48. I Hate the Cybersecurity Industry with Dave Sobel of The Business of Tech Podcast

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Justin Shelley (00:15):
Welcome everybody to episode 48 of
Unhacked. I am here today withmy usual cohost Mario, and, of
course, we've got a specialguest. I'm gonna introduce him
here in just a second. But,guys, like I say, every week,
Unhacked is a bit of misnomerbecause pop quiz, Mario. Once
you've been breached, can you infact truly get unhacked?

Mario Zaki (00:36):
False. You cannot get unhacked, Justin.

You're at a % correct. Good job on the test.
Guys, the truth is 97% of thebreaches that we talk about that
we deal with, they'repreventable. And all you gotta
do is follow basic securitymeasures, you know, and and we
do. We dissect these things andthat's what we find time after
time after time.
But in the basics, you'relargely going to be okay.
There's that little gap, the 3%.We do have to have contingency

(01:01):
plans, incident response plans,insurance and that sort of
thing. But largely, this is apreventable process or a
problem. What we do not want todo is try to fix it after the
fact.
That's where we try to stayclear out of that. So, here we
are. I am Justin Shelley, CEO ofPhoenix IT Advisors. I prevent
the Russian hackers, thegovernment, and the greedy

(01:23):
attorneys from taking yourmoney. That's what I do.
I do business with clients inTexas, Utah, and Nevada. And
again, as are always here withmy good friend Mario. Mario, say
hi, tell people what you do andwho you do it for.

Mario Zaki (01:37):
Mario Wozaki, CEO of Mastech IT located in New
Jersey. And I do everything hejust said except I do it on the
East Coast. You know, we we helpour clients. You know, we work
with medium to small businessesin the Tri State area, you know,
stay safe and sleep better atnight.

Such a missed opportunity because I thought
you're gonna say, I doeverything he said, but better.

Mario Zaki (02:02):
I would never do that to you, Justin.

Reminds me of a Broadway song or a Broadway show
or whatever that we're not gonnago there because I don't I don't
do that. I don't watch Broadwayshows. That's silly. Who does
that anyways? Today, guys couldnot be more excited to introduce
our guest.
Dave Sobel has his own podcastthat he's been doing for a hot
minute and this one's called thebusiness of tech. Dave, thank

(02:24):
you for joining us.

Dave Sobel (02:26):
Justin Mario, I'm so excited to chat with you guys
today. We're gonna mix it up andhave some good times.

It's always the hope. Listen, Dave, I I rely on
you quite a bit. Your yourpodcast is full of industry
industry trends. I can't talkthough. I had that problem last
week.
I don't know. I need to go speakas speech therapist. Statistics.
And I'm not gonna lie, Dave. I Ilisten to your show while I'm
working out on the treadmill inthe morning by working out like

(02:51):
be go easy guys.
I'm walking most of that. I dorun a little bit, but my brain
hurt because you're like rapidfiring these statistics and it's
number after number. And I'mlike trying to take notes and
sometimes I, I have to hit pauseand I go grab my computer and
I'm writing stuff down. But Ilove your show because I do come
up with a lot of great new ideasfor my own business. So with

(03:12):
that, Dave, I'm going to read alittle bio.
This is stuff that I'm not goingto lie, I pulled right off your
website. Here we go. Dave Sobel.I'm saying your last name,
right? Yes.

Dave Sobel (03:22):
You're right. You're spot on. Sobel.

I usually check that before we hit record.
Dave's a leading expert in thedelivery of technology services
with broad experience in bothtechnology and business. My two
passions, not gonna lie. Heowned and operated an IT
solution provider and managedservices provider for over a
decade, both acquiring otherorganizations and then
eventually being acquiredhimself. This firm was a winner

(03:47):
of multiple awards, includingKaseya's that word cutting edge
and ConnectWise's best new idea,as well as being a finalist in
Microsoft's Worldwide Partner ofthe Year, holy hell, in the
small business specialistcategory.
After his MSP experience, heworked for multiple vendors at
companies like Level Platforms,GFI, LogicNow, SolarWinds. I bet

(04:09):
that was an experience. Were youthere for the big the big
breach?

Dave Sobel (04:12):
I left two weeks before they were released.

Lucky man. Lucky man.

Mario Zaki (04:17):
So they didn't I'm sure they suspected you.

Dave Sobel (04:19):
It had nothing to do with it. Oh,

we've got the guy right here.

Mario Zaki (04:23):
Come and get him.

Jesus. Anyways, you you lead community event
marketing product strategies,several M and A activities. So
here's the thing, guys, when Iwhen I introduce guests, I'm
starting to develop a complex.I've heard it said, if you're
the smartest person in the room,find enough different room. I
don't have that problem here.
We just find better and smarterguests. So again, Dave, thank

(04:50):
you for joining our show. Mario,do you have any questions or
thoughts for Dave before we getinto our topic?

Mario Zaki (04:55):
Well, first I wanna say out of all the guests we've
had, you definitely have likethe best background, best
lighting, like, you know, I Ilove it. I love it.

Dave Sobel (05:05):
Thank you. I always say I would be bad as my job as
a full time podcaster YouTuberif I looked and sounded bad.

Truth to that.

Dave Sobel (05:17):
I do this for a living. You should look and
sound good.

Well, real quick because you said it, Mario, we
gotta know what's behind you.What is that is that an old Mac
in on one side, or is it just anold CRT monitor? What do you got
back there?

Dave Sobel (05:32):
Oh, good eye. So on this side, that is an Apple two
GS. Oh, that's an Apple. Thatwas what was in my high school
that I learned to program on.And this other side is a
Commodore sixty four monitor,the original ten eighty four.
It's got the breadbox rightbehind me. The monitor is my
original childhood monitor. Wow.Although the breadbox is the one

(05:54):
I got as an adult. I have myoriginal one twenty eight d that
I grew up with.

Dating yourself. You're dating yourself.

Dave Sobel (06:00):
I am. You can figure everything out just from just
from those details.

Mario Zaki (06:04):
So, Dave, tell us tell us about you. Tell us about
the show, you know, theepisodes. Tell us. What?

Dave Sobel (06:09):
So I'm five years in on being a full time podcaster.
As I had my run as an MSP, I hada run as a on the vendor side.
And each evolution of my careerhas always been about, like,
what can I do differently tolearn more and immerse myself
more in the world of managedservices, IT services? And I
tend to use IT services morebecause I view it broader than
just thinking about it asmanaged services. And I looked

(06:32):
around the space five years agoand I sort of said, you know, I
don't think there's anybodywho's doing a really interesting
thing independently to bringinsights and expertise literally
to guys like you, like who runMSPs and IT services.
You need an independent analystwho works kind of for you as a
voice to to to bring news andbring insight. There's so much

(06:57):
stuff that you've gotta keep upwith that I spend literally my
whole days doing. It's diggingthrough all the news, sorting
through it, and trying to make adetermination of what do you
care about. And every day I askthe question, why do we care for
the stories that I put together?So that I hope, as just you
outlined there, like, you canlisten for ten minutes a day and
get, hey.

(07:18):
These are the things that anexpert in this field thinks are
important to me.

And that's always when I jump off the
treadmill is when I hear that ohgod. Now I'm gonna forget the
question. Why does it matter orwhy is it important? I know the
graphic. I know what it soundslike.
I'm like, oh, Greg. Grab thepin. Grab the pin. No. Good
stuff.

Dave Sobel (07:36):
Good stuff. And by the way, all of my stories are
online. You go tobusinessof.tech. You don't even
have to write it all down. Youcan listen and then go to your
desk and get them all as writtenversions on the website.

It is true. But when the when the magic's
flowing in this brain, like, Idon't have time. I won't I won't
remember what it was I wanted togo look for. So

Dave Sobel (07:53):
Fair enough. Well, then then it is the highest
compliment that you use inthere. Someone takes notes from
my podcast.

Yeah. Do. I do. Alright, Mario. Any other
questions for Dave before wejump in here?

Mario Zaki (08:04):
No. No. I love it. I love it. Well,

actually, do have one more. So I kinda
mentioned before, what I loveabout doing my show, the the
Unhacked podcast, our show, isthat I learned this this
process, I have gained moreinsights and learn more about my
own industry and and doing thispodcast than anything else I've
ever done in my life. So I Iabsolutely love it. It shapes my

(08:29):
business. It shapes my productdelivery, my service to
everything that I do.
It's some way I can track backto here. I didn't expect that.
So I started doing this as a wayto market. I thought I wanted
to, you know, build trust,whatever people do business with
those they know, like and trust.So I'm like, everybody's got to
see my face.
They've got to know who I am.They got to trust me. They got
to like me. I didn't expect tocome out of this like having it

(08:51):
shape my business the way ithas. So Dave, in in your five
years of doing the business oftech, what what would be like a
surprise benefit that you'vegained through that process?

Dave Sobel (09:01):
It's a lot it's a lot of that. So it's kinda
twofold for me. It's just Ilearned a ton. Right? And and my
I have guests on weekendepisodes.
So, like, during the week, it'snews stories. I do a live show
on Wednesdays to get, like,other journalists and analysts
on, and we riff on topics. Andon the weekend, I release an
interview episode. And theinterviews are always around
like, I don't know anythingabout that. Right?

(09:22):
And just and I learn like,that's when I have somebody on
it. I just ask all the questionsof like, well, I wanna know more
about how this thing works orwhat this thing does or what
your strategy is. And so I learna ton from that. The other piece
about it is is that I I amenjoying in a way being a
customer again. Like, I run amedia company.
If you think about what mybusiness is, I am an end

(09:42):
customer in, like, the ultimateway. So I get to implement these
technologies again in somereally interesting ways, and I
feel the pain of being acustomer by having, like, I have
a I have back end data, and I'vegotta secure all this stuff, and
I've gotta build workflows. Andit's it's kinda nice to reground
myself in being a customeragain.

Oh, sorry. Go ahead, Mario. Then I'm gonna
segue.

Mario Zaki (10:07):
Now do you do you feel like you get influenced by,
you know, vendors or, you knowyou know, per you know, somebody
trying to promote their productor, you know, trying to get you
push anything.

Dave Sobel (10:19):
I have a pretty aggressive bullshit meter. And,
like and and so and I also Ilean really into transparency.
Like, on my website is an ethicsstatement about, the way that I
approach everything. I make surethat it's very clear who my
sponsors are. Like, know exactlywho the companies are that pay
me.
I list them. I even list mysmall shareholders. Like what I

(10:41):
don't still. So I hold somestocks still in Enable, and
SolarWinds based on being anemployee there. And I disclose
that on my website that way.
And every time I mention them, Idisclose that I'm a shareholder.
And so from my perspective, it'sit's okay to have biases. You
just have to be supertransparent about it. Mhmm. And
so I want you to know, like,which vendors write me checks.
It's not a bad thing that theywrite me checks. You you just

(11:03):
need to know which ones theyare. Right? And that that way
when I make an analysis and Iprovide something to you, you
can judge that about the waythat I think about the market
based on the way that I makemoney. So I am super transparent
about all that, and I think itworks out really well.
Frankly, I hope the audiencerespects it, but I also know
that the vendors who work withme really respect it too. The
ones that embrace that knowthat, like, we're not buying

(11:25):
coverage. We're literally justbuying ad spots on Dave's show.
He's gonna say whatever hewants.

Mario Zaki (11:30):
Alright. Cool.

On that note, full disclosure and
transparency, can you let usknow when you will be acquired
by Kaseya?

Dave Sobel (11:40):
So whenever they bring a very, very large check.
Right?

Like So you are open to negotiations.

Dave Sobel (11:46):
Okay. Every every business owner, of course,
should be. Like, I mean and Imean I mean, like, those from
the the Silly's perspective andalso from the, like No. Yeah.
That's what you build a businessto do.
Right? Either to run it andgenerate cash for you or to
generate value for an exit. Bothare okay. I never blame an
entrepreneur, like, for sellingthe Kaseya. Right?
I never blame them. Now I willtotally talk smack about

(12:08):
strategy about an organizationpost acquisition. Right? And
what they do with

that. Right.

Dave Sobel (12:13):
But you know what? Entrepreneurs, go out and make
your money. You gotta have anexit strategy for that. I
totally will respect that.

That's the game. I mean, honestly, I've I've
started kind of, again, shapingthings. I look at this podcast
as a way to help people buildwealth and keep it, you know,
and and that is the game. That'sit. That's all we're here to try
to do.
Mario, you try

Dave Sobel (12:32):
to say something. Right? Yeah. And there's a guy I
mean

Mario Zaki (12:35):
Yeah. Sorry. Sorry. Go ahead, Dave. Go ahead.
No.

Dave Sobel (12:37):
I was gonna say the rules are transparent. Right?
Like, that's that's the game.And and so you kinda have to
judge that stuff from twodifferent perspectives. And I'm
like, you like, I'm not aparticular fan of Kaseya's
acquisition strategy, but by theway, they're good at it.

Oh, they are. That's that's their one
strength.

Dave Sobel (12:51):
Yep. You know, respect. They they they they
know what they're doing. Theyrun a strategy. They wanna run
it.
They execute well against it. Idon't necessarily agree with it
all the time, but that's whatanalysts do. And you, the
consumers, get to choose whatbusinesses you wanna engage with
based on their strategies.

Right.

Mario Zaki (13:08):
Yeah. And the problem is that we have with
companies that get acquired bylike this, like they've acquired
a couple of companies that I'vebeen working with for a while.
And I'm all about, okay, you buythis product, good for you for
selling, getting top dollar, butit's a great product because
obviously somebody wanted to buyit. Don't freaking let it go

(13:32):
down the toilet. You know, likethat and that's that's the
problem is sometimes we feellike the product has gone worse
and the price has gone up andnow you're locked into a longer
term contract.
You know, if you're gonna buy itand improve it or buy it and
grow it, you know, even more

Dave Sobel (13:51):
Mhmm.

Mario Zaki (13:51):
Then I'm all, you know, I'm all for it, you know,
especially if it's somethingthat I was with from a long time
ago. You know, unfortunately,sometimes you you know, it's
being they're acquiring thesecompanies that were doing great.
And then the support and theservice and the product itself
has gone down to shit, you know,you know

Dave Sobel (14:11):
Exactly. And that's yeah. So we could we can go I I
don't know where you guys wannago. We can

go deep on I I opened a can of worms. Let's
shut this down. Let's get backto because, yeah, we could we
could go this this way all daylong. Dave, as we were prepping
for this episode, you saidsomething that caught my
attention, threw me off guardjust a little bit, but intrigued
me. You said, and I quote, Ihate the cybersecurity industry.

(14:38):
Do you remember saying this?

Dave Sobel (14:40):
Oh, totally. I I said this is so me. I do. I hate
the cyber security industry.Like aggressively hate it.

Well, Me too.

Dave Sobel (14:48):
Listen, I'm

I'm feeling personally attacked right now.
So I'm gonna need a minute tonever mind. Alright. So before
we dive into your reasons, I Iwant Mario and and myself both
to kinda talk about ourperspective on this because
listen, I've said before Ididn't get into the cyber
security industry on purpose,but here I am. You know, I got

(15:10):
into this because, by the way, Istarted with an Apple two e,
that's why the Apple reallycaught my attention.
And I loved circuit boards andmodems and sound cards and what
do they call it Apple basic? Wasthat what it was called? The

Dave Sobel (15:26):
I think it was Apple basic. Good good call.

The first language that I learned to write
code in. Loved it. Anyways, nowI'm in a whole different world
that I did not foresee. So Icould talk about my own reasons
why I hate this space. But I doactually love what I do day in
and day out.
Now Mario, I want you to talkabout what you've seen with your

(15:49):
clients. If if you put yourselfin their shoes, because again,
our show and Dave, your show isto guys like us. Our show is to
our actual end user client,which now you've become. So I
guess our show is for you. It'sall circular.
Yeah. Mario, what what do youhear on the streets of what
people hate about our industryand any firsthand experience
you've got with your own clientsor prospects?

Mario Zaki (16:08):
Yeah. I mean, for me, it's you know, I have some
clients, you know, Justin, youknow my story. I have some
clients that have been with mefor twenty years. And they were
with me when I was working outof the house, working, you know,
out of the car, you know, just,you know, everything would go
either, you know, through myNokia twenty one thirty that,

(16:30):
you know, I'd get a phone callfrom and tell them, okay, I'll
be right there. I'll be I'll seeyou there, you know, in forty
five minutes, you know, and I'llgo there just to like help them
out with a printer or somethinglike that.
And I was so excited when Idiscovered VNC Viewer that I can
remote into their computers.And, you know, once I fixed

(16:52):
everything, I would send them abill and wait for the phone to
ring again. And a lot of people,you know, to this day still like
that model. And in our industry,we call it break fix. Right?
Something breaks, we fix it, webuild them. The biggest
transition from, you know, frombeing, you know, protective and,

(17:14):
you know, prevent you fromgetting hacked is being
proactive, you know. So you haveto install like, you know,
antivirus this and back up hereand do all this stuff and it it
becomes a monthly expense forthese business owners where, you
know, a couple years ago or whenthey first started with me, you
know, we would install like AV,AVAS free antivirus and I'm

(17:38):
dumb. You know, you're good.There is no charge, you know,
whatever.
But now, you know, they'retalking about hundreds, if not
thousands of dollars per month.And that's why, you know, they,
you know, they feel like IT isnow just an expense. It's like,
you know, your utility bill andyour IT bill and your rent and

(17:59):
stuff like that. Where before,it just like, okay, well, we
know somebody when somethinghappens and we need you know,
we'll call Mario. He'll fix itand we move on with our day.
You know, now it's not likethat, you know, and that's where
I see, you know, a lot ofpeople, even to this day, new,
you know, customers that we talkto, they're like, oh, can I just

(18:21):
pay you when something happens?Like, it doesn't really work
that way anymore.

Alright. So I'm hearing you say we now sell
insurance instead of a atangible product. Exactly. Dave,
if if you'll step into your timemachine and and go back all the
way back to the early twothousands when you were in the
world of MSP, what was it likeback then? Was it was it a
similar what what did peoplehate about the industry when you

(18:49):
were working at

Dave Sobel (18:51):
Well, so a lot of the same thematic stuff is still
true. Right? Now when I started,like, an Internet connection was
new. Right? Like, you a lot ofbusinesses were just putting
those in.
We got a lot of servers on prem.Right? There was a and it was a
lot of making the basics work.Hey. We can connect you to the
Internet.
We can get your email workingcorrectly. We can get you data

(19:11):
sharing. Like, I remember lotsof printer problems. Right?
Like, the kinds of things thatthat, like, were very basic and
fundamental.
And the worst things thathappened from a security
perspective were either, like, auser would delete something or
some piece of hardware failedand we had to restore the data
or, you know, the old days of, avirus or a worm where, like, you

(19:31):
were just offline. Right?

Mario Zaki (19:32):
Like, it

Dave Sobel (19:33):
was a denial of service style attack where it
knocked you out of commission,but, you know, then you were
then you were back up again. Andthe the major change and I I
don't wanna start my statementof the of this is like, look,
criminals are the reason this iswe have a problem.

Right.

Dave Sobel (19:48):
And you've gotta start with a headline. And we
talk about this in way too softterms, you know, threat actors
and, like, you know, like, like,in all this BS where it's like,
let's call it out. Bunch ofcriminals have made their life
bad. Right? Like, gangs oforganized crime are are, like,
ravaging businesses.

Yeah.

Dave Sobel (20:07):
That's the headline. And I wanna acknowledge that
before I start saying somethings about the industry. Be
like, hey. We're not spendingnearly enough time fighting
crime. Like like Right.
But by the way, I didn't get itand it's just like you guys, I
didn't get into this space tofight crime. Right? Like, I got
into this to, like, help peoplewith their tech and do cool

(20:29):
stuff and, like, help them growtheir business or, you know, I I
love the days of buildingwebsites, right, where we help
them online. I I like, we buildecommerce platforms and we like
enabled them to communicate innew ways. Like, that's why I got
into tech.
And and so for me, like thefirst thing I have to say, like,
and and I'm I wanna preface thiswith sort of three basic
examples. The first is this isbecause of criminals. We have

(20:52):
this problem because ofcriminals. We don't talk about
that enough. And the second isis I have mad respect for
security researchers andliterally guys like you guys
that are trying to help cutlike, try just trying to keep
customers, like, from going onfire.
Like, is

Yeah.

Dave Sobel (21:08):
Is that this people don't become security
researchers. Like, they comebecause they're they don't go
into necessarily make mad cash.They go into, like, because they
love the tech and they wannasolve things and they wanna fix
problems. Like, these are reallysmart people that work on it.
And guys like you guys are outthere, like, trying to help
customers do right.
And you're put in a positionwhere you're kinda squeezed on

(21:28):
both sides by criminals on oneside and the cybersecurity
industry on the other. Right?And so we'll get to that in just
a second. My third statement isis I don't want any of my
conversation to be an out forpeople to say you can't you
don't have to do basic hydratehygiene. Like, for the same
reason that I think, you know,you need airbags in your car,

(21:49):
you need a lock on your frontdoor.
Like, come on people. Like, someof the stuff that I see around
passwords and around the bitlike, the basics of technology,
like, I'm not gonna give anybodya pass on the basics. If you're
gonna use these things, you dohave to understand the basic
functionality around them anduse them correctly. So I I'm

(22:10):
gonna wanna acknowledge, like,basic hygiene. Okay.
Now we've said all that stuff.

Here it comes.

Dave Sobel (22:18):
Well, let's let's think about let's think about
the model that we've we'vecreated. What we've done is on
one side, we have criminals. K?We can completely say bad
actors, but at least they'rehonest about it. Right?
They are just out to take yourmoney. Yep. On the other side,
we have security vendors whosell products and sell

(22:39):
technologies with zero embeddedliability on their behalf. They
take no risk. Mhmm.
I could give a security vendorinfinite money. All of the money
in the world. The giant ScroogeMcDuck pile of money, I could
wheel it up to them and say,give me everything. And the only

(22:59):
thing I will get is, well, we'vedone a great job with risk
management. We think we'vereduced your chances if
something happened.

Yeah. Yeah.

Dave Sobel (23:07):
And it it's like, okay. They're not wrong. I
totally get it. But essentiallywhat they're doing is both sides
of the equation are taking moneyfrom the customer. Yeah.
They just they'd start. They'rejust taking it with criminals
saying what they're trying to doand the other side with no
investment at all. And on top ofthat, we have security security
create like, sorry, softwarevendors, like the people that

(23:29):
just make software who also haveno liability when something goes
wrong. Right. Just none.
Any other industry, we would behaving real conversations about
defects. Let's talk about cars.If I roll a car out there with a
massive defect and somebody getyou know, there's there's
damages around there, I'mwriting checks.

Oh, yeah.

Dave Sobel (23:51):
You know? You're in the pharmaceutical business. You
do you launch something outthere and it's flawed, I'm
writing checks. Like, you know,but but in software, nobody ever
writes check for customerdamages.

Well you're bringing up a good point that I
hadn't thought of. You talkabout no skin in the game, so
Mario and I in our world isvetting these vendors you're
talking about and rolling themout and then supporting them.
Now, we're the guys with skin inthe game. When things are

Dave Sobel (24:25):
bad

You're

Dave Sobel (24:25):
one who's the rich.

Exactly. They're coming to us and saying WTF, you
know, like you guys have thecheck. I can prove that I paid
you. And and really what what dowe get to do? Well, yeah.
But you know that vendor we webought the stuff from, they're
the ones that screwed it up. Ourour clients don't care.

Dave Sobel (24:42):
Right. Why do why are the vendors not required to
offer risk sharing models,particularly when they're
literally in the protectionbusiness? Right.

Yeah. I mean, I always

Dave Sobel (24:53):
love it. There's a so I use I use a popular
security product to protect myendpoint.

I will

Dave Sobel (24:59):
not name the vendor because I don't. Right? And
every single day when I boot upmy machine, a big giant pop up
says, you are safe. And I lookat it and I wanna punch it in
the monitor because because itsays this, but it has made no
promise to me at all. It says Iam safe, but if something
happens, I'm not getting a checkfrom them.

No. Well, okay. So there is one of these unnamed
vendors who Yes. Got myattention by claiming a million
dollars of coverage if youshould get breached. And then
you look at the fine print andit's impossible.
So they're they're they'reclaiming to have skin in the
game with a disclaimer thatremoves them completely from all

(25:43):
risk.

Mario Zaki (25:44):
Well, I mean, technically it's like that
million dollar policy is amaximum of $1,000 per computer,
and all these check marks haveto be enabled and in place for
them to be liable. You know? Idon't know if they ever paid an
a dollar

Dave Sobel (26:03):
to be honest with the Peanuts character. Right.
Right. Like, it's it's a like,it's a marketing gimmick. Right?
There's no actual skin in thegame. If I you know, I can't
take them to court and say yourproduct was defective and you
are responsible for this in thesame way that I can do that for
a lot of physical products. AndI just wanna observe there is
tons of VC money flowing intocybersecurity products. Yeah.

(26:26):
Right?
Because they know they canextract money out of the service
providers like you and endcustomer. Now by the way, see
above, this does not let thecustomer off the hook from some
responsibility for the currentsituation. I'm just observing
that by the way, until customersand service providers start
telling vendors, no. No. Like,I'm just not buying more

(26:49):
garbage.
Especially when like we let's gointo like sort of the second
part of this is the why is theInternet that I get that I buy,
why is the only version thegross one? So Yeah. Think about
think about what gets wheeled upto my business. Right? You wheel
up to me to connect me to theInternet with this giant pipe of
gross, of everything, right, ofthe whole thing.

(27:10):
I don't have an option ofanything else. Right? I just get
from you this giant sludge pile,which is the entire raw
Internet, the whole thing.Right? The North Koreans aren't
blocked.
The Russians aren't blocked. Allthose VPN providers out there
aren't blocked. Like, why isthis stuff the only way I can
buy this by default, the grossversion? If the sewer if the

(27:31):
water supply came up to me whereit wasn't filtered and clean,
I'd lose my s, right? If theelectricity was unregulated and
came in and I had to check myvoltage continually to make sure
it was level and put all thatstuff on my point.
If the gasoline that I bought atthe the station, I had to check
it all the time continue likeall of the other products, but

(27:54):
the internet, I can only buy itin the raw sludge version.

Because Murica, because free speech.

Dave Sobel (28:02):
Oh, by the way, not even that. But let's but hold
on. Let's so I'm not calling fora government solution. I'm
literally saying, commercially,why can't I call up my ISP and
say, no. No.
No. No. No. That's your problem.I don't want all that stuff.
I just want the clean one. Like,check the checkbox by default it
can be clean. And if you wantall of it, totally cool. I'm not

(28:24):
saying the government needs toget involved because by the way,
that's messy and I don't thinkthat's the solution. What I'm
saying commercially is why can'tI buy the version that's better?

At an ISP level. So I mean, we can put firewalls
in, we can geo fence, we, youknow, we can content filter, we
can do a lot of what you'retalking about. But they can do
better. You're you're sayingtake it up a notch and and you
know, from a provider level,from an ISP Right.

Dave Sobel (28:51):
They can do they can do that for me. Yeah. Why why is
why do I why particularly, let'sthink about this from a consumer
and a small businessperspective. Right? Like an
enterprise may have a differentbut let's think about the tip
you know, a typical smallbusiness as well, like 20
people.
Right? Like, sort of typical.Right? Why can't they just buy
the version that's simplified?That, like, lets them get their

(29:13):
business online and gets to thecommon stuff that they would
need.
They don't need to talk toRussia or North Korea or Iran
or, like, all like, or all ofthe VPN endpoints that are out
there. Right? And by the way,not saying I'm making the
problem perfect, but I do takeaway an awful lot of the pain.

Mario Zaki (29:30):
Yeah. Because I I think I I think it's it's you're
gonna eventually put somebodyout of business. You know, those
big firewall companies and stufflike that. They're like, no.
Well, you know, why?
Don't do that. Don't do that.We, you know, we will

fake money. Just don't buy

Mario Zaki (29:45):
our product.

Don't make

Dave Sobel (29:46):
me mute you. So the but this is but you so you have
exactly hit on the why I don'tlike the industry. Right?
Because it's a bunch of peoplethat are all trying to take
money from the customer when wecould solve this better. Let me
let me make another observationof this.
Why are we still all using SMTP?

Oh, boy.

Dave Sobel (30:06):
Like like, why? It's a forty, fifty year old
unauthenticated technology totransfer mail? Like, why is that
the baseline of it? If Microsoftand Google both decide to build
secure email into the productsthat they sell us as basic
email, the vast majority ofproblems go away. Right?

(30:28):
Yeah. We could authenticatethem. By the way, you can have
both in the same inbox. Theseare authenticated and these are
not. Like, you literally coulddo it that simply.
And anybody tells me, oh, it'sembedded all this technology. We
got rid of AM in favor of FM. Wegot rid of STTV in favor of
Let's

say AM and FM. I mean, I haven't listened to
those in so long.

Dave Sobel (30:47):
Well, we we moved technology because they get
better. Mhmm. But heaven forbid,we get rid of the critical SMTP.

Okay. Well, let me push back a little bit. We
kind of are doing that throughTeams, Slack. There there is a
little bit of a shift away fromemail at large. Not now I know
you're talking about protocol.

Dave Sobel (31:10):
And to be fair, and by the way, to be fair, Google
literally as we're recordingthis earlier, announced that
they're gonna start doingencrypted email as like part of
the basics of their Googleworksheet. So like they're
building it, they're startingto. I'm just saying we have the
we don't have this thinking oflet's go back to basics and
solve the part of the reason, Iwouldn't say Teams or Slack or

(31:32):
these things because they're notinteroperable. Right? The point
well, the point of email is isthat it is the one true
interoperable system.
And I think we need aninteroperable system. But
perhaps we take a moment tothink about waking one that's
also secure. Yeah. That alsolike is

Mario Zaki (31:47):
I mean, I'll take it a step further. I think
Microsoft, you know, can do canput something together. Now I
don't want them to necessarilydo this, but, you know, I think
Microsoft can do something andsay, you know what? You can't
encrypt our stuff anymore. Youknow, if Microsoft comes out and
says, that's it.
You know? There's this cannot beencrypted anymore. You know?

(32:10):
That puts a lot of companies outof business. You know?

Dave Sobel (32:14):
We'll give yeah. Again, give customers the
option. We're let's put put oureverything should be we've we've
lost the script on beingcustomer centric with the way
that we approach this problem.Right? We have to solve these
problems for the customers andfight the criminals.
Mhmm. That's the thing we'resupposed to be on the mission to
do, not put more money intocybersecurity companies'

(32:36):
pockets.

I mean, what what I'm hearing you say is that
we're just playing defense.

Dave Sobel (32:41):
And Well, we are just playing defense.

Should start playing a little offense.

Dave Sobel (32:44):
I would please. Yeah. Like, absolutely. Like,
like, we need to start playingsome offense here because it's
never gonna get better

No.

Dave Sobel (32:53):
If we don't if we are continually in a reactive
mode. You've hit it exactlyright. Like, I wanna look at
this from the perspective of,again, let's make it better for
the customers. And in some ways,we're just gonna have to make
some big changes to make thingsbetter for them.

Yeah. I mean, honestly, so you're talking
about technology and what Iwould love to see in kind of the
same concept here is way betterproactive prosecution globally
of the criminals, the thugs thatyou were talking about before
because this isn't just likeinsurance and I relate this a
lot to insurance, but insurancegenerally speaking is against

(33:31):
natural disasters. We're talkingabout fire, flood, earthquake,
tornado. That's what insuranceis supposed to be for, not
thugs. I mean, is to an extentbecause we have, know, like
somebody breaks into my house,but

Dave Sobel (33:44):
But we do but we do things to to promote the public
safety. Right? Right. Right.

And we prosecute those bastards, know, we we know
how to go after them when we do.

Dave Sobel (33:52):
I say this all the time. If the stuff that we did
in cybersecurity was physical,people would be in up in arms.
Right? Like, when the the UStreasury was broken into Yeah.
By foreign actors, and we're notall freaking out about this.
Like, you know, is, like and andyou know there's and I could by
the way pull tons of incidentslike this where we don't have

(34:14):
the same reaction that tosomething that's physical and
part of it, I'm not saying thisis all of it but I think part of
it is is that we talk in suchsoft, wishy washy, dumb down
militaristic threat actors andvulnerabilities and all of these
terms that genericize it butalso take the emotion out of it.

(34:36):
And, you know, the reason I'vesaid criminals so many times is
to reinforce that this isn't,you know, this isn't just some
generic, you know, thing out ofit. These are humans doing bad
things to us.

I'm taking notes. I told you.

Mario Zaki (34:53):
This is, you know, like a long time ago, you used
to have to, you know, run anantivirus and you just people
would program something thatwould mess up your computer, you
know, like, make you have, like,have a bad day. But it didn't
really you know, wasinconvenience. And there it was
bragging rights for them. Youknow? It's like, I I spread to,

(35:15):
you know, a thousand people andI corrupted, you know, a
thousand windows computers orwhatever, but that was it.
You wipe out your computer, youreinstall and you move on with
your day. Now, they're wipingout elderly bank accounts.
They're they're wiping outcompanies. They're literally

(35:35):
putting thousands of people, youknow, out of business,
unemployed, like there's norecovering. And for them, it's
like, all right, you know, I Ihit my commission for the month,
You know?
Right. Yeah.

Dave Sobel (35:49):
You know, and and so, you know, what can we do
about it? Let let's let so sosome of it is is the we
collectively, and I mean this ina sense of, like, the listener
who's listening to it is thecustomer. And, also, the service
providers that service them needto start collectively pushing
back on the vendors too. No. Iwill not sign your contract that

(36:10):
removes all liability from from,you know, no.
I just won't. Like that's,you're not, I'm not going to do
that.

So okay, on that note, I just a quick example, I
had a client come to me and theywant to do a third party
integration, they still have anon prem server and and this is
in the medical field. So this isvery very sensitive information.
And it's like, Justin, jump onthe server with this vendor,
install the software and washyour hands and walk away. And

(36:38):
and I'm like, hold up. Can wefind out what data they're going
to take?
Because they they have access toall of it. What data are they
going to absorb into theirsystem? What system are they
using to absorb it? Where isthat data going to live? Prove
to me that you're protectingthat data, you know, and I start
asking some of these questions.
Actually, just started withwhere's your BAA business

(37:00):
associate agreement that youhave to have if you're dealing
in in healthcare at all. And Iget a deer in the headlight
look. And then finally theyscrounged around and they come
up with this BAA that's adifferent company than the one
I'm talking to. I'm like

Dave Sobel (37:11):
what the

what who is this?

Dave Sobel (37:14):
And now we've got to

start the process all over again. Let me
back up and ask some morequestions. And maybe this is
what you're talking about, maybenot quite so much, but I do feel
like one place where in ourworld as the MSPs where we're we
are trying to protect ourclients is we've got to start
pushing back on the ones whoare, who have access to the

(37:36):
data. You're talking about theones that can get in through
this gross pipe that we call theinternet. Right.
What about the ones we'reinviting in? We're like opening
the door, rolling out the redcarpet. Here's the keys. Come in
anytime you want. When I'masleep, when I'm not paying
attention, come on in.
Have a look around, take whatyou want, but just promise. Just
be nice and promise you're notgonna do anything bad.

Mario Zaki (37:56):
Right. And if something bad happens, what are
you gonna do about it?

Dave Sobel (38:00):
Oh, it's my fault. It's my fault. Right. So for for
for you for service providers,like

like Yep.

Dave Sobel (38:07):
Mario, like you and just like no. You just have to
start saying that we're notgonna we're not gonna we're not
gonna take these risks. By theway, we should also we'll tell
our customers not to take theserisks. Now if the customer
choose to take a risk, you'llhave to make a decision whether
or not you wanna do that, butcertainly make them sign
something. Mhmm.
But let me also make the broaderlike a broad quick statement for
all Americans listening to this.How many laws do you think

(38:27):
protects your own data as apersonal consumer? How many laws
are out there to protect you?You want a number? Up with zero,
you're right.

Okay.

Dave Sobel (38:37):
K? Because there's no data we have no data privacy
laws at all at federal level inThe US. We have a smattering of
of state ones, most of whichdon't have have any teeth.

Okay.

Dave Sobel (38:47):
Like, come on, people. What are we doing? Like,
unless we actually have somelike, if you you you have to
establish that there is datathat you own, that is yours,
that you have privacy rights to.Like, we have to establish that.
And that is, you know, we'regonna flirt with politics for a
moment here, but just from theperspective of, like, hey.
We're allowing this to happenbroadly. We as citizens are

(39:08):
allowing this to happen. Andadditionally then, we are also
allowing all of this, you know,mechanism to have all this
intricacies when we reallyshould be pushing back on our
leaders and saying, hey. We havecybercriminals that are stealing
all of our money. Again, thiswas physical.
They were breaking into ourphysical businesses. We'd be
freaking out.

Yeah. Mhmm.

Dave Sobel (39:29):
Like, we collectively need to do
something about this, and thatwill require changes to our
system to make that happen. Andif you wanna make your money go
further from a technologyperspective and customer, this
is the actual place that you canmake a big difference.

So we need better laws. We need to push
back on vendors. What else canwe do?

Mario Zaki (39:50):
Yeah. I mean, I have a I have, you know, to to kinda
add on to what you you said,Dave, like, I have somebody
that, you know, a new customerthat we acquired, got a few
months ago. And prior to us,they were phished. You know,
they got an email, you know,saying, you know, they work with
somebody and they're, you know,here's the new, you know, ACH

(40:12):
information or whatever. Andthey wired them like, I think it
was like $40,000.
And the guy the owner wasobviously flipping out, and he
ended up calling, like, thepolice, calling, like, the FBI,
and calling all these people.And guess what? They ended up
telling them, dude, this happensevery day, all day. There is

(40:35):
nothing we can do about it.Like, your hard work, your hard
earned money is gone.
It's it's your fault. Theyactually tried to blame that
it's his fault.

Dave Sobel (40:46):
Victim blaming is a huge problem in this space.

It is.

Dave Sobel (40:49):
Right? No. Criminals stole their stuff. They're not a
victim. Criminals stole theirstuff.
And that's the correct answer.Yep. The correct answer is crim
now we should have aconversation, by the way, law
enforcement. If you are unableto do something about violations
of the law of theft, that's adifferent conversation. But we
turn around and blame thevictim?
No. I don't think that'sacceptable.

I absolutely agree. I don't know if you were
members of the technologymarketing toolkit, I'll give
them a little shout out, butthey have a marketing campaign
called stupid or irresponsible.And that's the message is, you
know, when you get breached,when you get attacked, when you
get robbed, are they gonna callyou stupid or just
irresponsible? You know, allother crime that we deal with

(41:32):
victims of crime get sympathy,they get support, they get help,
they get love, but not incybercrime. Here we get called
stupid, we get calledirresponsible, we're told all
the things that we did wrong tomake this happen to us.
And quite frankly it'shorseshit, but it is also the
world we live in unfortunately.So Sure. So So

Dave Sobel (41:53):
This is what this is what I like practical advice.
You do need to invest. I'm gonnaacknowledge again. I think
there's there's some basic cyberhygiene that is important to do.
And again, if you're going touse technology, I do think you
have responsibility forunderstanding basics of how it
works.
Right? We don't let you get inbehind the wheel of a car
without taking a lesson ondriving it. Like, I think you
need to under like, I thinkthere are some there are basics

(42:15):
of this that you need tounderstand. We probably ought to
we probably ought to codify whatthose basics are. But
additionally, we also make thevendors that are building these
tools responsible.
If the operating systems that werun on are insecure and they are
allowing criminals to break inand steal things, there is
responsibility of those vendorsthat have that have provided

(42:38):
that technology for the defect.

Right.

Dave Sobel (42:42):
Like, for the defect, it is defective. It
shipped incorrectly, and weshould hold them responsible for
that. Right? And I thinkcollectively, we need to be
pushing back more on that. I Ilove need to you know?
And we need to and we need tosay that message to law
enforcement. We need to say thatto our regulators. We need to
say that to to the system like,no, you know, you can do all of

(43:04):
the things right. Okay. Now wehave a conversation of like,
wait a second, you know, andvendor who supplied me the gross
internet, perhaps you could alsobe part of this too.
Like, why are you allowing allof these people on there? I want
to buy a version that is better.Yeah. Yeah. Sell that to me.
And by the way, take the moneyfrom the other bits, from the

(43:24):
other portions of the industry.Start turning on your own
cybersecurity industry.

I mean, that's kind of a mic drop right there,
Dave. Guys, we're gonna go moveto wrap this one up. Great
conversation. What I like to doat the end of these shows, Dave,
is just kinda we're gonna goaround the room and we're gonna
if if if this was it, if this isall anybody listened to and
remember we are talking to theconsumer, to the end user, to
the business owners. If therewas one key takeaway that you

(43:50):
could offer them, what would itbe?
And Dave, I'm not gonna put youon the spot yet. I always hit
Mario first, give you a minuteto collect your thoughts, and
then I'll wrap it up and andwe'll call it a day. So, Mario,
what are your thoughts? Keytakeaway.

Mario Zaki (44:02):
I mean, key takeaway is you you still have to be
responsible with what you have,you know, and what you're using.
You you have to, you know, dobasic stuff like Dave is talking
about, you know, not passwordone with an exclamation mark
and, you know Oh. You can'tbitch every time your MSP tells
you you have to enable two FA.You still have to, you know, be

(44:25):
responsible. But at the sametime, you know, you need to
speak up and and and make surethat whoever has access to your
shit.
You know is responsible and isgonna take responsibility and
prove to you that they'reresponsible and- and- you know
and then you make it in thedecision at that point. You know

(44:48):
but you know, just because youvetted somebody doesn't mean
they're off the hook. You know?They they have to take
responsibility as well ifsomething happens.

Yep. I love it. Dave, final thoughts.

Dave Sobel (44:59):
So for me actually, and particularly for cut for end
customers, you do not value yourdata enough. And I think this is
the number well, like, for forany if I sit with any business
owner, what is if I took awayyour database that ran your
business, now what? If I juststole it from you, broken your
business, ran away with it.Right?

Like Yeah.

Dave Sobel (45:17):
Why are you not protecting the crown jewels
better? Like, you shouldseriously invest in protecting
that. In fact, if you do areally good job of doing that,
all of the other stuff is justdowntime. Right? Because if I
have all your data, I can putyour business back together.
Might take me a day or two.Right? You guys are great at
what you do. It would take yousome time, but if you had the

(45:37):
data, you could do it. Right?
It's just time. So protect thecrown jewels. Have a really good
backup and disaster recoveryplan that you understand where
your data is, how it'sprotected, where you've
protected it, like have thoselocked and loaded so that if you
make a mistake, then it's justdowntime. And downtime sucks.

(46:01):
I'm not saying it doesn't.
But you wanna be able to tellthe criminals, f off. I'm not
giving you a penny. I wouldrather be down for a day than
give you a penny because thenyou you take away their
incentive to keep doing this.

Absolutely. I I'll give it I'll give mine and
I honestly I've got a few, Idon't know. Like I said at the
beginning, I I learned so much.I I shape my business when every
time I record one of thesepodcasts. My takeaway today was
personal.
And, you know, in in the worldof cyber security, we have to

(46:38):
scare people because otherwisethey won't take action at all.
And then you'll hear people say,don't use bud, fear uncertainty
and doubt. Well, I'm sorry, butwe have to. And we've all like,
we study this, we learn it, weunderstand a little bit about
psychology of the way the humanbrain works. And I think as an
industry, we've done a decentjob of scaring people.
I know the script. I can standin front of somebody and I can

(47:00):
just build the fear, can see itin their face, and then I can
watch it drain out as I explainthe solution. But I will say as
an industry, one of the thingsthat we do fall short on is that
second part of that. We have tobuild the fear, we have to get
people to act, and then I thinkwe need to do a much better job
of demonstrating prevention,demonstrating response plans,

(47:23):
demonstrating the fact that weactually can protect our
systems. That that's kind of mytakeaway is that I can do a
better job there.
And because I did, I had aclient that I was talking to
this morning and, you know, thesame one I was mentioning this
third party integration that wewe are gonna vet them well and
we are going to make them provetheir compliance before we move
forward. And in theconversation, one of the things

(47:45):
she said is she just like, thisstuff terrifies me. I have
nightmares about this. And and Ithink it kinda gets over hyped
where we talk about what keepsyou up at night. I hear it so
much that I it doesn't evenresonate anymore until she said
it.
I'm like, A, good. She'sconcerned. We're on top of this.
We're doing what we're supposedto do. B, goddamn it Justin.

(48:06):
I can do better at making herunderstand we're taking the
right steps. We have a plan and,you know, to the best of our
human ability we're protected.Long takeaway but that that's
kind of what I and then finallyDave one thing I got from you is
kind of summarizing this wholething is we need to ask more
questions. We just we're kind ofstuck in a rut in this industry.

(48:29):
We do the same thing day in andday out, and we just keep
building more layers and causingmore problems and fixing those
problems and duct taping thatshit together, add a little
bailing wire and then spit onit.
And we think we're good. Andit's like, let's just back up
and ask a few questions if wecouldn't maybe do a better job
all the way around.

Dave Sobel (48:46):
Definitely need to do that. And one of one of the
things I wanted The Us as a techindustry is we were promised
flying cars, right?

Like we were promised.

Dave Sobel (48:52):
Yeah. We were promised, but we were promised
technology that would work. Iwanna hold our vendors
responsible for delivering onthat promise, right, and
actually making the stuff workcorrectly.

Yeah.

Dave Sobel (49:04):
That's what their job is supposed to be. And we're
supposed like, you know, no.You're not gonna get more from
me until the stuff you sell meworks.

And and, yeah, works correctly and protects
you. You know, that's they candeliver that at functions, but
we're kinda struggling on thedeliverability of protection.

Mario Zaki (49:23):
And and work together. Like, look at what
happened, like, you know, acouple months ago with the the
CrowdStrike and Microsoft, youknow, pointing the fingers at
each other.

Mhmm.

Mario Zaki (49:32):
You know, all of a sudden flights have to, you
know, be landed and, like, theentire country just came to a
halt because of a recent update.You know? I didn't

Dave Sobel (49:41):
think I'd be rooting for Delta Airlines, but I am on
their loss.

I know. I know. And that's where it lives now
with the attorneys. Anyway.

Mario Zaki (49:49):
Yeah. What a surprise.

Guys, great conversation today, Dave. Thank
you. Thank you. Thank you forbeing here. Brilliant insights.
I love your show. Guys, anybodyinterested, if you're not
already, crawl out from underyour rock and then go to
businessof.tech. Did I say thatright?

Dave Sobel (50:06):
You did. Okay. One of those unique URLs.
Businessof.tech.

It's not the businessof, just
businessof.tech. Great contenton his website, great podcast,
nice little bite sized piecesthat'll keep you in the know in
the world of technology, which,as we all know, is always
changing. Otherwise, go tounhacked.live. That's where
you'll find episodes that Marioand I bring you week after week

(50:30):
and links to all of our guests,all of their information, and
our never ending offer for afree assessment. If you don't
know where you're at, find out,get a plan together, and then
Jesus, just have a good night'ssleep.
That's a wrap, guys. Brian oh,Brian's not here, but I'm so
used to saying Brian. Mario,thanks for being here as always.
And Dave, again, thank you,guys. Say goodbye, and we're

(50:52):
gonna wrap.

Mario Zaki (50:53):
Dave, this was awesome. Thank you very much.

Dave Sobel (50:55):
Oh, thanks for having me, guys. This was great
fun.

Take care, guys. We'll see you.

All Episodes

Episode Transcript

Popular Podcasts

On Purpose with Jay Shetty

Boysober

Crime Junkie

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}48. I Hate the Cybersecurity Industry with Dave Sobel of The Business of Tech Podcast

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}On Purpose with Jay Shetty

Boysober

Crime Junkie

All Episodes

48. I Hate the Cybersecurity Industry with Dave Sobel of The Business of Tech Podcast

On Purpose with Jay Shetty