Episode 36 - Top-Notch Cybersecurity In Uncertain Times with Brian and Wes Gill

From solutions architecture to security, Gabe Gumbs brings wide and deep technical experience to his position as Chief Innovation Officer at Spirion. Today, he is leading the Spirion product team through strategic product development to create technologies that push data security forward in an increasingly complex digital world. Prior to his new position at Spirion, Gabe held a range of positions in security technology, including VP of Product Management at Spirion. Other prior positions include VP of Product Strategy at STEALTHbits Technologies, and Director of Research and Products at WhiteHat Security. Gabe also served on the Board of Advisors at eGRC.com.Show Notes:[01:16] Gabe shares his career journey and how he got into IT. His interest in technology actually began in high school.  [02:39] He started his IT career as a junior network admin.  About ten years ago he switched from the practitioner side to the solution provider side.  So now he builds security technologies and that is the core of what he focused on.[04:25] Chief Innovation Officer means that he sits at the head of their project strategy.  He ensures they are bringing the market the right technologies to solve their customers problems.  [05:52] They spend a lot of time understanding and examining the customer’s problem well before jumping to the solution. [06:46] He spends a lot of time digging into the problems themselves with the customer. [07:11] For the most part, your average customer understands that they are not so unique that their problems would stand out from others. [07:55] When organizations are taking very differentiated approaches to solving their own problems where they might run into unique challenges of their own.  [09:24] Privacy operations is going to become a very necessary function inside of any organization with any sizable amount of data.  [11:25] It is especially difficult when the internal business doesn't understand where all the data exists in multiple clouds. [12:57] You can have security without privacy.  On the security side you are dealing with risks that arise from unauthorized access to data.  On the privacy side you are dealing risks that arise from authorized access data. [13:37] The expectation of privacy is a bit overstated in the corporate world.  [14:38] Where is all your data and what type of data is it?[15:50] If that is data that you’re required to share with a third party, that is going to require different security and privacy controls.  [16:14] We have to link the business use of the data to the security and privacy controls.  [16:35] Align business use of the data with the data type. [17:01] Did I genuinely understand that problem and am I approaching it the right way? [17:56] The non malicious threats continue to surprise them in different ways. Underestimating human ingenuity will always get us in trouble.  [19:03] It helps to visualize the problem.   [19:51] Gabe shares his best worst boss story. [20:47] It is important to understand how the business operates and then understanding how you are going to secure the business. [22:26] Gabe’s advice is to slow down. Sometimes you have to slow down to speed up. [23:46] Spend more time in the problem space even in your personal life.  When we are under pressure we tend to want to run towards solving it, but being uncomfortable for just a little bit longer so you can understand that problem is really where we need to be. Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInGabe on LinkedInGabe on TwitterSpirionPrivacy Please Podcast

Sri Koneru is the Global Technology leader with Worldwide Operations experience in Fortune 100 companies His industry and functional expertise includes retail, energy, and utilities, manufacturing, and technology. He is a motivated and customer-centric senior technology leader and business strategist with a track record of transforming organizations to deliver sustainable results and propel digital innovation. I champion cutting-edge technologies that increase customer engagement, grow the business, expand operational capabilities, improve efficiency and reduce costs.Show Notes:[01:08] Sri shares his career journey. He got an engineering degree and he knew he wanted to learn as much as he could. [02:20] It is all about people and relationships.  Work gets down through relationships.  [03:18] He was good in math and logic growing up so naturally, he leaned towards technology so that really paved his path into technology.  [04:13] Technology is a part of every business model.  You have to have some technical knowledge. [05:10] You can never go wrong looking at how you can transform your customer experiences.  [05:51] At the end of the day, the customer is king. [06:13] The other thing you can never go wrong with in your transformation efforts is employee experience. Enhancing the employee experience and helps them provide a better customer experience.  [07:45] Understanding what are customer friction points and pain points are and doing that in the context of customer journey mapping. [08:35] You have to do step zero before you get to step four.  Sometimes in the digital transformation world, we try to go to step four first. [10:06] When you are talking about customer journey mapping sometimes you have to unlearn what you have learned over the last 20 years and outsiders can enable you to do that.  [11:34] As an IT leader you want to know the details of the business process and business capabilities.  IT leaders have to be business leaders first.  [12:41] Sri shares about Winnebago Industries and who they are. They are known for continuous innovation, quality, and service. [14:32] The pandemic has taught us to get more in touch with our soul and our purpose.  We are all recognizing as humans that there is a lot more to do than work.  [17:29] Sri shares his advice for himself at the beginning of his career.  Never lose the curiosity to learn.  Have the curiosity to learn about the business you are in.  Curiosity should not have an expiration date.  [19:00] Have the passion, have the curiosity, but also know that you don’t have to put a timeline to that progression. [20:18] Sri shares his best worst boss story. [21:07]  The best bosses give your honest, timely, and open feedback, but they also have your back.   [22:29] Having a support system was crucial to him during his worst boss story. [24:12] It is not competition anymore, it is cooperation.  We can provide more value and faster value if we can create those partnerships across ecosystems.  Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInSri on LinkedInMinnesota Technology Association

Brian Watson is Principal at CIO Clarity Advisors. He previously served as VP of Enterprise Innovation at Traction Technology Partners, where he and his colleagues help companies source and vet the emerging technology companies that drive innovation and create competitive advantage. Brian is the author of Confessions of a Successful CIO: How the Best CIOs Tackle Their Toughest Business Challenges (Wiley, March 2014), which was a top-rated title on Amazon and has appeared on numerous “must-read” lists for current and aspiring IT leaders. He also served as Editor in Chief of CIO Insight. Brian has spoken and moderated CIO panels and fireside chats at IT leadership events across the U.S. Brian holds degrees from Bucknell University and Northwestern University’s Medill School of Journalism. He lives in Fairfield County, Conn, with his wife and two sons. Show Notes:[01:09] Brian shares his career journey. He is always looking for ways to help CIO’s tell their story or help CIO’s.  [04:01] Brian and Dan wrote their book Confessions of a Successful CIO to share stories about CIO’s that have saved their companies in depth. [06:18] If you don’t have a plan, you plan to fail. [07:13] 2021 is going to be very similar to 2020.  There is a big emphasis on speed. [08:11] We have seen what teams can do when they’re focused and that is going to continue to be a game-changer. [08:18] Extenuating digital investments, e-commerce, and the power of the ecosystem are really important. [09:48] Harnessing your ecosystem for new ideas, better ways to integrate technology, and maximize what you have in your environment already paid off really well for a lot of CIO’s last year and is a big focus of their time this year.    [12:22] The wins are more spread out and not as easy to benchmark.  We don’t know the final outcomes on a lot of the things that have happened.   [13:29] Talent is a perennial challenge for any organization.  Work from home allowed many companies to seek out talent beyond their geography.  [15:54] You want to make this the best employment situation for the people you have right now.   Many companies are asking what they can keep doing in this remote world to keep rallying and motivating their people outside of financial bonuses.  [17:16] One of the other concerns is the workplace itself. What is it going to be and how many people are going to be there?[19:06] Another concern is innovation.  [21:05] Brian’s best advice outside of IT is to set goals that are measurable and tangible.  If you are going to work in an IT organization have a really clear idea of what you want to accomplish.  [21:46] You want to be as focused and goal-driven as possible. Learn as much as you can about the organization and the pathways through it.  Understand your business.  You’re there to enable the company so you have to know what it does.  [22:11] Go through as many professional development exercises as you can. Try to learn as much as you can.  There is nothing better than a mentor.  [24:01] There are so many folks that have been in the technology field for a long time and just want to give back.  There are a ton of people out there that can be learned from and are happy to do it.  [25:32] Brian shares his best worst boss story.[26:20]  It is very important to think about how you are communicating about people and towards people.  [27:43] Brian shares about the nonprofit called ReferVets that he, his buddy, and a team of volunteers are launching soon. Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInBrian on LinkedInReferVets

Nathan was crucial in implementing cutting edge data infrastructure technologies such as DataRobot, Alteryx, and Snowflake. While at Symphony, Nathan was named a “Data Science Superhero” by DataRobot. Several years ago, Nathan was invited to lead the Healthcare User Group at Alteryx, a role he still holds today and is Core Certified in Alteryx Designer. He is also an AHIMA Certified Health Data Analyst and a HIMSS Certified Professional in Healthcare Information and Management Systems. Nathan shares so much of his knowledge about data analytics.  He shares tools his company has found most useful.  He always shares great starting points to start using data successfully in your organization.  Show Notes:[01:06] Nathan shares how he got into IT and specifically healthcare IT. He has worked in the IT space for almost 21 years from an analytics background.[02:37] He was a programmer for seven years and then he moved into data.[04:19] He loved technology from the beginning, but he loved building it. He likes that you can rapidly build on the data side. [06:52] Since he was more technical and less business savvy he knew he learned more about business and accounting.[08:02] Don’t just look at the data set and think about solving this problem in front of you.  Think of it from the business impact it can have.  You are solving more than a data problem.  You are solving a business problem.  [10:01] In 2020, no one can say they don’t have a computer job. [10:42] You have to constantly think about what you are doing with the data and what you know that can help solve problems. [12:01] They researched many tools, and they settled on Ultra Excel. Nathan shares other tools they have found to be a great fit for their organization. [13:12] You have to fit the tool and what it does well with the end-user and always keep the end-user in mind. [15:13] We are going to see people start standing up APIs. [16:53] They set up a lot of their data infrastructure in the cloud and they still have firewalls and security in place. It allows you to move data much quicker.[18:01] They provide internal training for the more difficult problems they encounter.  Vendors usually provide baseline training and support. Many vendors also have great online communities that can be a great resource to answer questions.[19:52] KDNuggets is a great resource for analytics. [21:57] Noone will see what you are doing unless you talk about it.  It is a balancing act to be humble and also talk about what you are doing well. [22:41] A public speaking class in college is money.  You will need to have the strength and courage to talk in large groups. [23:30] Don’t be afraid to put yourself out there and talk about what you’ve done. It may come with criticism.  [23:53] Learn to say no. Be judicious in the projects you choose.  Think about what things are going to matter to the business and focus on those.  Cut out the things that won’t really have an impact. [24:27]  You always have to be learning something new. [26:01] Nathan shares his best worst boss story. [27:53] Sometimes people are not talented at all but have a great attitude and they can be trained, taught, and elevated.  We can’t teach attitude. [29:52] Most of the problems that people are having is just not understanding the time nature of data.  [30:21] On more advanced teams they look at the culture of the team. [31:49] Every company has one metric that matters most. If your company doesn’t know that, then that is the place to start. [33:02] There are opportunities all over the place to find savings.  Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInNathan on LinkedInNathan on YouTubeLean Analytics

Dr. Cole has worked with a variety of clients ranging from Fortune 500 companies, to top international banks to the CIA. He has been the featured speaker at many security events and also has been interviewed by several chief media outlets such as CNN, CBS News, FOX News, and 60 Minutes.  We talk about what is working and what isn’t when it comes to IT and agriculture, focusing most of our conversation on artificial intelligence.Eric shares so much of his knowledge about business intelligence and cybersecurity.   He shares the biggest security risks for companies and ways to maintain top security with your workforce working from home.  He also shares practical steps any organization can take to be more proactive with their cybersecurity. Show Notes:[01:18] Eric shares how he got into IT and cybersecurity. He majored in computer science and decided to study cybersecurity. [03:13] He left the CIA because he was an entrepreneur at heart and he started his own company.  He helps companies be on the defense of cybersecurity.  [03:58] Now he runs his own business, Secure Anchor. They help companies build out an effective roadmap that actually protects and secures their critical assets. [05:06] The biggest risk that any company has no matter their size is they don’t think they are a target. It is important to let data drive decisions. Many companies don’t think that cybersecurity is their responsibility. [06:01] If you haven’t detected an attack in the last two years, it is because you haven’t looked in the right spots.  It is not because it is not happening.  The indicator of good security means your detecting breaches. [06:56] If you want to have the best cybersecurity make sure you have a network visibility map, no all of your assets visible from the internet, patch them, and make sure they don’t contain any critical data on them. [08:27] The two most dangerous applications on planet earth are email clients and web browsers. [09:01] Have a Windows computer as your primary work computer. Then have a non-Windows based computer that you use for surfing the web and checking email. He does all of his web surfing and email on his iPhone.  [10:01] Passwords are not a great idea. We need to start moving everything to the Cloud with an authentication layer. [11:11] Any solution that is designed has to be location agnostic.  [13:32] You have two choices.  The first one is to wait for the breach that will happen or really start getting aggressive protecting the endpoint with authentication. [14:36] A penetration (pen) test is sometimes called ethical hacking.  You are trying to break into an organization from an attacker’s standpoint. The problem with a pen test is that it is not comprehensive. [17:32] Eric is not a fan of pen testing but he is a fan of doing threat mapping or a full-blown security assessment. [19:49] From an attacker standpoint the biggest change they have seen is that it is all monetary driven. [21:07] Eric believes that in 12-15 years we will have an international cybercrime unit for all governments.  [23:01] His concern is that for the last 5 years every memory chip or CPU has come embedded with malware that hasn’t been activated yet.  [25:08] The idea of zero trusts is we don’t trust any computer.  Every system is isolated, independent, and has its own controls.[26:49]  Eric shares his advice for beginners in the IT and cybersecurity fields. Start a regiment of reading a book a week for an hour a night. [28:10] Bet and believe in yourself and start your own consulting company.  Do it for a year or two and then reevaluate. [29:13] Eric shares his best worst boss story. [30:34] Sometimes you have to be willing to take calculated risks.   [32:10] He also shares a crazy story of him being a boss. [33:18] Cybersecurity is a real threat and one of the biggest to your organization. Have an assessment and make sure you understand what is happening in your organization. Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInSecure AnchorEric on TwitterEric on YouTubeEric on FacebookEric on InstagramSecure Anchor on LinkedIn

Dan Willey is the CIO of Wilbur-Ellis. Doug Farrington is the Digital Officer for BASF, North America. Ernie Chappell is the founder and president of EFC Systems. We talk about what is working and what isn’t when it comes to IT and agriculture.  We focus most of our conversation on artificial intelligence. Show Notes:[01:26] Dan shares how he got into IT and agriculture. He grew up in a rural area so agriculture was very appealing to him. He loves the connectivity with those that help us eat.[02:39] Doug shares how he got into agriculture and IT. His interest in IT started when his dad brought a computer home. He grew up farming so agriculture seemed like a good fit.[04:45] Ernie shares how he got started in IT and agriculture.  This space is perfect for him because in his teenage years he loved visiting his relative’s farm. So it is the perfect intersection for his love of agriculture, finance, and technology.[07:48] There are still a lot of opportunities where we are at.  There are opportunities to become more efficient, business operations improvement, and top-line growth.[07:19] With digital agronomy we have a lot of room to grow in farming.[09:25] When AI gets to the point where the decisions made by AI are as good or better than what a human can make that’s when we will see the adoption. Right now we are creating information and insights, but the farmer and agronomist are still making the decision.[10:18] The agriculture industry is a bit of a laggard compared to health care, financial systems, and banking when it comes to embracing technology.  It is a bit tough for agriculture because every piece of land is different. The variety that we are dealing with crops and geography are uncontrollable variables and it may be a tough area.[11:34] Technology has brought a lot of benefits in the last three and five years and that pace seems to be accelerating.[13:15] One of the advantages that agriculture has is that we have a backlog of information and we haven’t started floating those ideas out to get traction.[15:07] The farmers are asking for help simplifying their lives and business.[15:43] All growers see that there is value in digital.  Most growers don’t see how to get the value out of the tool or data.[17:35] Robotics is the future, especially with labor shortages.[18:04] The business of farming and growing food for the world isn’t really an isolated activity.  The retailers and service providers meeting that grower where they are at is important.[21:18] Margin follows value. Are you solving the problems that need to be solved?[22:23] We are held accountable to solve problems that make a difference for the farmer.  It is urgent that we bring an advancement of technology to bear for feeding the world, helping the environment, and profitability for the farm.[22:53] You have to be driving for change and embracing it.[23:51] It is important to set aside time for innovation.[27:14]  Innovation today is about building a start-up model where you try things, learn quickly, and then pivot.[28:03] You can’t innovate in a vacuum.  You have to innovate with your customers.[29:34] We need to be building things that are easy to use. We need increased simplicity to get adoption.[32:14] If you look at the palette of options and applications that are out there from an agriculture perspective,  there are over 100 applications and counting that are out there to help the grower or retailer.[32:38] There are plenty of opportunities to become more efficient to replace your outdated processes and solutions.[34:09] If you can drive out costs from efficiency gains then you can invest more in top-line growth.[35:52] It is not only what you can build, but can you articulate the value to the organization.[37:40] Spend time with your growers so you can really learn the business from the ground up.[38:07] Know your customer and business especially with data. Your ability to interpret data depends on your knowing the space.[39:04] There are no failures and failure isn’t fatal.  It is just a journey until you get it right. The number one thing that you need is grit and persistence to keep trying and failing.Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInDan on LinkedInDoug on LinkedInErnie on LinkedIn

Mo formerly held leadership positions including Executive Director at EY, and Partner at IBM, Capco, and Accenture. He is a senior executive with 25+ years of management consulting experience and has successfully managed IT projects in Financial Services, Electronics & High Tech., Energy & Natural Resources, Chemicals, Lodging, Media & Entertainment, Pharmaceuticals, and Professional Services. Mo has published many Business Intelligence and Data Warehouse articles in several industry journals including DM Review, B-EYE Network, and BI Review. He is an effective communicator across all levels of an organization — adept at building delivery organizations and mobilizing and managing multicultural, international teams. He has extensive experience delivering information management, data warehouse, and business intelligence solutions. Mo leads the Data Engineering practice at EKI which brings AI-driven data solutions to help clients identify, build, and commercialize the value of data for competitive and strategic advantage. Mo shares so much of his knowledge about business intelligence and data warehousing.   He shares the importance of data and how business intelligence can be game-changing for an organization.  He also talks about where to start and how to start to have a bigger impact on a faster timeline. Show Notes:[00:26] Mohit is the Managing Principal and Head of Data Engineering at EKI-Digital.[01:11] Data has been part of his history for a long time dating back to his bachelor’s degree from the University of Maryland.  He has always been on the consulting side and been able to work with some of the largest companies in the world.[02:41] Data is still not being used as effectively as it could be.[04:15] Most organizations face challenges in sourcing the data. 80% of their time and effort is spent just on that.  There are many technologies that can reduce that time to 10% or 20%.[04:49] Insufficient time is spent on understanding the consumption aspect.[07:19] Heavy manufacturing,  nickel and copper manufacturing, gold mining banking, and financial services continue to have major challenges.[08:18] Intelligence can really be a game-changer for organizations.[09:01] In most cases there is a common theme.  It starts with understanding the consumption aspects of the data.[11:12] It is important the data is able to be consumed.[13:17] There is a lack of understanding of the underlying statistical nature of the data itself, the use of the correct visualization to analyze that information, and more importantly to identify exceptions in the data such that it leads to action. Is the data actually going to lead to action?[15:13] There is a huge opportunity that is being overlooked across all industries.[17:01] Small nimble teams can move faster, so having the right individuals skilled with the right tools can make a huge difference in a shorter period of time. Starting small, thinking big, and scaling fast is a tried and true approach for managing these types of projects.[18:42] Have the end in mind at the beginning of the project.[19:58] He would have picked an industry that specialized in the areas he is passionate about.[20:57] He enjoys working in banking and capital markets and he finds the pace of change fascinating.[21:38] Mo shares his best worst boss story that was a life-changing experience for him.[23:09] He learned the importance of looking three steps ahead as a leader.[24:47] There are two key stakeholders in any organization, the CFO and CIO. There is a balance to that.Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInEKI-DigitalMohit on LinkedIn

Brian serves as CEO of Torch.AI and has more than 20 years of experience leading mission-driven, high growth, technology-focused companies.  Torch.AI helps leading organizations leverage artificial intelligence in a unique way via a proprietary enterprise data management software solution. Prior to Torch. AI, Brian launched or acquired several companies all focused on technology-enabled services and data connectivity. His companies serve nearly 1,300 clients and have been recognized as Small Business of the Year by the Greater Kansas City Chamber of Commerce.Brian shares so much of his knowledge about artificial intelligence.   He shares the problems companies are facing that inhibit the use of AI.  He also shares practical steps for getting started with AI in your company.  Show Notes:[00:27] Brian is the CEO of Torch.AI.[01:38] He left his company at the time and started his own company.  Within 3 years, he was so successful he had the opportunity to buy his last employee.[02:14] Brian shares his journey and how his position evolved over time. [04:39] He needs to be doing something, solving a problem, or using his brain creatively.  [07:01] Brian has been featured in Forbes Magazine for concepts around data encapsulation using blockchain technologies.  [07:34] As a business they specialize in high-risk environments dealing with sensitive data on a large scale.   [08:46] He shares about the impact of his Iron Man racing on his life personally and professionally. [11:41] The job of a CIO has changed.  Now the CIO is a business-critical role and they have a tough challenge the way work is changing.   [13:14] The point of AI is to provide more flexibility and improve the cost-effectiveness of some time of technology application. AI should be flexible and adaptable to a specific environment. [14:08] Right now there is not a lot of successful application of AI because the IT side has so many problems dealing with enterprise information.  [15:17] The purpose of AI is to create an automated rule to improve an outcome and make use of data on a scale that a human being just can’t do. Unless we solve all these other huge issues, it is not possible to do that at scale. [17:51] The remote working phenomenon gives the CIO a massive opportunity to go back and look at the fundamental underpinnings of the organization. [18:09] Companies should be paying attention to the framework that underpins all the information in the enterprise. [19:21] Many companies are focusing on the application layer that makes use of the data, but if they can’t get the data into their fancy analytic application there isn’t a point. [21:21] Right now if we develop an AI model and we want to deploy it we have to wrap it in code and we end up having a stand-alone application. When that changes across the landscape, you will see an easier adoption. [22:22] The CIO that does the best job will get the rest of the C-suite just as passionate about dealing with the challenges with messy data as they are the pretty pictures.  [24:46] Agriculture is ahead of manufacturing in AI. Agriculture has a set of standardized data that is friendly with advanced technology. [26:43] Brian shares his advice for his younger self including trying to be self-aware. [27:11] Be honest with yourself and others about what you are good at and not good at. Understand where you get your energy, how you make decisions, and what other personality types you need around you.[28:36] At the end of the day, if you’re a good person, you mean well, and try to treat others well you will make a good decision.  You make the best decision you can based on the information you have.[29:24]  His last piece of advice is to enjoy the journey. [30:42] Brian shares his best worst boss story.  [31:06] Lighten up a little.  He shares about a fun work culture that he enjoyed being a part of. [32:26] The CIO has a very challenging set of circumstances ahead.  The most successful seek to understand the foundational components first and the fancy applications second. They are happier in their job, inspire those around them, and are the best at their job. Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInBrian on LinkedIn

Dave Burrill is a senior executive (President, COO, CIO), entrepreneur, author, speaker, board director, and advisor. He’s been part of three successful tech companies taking each from co-founding or early stage to exit (1 IPO, 2 acquisitions) that have earned national recognition for innovation and growth. Dave is a trusted C-Suite advisor and peer with the expertise to cross disciplines from finance, operations, and IT to sales and marketing. He has over 30 years of technology project management experience leading successful teams for clients ranging from start-ups to Fortune 50.Dave shares so many great insights for avoiding IT failures.  He shares his experiences with IT failures including common problems like communication and processes and how proper questioning can eliminate these problems.  We also talk about the importance of using checklists to drive successful IT projects.  Show Notes:[00:30] Dave is the Managing Director at IT's about What.[02:48] He learned a lot from his vast past experiences.  [05:13] Over the last few years Dave has been working with early-stage venture private equity funds.[06:16] IT departments have a bad habit of being blind to the initial parameters.  [08:20] Half of all software professionals’ time is spent remediating something that wasn’t done right the first time.  [10:38] Three out of four project failures are attributed to one reason alone and the reason is that what the business is trying to do is never fully communicated to the IT department. The IT department doesn’t get a full grasp of what is needed.  [13:27] Make sure that what the vendor is building is exactly what you want them to build.  You need to document the workflow and what is being done.  [15:47] The vendor needs to ask direct questions and the business needs to tell the tech company everything they know.  [17:42] Human beings are largely controlled by an unconscious autopilot that we don’t even know we have so we have a separate operating system that is competing for control all the time.    [20:23] As we get better at doing something we build up these systems in our mind.  We can transfer the stuff from doing it manually to automatically.  [21:21] When stuff carries over the conscious to the unconscious it allows us to act instinctively. [22:02] The more expertise that you acquire, the less able you are to articulate that which you know or how you know it.[24:19] The business often forgets they know things so they forget to share them with the vendor or IT department.  [26:48] Audit standards mandate when you are doing an audit that you construct a checklist.  [28:09] Dave shares about a high-tech project that was successful and met every objective using checklists.  [29:37] Really bright people acknowledge physical constraints and human limitations and they figure out a way around them.   [32:49] Dave shares previous IT failures so that we can learn from them. [33:57] The problem is that we often lose sight of how and why something was originally developed.  [35:54] We love the next big shiny object. [38:46] If you ever forget that this is all about people, your life with not be worth living. [39:26] Understanding the human need in IT is your principle focus.   [41:25] When you start believing that you know everything there is to know, you close the door on the possibilities of all the things you might learn.  [41:41] You need to lead with questioning and draw the information out.[43:03]  It is about moving a ball from point A to point B as fast and efficiently as you can to hopefully generate some profits.   [44:13] Your reporting strategy is your management communication strategy. [45:19] Then you refine what you have done before. You look at your metrics and make adjustments.  [47:53] A checklist gives a layer of consistency and trust. [49:35] Dave shares his best worst boss story.  [52:47] Continuous learning and continuous improvement are crucial to the success of the organization. [54:11] Never forget that human beings are complex.  The hero of the morning can be the thief of the afternoon.  [54:41] Just because you don’t agree with someone on one thing doesn’t mean they can’t be right on something else. [55:14] You can contact Dave (949)235-6283 or [email protected].[56:11] It is important to document lessons learned. Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInDave on LinkedInIT’s About What WebsiteThinking Fast and Slow BookThe Checklist Manifesto Book

Brian is a computer scientist and entrepreneur. He is the CEO of Gillware, a company he started eighteen years ago.  During those 18 years, he has been helping businesses get out of IT disasters especially data loss situations.  Brian has been working with his brother Wes for the last twelve years.  Brian currently runs Gillware doing the most traditional data disasters.  Wes is the vice president of product at their sister company Tetra Defense. Tetra Defense focuses on cyber specific disaster and disaster prevention.   Brian and Wes share current trends, misconceptions, and attacks they are seeing in our current times.  They also share beginning steps to take if your company is attacked.  We wrap up by discussing the importance of a disaster recovery plan.  They share what you really need in your disaster recovery plan and how often it should be reevaluated.  Show Notes:[00:59] Brian is a computer scientist and entrepreneur.  [02:16] Wes is the vice president of product at Tetra Defense.  [02:53] With 25-30 million Americans working from home the field of opportunity for the bad guys has widened big time.  IT people and IT budgets are stressed.  [03:39] They are seeing an initial wave of attacks that are coming into home networks.  [04:28] It is important that you don’t have any extreme vulnerabilities in your framework. [05:52] When it comes to balance, take a look at what your systems are and what you’re using.  There are a lot of great tools out there that can do vulnerability scanning.  They will tell you if you have any glaring holes and you need to take those extremely seriously.  [07:21] Wes highly suggests that companies buy a YubiKey for all their employees working from home.  They are a great balance of security and convenience. [08:55] Bad Actors are continuing to get more sophisticated and more aggressive with their ransom demands.  [09:41] The amount of money being demanded continues to multiply.  [11:19] Cybersecurity Maturity Model Certification (CMMC) is a new initiative from the Department of Defense requiring all the suppliers and their supply chain to obtain a cybersecurity certification.  There are five levels.[11:26] The first level is basic cyber hygiene and includes seventeen best practices that you have to follow. [13:43] The DOD is blazing the trail with this very large scale certification requirement. [15:38] It is not often one criminal syndicate at work.  Many times specialists work together. [17:48] Often times companies are trying to protect themselves against risks that don’t exist and they are missing the ones that do. [19:09] The biggest mistake if you have the security people on staff and they think they know everything.  They can be very dangerous. [20:02] Those people that don’t know how to check their ego at the door, they are a dream come true for the bad guys.  [20:42] If you are under attack, you have to assume that whatever you have in there is going to be compromised if it hasn’t already then immediately isolate any nonimpacted back-ups you have.  Those back-ups are probably your fastest and least expensive way to recover.  [21:09] Next change your Azure AD passwords. If you don’t have advanced endpoint protection software you must put it into place. [22:01] Contact your insurance company and banks and let them know what has happened.  [23:54] Don’t hide an incident if it happens, communicate about it. [26:08] The first few pages of your disaster recovery plan need to be rock solid and reviewed every 3 months.  [27:56] Be more confident even as a beginner and it is ok to ask stupid questions.  [28:39] Make a challenge of something.  Ask questions and have conversations with the leaders of the company because often they are valuable.  [29:33] Don’t try to create too much yourself, others have solved the problems extremely well and you can just integrate them.   [31:29] Brian shares his best worst boss story. [33:42] However paranoid you are, get more paranoid.  [34:08] Boards and CEOs all need to budget more money for defense across the board.  There is probably not a single company in America that is properly capitalized to prevent threats.  The threat is exponentially bigger than it was five years ago and your budget is like 2% bigger. Links and Resources:State of the CIO Podcast WebsiteState of the CIO Podcast on Apple PodcastsDan on LinkedInGillware: Data Recovery ServicesTetra DefenseBrian on LinkedInWes on LinkedInYubiKey