yourself, james.
Speaker 2 (00:19):
Hey, thank you, edna, Appreciate being on the podcast
.
So yes, I'm James.
I am the founder of SecurePointSolutions.
We are a small business focusedmanaged security service
provider, and when I say smallbusiness, I mean like your your
kids daycare center with theirtwo computers, or your favorite
(00:41):
barista.
We.
We help companies as small asone employee all the way up,
just trying to give them as gooda security as a bigger
enterprise environment wouldhave.
Speaker 1 (00:58):
Yeah, that is so important.
We have so many smallbusinesses in the United States.
We have so many smallbusinesses in the United States
and a lot of them they can'tafford like the enterprise level
cybersecurity tools that largercompanies have access to.
So what do you think is thebiggest challenge that small and
(01:18):
medium businesses are facingright now?
Speaker 2 (01:22):
Yeah.
So one thing that we see stilla lot of is that there's still a
lack of awareness that theyindeed are targets.
I get a lot of people to say,well, we're too small to be
hacked.
And then I ask, how do you goabout letting the bad guys know?
Because I could maybe do thatfor all my customers.
Just say, hey, they're toosmall, leave them alone.
(01:43):
It doesn't work like that.
So having to educate, um, smallbusinesses that, yes, those
things uh do exist, they doapply to them as well as the big
companies, Um, and then also,you know, kind of just talking
about just making making thatbudget stretch, where you know
their idea of a security budgetwas five licenses of Norton or
(02:05):
something like that.
Helping them understand thatthat's not going to 100% help
you.
You do need a little bit morethings in this day and age, but
we can help you with that.
And you know, small businessesare likely, or seem to be, most
(02:33):
targeted, especially with socialengineering, phishing, things
like that.
So really trying to keep bademails at arm's length is super
critical.
Speaker 1 (02:40):
Yeah, absolutely, yeah, absolutely.
You know social engineeringthat is like one of the most
targeted things now, with somany new ways that people can be
targeted.
There's, you know, like theClickFix or Cloudflare has like
the social engine well, notCloudflare itself, but threat
(03:03):
actors pretending to beCloudflare or there's like deep
fakes now, yeah.
So what do you think?
Businesses that don't have thebudget to have these awareness
campaigns, what are some of thethings they could do to try to
protect themselves from thesenovel social engineering attacks
(03:26):
?
Speaker 2 (03:27):
So I think one thing is is that if you don't have an
IT representative or company oranything that can help you, go
out and look at some of theinformation that, like the FBI,
puts out about preventing scamsI think even FEMA now has some
(03:48):
of that.
You know social engineeringprevention, or you know phishing
prevention and then print out afew things, have a lunch you
know you're gonna probably hosta lunch for your employees, so
do it as a lunch and learn whereyou just all kind of talk about
that, talk about your concerns.
Don't make it feel like it'sreally training and make it feel
(04:09):
more like it's everyonecollaborating on thinking ahead,
thinking how they could preventfurther issues.
It's a little bit of what we dowith our own clients.
We don't just hand themtraining and tell them good luck
.
We try to have more openconversations about it.
(04:30):
It seems to work.
Speaker 1 (04:36):
Yeah, that's great.
I like the lunch idea, becausewho doesn't love going out for
lunch?
Free lunch is always a good wayto get people to participate.
Speaker 2 (04:48):
Absolutely.
Speaker 1 (04:50):
Yeah, or like coffee.
I love coffee Yay.
Speaker 2 (04:57):
Third cup for the day .
Speaker 1 (04:58):
Nice, I can't drink that much anymore because it
will keep me up all night.
Yeah, I can't drink that muchanymore because it will keep me
up all night.
Yeah, so when you were startingyour company, what was the
motivation for starting thecompany and for getting into
this area of cybersecurity?
Speaker 2 (05:19):
Yeah, so I was already kind of on a security
journey when I had started it,probably for a couple years.
I'd worked for another companypreviously and overall the
security culture, justeverything it was starting to
wear on me.
I became a little bit vocalabout it and they felt that my
(05:44):
talents should maybe goelsewhere and it was sort of a
blessing in disguise.
So I started SecurePointbecause I felt that maybe my way
isn't necessarily better thanother ways, but I feel that it's
going in a direction of how weprovide security and how we look
at it.
It's going in the directionthat it needs to, and we
(06:10):
continue to bring in clients.
We continue to have customersthat are very thankful for the
services that we're able toprovide, and it's just something
that we're going to continue.
Speaker 1 (06:28):
Excellent.
So, looking forward, I knowthat you've been expanding
SecurePoint solutions.
Do you have any big goals forthe future?
What does the next five yearslook like for you?
Speaker 2 (06:45):
goals for the future Like what?
What does the next five yearslook like for you?
So the next five years, um,first off is, I mean, just
continue to grow.
There's there's 13 millionbusinesses in the United States
that have nine employees or less, and a vast majority of those
are like one and two personcompanies.
Now, as much as I'd love to beable to support all of them, we
(07:07):
definitely want to support asmany as we can, as many that we
can reach out to and help outand help them before things get
out of hand.
We all know that proactive isbetter than reactive.
Other goals we want to increaseour work-study cohort program,
(07:28):
our internships, ourscholarships, branch those out
into other areas of the US.
Right now we're kind of focusedon the places where our
employees live, work and play.
So I have an employee inFlorida.
We're helping them out.
But as we grow, try to continueto pay back into this community
(07:55):
and help grow the next crop ofsecurity professionals.
Speaker 1 (08:17):
Very nice.
So that kind of leads me to thenext questions that I wanted to
ask you about.
Was, you know, breaking intothe field and I know that you
run a work study program and doyou think in the current
cybersecurity environment, likewhat should people be doing and
working on trying to break intothe field?
Speaker 2 (08:34):
So the two big pieces of advice I give to everybody
that comes to me is first off,you are not going to be the
super elite red team pen testerfor some company right out the
gate.
You know a company that hasthat does both SOC services and
(08:55):
pen testing.
The SOC service team probablyyou know it's 10 to one the
number of people just becauseyou need so many people to run a
SOC.
But you really only need onepen tester if you're only doing
one pen test at a time.
So have an idea that you'regoing to fall into those junior
(09:16):
level roles and just expect that.
Now there are places where youcan break out into areas that
are maybe considered a littlemore involved than what a you
know entry level person shouldbe.
But just understand that whatyou, what you want to be and
(09:38):
where you're going to start aregoing to be vastly different.
The second piece of advice learnto communicate.
Writing is what gets us paid.
If you're a pen tester and youcreated some really cool exploit
and you popped the box and yougot in and all that, that's
(09:59):
awesome.
You'll get high fives allaround.
But if your report is terrible,they're not going to pay you or
they're not going to pay youthe next time, or something like
that.
If you can't communicate, impact, if you can't communicate to
people that are outside of ourindustry, you need to work on
that.
If you don't have a blog, startone.
(10:20):
If you're doing things like tryhack me, or if you're on some
sort of a journey, just start ablog.
It doesn't have to all be likeTryHackMe walkthroughs, it could
be just other cool things, andthat's the one requirement we
have for our cohort members isthat you have to blog, because
(10:42):
that's how I can at least lookat it, um, look at how you're
doing on things.
So those are, those are the tworeal big things.
And then there's so much freetraining out there.
Just, you know, find, find thefree training that works for you
and, uh, run with it that'sreally good advice.
Speaker 1 (11:07):
So I love that you said you know writing is a good
skill to have, because a lot ofI know that a lot of the stuff
that I do.
When I write about it it getssent up the chain so my
superiors can see what I've beendoing and it reflects back on
me like what activities I'vebeen doing and what they need to
(11:31):
be caring about.
And if things don't get writtendown, they don't know about it
and then they don't see thevalue that you're creating.
So that is such a good advice.
And blogs they do help youstand out professionally as well
and they can get you jobs.
Speaker 2 (11:53):
So I, when I, when I talk to people that are
interested in applying oranything, those are my questions
.
You know, do you have a blog?
Do you, you know, send me alink for it?
I want to look it over.
You know, do you have, do youhave, any sort of a home lab?
(12:18):
Or have you, you know, thoughtabout it or how would you design
it?
Because I also know that, nomatter what what you do, a home
lab is going to cost you more,more money than you currently
expected, so it's never a $0thing, whether it's licenses or
hardware.
So I understand that noteverybody can do a home lab,
which is part of the reason whywe have one for our work-study
(12:38):
program.
But I also I want you to beable to tell me what kind of
stuff, if you had the dream homelab, what would you want to
build out and do?
And it's useful information forus to determine, really, you
know, your interest and where itlies.
Speaker 1 (13:00):
Absolutely.
That's definitely good advice,and I like that you're giving
suggestions on how to start forfree, because when you're trying
to find a job, you often don'thave the money for all of the
things that help you get the joband help you getting the
experience that you get on thejob, so that is a good idea.
When you were breaking intocybersecurity, what was it that
(13:30):
made you passionate about thefield?
Speaker 2 (13:35):
And how was your experience breaking in?
So I think where the passionkicked in was I was previously
in the Navy, so there was alwaysthe going after bad guys kind
of concept.
In the work that I did I didoperations, threat intelligence,
that kind of stuff.
So seeing how security is moreof a, you know, blue versus red,
(14:01):
good versus bad, it really kindof made me realize that I don't
need to learn how to you knowreload firmware for this printer
or I don't need to worry somuch about creating high
availability for VMware.
I was on a system you know,system engineer sysadmin track
with my career and then I gotinto a little bit of risk
(14:24):
assessment work and finally I'mlike no security.
Security speaks to me and my mypath of getting into it in
general was was not not the mostusual.
I ended up having to gooverseas and working to get any
sort of marketable skills in theIT realm and was lucky enough
(14:47):
that I could actually use themand get to stay on.
Speaker 1 (14:54):
Wonderful.
So you and I we first met inperson at a conference.
I believe we had interactedonline before then.
But do you think conferencesare helpful to people breaking
into cybersecurity?
Speaker 2 (15:10):
Yes, they are, and really the ones that I'll throw
out there.
You know, like, find your localB-sides or find a B-sides that
you're willing to drive for.
Typically they're one day only,so, depending on driving, you
don't have to stay over.
The tickets are relativelyinexpensive and they're just.
(15:31):
They're that grassroots kind ofway to get into a conference.
You can go and then, with theprice and with everything, if
you feel that, okay, there's toomany people, I'm out.
You don't have to feel badabout walking away after you
(15:52):
know, spending $20 to go to aconference, um, and also, the
people that you're going to meetare really, uh, you know, they
are your local peers for themost part, especially the
organizers, um, and it's also agreat way to meet, um, uh, meet
people from outside your region.
(16:12):
One person that really got mestarted on this path uh spoke at
a b-sides and he he works foruh cyber arc and lives in texas.
He flew up and actually talkedabout the history of ransomware
and that talk alone.
I was sucked in.
I was like, yes, taking notesjust all the way down, um, so,
(16:36):
yeah, do do a conference.
Um.
Another good thing, too, isvolunteer for a conference If
you're not as people-y um, oryou feel intimidated by sitting
in on talks or something.
Volunteer, help out, help outto set things up and you know
you'll, it'll give you anopportunity to start giving back
(16:57):
into the community.
Uh, but yes, the smallerconferences are amazing.
Don't ever feel pressured tohave to go to like DEF CON, like
you're.
Yeah, they'll be people to say,well, if you haven't made your
pilgrimage to DEF CON, you'renot really a professional.
Now, I'm there's, I'm okay with, with somebody who just
absolutely doesn't want to go toDEF CON, because I get.
(17:19):
I get the reasons why somebodywouldn't, and so stick to the
local stuff, make it fun.
Speaker 1 (17:27):
I can tell you that going to DEcon it's so hot it it
las vegas in august.
It's an oven.
It's like you're in a dry oven.
So, yeah, I I get people notwanting to go there and, uh,
there's also a lot of people.
Speaker 2 (17:46):
I still love going, but, um, I can definitely see
the the drawbacks from it yeah,well, I think too, like for you,
you went to actually do thingsfor defcon, not just walk around
and observe.
So I I think if, uh, you know,if you maybe weren't doing, uh,
(18:07):
doing the social engineeringstuff or the other things, you
might kind of look at it likeokay, this is like the fifth
line.
I've been in all day and um,and I I now have to do this and
um, and I'm sure you experiencedsome of it, because it's not
like you were participating inyour thing the entire conference
.
But I'd have to imagine thatthere were definitely some times
(18:28):
where you're like, can we justskip ahead to the part where I'm
presenting or doing whatever?
yeah, well, I I tend to do a lotat afghan, and sometimes it's
just a little too much we, wehave to, we have to know
ourselves and you know,especially when you're
(18:49):
volunteering and things likethat.
I've definitely burned myselfout from conferences and I've
learned that the hard way.
Speaker 1 (18:57):
Yeah, call that volunteer-itis.
You got the bug, you got thevolunteer-itis.
Don't worry, I have that too.
I volunteer everywhere.
I have that too, I volunteereverywhere.
Speaker 2 (19:14):
Absolutely.
Speaker 1 (19:16):
Yeah, so yeah, and B-Sides you mentioned that.
I love B-Sides.
You know that because I'm thevolunteer coordinator for my
local B-Sides and that is agreat way to get exposure and
meeting people in your communityand networking to get a job.
(19:37):
If your goal is to get a job inyour community, that is a
wonderful way to do it.
Speaker 2 (19:47):
Because people will notice the helpers and they
appreciate it.
Speaker 1 (19:49):
Yeah, yeah, um, all right.
So you have a passion outsideof cyber security and I really
wanted to make sure that you geta chance to uh share that with
our listeners, because I thinkit's a good mission that you
have.
Speaker 2 (20:07):
um, yeah, yeah, so let's jump in talk about that,
sure so, um, my, my wife and I,we made the decision about 10
years ago now that we were goingto get into foster care.
We'd seen other people aroundus, in our neighborhood, in our
(20:28):
church, that were doing it andthey were open about the good,
the, the good things, the badthings, the, the things they
wish they knew.
And so we went through theprocess and going through the
process, you realize, um, yourealize a few things about
yourself, you realize a fewthings about society, and it is
(20:49):
an amazing way to help people.
Um, so I'm just going off ofstatistics that I remember Um,
there's there's about a shortageof 200,000, um foster beds in
the United States.
So, cross the U?
(21:09):
S, there's about 200,000 kidsthat are either in shelters or
they are in not the mostsuitable situations.
Maybe they're still living withtheir biological parents, but
they're old enough to maybe takecare of themselves.
To a point they may be stayingwith elderly grandparents who
(21:33):
it's not that suitable for them.
So there's a massive need.
And I always tell people thefirst rule that they teach you
is know your family, know whatyou're capable of handling.
So, as we went through theprocess, we realized what areas
were going to be difficult forus to do, whether it was because
of our uh, our work lifebalance that was already there.
(21:57):
Uh, at the time my wife and Iboth worked in offices so we
couldn't really take care of auh, a kid that was medically
needy, um, or something we'dhave to.
You know, we'd have to find adifferent path for.
But the other thing you can dois that a lot of um, a lot of
States, they have what they callrespite care.
(22:17):
Respite care is an awesome wayto kind of get your toes into
foster care.
You go through the process, butthen respite care is typically
you watch a foster kiddo, or twoor five, five.
(22:38):
You watch them for, say, like along weekend, because the
foster parents that have hadthem they need to go out of
state for a vacation and thekids can't travel, or they have
to go because there's like adeath in the family.
So it's a break away from theassigned foster care family and
they go to another one that'slicensed.
The cool thing is is that youdon't have to necessarily worry
about getting attached, becauseyou know that those kiddos are
showing up Thursday night andthey're going to go home Sunday
(23:01):
night.
It's almost like hosting aslumber party for new kids.
You know, you can kind of spoilthem a little bit.
Love on them, you know, getthem their favorite snacks,
those kind of things.
The other cool thing about doingrespite care is that you are
getting unfiltered informationabout these kiddos from the
(23:22):
people that have been caring forthem 24 seven we.
When we have spoken tocaseworkers, they don't always
know the story, so they mightsay, well, this kid has this
condition, but we've you know.
So they might say, well, thiskid has this condition, but
we've you know, nobody has seenit for like the last 24 months.
And then the day after, um, thekid, the kid has a seizure
because of his condition andyou're completely like, what the
(23:46):
heck?
Like you know, why did it haveto happen today?
So, and that was actuallysomething that did happen to us
Um, so, uh, usually thelicensing process, um, the
things they look at is they lookat your.
You know how are you raised as akid, how were, uh you know what
were like family traditions?
Um, you go through a variety ofcase studies understanding
(24:07):
different, uh, different groups.
So, um, lgbtq, uh, um, fosterkids are.
Often they've had trouble withplacements over the years, so
that's been a focus of wherethey talk about that.
There's also just the wholething of the kids that are going
(24:32):
to go home to their parents.
So you have to understand thatthere's not always the option to
adopt.
We fostered, we fostered ahandful of kids over the years
and then we had a set ofsiblings that came to us three
of them and we really didn'tknow, like, what was going to
happen.
And probably about 10 months inwas when we realized that they
(24:56):
would be eligible for us toadopt.
And, um, so we, we adopted them.
Um, and although we don't dofoster care, uh, anymore, we're
obviously, we're advocating forit.
Uh, we, we still give our time,talent and treasure into foster
care programs around here.
Um, but absolutely, and itdoesn't matter.
(25:20):
Um, you know, married,unmarried, uh, you know, you
have an apartment, you have ahouse.
Um, I know here in Iowa thethings they were worried about
is is your septic tank too closeto your?
Well, uh, do you havelead-based paint and do you have
an actual bedroom for a kid?
They can't just crash on yourcouch.
So that was it.
Anyone can foster if you havethe heart for it.
(25:44):
And I will step off my soapboxnow.
Speaker 1 (25:49):
Thank you.
I just love hearing about thatum helping foster kids and going
through the adoption processyou did.
That's very heartwarming.
I appreciate what you and yourwife are doing.
Speaker 2 (26:05):
They're they're, they're great kids.
You actually will get to, youget to meet them, as long as
they don't act up.
I've warned a couple of themthat I'm not afraid to cancel
their tickets.
Yeah, I mean all kids, all kidscan be.
You know a pain sometimes andbut yeah, there's, yeah If, if
you see less of us, you'll knowwhy.
Speaker 1 (26:27):
Gotcha.
Yeah, it'll be great to get tomeet the whole family.
Speaker 2 (26:32):
Absolutely.
Speaker 1 (26:34):
All right, and with that, that's our episode.
Thank you so much, james, forbeing on the show.
I appreciate you coming on andtaking the time to be here with
us.
Speaker 2 (26:45):
Thanks for inviting me.
Speaker 1 (26:46):
Yeah, absolutely, and for our listeners at home,
please make sure to like,comment, subscribe, click all
the buttons.
Helps us out with the show andwe'll catch you next time.
Keep chipping away at it.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.