Robert Phelps helps keep remote teams secure, often before they even know they’re at risk. As President of Creative IT, Robert and team provide IT services for companies that are too small to build an in-house department, or those that need a little assist.
Robert and I spoke at Running Remote 2025 Austin, before his keynote, ‘The Hidden Bottleneck: Why Remote Teams Struggle to Scale (and How to Fix It Today),’ on the cybersecurity challenges of remote and distributed teams, and the responsibility for user and companies, even if most of their apps and IT are hosted at a large public cloud provider like AWS, Google Cloud, or Microsoft Azure.
With the world trying to convince us to click, it comes back to people, educating, training, and as Robert stresses, testing to make sure they understand, and don’t take tempting bait.
Compliance and Security, never go out of style. But the challenges and degree of difficulty only increase over time.
Please join me in welcoming Robert Phelps to the Work 20XX Podcast
Editors Note: Recorded 2025-April-30 at the Running Remote conference in Austin, Texas.
Special thanks to Liam, Egor, Ana, and Team Running Remote.
Robert Phelps: Cybersecurity, People, Responsibility, Test | Work 20XX podcast with Jeff Frick Ep52 from Running Remote
#Bottlenecks #CARA #Cloud #CMMC #Compliance #Culture #CyberSecurity #Distributed #Enablement #Experience #FoW #IT #Monitoring #Onboarding #People #Platforms #Remote #Responsibility #Risk #Scale #SOC2 #Teams #Test #Threats #Training #Trust #Workplace #RunningRemote #MenloCreekMedia #Interview #Podcast #Work20XX
YouTube - Click Here
https://www.youtube.com/watch?v=aDE6yTpz1No&list=PLZURvMqWbYjmmJlwGj0L0jWbWdCej1Jlt
Transcript and Show Notes - Click Here
Episode Transcript
Okay.
And wewill go
in three, two, one.
Hey welcome back everybody.
Jeff Frick here.
Coming to youfrom Austin, Texas.
That's right, Work 20XXis on the road
at Running Remote.
And we're excitedto be down here
and talk to reallya lot of the leaders in
not only remoteworking
but these are business lessons
that can be applied
whether you'refully remote
(00:21):
distributedhybrid
back in the officeor anything in between.
So we're excitedto have our next guest.
He is Robert Phelps,the President of Creative IT.
Robert, great to see you.
Thanks for having me.
I appreciate it.
Absolutely.
So for folks that aren't familiar with Creative IT
give us kind of thethe quick overview.
Yeah.
Well, I guess the elephant in the room
is my pants.
I figured for a remote first
[Robert] conference[Jeff] Wow, you jumped
(00:41):
[Jeff] right to the pants.
I was gonna let itsit for a minute.
I don't knowif anyone would
would miss them.
[Jeff] No we will not miss them.
We figured for a runningremote conference
we would dresslike we do
when we're on Zoom calls.
[Jeff] Okay.
We're just not used tobeing in person.
[Jeff] Okay. I got it[Robert] Yeah. Okay.
[Jeff] All right. Good
But a little bitabout Creative IT
We provide full IT departments
to companiesthat either are
(01:02):
too small to havetheir own internal
[Jeff] Okay
or they have internal
but they need additional help.
That's everythingfrom
tech supportfor your end uses
full cyber security monitoring that team
that company's security posture
on boarding, off boarding,
shipping machines, getting machines back
from those companies
And did I see that
you have a new bookthat came out recently?
I do, we wrote a bookon cyber security
(01:23):
with a coupleof our colleagues
and that became the Amazon bestseller day one.
[Jeff] Yeah. Very cool.
‘Cybersecurity (01:28):
The Silent Battlefield’
You got it.100%.
We talk a lot aboutin that book
cyber security, how to secure small businesses
remote businessesas well as compliance
a lot of our clientsthat are fully remote
are softwarebased businesses
trying to get their SOC 2 compliance
and navigating that as a remote company
is incrediblydifficult.
We help our clientsthrough that as well.
(01:50):
[Jeff] Compliance and governance are often talked about as
gates, as brakes, as inhibitorsto moving forward.
But in fact,
they can actually begreat enablers
and they can be super important
to successful business.
So how shouldgrowing businesses
that maybe didn't have to
think aboutit before
it’s kind of a new thing.
Think about complianceand governance
(02:10):
and making surethat they're
ticking all theright boxes
100%. It's daunting.
When you look atwhat's required.
If you have a partnerthat can walk
you step by step through what's needed
that's the keyto success.
But really,I can tell you
we've had a handful of clients
that once we'vehelped them
they decided that'sthe way they're going.
Once we've helpedthem become compliant.
(02:30):
Some of their competitors actually
handed them their business and said
[Jeff] Is that right? [Robert] We’re not
We're not doingthis anymore.
[Jeff] Because they don’t want to invest [Robert] It’s too hard
in the compliance?
[Jeff] They say forget it? [Robert] You got it, Yep
Interesting, ok.Cybersecurity
Giant, Scary topic.
Deepfakes, AI.
There's so many thingscoming at them.
I don't even know.
Where do you beginwith cybersecurity?
(02:50):
What are some of the big holes?
What are some ofthe obvious things
that people shouldtake care of
in a smaller businessor a small organization?
Because it's one thingyou know, if you're
if you're renting outspace on AWS, I've got
you know all AWS’s security team
kind of helpingme out.
But as asmall business
I don't necessarilyhave that.
So how should peopleapproach it?
How do you kind ofrank order and prioritize
(03:12):
all the many things yougot to do in security?
Well, two things. It's kind of funny,
what you said aboutyou know
well, we're in Google,we're in Microsoft,
we're in AWS,so we're secure.
That's a big fallacythat a lot of
clients have thatwhen they come to us.
There's something calleda shared services model.
When you signthat agreement
you probably don'tread all the pages.
But in there is what's calleda shared services model.
(03:33):
And that basicallywill lay out
that you arestill responsible
for a portionof security
and that is howyou access that data.
While they may be responsiblefor securing the data center
you're responsiblefor the data
the data security andyour employee security.
One of the biggest things we've seen
the trend, especially with remote
most remote companies don't think
I don't need security.
Maybe we're all usingpersonal devices.
(03:55):
We see 15,000 incidents
on cloud basedapplications
that our clients use
like Google WorkspaceMicrosoft 365
for every one security incident
on a physical deviceor server or network.
[Robert] So attackers now[Jeff] Wait, how many to one?
[Jeff] 15 to one? [Robert] 15,000
15,000 to 1.
So we are literally investigating 15,000 incidents per
(04:15):
on cloudbased software
for every one we'renow doing inside
That goes backto the
Why do they rob banks?right.
That’s wherethe money is.
[Jeff] Exactly?[Robert] You got it
Okay.
So that's good.
But now I'mgetting started.
Where aresome of my holes?
The biggest riskis actually people.
People are the biggestrisk to any organization.
When we see cyber incidents
majority of them are because someone
(04:37):
did something they clicked on something.
They thought they gota legitimate email
and it was notlegitimate.
That's the biggest risk is
those typesof incidents
those typesof security events.
So trainingpeople
getting them onthe right path
but then having
someone monitorall of their activity.
[Jeff] Right, right.
And if somethingmalicious happens
we on boardeda client recently
the owner's accounthad been accessed
(04:58):
being accessedfrom someone
in the country of Georgia
for three months.
They hadno idea.
They hadno idea.
You know, RSA is happeningthis week as well
up at Moscone.
And I rememberat a keynote
a couple of years ago
it was a lady from Cisco[Wendy Nather, RSAC 2020]
talked aboutthe whole internet
is aboutclicking
everything onthe internet is clicking.
And of course
(05:18):
that's what you're not supposed to do
for cyber security,right?
Don't click anything
but everything is clicking.
So how doesthat all
you know, how does that work?
And then as thedeepfakes get better
as the sophisticationand the spelling
and the grammarand the
the contextual relevanceon these hacking emails
and otherthings gets better.
What do you see?
(05:38):
What's going to happen?
Yeah.
Educating usersis one thing,
but we have aproprietary tool that
what that does is
monitors a user's accountfor everything they do.
And then if they do something that isn’t right
alerts our team
and we can lockthat account down
and investigate it, so
you can do somethingwhere you don't
allow your employeesto click anything
that's foolproof
(05:58):
or you can do whatwe do for our clients was
we have someonein the middle
and some intelligencein the middle
that when they dosomething that’s incorrect
you stop itimmediately.
You catch it.
[Jeff] Catch it before it goes out [Robert] Catch it immediately. Yup
It’s so, Iyou know, I tell
everyone, but we're all susceptible, right?
Just don't click anything.
Anything.
[Jeff] Comes from your bank[Robert] Don’t do your job.
(06:18):
[Robert] Nope. Close your computer[Jeff] Unless you sent it
Don't click anything.
So you're giving asession tomorrow I believe?
Yep
‘The Hidden Bottlenecks with Remote Teams
and why theyStruggle to Scale
and Howto Fix It.’
So what is the hidden struggle?
There's a handful of them.
There are five thatwe will go over.
[Jeff] Okay.
We'll go oversome easy ways
to solve those problemsand how we solve them
(06:40):
for our clients.
The biggest bottleneck we see
for most of our clients
revolves aroundonboarding.
And I can tell you
if you don't get that right
a new employee
when they joinyour organization
if they don't have accessto what they need
if they don't have theircomputer on day one
they're not thinking,man, IT screwed up.
They're thinking, did I join the right company?
Did I make theright decision?
(07:01):
And that is not that erodes trust
and remote workis about trust.
Right.
So are most of your clients remote?
Most of our clientsare remote or hybrid.
Okay.
And that's one of the
been one of thebiggest struggles
for them has beenhow do we
how do we makethat experience as great
as if we hadyou know
an office for that employeeto come to work
Right.
And then how many of them are hiring
international folksversus domestic?
(07:23):
Because thenthere's a whole
nother layer of compliance
and regulationand everything else
that you gotto deal with
if you're hiringpeople outside
even the rules acrossstate lines are different, correct?
Oh yeah, 100%.Yep.
So one of the big things for us is a
a majority of our clients are U.S based
[Jeff] Okay.
But a lot of them hireall over the world, so
we have some clientshave people in the UK
(07:45):
in the Philippines
in Pakistanplaces of our nature
that we're helping thatuser get up and running.
Right, right.
And do those peopleusually use
some type of serviceprovider to manage the
the local, I don’t knowyou know, Social Security
whatever the equivalency is
for those types of things
is that what you find usually?
An employer of record
is what they'reusually using.
Okay.
Or that type of service
(08:05):
Okay. Like a Tri-Netkind of a thing
that we have.
You got it.
Okay. Excellent.
Cybersecurity.
Three things thateveryone should do today.
So numberone
train employees
educate them on the risks.
Quite franklyeducate them
on their responsibility.
Most employees thinkthat's an IT problem.
That’s a securitydepartment problem.
The truth is, it'severyone's responsibility.
(08:28):
The second thing istest that training.
Make sure that not only are they taking it
but that they'reunderstanding it.
And then the third thing is
it has to betop down.
It's a culture change.
Most of our organizationsthat struggle with security
it’s because the peopleat the top don't care
and that finds its wayall the way down.
So it’s got to be atop down culture shift.
(08:49):
Right.
I could say somethingreally bad about platforms
but I’m, probablyprobably shouldn’t
been based on our earlier keynote today.
Okay.
Well, Robertthanks for
for taking a few minutes.
Thank you.
[Jeff] Where should people go[Robert] I appreciate it
to getthe pants?
Where did you get them.
Oh, well these pants I found on Amazon
[Jeff] Okay [Robert] I laughed, I said
it’s probably theperson's first sale.
They probably, like,had a huge celebration
(09:10):
when they finally solda pair of men's
[Robert] unicorn pink pants [Jeff] Hopefully they sent you a picture.
I guess I should send them a picture.
Yes, yes, yes. All right.
Well thanks again.Really appreciate it.
And best withkeeping us safe
because it's a scary,dangerous world out there.
It is. Thank you so much.
All right.
He's Robert.I'm Jeff.
You're watching Work 20XX.
We're coming to you live from Austin
at Running Remote.
Thanks forwatching.
Thanks for listeningon the podcast.
(09:31):
Catch you next time. Take care.
Thank you.
Cool.I think we’re out
Thank youThat was wwesome.
Hey, Jeff Frick Here
big shout out to the podcast audience.
Thanks for listening in.
You can get show notes and transcripts at Work20XX.com
And that also has links to the videos as well.
Appreciate you listeningin on the podcast
(09:53):
Do reach out
say hello, like subscribeand smash that notification bell.
Thanks for listening.Take care. Bye bye.
Popular Podcasts
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com