WEBVTT NOTE This file was generated by Descript 00:00:05.424 --> 00:00:09.854 Welcome to this, uh, live special edition of the Cybertraps podcast. 00:00:09.874 --> 00:00:12.054 Uh, excited to have Nick Moritzi here. 00:00:12.054 --> 00:00:17.524 We are here live at the Inch360 event at beautiful Gonzaga University. 00:00:17.874 --> 00:00:18.904 Nick, thanks for being here. 00:00:18.904 --> 00:00:20.854 Tell us a little bit about who you are and 00:00:20.854 --> 00:00:21.394 what you do. 00:00:21.564 --> 00:00:22.594 Yeah, thanks Jethro. 00:00:22.594 --> 00:00:25.904 Thanks for having me and it's great to be back in Spokane. 00:00:25.914 --> 00:00:30.694 Nothing like, uh, The Bulldog on the yard right outside. 00:00:31.314 --> 00:00:33.284 Wished I could have gone to the basketball game last night. 00:00:33.284 --> 00:00:34.114 Oh, no kidding. 00:00:34.124 --> 00:00:35.194 Couldn't make time for it. 00:00:35.764 --> 00:00:36.384 Great team. 00:00:36.474 --> 00:00:36.844 Yeah. 00:00:37.294 --> 00:00:38.444 And it's a lot of fun. 00:00:38.554 --> 00:00:41.764 And everybody around here gets excited when they're, when they're doing well. 00:00:41.934 --> 00:00:42.354 I bet. 00:00:42.484 --> 00:00:42.694 Yeah. 00:00:42.694 --> 00:00:43.054 Yeah. 00:00:43.614 --> 00:00:45.274 A little background on myself. 00:00:45.274 --> 00:00:50.254 I'm about 30 years in high tech, building businesses, many startups, 00:00:50.254 --> 00:00:53.924 some large companies for the last 10 years in cybersecurity. 00:00:54.709 --> 00:00:59.089 Um, Cloud Cyber Security specifically, so I actually 00:00:59.129 --> 00:01:01.189 didn't do much network security. 00:01:01.809 --> 00:01:05.239 I went straight into the cloud world when cloud actually hit. 00:01:05.329 --> 00:01:10.629 Like right around 2012 when AWS started to become really popular and AWS 00:01:10.699 --> 00:01:13.239 and Azure and Google were launching. 00:01:13.629 --> 00:01:16.711 That's when I Landed in the cloud security space. 00:01:16.711 --> 00:01:19.132 So, been an interesting eight years. 00:01:19.222 --> 00:01:19.932 That's for sure. 00:01:19.952 --> 00:01:22.592 Very bloody, very bumpy, very bruised. 00:01:22.912 --> 00:01:26.442 Not a lot of knowledge on how to secure the, the new world. 00:01:26.512 --> 00:01:26.872 Yeah. 00:01:26.892 --> 00:01:29.512 You know, we all, we knew how to do network controls. 00:01:29.602 --> 00:01:30.042 Yeah. 00:01:30.282 --> 00:01:32.542 We knew how to do internet security. 00:01:33.312 --> 00:01:33.682 A bit. 00:01:33.682 --> 00:01:37.062 But we didn't know how to really secure the cloud. 00:01:38.012 --> 00:01:39.232 Definitely things have changed. 00:01:39.352 --> 00:01:39.652 Yeah, 00:01:39.652 --> 00:01:43.172 and, and would you say that the cloud is secure now? 00:01:43.816 --> 00:01:49.257 I would say the, the folks who do it well definitely secure it, right? 00:01:49.257 --> 00:01:50.427 And you have to own that. 00:01:50.537 --> 00:01:53.067 It's, you know, it's a shared responsibility, right? 00:01:53.087 --> 00:01:57.127 The cloud is, it's, they own the infrastructure, but we own the results 00:01:57.127 --> 00:02:00.817 and the outcomes of that, of that cloud. 00:02:00.887 --> 00:02:04.909 And, um, so I would say for sure, You know, over the last, call it 00:02:04.909 --> 00:02:09.539 five years, I'd say the tools have become very purpose built because 00:02:09.539 --> 00:02:11.979 we know what the problems are. 00:02:12.489 --> 00:02:15.919 Where ten years ago we were guessing what the problems were. 00:02:15.919 --> 00:02:19.279 So we were building solutions that were more guesstimates 00:02:20.079 --> 00:02:21.459 than they were right on point. 00:02:21.849 --> 00:02:22.299 Yeah. 00:02:22.439 --> 00:02:26.159 And so over time you, you, you hit, you get, you guess some right and 00:02:26.219 --> 00:02:27.224 other times you guess some wrong. 00:02:27.224 --> 00:02:28.094 Things wrong. 00:02:28.214 --> 00:02:28.484 Mm-Hmm. 00:02:28.934 --> 00:02:32.984 . And so now I'd say that the purp, the pro, the solutions that you can deliver, 00:02:32.984 --> 00:02:36.884 that, you know, after you've architected, after you've done the work to figure 00:02:36.884 --> 00:02:40.634 out what you want to do, that the tools that are there are very purpose built 00:02:40.634 --> 00:02:42.344 so you can actually really succeed. 00:02:42.914 --> 00:02:43.304 Yeah. 00:02:43.394 --> 00:02:45.344 And it's easier to succeed. 00:02:45.344 --> 00:02:50.954 It's not a, a big lift and shift motion that we've gone through the last decade. 00:02:51.044 --> 00:02:51.134 Mm-Hmm. 00:02:51.374 --> 00:02:52.544 , it's definitely very purpose built. 00:02:53.409 --> 00:02:53.789 Yeah. 00:02:54.229 --> 00:03:00.447 So there are normal everyday folks running businesses, leading organizations 00:03:00.447 --> 00:03:07.907 who rely on cloud services and don't understand how, how they work, how 00:03:07.907 --> 00:03:10.387 they're secured, uh, any of those things. 00:03:10.624 --> 00:03:12.654 how do you help people like that? 00:03:13.224 --> 00:03:18.454 Stay aware enough that they, that they do what they need to do? 00:03:18.454 --> 00:03:18.529 Yeah. 00:03:18.899 --> 00:03:24.789 But not go over their head or above their level as you're trying to help them. 00:03:24.849 --> 00:03:25.469 Yeah, sure. 00:03:25.549 --> 00:03:27.059 Good, good, good question. 00:03:27.059 --> 00:03:30.254 Um, so I work for a company called HP Aruba. 00:03:30.374 --> 00:03:36.364 Um, we have a very solid cyber security enablement program, so 00:03:36.364 --> 00:03:38.844 we can, we help companies do that. 00:03:39.104 --> 00:03:41.824 Now, really it boils down to what type of company you are. 00:03:41.824 --> 00:03:45.244 If you're, typically if you're an SMB type of a client. 00:03:45.611 --> 00:03:47.701 You, you want to outsource that work. 00:03:47.831 --> 00:03:51.571 You don't, you want to focus on your core business, like you Jethro, right? 00:03:51.881 --> 00:03:53.691 You're, you're, you run a podcast company. 00:03:53.711 --> 00:03:54.341 Right, yep. 00:03:54.361 --> 00:03:56.391 You don't want to manage your own cyber security. 00:03:56.401 --> 00:03:56.691 No. 00:03:56.741 --> 00:03:58.101 You, you need that outsourced. 00:03:58.101 --> 00:03:58.311 Yep. 00:03:58.321 --> 00:03:59.621 You need to just be secure. 00:03:59.791 --> 00:04:00.131 Yep. 00:04:00.441 --> 00:04:05.441 So you, I would advise you to go find a strong managed, managed service provider, 00:04:05.441 --> 00:04:09.041 managed security provider, managed IT provider, somebody that you trust. 00:04:09.831 --> 00:04:10.781 There's lots of them now. 00:04:10.791 --> 00:04:11.561 That's the difference. 00:04:11.581 --> 00:04:12.841 Ten years ago there wasn't that many. 00:04:13.191 --> 00:04:14.361 Now there's lots of them. 00:04:14.381 --> 00:04:16.551 So you can compare and contrast very easily. 00:04:17.571 --> 00:04:22.821 But obviously as you move up that chain from SMB to more like mid market, large 00:04:22.821 --> 00:04:27.351 enterprise, multinational corporations where we're hiring large staff, we're 00:04:27.351 --> 00:04:31.401 managing lots of products that in that situation what I would do is, 00:04:31.451 --> 00:04:33.601 you know, I would want to engage them. 00:04:34.291 --> 00:04:36.821 Go through some enablement, go through some architecture. 00:04:37.371 --> 00:04:39.401 Um, understand what they're trying to accomplish. 00:04:39.411 --> 00:04:41.511 What's the business value for doing what they're doing? 00:04:41.761 --> 00:04:44.481 Because at the end of the day, if we're just trying to secure stuff and 00:04:44.481 --> 00:04:46.436 we don't know why, What's the point? 00:04:46.446 --> 00:04:47.576 Yeah, exactly. 00:04:47.616 --> 00:04:50.116 So, you know, I'm always trying to understand the pain. 00:04:50.886 --> 00:04:51.226 Right? 00:04:51.226 --> 00:04:52.716 The metrics of the change. 00:04:52.716 --> 00:04:55.666 Like, if you're going to do that, what's the value to the business? 00:04:55.866 --> 00:04:58.126 Um, are you going to save some money? 00:04:58.136 --> 00:05:00.456 Are you going to generate a bunch more revenue? 00:05:00.596 --> 00:05:06.406 Are you going to Protect your IP better, mitigate risk, what are you trying 00:05:06.406 --> 00:05:07.876 to accomplish, what's the outcome? 00:05:08.964 --> 00:05:12.704 this is interesting because, uh, one of the school districts that I was a 00:05:12.704 --> 00:05:19.814 principal for, uh, we outsourced all of that security to, uh, GCI up in Alaska. 00:05:19.834 --> 00:05:20.144 Sure. 00:05:20.264 --> 00:05:25.772 And they took care of all of that for us because, we were on a small remote island. 00:05:26.487 --> 00:05:28.877 It was really difficult to get I. 00:05:28.877 --> 00:05:29.057 T. 00:05:29.057 --> 00:05:32.657 professionals to come there because they would only be coming for the job, 00:05:32.767 --> 00:05:38.047 and, uh, and it was just, it was just tough to find qualified people to do 00:05:38.047 --> 00:05:43.907 that, and so, rather than, you know, paying a six figure salary for someone 00:05:43.907 --> 00:05:49.427 to come and be that, we were able to pay that or about less to, to have all of 00:05:49.427 --> 00:05:54.244 that managed, but then over time, uh, as expertise grew within the community, 00:05:54.559 --> 00:06:00.349 then it made more sense to move, uh, in house rather than have it be outsourced. 00:06:00.389 --> 00:06:04.329 And it's just, it's interesting how those growing pains, like, the school 00:06:04.329 --> 00:06:08.319 district size didn't change, but the proficiency within the organization did 00:06:08.319 --> 00:06:08.759 change. 00:06:08.769 --> 00:06:09.929 Yeah, I agree. 00:06:09.929 --> 00:06:12.559 Actually, you see that just in general. 00:06:12.559 --> 00:06:18.379 That it's good you have very explicit, you know, school analogy, but reality 00:06:18.379 --> 00:06:24.204 is that The biggest challenge is lack of talent in the world right now. 00:06:24.214 --> 00:06:25.354 Cyber security talent. 00:06:25.404 --> 00:06:31.194 There's um, I read just a month back, there's 700, 000 unfilled 00:06:31.224 --> 00:06:33.284 cyber security positions in the U. 00:06:33.284 --> 00:06:33.524 S. 00:06:33.524 --> 00:06:33.984 alone. 00:06:34.174 --> 00:06:34.684 Really? 00:06:34.694 --> 00:06:38.714 That means globally, there's probably close to 2 million. 00:06:38.824 --> 00:06:39.174 Wow. 00:06:39.174 --> 00:06:44.414 700 here, 700 in Europe, Middle East and Africa, and probably 00:06:44.414 --> 00:06:47.274 another 600 in Asia Pacific. 00:06:48.074 --> 00:06:48.734 That are unfilled. 00:06:49.044 --> 00:06:49.334 Yeah. 00:06:49.344 --> 00:06:53.704 So we're talking about probably a 2 billion dollar lack of talent problem 00:06:53.744 --> 00:06:56.424 that's growing at close to 25%. 00:06:56.614 --> 00:06:57.024 Yeah. 00:06:57.064 --> 00:06:57.224 Wow. 00:06:57.264 --> 00:07:00.514 So there's no end in sight to solve that problem. 00:07:00.514 --> 00:07:04.149 So I would say most organizations, it doesn't matter how big you 00:07:04.149 --> 00:07:08.939 are, you're trying to find ways to manage that problem, either 00:07:08.939 --> 00:07:12.929 becoming more operationally efficient by managing less tools. 00:07:12.959 --> 00:07:16.429 Like, I've got my staff, I've got 20 people, I can't find any more. 00:07:17.439 --> 00:07:21.489 I've got 10 unfilled jobs, but I've still got a hundred cybersecurity 00:07:21.489 --> 00:07:25.574 tools I've got to manage to, you know, secure my, secure my company. 00:07:26.564 --> 00:07:27.484 How do I do that? 00:07:27.484 --> 00:07:30.674 And the only way you can do that is to become more operationally efficient. 00:07:30.704 --> 00:07:32.944 So reduce the amount of tools that they're buying. 00:07:33.634 --> 00:07:37.894 Consolidate, so that you can do more with less, essentially. 00:07:37.954 --> 00:07:39.744 Or, outsource. 00:07:39.974 --> 00:07:40.294 Yeah. 00:07:40.624 --> 00:07:43.354 And it's definitely a big problem and it's only getting worse. 00:07:43.354 --> 00:07:43.934 My son. 00:07:44.619 --> 00:07:50.069 My son's, uh, just finished his fifth year out of, uh, college working. 00:07:50.149 --> 00:07:52.759 So he, right out of college he went into cyber security. 00:07:53.509 --> 00:07:59.009 Um, I won't share, um, his income figures, but his first job was a 00:07:59.009 --> 00:08:00.939 computer science in cyber security. 00:08:01.039 --> 00:08:01.579 Uh huh. 00:08:01.859 --> 00:08:04.869 And, um, he made a good pay, pay. 00:08:05.059 --> 00:08:05.409 Yeah. 00:08:05.439 --> 00:08:07.259 But he was an entry level guy, right? 00:08:07.259 --> 00:08:08.209 So he made good pay. 00:08:08.629 --> 00:08:11.659 But then five years later, he 5X'd. 00:08:11.679 --> 00:08:13.096 Wow. 00:08:13.096 --> 00:08:14.514 Wow. 00:08:14.514 --> 00:08:21.349 If you're a student, if you're a stay at home mom who wants to go back to 00:08:21.349 --> 00:08:26.079 work, um, you know, go start looking into cybersecurity types of roles, 00:08:26.109 --> 00:08:30.169 because they're in high demand and they're paying a lot for these people. 00:08:30.169 --> 00:08:31.537 Yeah, 00:08:31.612 --> 00:08:34.537 I don't know the right way to say this, but Do you need to 00:08:34.547 --> 00:08:36.377 be a nerd to get these jobs? 00:08:36.447 --> 00:08:39.747 I literally, I had a coaching call yesterday with a friend's friend. 00:08:39.857 --> 00:08:43.307 So one of my lady friends has a friend who's been trying to get into cyber 00:08:43.307 --> 00:08:47.767 security and so I did a little networking call with her and my answer to her was, 00:08:47.807 --> 00:08:53.257 you really actually, the technology is, this is a really simple problem, right? 00:08:53.257 --> 00:08:56.767 We're trying to stop the, the hacker, the threat. 00:08:57.017 --> 00:09:01.177 And the threat comes in a couple different varieties but, but the easiest 00:09:01.177 --> 00:09:03.177 one that we can think of is the threat. 00:09:03.192 --> 00:09:08.792 I always use myself as an example, you know, my whole life for many, many years 00:09:08.792 --> 00:09:13.482 until I got into cloud security, I always stole data whenever I left the company, 00:09:13.482 --> 00:09:20.192 I would always, you know, and so I was the biggest DLP data loss problem, right? 00:09:20.282 --> 00:09:22.812 It was just my nature and I was not alone. 00:09:22.812 --> 00:09:24.832 I think this was the way people did it back then. 00:09:24.832 --> 00:09:26.752 It wasn't because I wanted the data for myself. 00:09:26.752 --> 00:09:30.952 It was because I wanted to make sure I was prepared for my next thing, you 00:09:30.952 --> 00:09:32.932 know, it wasn't to try to hurt anybody. 00:09:33.862 --> 00:09:39.092 And, and so what you'll find in that problem is that you have to stop Nick, 00:09:39.382 --> 00:09:42.022 right, because Nick still exists, right? 00:09:42.072 --> 00:09:46.902 And so that's the, that's the internal employee who's, who's doing that 00:09:47.096 --> 00:09:48.676 which is the hardest one to stop. 00:09:48.806 --> 00:09:50.066 Yeah, interesting. 00:09:50.146 --> 00:09:54.976 And then you've got to solve for the external ones, which are easier to stop 00:09:55.016 --> 00:09:56.776 because they're easier to control access. 00:09:58.256 --> 00:10:03.486 Um, and then you've got the social, which is an external hack attacking 00:10:03.506 --> 00:10:06.706 Nick internally, but he's unaware. 00:10:07.136 --> 00:10:10.786 So he plays along and he ends up getting hacked because he gets 00:10:10.786 --> 00:10:13.846 socially hacked, but I look like an internal threat at that point. 00:10:13.956 --> 00:10:14.346 Yeah. 00:10:14.596 --> 00:10:16.376 And, and so it's tricky for sure. 00:10:16.446 --> 00:10:16.726 Yeah. 00:10:16.726 --> 00:10:21.374 So tell me a little bit about you, stealing data as you leave a company, 00:10:21.484 --> 00:10:23.034 because it doesn't sound like you were. 00:10:23.439 --> 00:10:25.499 Uh, maliciously doing that. 00:10:25.549 --> 00:10:28.079 It was just part of your workflow. 00:10:28.109 --> 00:10:28.879 Tell me about that. 00:10:29.269 --> 00:10:32.159 Well, I mean, that's just, you know, like you think about the old days, right? 00:10:32.159 --> 00:10:35.748 You were, your, you did some work and it was saved on your computer 00:10:35.748 --> 00:10:39.798 and you put the pop it on a USB port and you walk out, right? 00:10:39.808 --> 00:10:41.398 That's, that's the concept, right? 00:10:41.398 --> 00:10:44.178 So that's the simple concept now today. 00:10:45.293 --> 00:10:47.633 , that person is not putting it on a USB port. 00:10:47.633 --> 00:10:49.523 They're putting it in their personal Dropbox account. 00:10:49.523 --> 00:10:50.003 Right? 00:10:50.003 --> 00:10:50.004 Right. 00:10:50.009 --> 00:10:52.463 So that's a CSS B use case technically. 00:10:52.673 --> 00:10:52.973 Right. 00:10:52.973 --> 00:10:54.743 So that's why we invented CSS B. 00:10:55.103 --> 00:10:55.583 CSS B. 00:10:55.583 --> 00:10:56.063 What is that? 00:10:56.183 --> 00:10:58.133 Cloud access Security broker. 00:10:58.133 --> 00:10:58.163 Okay. 00:10:58.253 --> 00:11:00.083 That's the, the, the acronym. 00:11:00.083 --> 00:11:00.173 mm-hmm. 00:11:00.413 --> 00:11:04.673 . But the real purpose of that is to crop, to stop data loss to the 00:11:04.673 --> 00:11:10.043 personal Dropbox or the personal box account, or my personal Google Drive. 00:11:10.133 --> 00:11:10.883 Right. 00:11:10.943 --> 00:11:12.803 So I'm on a managed device. 00:11:12.803 --> 00:11:13.643 I'm on my work device. 00:11:14.488 --> 00:11:16.208 I'm getting ready to steal that data. 00:11:16.208 --> 00:11:18.418 In the old days, I'd pop a USB port in. 00:11:18.738 --> 00:11:22.898 In the new days, I upload that stuff to my personal drive. 00:11:23.538 --> 00:11:25.178 It's the same workflow, essentially. 00:11:25.438 --> 00:11:26.798 So that's CASB use case. 00:11:26.798 --> 00:11:31.198 These are technologies that we built over the last decade to 00:11:31.198 --> 00:11:33.528 solve for that data loss issue. 00:11:34.208 --> 00:11:36.338 And so now, like, you can't do that anymore. 00:11:36.538 --> 00:11:36.888 Right. 00:11:36.978 --> 00:11:39.168 Like, even if I want to, I can't. 00:11:39.508 --> 00:11:40.378 I get stopped. 00:11:40.688 --> 00:11:42.038 I think Brant said it in there. 00:11:42.038 --> 00:11:43.228 We have to stop people. 00:11:43.788 --> 00:11:48.278 from doing, right?, Cause there was no maliciousness in me It 00:11:48.278 --> 00:11:49.668 just was part of my workflow 00:11:49.939 --> 00:11:52.229 that opens up a whole line of questions. 00:11:52.619 --> 00:11:56.129 We're going to have you back on the, on the show again in the future. 00:11:56.129 --> 00:11:59.239 So, uh, so we'll get into that more later. 00:11:59.249 --> 00:12:02.079 Cause I think that's a really interesting use case, especially 00:12:02.089 --> 00:12:07.009 for schools specifically where there's, there's so much there 00:12:07.269 --> 00:12:09.389 that can be done, uh, with that. 00:12:09.739 --> 00:12:12.679 And teachers are notorious for, for that kind of thing. 00:12:13.124 --> 00:12:17.494 And some districts have policies specifically to prevent teachers from 00:12:17.494 --> 00:12:19.844 doing that and others don't care at all. 00:12:20.044 --> 00:12:23.924 And some things that you create while in the employ of the 00:12:23.924 --> 00:12:26.154 district are the district property. 00:12:26.164 --> 00:12:30.314 And other districts are like, you create it, it's yours, we have no claim to it. 00:12:30.494 --> 00:12:32.525 And, there's some blurry lines there. 00:12:32.565 --> 00:12:34.865 That would be a great, uh, philosophical talk. 00:12:34.885 --> 00:12:35.645 The policy. 00:12:35.745 --> 00:12:37.015 Yeah, no kidding. 00:12:37.173 --> 00:12:40.703 so what's your big takeaway from Inch360 so far, Nick? 00:12:41.403 --> 00:12:45.643 What I would say is it's great to see the local cyber security 00:12:45.873 --> 00:12:48.153 people come out in groves, right? 00:12:48.353 --> 00:12:50.930 That's a pretty darn full room of cyber security people. 00:12:50.930 --> 00:12:51.956 Yeah, it's pretty awesome. 00:12:51.956 --> 00:12:55.883 Um, and, uh, and then also it was wonderful to see students. 00:12:56.063 --> 00:13:01.349 So it's like, it's definitely, not just a problem of the people 00:13:01.369 --> 00:13:04.769 today in the workforce, but it's a problem that the students are 00:13:04.769 --> 00:13:06.709 recognizing and they're looking to. 00:13:07.354 --> 00:13:08.964 You know, they want to help, right? 00:13:09.174 --> 00:13:13.964 You see that the youth is so much more interested in, you know, 00:13:13.984 --> 00:13:15.484 solving the climate problems. 00:13:16.014 --> 00:13:17.664 Solving the security problems. 00:13:17.664 --> 00:13:20.644 They really want to do this, you know, they really want to. 00:13:20.644 --> 00:13:22.004 And so they're here and I like to see 00:13:22.004 --> 00:13:22.314 that. 00:13:22.444 --> 00:13:23.534 Yeah, very cool. 00:13:24.024 --> 00:13:26.394 Uh, Nick, any, uh, parting words? 00:13:26.754 --> 00:13:27.254 You want people to 00:13:27.374 --> 00:13:27.854 reach out to you? 00:13:27.934 --> 00:13:29.864 No, thanks, thanks for having me on. 00:13:29.864 --> 00:13:34.044 And, uh, definitely appreciate the H360 for the, for the time. 00:13:35.114 --> 00:13:35.454 Yeah. 00:13:35.544 --> 00:13:35.974 Thank you. 00:13:35.984 --> 00:13:36.314 Appreciate 00:13:36.314 --> 00:13:36.784 you being here.