1 00:00:00,300 --> 00:00:04,710 What happens if you have a data breach? You know what happens? 2 00:00:04,770 --> 00:00:05,603 It's over. 3 00:00:05,670 --> 00:00:10,140 So the best thing for you to do is to secure your data the best way possible. 4 00:00:10,500 --> 00:00:12,150 And to do that, 5 00:00:12,180 --> 00:00:16,290 you need to know what we're going to share with you on this edition of the 6 00:00:16,300 --> 00:00:20,550 Inside BSS Show. Hey, now I'm Dave Lorenzo. I'm the godfather of growth, 7 00:00:20,550 --> 00:00:24,870 and I'm here with my partner Nicki g Nicola. How are you this afternoon? 8 00:00:25,200 --> 00:00:27,300 Hi Dave. I'm doing great. And how are you? 9 00:00:27,660 --> 00:00:30,300 I'm fantastic, thank you. So Nicola, 10 00:00:30,330 --> 00:00:34,620 you talk to a lot of clients and a lot of clients who 11 00:00:35,130 --> 00:00:38,940 have data in their business, and I know this keeps 'em up at night. 12 00:00:38,940 --> 00:00:43,740 What happens if somebody has a data breach and they didn't 13 00:00:43,740 --> 00:00:46,560 do what they were supposed to do? What are the legal implications of that? 14 00:00:47,070 --> 00:00:51,270 Sure. So the legal risks can be significant when you have a data breach. 15 00:00:51,450 --> 00:00:54,030 So I'm setting aside right now for purposes of this discussion, 16 00:00:54,040 --> 00:00:55,230 all the business risks, 17 00:00:55,260 --> 00:00:57,870 because certainly there are costs to your business to correct it. 18 00:00:58,140 --> 00:01:01,590 There are reputational concerns you need to be thinking about when it happens. 19 00:01:01,830 --> 00:01:03,120 But aside from all of that, 20 00:01:03,120 --> 00:01:07,440 you also may have a massive liability exposure that you need to be thinking 21 00:01:07,440 --> 00:01:09,300 about and thinking about immediately. 22 00:01:09,750 --> 00:01:14,490 Oftentimes what we see when there is a massive data breach is a lawsuit that 23 00:01:14,490 --> 00:01:18,240 follows it in the civil space, and oftentimes it's a class action. 24 00:01:18,480 --> 00:01:22,950 So put simply a class action is a lawsuit brought by one or more 25 00:01:22,950 --> 00:01:27,660 individuals as plaintiffs on behalf of a class or a group of 26 00:01:27,660 --> 00:01:32,490 similarly situated individuals who share a similar harm that occurred to them 27 00:01:32,520 --> 00:01:36,540 as a result of the defendant's conduct. So in these particular instances, 28 00:01:36,540 --> 00:01:41,100 what we will see is data was exposed for a massive group of consumers, 29 00:01:41,110 --> 00:01:44,970 and so a lawsuit is brought on their behalf to recover those monies for what 30 00:01:44,980 --> 00:01:45,840 they were damaged. 31 00:01:46,230 --> 00:01:50,820 The lawsuit settlements that we have seen come out of some of these massive data 32 00:01:50,820 --> 00:01:52,410 breaches are immense. 33 00:01:52,440 --> 00:01:57,420 We're talking anywhere from $150 million in settlement monies to upwards of 34 00:01:57,420 --> 00:02:01,020 700 million. Some of the examples we've seen are with Uber, 35 00:02:01,020 --> 00:02:03,120 with T-Mobile and with Equifax. 36 00:02:03,420 --> 00:02:06,900 So there are significant liability risks associated with that from a civil 37 00:02:06,900 --> 00:02:11,070 standpoint that you absolutely need to be considering along with everything else 38 00:02:11,070 --> 00:02:12,570 that's going on with the business at the time. 39 00:02:12,780 --> 00:02:17,550 So Nicola, you are so impressive with your legal definitions. 40 00:02:18,210 --> 00:02:21,120 It's almost as if you're reading it out of a legal textbook. 41 00:02:21,360 --> 00:02:25,950 One of my clients who is in the managed service space said to me 42 00:02:26,100 --> 00:02:30,600 one time that a data breach is drunk driving these days. 43 00:02:30,600 --> 00:02:31,710 It's like a rite of passage. 44 00:02:31,710 --> 00:02:35,490 Almost everybody has had that happen to them at some point. And I said, 45 00:02:35,490 --> 00:02:38,130 actually, no. You know what a data breach is like. 46 00:02:38,190 --> 00:02:41,820 It's like if you're a school bus driver and you're drunk driving and you drive 47 00:02:41,820 --> 00:02:46,050 the school bus off the edge of a bridge and all the children are killed. 48 00:02:46,170 --> 00:02:50,760 That's what a data breach is like because it has a massive 49 00:02:50,760 --> 00:02:55,470 impact, not only on you legally, it has an impact on you financially, 50 00:02:55,560 --> 00:02:58,560 it has an impact on you reputationally, 51 00:02:58,570 --> 00:03:02,350 from the standpoint of the fact that if you have competitors who have not had a 52 00:03:02,350 --> 00:03:02,620 breach, 53 00:03:02,620 --> 00:03:06,640 everyone's going to flee to a competitor immediately because they're never going 54 00:03:06,650 --> 00:03:11,530 to trust you with their data or their money ever again. So I 55 00:03:11,530 --> 00:03:16,390 don't want to spend the rest of this show talking about how horrible it is to 56 00:03:16,400 --> 00:03:17,200 have a data breach, 57 00:03:17,200 --> 00:03:21,790 but I do want to sufficiently scare the crap out of people who are 58 00:03:21,790 --> 00:03:26,470 not taking the proper precautions to secure their data. 59 00:03:26,590 --> 00:03:30,460 And we can spend a couple of minutes at the end of the show talking about the 60 00:03:30,460 --> 00:03:33,580 proper way to handle a breach if you've had it. I mean, 61 00:03:33,580 --> 00:03:36,760 you got to engage an attorney first and then have the attorney hire all the 62 00:03:36,760 --> 00:03:39,790 experts. We can talk about all that at the end of the show. 63 00:03:39,940 --> 00:03:44,740 I'd much rather focus on what we can do upfront to make sure that everything is 64 00:03:44,740 --> 00:03:45,370 secure. 65 00:03:45,370 --> 00:03:49,930 And to do that we have the perfect person as a guest on the show 66 00:03:49,940 --> 00:03:53,020 today. So folks, if you're listening, if you're watching, 67 00:03:53,020 --> 00:03:57,340 we are going to introduce you to Kathy Myron. We call her cyber Kathy. 68 00:03:57,340 --> 00:03:58,690 She's the queen of the cloud. 69 00:03:58,810 --> 00:04:03,430 She owns a company called EI and they specialize in 70 00:04:03,440 --> 00:04:08,320 helping people just like you prevent all that nasty crap we just talked 71 00:04:08,320 --> 00:04:09,790 about from happening. 72 00:04:10,000 --> 00:04:13,450 But the depth of her knowledge is so much greater than that. 73 00:04:13,450 --> 00:04:16,180 I can't wait for you to meet her. Kathy, welcome to the show. 74 00:04:16,180 --> 00:04:17,350 Thanks for joining us today. 75 00:04:17,920 --> 00:04:19,330 Thanks for having me, Dave and Nicola. 76 00:04:20,650 --> 00:04:23,620 Oh, it's so great to have you here. So Kathy, let's start off. 77 00:04:24,150 --> 00:04:28,050 Why don't you give the folks your background because when I listen to a podcast, 78 00:04:28,600 --> 00:04:31,810 the first thing I think of is, all right, so I know who Dave and Nicola are. 79 00:04:31,810 --> 00:04:35,140 Now they're putting somebody in front of me and they say she's sharp, 80 00:04:35,260 --> 00:04:39,880 but we can't do you justice as well as you can. So talk about your background, 81 00:04:39,880 --> 00:04:44,050 talk about how you got to the place where you are today as an entrepreneur, 82 00:04:44,320 --> 00:04:46,960 but talk about where you were before that because you, like me, 83 00:04:46,960 --> 00:04:48,370 had a background in corporate America. 84 00:04:48,370 --> 00:04:50,680 So explain to the folks where you came from. 85 00:04:51,010 --> 00:04:51,670 Sure, Dave. 86 00:04:51,670 --> 00:04:55,840 So before I was the c e O of East Silo and we're a data backup and cybersecurity 87 00:04:55,840 --> 00:04:56,920 company. As you can imagine. 88 00:04:57,310 --> 00:05:01,120 I spent 15 years at a Fortune 10 multinational organization. 89 00:05:01,690 --> 00:05:04,240 So I was at a company called ge. You might've heard of them. 90 00:05:04,300 --> 00:05:07,180 They make aircraft engines, healthcare machines. 91 00:05:07,420 --> 00:05:11,830 We ran or recycled 12 billion of commercial paper every single day. 92 00:05:12,520 --> 00:05:13,900 We had a lot of different businesses, 93 00:05:13,900 --> 00:05:18,760 and I spent nine of my years at GE in the corporate audit 94 00:05:18,760 --> 00:05:19,593 function. 95 00:05:19,840 --> 00:05:24,760 So really looking at these different standalone businesses and evaluating 96 00:05:24,760 --> 00:05:29,200 their cybersecurity health, their business resiliency, their IT systems, 97 00:05:29,200 --> 00:05:32,110 and the quality of the data that came out of those systems and was used for 98 00:05:32,110 --> 00:05:36,730 everything from financial reporting to handling of client information and so on 99 00:05:36,730 --> 00:05:37,563 and so forth. 100 00:05:37,930 --> 00:05:42,820 So that's really where I came from and where I learned that when you think about 101 00:05:42,820 --> 00:05:45,040 technology and cybersecurity specifically, 102 00:05:45,040 --> 00:05:49,360 you might be governed or regulated by a number of different three letter 103 00:05:49,360 --> 00:05:52,540 agencies. And depending on what country you're talking about, 104 00:05:52,540 --> 00:05:54,310 there's a whole bunch of different regulations. 105 00:05:54,520 --> 00:05:58,700 But if you strip all of that back, what makes good technology, 106 00:05:58,700 --> 00:06:03,590 a good high functioning technology system or organization is really the 107 00:06:03,590 --> 00:06:06,500 same. The requirements are by and large the same. 108 00:06:06,860 --> 00:06:10,130 And that is are you protecting information in the way that it's accessed? 109 00:06:10,580 --> 00:06:14,120 Are you protecting the network that all of those systems run on? 110 00:06:14,450 --> 00:06:17,570 Are you protecting the systems that are housing all of that information and how 111 00:06:17,570 --> 00:06:20,510 you interact with third parties and so on and so forth. 112 00:06:20,540 --> 00:06:23,120 So that's really where my background comes from. 113 00:06:23,480 --> 00:06:26,990 After I spent nine years in audit, I actually moved on to a C T O role. 114 00:06:26,990 --> 00:06:30,110 So I was one of the chief technology officers up at GE headquarters, 115 00:06:30,530 --> 00:06:34,790 and at the time my team was responsible for all of the productivity tools, 116 00:06:35,000 --> 00:06:39,890 mobile and collaboration tools for a global 350,000 person workforce. 117 00:06:40,220 --> 00:06:40,820 So again, 118 00:06:40,820 --> 00:06:44,750 you think about the variety of technology and the kind of problems that 119 00:06:44,750 --> 00:06:47,780 organizations like that have, staying safe and staying compliant, 120 00:06:48,620 --> 00:06:53,270 I take that knowledge and I bring that to my small and midsize clients and help 121 00:06:53,270 --> 00:06:56,840 them understand and distill down these are the most essential things that you 122 00:06:56,840 --> 00:07:00,620 need to be putting in place to protect yourself, to protect your employees, 123 00:07:00,620 --> 00:07:01,880 to protect your clients. 124 00:07:02,210 --> 00:07:05,840 And we help do that in a way where they're able to leverage tools that maybe 125 00:07:05,850 --> 00:07:08,060 they've never heard of before or have never been exposed to, 126 00:07:08,840 --> 00:07:11,930 and also implement the right procedures that are going to keep them out of 127 00:07:11,930 --> 00:07:12,763 trouble in the longterm. 128 00:07:13,310 --> 00:07:16,610 So how did you get into tech in the first place? 129 00:07:16,610 --> 00:07:20,480 Were you like a little baby crawling around on the living room floor with your 130 00:07:20,870 --> 00:07:25,790 parents' t r s 80 Radio Shack computer and tooling around with it, 131 00:07:25,790 --> 00:07:27,410 and that's how you got into tech? 132 00:07:27,410 --> 00:07:31,580 How did you become somebody who was interested in technology? No. 133 00:07:31,580 --> 00:07:35,930 But what you're describing is my son, growing up with all the devices, 134 00:07:36,830 --> 00:07:40,010 I always was a really avid user of technology. 135 00:07:40,020 --> 00:07:44,210 So I was always the first to go out and buy the MP three player when it came out 136 00:07:44,210 --> 00:07:45,080 or the tiny pocket camera. 137 00:07:46,160 --> 00:07:50,300 So I loved using technology and I was always excited by the power that it could 138 00:07:50,300 --> 00:07:54,650 bring. But then it wasn't until I went to college, I studied finance, 139 00:07:54,650 --> 00:07:58,610 information systems and operations partly because I frankly didn't know what I 140 00:07:58,610 --> 00:08:03,260 wanted to do. And partly because I knew that I wanted to be in business, 141 00:08:03,260 --> 00:08:04,093 whatever that meant. 142 00:08:04,460 --> 00:08:07,550 And I knew that technology and numbers were going to be a huge part of it. 143 00:08:07,580 --> 00:08:09,320 So that's really how I got my start. 144 00:08:09,680 --> 00:08:11,570 And I was fortunate that when I was in college, 145 00:08:11,570 --> 00:08:14,480 they were doing recruiting for a bunch of different leadership programs. 146 00:08:14,480 --> 00:08:18,680 And so I was lucky enough to get into GEs information management leadership 147 00:08:18,680 --> 00:08:21,920 program, and that just put me on the track for the rest of my career, 148 00:08:22,490 --> 00:08:25,730 gave me a lot of opportunity to see different areas within technology so I 149 00:08:25,730 --> 00:08:29,630 understood what it meant to be on the infrastructure side versus creating 150 00:08:29,630 --> 00:08:34,220 applications versus sitting with a business owner and understanding their 151 00:08:34,230 --> 00:08:37,310 problems and translating that into new technology that we could create and 152 00:08:37,310 --> 00:08:39,890 deliver for them. And that's really what got me started. 153 00:08:40,850 --> 00:08:45,830 Hey, Nicki G, did you know you can also get our show as an audio podcast? 154 00:08:46,490 --> 00:08:50,180 Of course, I know you can get the show as an audio podcast. I'm on it, 155 00:08:50,630 --> 00:08:51,830 but does our audience. 156 00:08:52,280 --> 00:08:55,010 I don't know. So those of you who are watching on YouTube, 157 00:08:55,050 --> 00:08:57,450 you can find us wherever you get your podcast. 158 00:08:57,750 --> 00:09:02,700 Just search up the Inside BSS show with the Godfather and Nicki G and 159 00:09:02,700 --> 00:09:04,050 you'll find us right there. 160 00:09:04,200 --> 00:09:07,980 Click the follow button so that you never miss a show. Now, 161 00:09:07,980 --> 00:09:10,800 there's a couple of reasons why you're going to want to do that, Nicki G, 162 00:09:10,800 --> 00:09:11,910 tell 'em what the first reason is. 163 00:09:12,570 --> 00:09:17,280 You get to ask us questions that is exclusive to our podcast 164 00:09:17,280 --> 00:09:18,113 listeners. 165 00:09:18,810 --> 00:09:23,790 Yeah, we only answer listener questions on the audio version of the podcast. 166 00:09:23,790 --> 00:09:25,440 We don't do it on video. 167 00:09:25,560 --> 00:09:29,850 So if you want to hear what everyone's thinking or if you want to ask us a 168 00:09:29,850 --> 00:09:33,390 question, you got to download the audio podcast. The second reason, 169 00:09:33,390 --> 00:09:36,150 and my favorite reason is because you can take us with you. 170 00:09:36,240 --> 00:09:39,180 You can have a little Nicki G in your pocket while you're working out in the 171 00:09:39,180 --> 00:09:42,270 gym, washing the dishes or walking the dog. 172 00:09:42,480 --> 00:09:45,690 I love me some Nicki G in my pocket when I'm walking the dogs. 173 00:09:45,840 --> 00:09:47,130 I don't know about you, Nico, Nicola, 174 00:09:47,130 --> 00:09:48,960 but that's one of my favorite things to do. 175 00:09:49,800 --> 00:09:51,840 Absolutely. Take us with you. 176 00:09:51,840 --> 00:09:54,090 After you watch this episode here on YouTube, 177 00:09:54,090 --> 00:09:56,160 go to wherever you get your podcast, 178 00:09:56,160 --> 00:10:00,210 click the follow button so we can go with you on your journey and you can ask us 179 00:10:00,210 --> 00:10:04,380 questions. We will see you or more like hear you there. 180 00:10:05,280 --> 00:10:09,900 Okay. So when you're at ge, 181 00:10:10,110 --> 00:10:13,500 and let's say you're in your first or your second year at GE and things are 182 00:10:13,500 --> 00:10:17,550 going great and you're doing well because ge, 183 00:10:18,180 --> 00:10:19,620 they pay their employees well. 184 00:10:20,340 --> 00:10:24,570 Do you have one eye on always doing your own thing and being an entrepreneur or 185 00:10:24,570 --> 00:10:26,280 was it something that was foisted upon you? 186 00:10:26,280 --> 00:10:28,260 Never. It happened by accident. 187 00:10:28,380 --> 00:10:32,040 I could have just as easily stayed for 40 years and retired, 188 00:10:32,970 --> 00:10:35,820 as you said, they treat you too well to make you want to leave. 189 00:10:36,630 --> 00:10:40,680 But I had other factors in my life that happened. I had met my husband at work, 190 00:10:40,680 --> 00:10:44,190 so that was fantastic. But also that meant that we brought it home every day. 191 00:10:44,670 --> 00:10:47,790 We would always talk about the same people. Our teams worked together, 192 00:10:48,330 --> 00:10:52,620 which I think made our teams uncomfortable. But anyways, 193 00:10:52,620 --> 00:10:54,930 he had an amazing opportunity to come down here to Florida. 194 00:10:55,440 --> 00:11:00,210 So he left the company, came down here. I stayed remote for another year, 195 00:11:00,900 --> 00:11:03,210 but I realized, and this was back in 2016, 196 00:11:03,510 --> 00:11:08,010 that I spent all of my days in my home office on a video camera talking to 197 00:11:08,010 --> 00:11:11,190 people in other parts of the world. Now we all do that post covid, 198 00:11:11,670 --> 00:11:15,420 but at the time I just didn't feel like I was creating the connections here 199 00:11:15,420 --> 00:11:17,940 where we were going to live and put down roots. 200 00:11:18,480 --> 00:11:22,260 So that was really the beginning of me starting to look around and ultimately 201 00:11:22,290 --> 00:11:25,020 shift to be more entrepreneurial because where I live, 202 00:11:25,320 --> 00:11:26,820 I'm about two hours north of Miami. 203 00:11:26,820 --> 00:11:30,900 There weren't a whole lot of GEs in this neck of the woods and having a young 204 00:11:30,900 --> 00:11:34,170 family and we had just had my daughter and we were about to have my son, 205 00:11:34,170 --> 00:11:37,500 I knew that being in the car four hours a day wasn't going to cut it. 206 00:11:38,070 --> 00:11:39,690 Yeah, yeah. All right. 207 00:11:39,690 --> 00:11:43,980 So you decide that you're going to exit 208 00:11:44,040 --> 00:11:46,830 GE and you're going to become an entrepreneur. 209 00:11:47,750 --> 00:11:49,260 What was your process like? 210 00:11:49,270 --> 00:11:53,980 Because I know you now for a year and you like a very 211 00:11:53,980 --> 00:11:58,720 thoughtful, logical person. So I'm assuming that you had some sort of a plan. 212 00:11:58,720 --> 00:11:59,160 What was your plan? 213 00:11:59,160 --> 00:12:03,370 Of course, I had a plan, I don't know if anyone knows this, 214 00:12:03,370 --> 00:12:07,480 but Harvard Business School would teach a course and they also put out a book 215 00:12:07,780 --> 00:12:09,100 about how to buy a business. 216 00:12:09,580 --> 00:12:14,080 And I stumbled upon that while I was still at ge and it kind of put on the light 217 00:12:14,090 --> 00:12:17,500 bulb and I said, well, I never considered myself entrepreneurial. 218 00:12:17,500 --> 00:12:21,100 I don't think I have the stomach of what it takes to start something fresh, 219 00:12:21,820 --> 00:12:24,310 but I can absolutely go and buy something and make it better. 220 00:12:24,640 --> 00:12:28,210 And I had felt like my time at GE was very much a real world M B A, 221 00:12:28,600 --> 00:12:31,780 and so all the management training and leadership skills, I said, 222 00:12:31,810 --> 00:12:36,700 I can go find something that I can be really passionate about and put my 223 00:12:36,700 --> 00:12:37,240 own market in it, 224 00:12:37,240 --> 00:12:39,820 and hopefully I'm going to find something that's already successful and I can 225 00:12:39,820 --> 00:12:43,000 just make it better. So I went out, I devoured the book, 226 00:12:43,360 --> 00:12:45,880 I hired a business broker, and I went shopping. 227 00:12:46,000 --> 00:12:49,360 And I didn't know that there was a business M L Ss just like there is for home 228 00:12:49,360 --> 00:12:50,170 sales. 229 00:12:50,170 --> 00:12:54,280 But so you sign a couple NDAs and you start looking at all these businesses, 230 00:12:54,900 --> 00:12:58,900 and I wanted to think differently and think more broadly than I had before. 231 00:12:58,900 --> 00:13:01,510 So I entertained a lot of different business models and companies. 232 00:13:01,520 --> 00:13:04,030 I wasn't dead set on tech, and to be honest, 233 00:13:04,030 --> 00:13:05,620 most of the technology businesses for sale, 234 00:13:05,620 --> 00:13:10,520 either I couldn't buy on my own or there were websites and I wanted a 235 00:13:10,530 --> 00:13:12,070 real business that had a real impact. 236 00:13:12,730 --> 00:13:16,990 But ultimately I got very lucky in the sense that East Silos founders were 237 00:13:16,990 --> 00:13:17,823 looking to exit. 238 00:13:17,830 --> 00:13:21,880 They had built a very successful enterprise over the course of 15, 16 years, 239 00:13:22,480 --> 00:13:26,350 but the founders were a bit tired of the same thing at the time, 240 00:13:26,350 --> 00:13:28,600 we were exclusively an offsite backup company, 241 00:13:29,080 --> 00:13:32,350 and we didn't have any of the consulting work or any of the real cyber focus. 242 00:13:32,950 --> 00:13:37,510 And so I saw that as a chance for me to pick up a key component of a 243 00:13:37,520 --> 00:13:41,800 good cyber hygiene plan is offsite backups and disaster recovery, 244 00:13:41,800 --> 00:13:45,730 and what do you do when something bad happens and really add to it all of my 245 00:13:45,730 --> 00:13:46,870 consulting experience. 246 00:13:46,870 --> 00:13:51,520 So that's ultimately how I found EI and acquired the company back in 2018. 247 00:13:51,700 --> 00:13:54,250 Gosh, I just want to hear some more about this journey. 248 00:13:54,250 --> 00:13:58,510 So you purchased EI and tell us what were the immediate challenges. 249 00:13:58,520 --> 00:14:01,990 So you went right from working with ge, being in the corporate world, 250 00:14:01,990 --> 00:14:04,750 being thrust into entrepreneurship voluntarily of course. 251 00:14:04,810 --> 00:14:08,110 But what were some of those early challenges that you faced in taking that 252 00:14:08,110 --> 00:14:13,030 company and shifting it to expand what they were offering 253 00:14:13,030 --> 00:14:13,690 to the market? 254 00:14:13,690 --> 00:14:17,050 Some of the best I got advice I got in the very beginning was for my broker and 255 00:14:17,050 --> 00:14:18,940 he said, don't break what you just bought. 256 00:14:19,390 --> 00:14:22,360 So I had all of these ideas of the things that I wanted to do, 257 00:14:22,630 --> 00:14:26,410 but I also knew that it was really important to stop and listen to the team, 258 00:14:26,470 --> 00:14:29,170 listen to the customers, interview our partners, 259 00:14:29,170 --> 00:14:31,300 and understand what was working well and what wasn't. 260 00:14:31,660 --> 00:14:34,210 And I had to train myself to be really patient, 261 00:14:34,220 --> 00:14:38,500 which is not a natural trait for me. So that was a little bit challenging. 262 00:14:38,500 --> 00:14:42,580 And the other thing I think is it was extremely humbling because coming from a 263 00:14:42,580 --> 00:14:47,170 large enterprise, it had a level of confidence over, oh, this will be so easy. 264 00:14:47,440 --> 00:14:51,290 And as all of us know now that we're here in the real world, 265 00:14:51,590 --> 00:14:53,270 entrepreneurship, owning a business, 266 00:14:53,270 --> 00:14:57,530 running a business is not easy. There are so many things that you have to do or 267 00:14:57,530 --> 00:15:01,040 find the right person to do or figure out how to do, learn it, 268 00:15:01,880 --> 00:15:03,140 whereas when you come from corporate, 269 00:15:03,150 --> 00:15:06,950 there's a team and there's a department or a person that you can always call on 270 00:15:07,220 --> 00:15:11,690 to do those things. So I think I'm a person who loves to learn. 271 00:15:11,690 --> 00:15:14,660 I'm constantly trying to better myself and better my skills. 272 00:15:15,320 --> 00:15:16,520 I think that was a good match, 273 00:15:16,520 --> 00:15:20,390 but it also just took me a long time to learn how to do things that I'd never 274 00:15:20,400 --> 00:15:24,200 done before. I did a lot of influencing within corporate. 275 00:15:24,320 --> 00:15:27,860 We called that sort of selling, getting other people to do things, 276 00:15:27,860 --> 00:15:30,140 but I never had to get someone to open up their wallet. 277 00:15:30,140 --> 00:15:32,540 And that for me was definitely a big change. 278 00:15:32,540 --> 00:15:36,230 And so just one example of many as I first got started. 279 00:15:36,770 --> 00:15:38,930 Sure. What would you say helped you? I mean, 280 00:15:38,930 --> 00:15:42,530 you've identified you're struggling with these challenges and you're finding 281 00:15:42,530 --> 00:15:43,190 your way through it, 282 00:15:43,190 --> 00:15:46,730 but is there something that really stands out to you that really helped you get 283 00:15:46,730 --> 00:15:48,230 through that difficult time period? 284 00:15:48,230 --> 00:15:50,090 So I made my own little board of advisors, 285 00:15:50,660 --> 00:15:54,740 so people that I knew and trusted and had expertise in the domains where I was 286 00:15:54,740 --> 00:15:56,870 weak. So that certainly helped. 287 00:15:57,260 --> 00:16:01,460 I had listened to more business podcasts and started reading business books. 288 00:16:01,460 --> 00:16:03,590 I never did any of that in corporate. I was heads down, 289 00:16:03,590 --> 00:16:04,610 this is all I needed to do. 290 00:16:04,910 --> 00:16:09,740 And I realized there's a whole world out there of consultants and coaches and 291 00:16:09,740 --> 00:16:11,810 people who have helped hundreds, 292 00:16:11,820 --> 00:16:15,140 if not thousands of people that were in my shoes get over some of those initial 293 00:16:15,150 --> 00:16:15,983 humps. 294 00:16:16,370 --> 00:16:20,750 So realizing that and finally raising my hand and asking for help and hiring 295 00:16:21,110 --> 00:16:24,200 some good people to help me was really key. 296 00:16:24,560 --> 00:16:27,410 So yeah. Let me ask Cath real quick. 297 00:16:29,300 --> 00:16:34,250 How did you decide which advice to take and which advice to 298 00:16:34,250 --> 00:16:35,240 not take? 299 00:16:35,240 --> 00:16:39,950 Because there's so much out there and there's 300 00:16:39,950 --> 00:16:43,670 so many people who are giving out so much advice, 301 00:16:43,670 --> 00:16:45,170 that's bad advice. 302 00:16:46,910 --> 00:16:48,860 What was your process to sort through it? 303 00:16:49,190 --> 00:16:51,770 I will admit at the time, I don't think I had much of a process. 304 00:16:52,520 --> 00:16:56,000 That's the first thing I can say. But I've always had this philosophy, 305 00:16:56,000 --> 00:16:59,750 and I used to tell this to the folks that I would mentor you go ask three people 306 00:16:59,750 --> 00:17:00,770 the same question. 307 00:17:00,800 --> 00:17:03,470 They're all going to give you a different answer from their unique perspective. 308 00:17:03,470 --> 00:17:06,260 And your job is to triangulate between those responses, 309 00:17:06,440 --> 00:17:10,610 what resonates and feels true for you. And that's essentially, 310 00:17:10,610 --> 00:17:11,360 I guess the process, 311 00:17:11,360 --> 00:17:14,750 even though I wouldn't have consciously realized that that's what I was doing at 312 00:17:14,760 --> 00:17:15,150 the time. 313 00:17:15,150 --> 00:17:19,190 So the stuff that someone would give me a piece of advice on messaging, oh, 314 00:17:19,190 --> 00:17:21,260 you need to be more emotive in your messaging. 315 00:17:21,260 --> 00:17:25,430 I'm a very rational matter of fact analytical person. And they're like, 316 00:17:25,430 --> 00:17:28,430 you sell based on emotion. It's like, well, I'm how to do that? All right, 317 00:17:28,440 --> 00:17:30,410 let me go read some books. Lemme go talk to some people. 318 00:17:30,410 --> 00:17:34,280 Lemme hire her to write stuff for me so that I can learn how to do it. 319 00:17:34,760 --> 00:17:38,630 So those are things where I think almost instantly sometimes you realize, yeah, 320 00:17:38,960 --> 00:17:40,940 that makes sense. Let me go and try that. 321 00:17:42,020 --> 00:17:45,860 Whereas sometimes I got advice from folks and a lot of times one of the filters 322 00:17:45,860 --> 00:17:48,470 I apply is, well, do I want to be them? 323 00:17:48,650 --> 00:17:53,280 Do I look up to them for something that they've accomplished or achieved in 324 00:17:53,280 --> 00:17:54,960 their personal or professional life? 325 00:17:55,530 --> 00:17:59,070 And I really try to make sure that I'm taking advice from people I consider to 326 00:17:59,070 --> 00:18:03,240 be role models and who have a lot to offer because you get a lot of free advice 327 00:18:03,240 --> 00:18:04,890 sometimes, but it's not always good as you said. 328 00:18:05,230 --> 00:18:08,280 Well, yeah. Nicole can tell you about unsolicited advice. 329 00:18:09,960 --> 00:18:12,810 What's the mantra we have about unsolicited device? Nicola. 330 00:18:13,500 --> 00:18:17,580 The advice is for you, not the person on the receiving end of it. 331 00:18:17,970 --> 00:18:20,100 Yeah, a hundred percent. A hundred percent. Go ahead, Nicola. 332 00:18:20,100 --> 00:18:21,030 You got the next question? 333 00:18:21,090 --> 00:18:25,620 Sure. So let me back up a moment. When you step into this role, 334 00:18:25,620 --> 00:18:27,510 did you already decide from the outset, 335 00:18:27,510 --> 00:18:31,320 these are the key objectives that I really like to achieve? And if you did, 336 00:18:31,320 --> 00:18:35,730 how and if did that change from the time you got through all the 337 00:18:35,730 --> 00:18:38,370 self-education and you're really getting your footing moving forward? 338 00:18:39,210 --> 00:18:43,140 I wish I could say that I was much more strategic and intentional when I 339 00:18:43,140 --> 00:18:46,470 started, but the reality is I didn't know what I didn't know. 340 00:18:46,980 --> 00:18:51,960 So part of this was me jumping in feet first and figuring it out. 341 00:18:52,710 --> 00:18:57,510 Had you asked me in 2018 if I ever thought growing a consulting sort of arm 342 00:18:57,520 --> 00:19:00,810 of our service would be a big priority, 343 00:19:01,230 --> 00:19:05,400 I probably wouldn't have said so, or if I did, it would've been much further on. 344 00:19:05,790 --> 00:19:08,220 So I think things kind of evolved differently. 345 00:19:08,220 --> 00:19:12,600 I will tell you that one of the first things that I had intended to do was a lot 346 00:19:12,600 --> 00:19:13,830 of work around analytics. 347 00:19:14,040 --> 00:19:18,630 So in organizations and AI is becoming so popular at this point or so 348 00:19:18,660 --> 00:19:20,550 mainstream I should say, 349 00:19:20,580 --> 00:19:25,320 but I was thinking if we've got data from 300 different companies 350 00:19:25,650 --> 00:19:27,210 about their internal operations, 351 00:19:27,570 --> 00:19:32,160 wouldn't there be some way to anonymize that and derive analytics from it so 352 00:19:32,160 --> 00:19:36,930 that we could show you here's how your operations or transactions compare to two 353 00:19:36,930 --> 00:19:40,740 dozen other peers in your same industry all across the country. And then of 354 00:19:40,740 --> 00:19:41,340 course, 355 00:19:41,340 --> 00:19:46,320 you quickly realize that some things that sound good are not very easy to 356 00:19:46,320 --> 00:19:50,670 practically implement in a safe and secure and in a way that 357 00:19:51,210 --> 00:19:52,920 aligns with your core values. 358 00:19:52,920 --> 00:19:56,070 And so I ultimately abandoned that idea and we moved on to different things. 359 00:19:56,070 --> 00:20:00,510 But I'll tell you that my goal for the business wasn't very 360 00:20:01,440 --> 00:20:04,680 specific in terms of products or services or whatever it was. 361 00:20:05,010 --> 00:20:06,330 I just want to help small businesses. 362 00:20:06,510 --> 00:20:10,140 I just want to help people who don't have access to the information and the 363 00:20:10,150 --> 00:20:12,720 resources that I had when I was in corporate. 364 00:20:12,720 --> 00:20:15,690 And I'll give you a perfect example, when you're in a Fortune 10, 365 00:20:16,380 --> 00:20:19,800 the big vendors, everybody comes to you, Microsoft would come to me, 366 00:20:19,800 --> 00:20:21,060 Salesforce would come to me. 367 00:20:21,390 --> 00:20:24,480 I went and had lunch with Steve Ballmer when he was the c e O of Microsoft. I 368 00:20:24,480 --> 00:20:24,610 mean, 369 00:20:24,610 --> 00:20:28,380 you never get an invitation like that except for when you're in those large 370 00:20:28,380 --> 00:20:29,213 enterprises, 371 00:20:29,580 --> 00:20:33,450 small and mid-size organizations are trying to get support when something's 372 00:20:33,540 --> 00:20:36,270 broken and they can't even get to someone in this country. 373 00:20:36,600 --> 00:20:39,990 Or you open a ticket and then it gets routed to 15 different places and then 374 00:20:39,990 --> 00:20:42,600 five days later someone gets back to you. And I said, that's horrible. 375 00:20:42,930 --> 00:20:47,560 And I wanted my clients to feel that white glove concierge level service, 376 00:20:47,560 --> 00:20:50,950 that level of we actually care about how your business is doing. 377 00:20:51,460 --> 00:20:55,120 And so that's really where I was focused on is making an impact and doing the 378 00:20:55,120 --> 00:20:56,590 things that I knew I was really good at. 379 00:20:57,280 --> 00:20:59,830 But for a community that really needed it and frankly would be a lot more 380 00:20:59,830 --> 00:21:03,640 appreciative than some of the larger corporations where you're just a cog in the. 381 00:21:03,640 --> 00:21:04,030 Wheel, 382 00:21:04,030 --> 00:21:08,680 give us the kind of overview of your e silo as a 383 00:21:08,680 --> 00:21:13,630 company and your team. You're virtual. 384 00:21:13,630 --> 00:21:16,450 I see you're working from an office in your home. 385 00:21:17,410 --> 00:21:18,460 Those of you who are listening, 386 00:21:18,460 --> 00:21:22,480 Kathy has a very nice office in her home and I've been in there virtually many 387 00:21:22,480 --> 00:21:23,290 times. 388 00:21:23,290 --> 00:21:28,180 So is all of your team virtual and how many folks 389 00:21:28,180 --> 00:21:33,100 do you have and do you have separate consulting people from 390 00:21:34,340 --> 00:21:38,380 the product or service offerings that you have? Explain how it works. 391 00:21:38,380 --> 00:21:40,540 Yeah, sure. So we're a hundred percent remote. 392 00:21:41,440 --> 00:21:43,360 Mostly of the team is in South Florida, 393 00:21:43,360 --> 00:21:47,290 although we have somebody who's up in New Jersey and in three days I have a team 394 00:21:47,290 --> 00:21:49,930 member who's moving from Miami to the Czech Republic. 395 00:21:50,410 --> 00:21:54,400 So we truly embody being able to work and live anywhere. 396 00:21:54,400 --> 00:21:58,180 And I think that's a huge attraction to what we do. 397 00:21:59,230 --> 00:22:01,390 The team itself is we're fairly small, 398 00:22:01,390 --> 00:22:04,600 so we're about five people core to the organization. 399 00:22:04,900 --> 00:22:06,370 Most of my team is very technical, 400 00:22:06,370 --> 00:22:08,800 so they run the day-to-day of the backup service, 401 00:22:08,800 --> 00:22:12,460 they're handling client issues, they're doing all of that. 402 00:22:12,790 --> 00:22:16,180 Most of the client facing components are going to be me. 403 00:22:16,510 --> 00:22:19,180 So you think about high technologists, they're very, 404 00:22:19,180 --> 00:22:24,100 very introverted and they're much happier with their numbers and their screens 405 00:22:24,110 --> 00:22:27,490 than they are interacting with the clients every day. 406 00:22:27,490 --> 00:22:31,540 So I love to take that on. I love to be in that role of the problem solver. 407 00:22:32,110 --> 00:22:35,380 I've always sort of been in that translation of what are you trying to 408 00:22:35,380 --> 00:22:37,390 accomplish in terms of business? What's the problem? 409 00:22:37,390 --> 00:22:39,370 How do we make things better with technology? 410 00:22:39,370 --> 00:22:42,430 And then directing the team behind the scenes to be able to do that. 411 00:22:43,120 --> 00:22:47,410 So that's essentially how we work when it comes to cybersecurity assessments 412 00:22:47,440 --> 00:22:51,640 where we might be dealing with regulations in different areas or with different 413 00:22:51,640 --> 00:22:52,630 jurisdictions. 414 00:22:52,870 --> 00:22:56,680 I do have a broad network of resources that I can also call upon if we need 415 00:22:56,680 --> 00:22:59,650 somebody who's a specialist in that field. And that's all they do all day long, 416 00:23:00,280 --> 00:23:02,800 but our core team is really the five of us. 417 00:23:03,670 --> 00:23:07,570 Is there something that triggered that passion for working with small and 418 00:23:07,570 --> 00:23:11,260 mid-size businesses, aside from developing some of that while at ge, 419 00:23:11,260 --> 00:23:13,510 is there's something further back in your background that made you want to do 420 00:23:13,510 --> 00:23:14,170 that? 421 00:23:14,170 --> 00:23:18,910 I guess I'll say the closest peak I had into entrepreneurship 422 00:23:18,910 --> 00:23:23,470 was my mother was in real estate and my father was an electrical engineer, 423 00:23:24,610 --> 00:23:29,050 but on a contract basis. So he was very much sort of running his own business, 424 00:23:29,560 --> 00:23:30,490 but on his own. 425 00:23:30,490 --> 00:23:34,330 So he would work for different companies as projects would arise, 426 00:23:35,080 --> 00:23:39,940 and I saw how hard they worked for what they were able to provide me and my 427 00:23:39,940 --> 00:23:43,540 family and being a first generation American. 428 00:23:43,540 --> 00:23:47,780 So my parents were both from Hong Kong, they came over to the US for school, 429 00:23:47,990 --> 00:23:50,900 for the idyllic American dream. 430 00:23:51,770 --> 00:23:56,690 I wanted to I guess pay thanks to that and really 431 00:23:56,690 --> 00:23:59,450 respect everything that I had watched 'em accomplish. 432 00:23:59,840 --> 00:24:03,590 I mean when you were in college and they would ask you to write the essay of 433 00:24:03,590 --> 00:24:06,950 like, who's your hero? I literally would write about my dad. 434 00:24:07,520 --> 00:24:09,170 And when he came to the us, 435 00:24:09,170 --> 00:24:12,890 he didn't speak a whole lot of English. He got very basic education. 436 00:24:13,130 --> 00:24:16,430 He put himself through school In three years he worked, 437 00:24:17,150 --> 00:24:20,960 he also has polio. So ever since he was one, 438 00:24:20,970 --> 00:24:22,250 he's walked with a limp. 439 00:24:22,250 --> 00:24:26,720 And I think people will sometimes discount you for things like that. 440 00:24:26,750 --> 00:24:31,280 And I just watched him build the most resilient 441 00:24:31,280 --> 00:24:34,340 spirit and he has the most can-do attitude, 442 00:24:34,340 --> 00:24:38,150 but he does it in a very kind way where he takes care of other people. 443 00:24:38,150 --> 00:24:42,650 He's never up for one-upping or any of that type of bss. 444 00:24:43,250 --> 00:24:48,200 And so when I think about the average small business owner, 445 00:24:48,380 --> 00:24:50,120 they're building a legacy for their family. 446 00:24:50,120 --> 00:24:53,270 They're working their butts off to provide for their children and their 447 00:24:53,270 --> 00:24:56,150 grandchildren, and a lot of them are also immigrants. 448 00:24:56,150 --> 00:25:01,040 And so they don't have always the best backgrounds come from 449 00:25:01,550 --> 00:25:03,710 all of these opportunities and means, 450 00:25:03,720 --> 00:25:07,250 but they're able to make an incredibly amazing life for themselves, 451 00:25:07,250 --> 00:25:08,960 but also impact on their community. 452 00:25:09,470 --> 00:25:14,270 And so it is playing a very small part in helping those businesses 453 00:25:14,300 --> 00:25:16,670 thrive because whatever, 454 00:25:16,670 --> 00:25:20,040 85% of businesses in America are considered small. 455 00:25:20,570 --> 00:25:22,550 I think that's a huge part of what we do. 456 00:25:23,870 --> 00:25:26,240 Kathy, when you were growing up, 457 00:25:27,130 --> 00:25:31,730 how much influence did your parents' journey to the US 458 00:25:31,730 --> 00:25:36,110 have on you and what 459 00:25:36,800 --> 00:25:40,550 was that influence? You said your dad was your hero. 460 00:25:40,850 --> 00:25:45,650 Was it the work ethic? I mean coming here with nothing, 461 00:25:46,730 --> 00:25:49,130 that's almost like the entrepreneurial journey, 462 00:25:49,370 --> 00:25:51,950 only high stakes for the whole family. 463 00:25:52,220 --> 00:25:55,100 Did that have an impact on you and to, 464 00:25:55,310 --> 00:25:58,610 did you reflect on that before you left GE to go out on your own? 465 00:25:59,120 --> 00:26:01,220 It wasn't incredibly conscious, 466 00:26:01,230 --> 00:26:05,540 but it's always been a component of my personality and something that I 467 00:26:05,540 --> 00:26:09,920 valued. What I got from my parents was absolutely work ethic. 468 00:26:09,920 --> 00:26:14,510 It was also courage to do something unknown and 469 00:26:15,260 --> 00:26:20,120 to put yourself in unfamiliar situations if you think that there's tremendous 470 00:26:20,120 --> 00:26:22,280 upside. On the other side of it, 471 00:26:22,580 --> 00:26:26,120 I think about what their parents must have felt sticking their kid on a plane. 472 00:26:27,080 --> 00:26:29,150 And if I use my dad as an example, 473 00:26:29,690 --> 00:26:32,570 his whole family scraped up enough money to send him here. 474 00:26:32,570 --> 00:26:34,640 My grandfather was a fisherman, so they didn't really have a lot. 475 00:26:34,650 --> 00:26:38,300 There were seven kids, he's the only one that they sent to America, 476 00:26:38,750 --> 00:26:43,470 and he didn't have enough money to get back home for something like 10 years. 477 00:26:43,470 --> 00:26:44,670 So when his mother passed away, 478 00:26:44,670 --> 00:26:46,500 he didn't have enough money to come back for the funeral. 479 00:26:47,970 --> 00:26:52,500 But I watched him work hard and save and 480 00:26:52,500 --> 00:26:57,390 create something. And so that level of work ethic definitely kind of permeates 481 00:26:57,390 --> 00:27:01,890 into my personality. And also just for a little while, 482 00:27:01,890 --> 00:27:03,660 I had a chip on my shoulder when I was younger. 483 00:27:03,660 --> 00:27:06,600 And I don't know if it's because I'm Asian, because I'm a woman, 484 00:27:06,600 --> 00:27:08,550 because I'm smaller, I always look young. 485 00:27:08,550 --> 00:27:11,190 So I would find that people would often underestimate me. 486 00:27:11,520 --> 00:27:16,410 So I wanted to show that I was just as good as if not better than the 487 00:27:16,420 --> 00:27:19,830 other men in the room or the other students in the classroom or whatever it is. 488 00:27:19,830 --> 00:27:23,910 And it took a while for that fire to kind of wake up inside. 489 00:27:24,180 --> 00:27:26,400 I didn't have that through school. I was kind of like, eh, whatever school. 490 00:27:26,400 --> 00:27:28,560 But as I got into the working world, 491 00:27:28,570 --> 00:27:31,530 I realized that that was going to be something that set me apart. 492 00:27:31,530 --> 00:27:35,670 And if I didn't stand up and speak up and have my voice be heard, 493 00:27:35,670 --> 00:27:37,080 I was going to regret that later. 494 00:27:37,290 --> 00:27:41,400 And it was probably one of the best things that I did in a culture and in a 495 00:27:41,400 --> 00:27:45,240 company where that was really rewarded and diversity was valued. 496 00:27:45,240 --> 00:27:49,680 And so I was very fortunate to be in the GE ecosystem because I think I got a 497 00:27:49,690 --> 00:27:54,180 lot of opportunities early in my career when I was younger that in most other 498 00:27:54,190 --> 00:27:58,380 organizations, you wouldn't have a shot at a job like that until you were 40, 499 00:27:58,470 --> 00:28:01,890 50 even sometimes. So that was pretty amazing. 500 00:28:02,640 --> 00:28:06,090 Yeah, I really want to pick up on this, and we share this, Kathy, 501 00:28:06,420 --> 00:28:09,900 I remember growing up and being a woman who wanted to be in business and there 502 00:28:09,900 --> 00:28:10,733 weren't many, 503 00:28:10,920 --> 00:28:14,790 and you always feel like you kind of have to overcompensate for you to try 504 00:28:14,790 --> 00:28:16,140 harder, you have to be smarter, 505 00:28:16,140 --> 00:28:20,580 you have to be more driven to be able to break through a lot of the barriers 506 00:28:20,580 --> 00:28:23,100 that existed. And I really want to ask you, 507 00:28:23,110 --> 00:28:25,530 because tech is such a male dominated field. 508 00:28:25,530 --> 00:28:29,250 I mean it's something like less than 30% of women are in technology, 509 00:28:29,580 --> 00:28:34,080 the percentage of women who are leaders in technology or even less than that. 510 00:28:34,380 --> 00:28:37,410 So I want to hear just first of all, your initial impression when you hear that, 511 00:28:37,410 --> 00:28:41,370 if it's something that you consciously think about or if you did as you were 512 00:28:41,370 --> 00:28:43,680 coming up through the ranks and owning your own company. 513 00:28:43,800 --> 00:28:45,960 Yeah, it's definitely in the back of my mind. 514 00:28:46,530 --> 00:28:50,490 It's why a lot of the nonprofit work and volunteerism that I do within the 515 00:28:50,490 --> 00:28:54,750 technology space is focused on girls in STEM and women in technology, 516 00:28:54,960 --> 00:28:58,050 women leaders, because there's never enough of us. 517 00:28:58,110 --> 00:29:01,830 And I think the generation needs to turn around and pull up those that are 518 00:29:01,830 --> 00:29:06,000 coming behind them. And I was lucky enough to have a lot of women role models, 519 00:29:06,030 --> 00:29:10,980 women mentors who helped me make that transition. So that's definitely huge. 520 00:29:12,030 --> 00:29:16,050 But I will say that in the last couple of years, I think it's gotten better, 521 00:29:16,380 --> 00:29:18,630 more women in tech and women in cyber. 522 00:29:18,660 --> 00:29:23,130 We're still one out of maybe every seven or eight in a room, 523 00:29:24,420 --> 00:29:25,680 but it is getting better. 524 00:29:27,150 --> 00:29:31,350 I just think that when you don't have enough women in the boardroom period, 525 00:29:32,160 --> 00:29:37,050 it's really hard to get women in leadership in other places. So the more that 526 00:29:37,060 --> 00:29:40,620 we can be visible, and I think it's podcasts, 527 00:29:40,630 --> 00:29:44,440 like it's speaking events, it's conferences. 528 00:29:44,440 --> 00:29:47,200 And I'm looking forward to, in September, 529 00:29:47,200 --> 00:29:51,760 I'm going to be moderating a panel on cybersecurity and disaster recovery at the 530 00:29:51,790 --> 00:29:53,920 Disaster Recovery Journals conference in Phoenix. 531 00:29:54,370 --> 00:29:59,140 And I was really vocal about the panel and 532 00:29:59,140 --> 00:30:01,840 wanting to make sure that we had diversity on the panel and really happy that 533 00:30:01,840 --> 00:30:03,820 it's an even 50 50 split men and women. 534 00:30:03,820 --> 00:30:06,790 And so those are the types of things where I think if we push for that more, 535 00:30:08,410 --> 00:30:11,890 the women leaders in the field get recognized and aren't visible. 536 00:30:12,640 --> 00:30:15,790 Yeah, absolutely. Is there something that for you, 537 00:30:16,030 --> 00:30:19,750 when you think about this and helping to advance more women into technology, 538 00:30:19,750 --> 00:30:22,240 is there something else that stands out to me? Obviously you're giving back, 539 00:30:22,750 --> 00:30:25,210 you're active in these programs where they're focused on stem, 540 00:30:25,210 --> 00:30:29,350 and I think that's really been significant in the last few years in showcasing 541 00:30:29,560 --> 00:30:33,430 opportunities for careers and technology in those other areas to women, 542 00:30:33,430 --> 00:30:37,900 especially in other students. Is there something else that from your standpoint, 543 00:30:38,080 --> 00:30:42,310 would help advance careers and technology or other ways 544 00:30:42,880 --> 00:30:46,600 companies rather can think about helping to promote careers and technology, 545 00:30:46,610 --> 00:30:47,443 especially for women? 546 00:30:47,590 --> 00:30:51,010 Yeah, I think when it comes to companies promoting, 547 00:30:51,640 --> 00:30:56,440 I would say make sure that there's equal opportunity for training. 548 00:30:57,760 --> 00:30:59,860 A lot of times in a group setting, 549 00:30:59,860 --> 00:31:03,220 our unconscious bias creeps in and even find it with myself, 550 00:31:03,250 --> 00:31:07,300 where you'll see a group of professionals and then there's a woman in the room. 551 00:31:07,300 --> 00:31:11,890 And sometimes you might assume that the woman is the marketing person or the 552 00:31:11,890 --> 00:31:16,870 HR person or the intern there to get everybody coffee as opposed 553 00:31:16,870 --> 00:31:20,110 to the technologist or the cybersecurity person. 554 00:31:21,460 --> 00:31:26,020 And so I think opportunities for one, 555 00:31:26,800 --> 00:31:29,560 catching that unconscious bias and educating people on it, 556 00:31:29,560 --> 00:31:32,440 but then sending women to training, 557 00:31:32,440 --> 00:31:37,210 giving them opportunity to be the tech super 558 00:31:37,210 --> 00:31:42,130 user of the systems that you have or to be the liaison 559 00:31:42,130 --> 00:31:46,900 with the managed IT partner that does your firm's 560 00:31:46,900 --> 00:31:47,440 technology. 561 00:31:47,440 --> 00:31:52,150 I think those all help through exposure to get them into and 562 00:31:52,150 --> 00:31:55,030 interested in technology. That's really how I fell into it. 563 00:31:56,170 --> 00:31:57,610 I thought I was going to be in finance. 564 00:31:57,610 --> 00:32:01,840 I did an internship at Morgan Stanley and they happened to just luck of the 565 00:32:01,850 --> 00:32:02,683 draw. 566 00:32:02,830 --> 00:32:06,250 I got assigned to a team that was automating a lot of business processes and I 567 00:32:06,250 --> 00:32:07,810 was like, whoa, this is really cool. 568 00:32:09,130 --> 00:32:11,590 We could do the spreadsheet thing and all of that, 569 00:32:11,590 --> 00:32:14,530 but the power of technology in an enterprise like this, 570 00:32:14,530 --> 00:32:15,550 that's what I want to go do. 571 00:32:16,180 --> 00:32:19,450 And so that kind of changed the course of where I was looking in terms of career 572 00:32:19,450 --> 00:32:20,950 prospects after I graduated. 573 00:32:20,950 --> 00:32:24,340 So I think it's that kind of exposure that just helps women see that there's 574 00:32:24,340 --> 00:32:27,100 other opportunities and hopefully that's another woman on the other side of the 575 00:32:27,100 --> 00:32:30,550 table who is already in the field and can show them the ropes. 576 00:32:30,650 --> 00:32:35,500 I think there's also comfort in a community of your peers. 577 00:32:36,700 --> 00:32:39,920 And I'll say the same thing for my financial advisor. He's a man, 578 00:32:39,920 --> 00:32:41,000 but he has a woman on his team. 579 00:32:41,000 --> 00:32:43,970 I will call the woman 10 times more than I'll call the man just because I feel 580 00:32:43,970 --> 00:32:46,240 more comfortable with her and that's the way that it's. 581 00:32:46,820 --> 00:32:51,560 So Kathy, let's dig into EIS now. So 582 00:32:53,110 --> 00:32:55,940 give us your business model. Tell us what, 583 00:32:56,040 --> 00:32:59,300 we have a lot of hardcore business folks who listen to the show. 584 00:32:59,300 --> 00:33:01,970 So give us what is the east silo business model? 585 00:33:02,580 --> 00:33:07,190 How does a brand new client come to East Silo and what's the client 586 00:33:07,190 --> 00:33:09,500 path along the client lifetime journey? 587 00:33:09,830 --> 00:33:10,340 Sure. 588 00:33:10,340 --> 00:33:13,940 So majority of our new clients come to us through cybersecurity assessment, 589 00:33:14,720 --> 00:33:18,950 and that's usually because they either just had a breach or maybe they had a 590 00:33:18,950 --> 00:33:21,230 close call, so we almost got hit, 591 00:33:21,230 --> 00:33:24,980 but then the bank was able to recollect some of the funds that we had wired to 592 00:33:24,980 --> 00:33:27,710 the wrong person or something else. 593 00:33:27,950 --> 00:33:32,210 Or sometimes it's just that they are either in a regulated industry. 594 00:33:32,220 --> 00:33:36,470 So there's an annual requirement for our assessment or an external third party 595 00:33:36,470 --> 00:33:37,303 assessment, 596 00:33:38,000 --> 00:33:42,410 or in the case of John who's a partner at a management consulting firm, 597 00:33:42,410 --> 00:33:44,420 and they've been a client of ours for a couple of years now. 598 00:33:44,750 --> 00:33:47,750 They were courting much bigger clients. 599 00:33:47,750 --> 00:33:49,790 They were recording Fortune 500 companies. 600 00:33:50,300 --> 00:33:55,160 And those companies have a lot more strict supplier security reviews than your 601 00:33:55,160 --> 00:33:58,430 average mid-size customer. 602 00:33:58,730 --> 00:34:01,940 And they knew that they needed to up their game in order to pass those reviews 603 00:34:01,940 --> 00:34:06,380 and land those deals. So usually they'll come to us through the course of an 604 00:34:06,380 --> 00:34:07,213 assessment, 605 00:34:07,760 --> 00:34:10,760 we'll determine with them what's the standard we should be assessing them 606 00:34:10,760 --> 00:34:13,460 against. So what are the applicable regulations? 607 00:34:14,420 --> 00:34:16,790 Or if there isn't a direct regulation, 608 00:34:16,800 --> 00:34:20,870 we'll often do a NIST cybersecurity framework assessment, NIST C S F, 609 00:34:21,890 --> 00:34:23,840 national Institute of Standards and Technology, 610 00:34:23,840 --> 00:34:28,520 and that's the gold standard for our industry. Over the course of several weeks, 611 00:34:28,520 --> 00:34:29,960 we'll get really deep into their business. 612 00:34:29,960 --> 00:34:33,500 We'll interview a bunch of folks on their team, and at the end of it, 613 00:34:33,500 --> 00:34:35,450 they get a very detailed report from us that says, 614 00:34:35,450 --> 00:34:37,460 here are the places where you meet those expectations. 615 00:34:37,700 --> 00:34:38,720 Here's where you're doing well, 616 00:34:38,900 --> 00:34:40,580 and here's all the places where maybe you're not, 617 00:34:41,150 --> 00:34:45,200 and here's a roadmap for the next three months, six months, 12 months, 618 00:34:45,560 --> 00:34:48,950 of the things that you need to do in priority order to close those gaps and 619 00:34:48,950 --> 00:34:53,810 reduce your risk of a cyber attack or a data breach. And I think a lot of folks 620 00:34:53,900 --> 00:34:56,780 when they think about cybersecurity, they think about tools, right? Oh, 621 00:34:56,960 --> 00:34:59,510 I just go buy this tool and I install it and everything's fine. 622 00:34:59,900 --> 00:35:03,770 And I think the marketing for those companies that make those tools, 623 00:35:04,310 --> 00:35:06,980 they don't do anybody any favors because they oversimplify the problem, 624 00:35:06,980 --> 00:35:10,580 they oversimplify the solution, just buy this one thing. When in reality, 625 00:35:10,580 --> 00:35:12,080 just like many other things, 626 00:35:12,080 --> 00:35:15,830 cyber is a people process and tools conversation. 627 00:35:16,250 --> 00:35:20,840 And we pride ourselves in not shying away from the conversation around people 628 00:35:20,870 --> 00:35:25,040 and process. It's very easy to buy and resell tools. 629 00:35:25,070 --> 00:35:27,170 We will do that in some cases, but to be honest, 630 00:35:27,180 --> 00:35:29,540 that is not core to our business model at all. 631 00:35:29,960 --> 00:35:34,070 It is really partnering with our clients from a strategic point of view, 632 00:35:34,070 --> 00:35:36,260 how are you setting your technology budget? 633 00:35:36,260 --> 00:35:41,040 Are you investing in cybersecurity compared to your peers? Here's what the 634 00:35:41,040 --> 00:35:42,240 benchmark is. 635 00:35:43,080 --> 00:35:47,580 Here's how you should be thinking about investments in hardware and software and 636 00:35:47,580 --> 00:35:51,180 cloud services. And in a lot of cases, 637 00:35:51,190 --> 00:35:54,900 they're stuck with some older technology that's been around for many, 638 00:35:54,900 --> 00:35:58,920 many years, maybe it used to meet their needs, but it doesn't any longer. 639 00:35:58,950 --> 00:36:01,290 But they don't know how to get into something better. 640 00:36:01,620 --> 00:36:05,610 They don't know how to modernize. So no matter what it is that their problem is, 641 00:36:05,820 --> 00:36:10,410 we'll advise them on how to solve that through better technology. 642 00:36:10,710 --> 00:36:12,630 Some of that's going to be a cyber conversation, 643 00:36:12,630 --> 00:36:15,720 but some of it's just going to be let's introduce you to partners who develop 644 00:36:15,720 --> 00:36:19,920 custom software or let's introduce you to platforms that out of the box, 645 00:36:19,920 --> 00:36:22,890 do what you're looking for and maybe it's an opportunity for you to move and 646 00:36:23,040 --> 00:36:27,990 save some money and save some hassle in the process. So that's how they 647 00:36:27,990 --> 00:36:31,710 get in. Once they are in as part of that action plan, 648 00:36:31,710 --> 00:36:35,520 we're usually sitting down and helping them write information security policies, 649 00:36:35,910 --> 00:36:39,090 business continuity policies, incident response plans, 650 00:36:39,840 --> 00:36:44,640 helping them put in place the right capabilities so that 651 00:36:44,670 --> 00:36:48,390 if and when an attack does happen, they know how to properly respond. 652 00:36:48,720 --> 00:36:52,080 And that's where the backup side of our business comes in. So as I mentioned, 653 00:36:52,080 --> 00:36:54,360 when I bought eai, we were exclusively offsite backup. 654 00:36:55,230 --> 00:36:59,490 So for a law firm or an accounting firm or a medical practice, 655 00:36:59,490 --> 00:37:04,020 we would be their offsite backup storage. So if they had an issue, 656 00:37:04,020 --> 00:37:08,280 whether that was a tornado or hurricane or a cyber attack, they would call us. 657 00:37:08,280 --> 00:37:12,240 So we would be the ones to help restore their data working in concert with their 658 00:37:12,240 --> 00:37:14,010 IT people. We still do that, 659 00:37:15,120 --> 00:37:19,470 but we don't often lead with that as the first part of the conversation. That's 660 00:37:19,480 --> 00:37:24,060 a component in our toolkit for how we help them be prepared for those types of 661 00:37:24,070 --> 00:37:24,903 events. 662 00:37:25,920 --> 00:37:30,210 So after or as a part of that action plan, 663 00:37:30,330 --> 00:37:35,310 we'll often work with them on an ongoing basis as their fractional C I O, 664 00:37:36,150 --> 00:37:37,740 so chief information officer, 665 00:37:37,740 --> 00:37:42,690 that's your C-suite level person who is overseeing 666 00:37:42,690 --> 00:37:45,840 your technology, not doing the hands-on work, 667 00:37:46,170 --> 00:37:50,250 but overseeing your vendor or your team that's doing it and providing that 668 00:37:50,250 --> 00:37:53,880 strategic level guidance to the board and the management on what needs to be 669 00:37:53,880 --> 00:37:54,270 happening. 670 00:37:54,270 --> 00:37:58,530 So that's kind of the third leg of our stool as far as the things that we do for 671 00:37:58,540 --> 00:37:59,373 our clients. 672 00:38:00,150 --> 00:38:02,220 That's great. If somebody's buying a company, 673 00:38:02,220 --> 00:38:07,050 would you do a technology assessment like upfront as a way to 674 00:38:07,380 --> 00:38:10,230 assess the vulnerabilities that may be there? 675 00:38:10,230 --> 00:38:14,040 So if you're buying a company and a lot of what you're buying is the database of 676 00:38:14,040 --> 00:38:15,630 their clients and the goodwill, 677 00:38:15,960 --> 00:38:20,310 is there a way that they could connect with you to look over what they have and 678 00:38:21,390 --> 00:38:26,370 get an estimate for how much it would cost to shore up whatever data they 679 00:38:26,370 --> 00:38:27,300 may have? Yeah. 680 00:38:27,300 --> 00:38:31,230 So I'm glad you asked that because I think it's something that gets overlooked 681 00:38:31,230 --> 00:38:35,190 in m and a transactions is the potential cybersecurity 682 00:38:36,010 --> 00:38:40,150 cyber of what you're acquiring. And we've seen that happen time and time again. 683 00:38:40,150 --> 00:38:44,320 So somebody gets acquired and then they discover that six months before the 684 00:38:44,320 --> 00:38:47,740 acquisition there was a leak, but nobody knew it until post close. 685 00:38:48,130 --> 00:38:51,790 So that's absolutely something that people can come and ask us to do an 686 00:38:51,790 --> 00:38:55,420 assessment. So they get an idea of how well was the company operating, 687 00:38:55,570 --> 00:38:57,250 how buttoned up are their systems? 688 00:38:57,610 --> 00:39:00,340 And I think that'll give you a really good indication of the rest of their 689 00:39:00,340 --> 00:39:02,530 operations too. It's a good leading indicator. 690 00:39:03,310 --> 00:39:05,530 The one thing I will say that we're not specialists at, 691 00:39:05,530 --> 00:39:07,990 because I like to be very transparent about what we're good at and what we're 692 00:39:07,990 --> 00:39:11,050 not is valuing the technology. 693 00:39:11,050 --> 00:39:14,170 So if it's a company that has its own proprietary technology, 694 00:39:14,440 --> 00:39:16,090 we're not experts in that valuation, 695 00:39:16,090 --> 00:39:19,570 but we also work with and have a lot of companies that we could refer them to 696 00:39:19,570 --> 00:39:20,650 for that component of it. 697 00:39:21,220 --> 00:39:24,310 But really what we focus on is the technology that supports their internal 698 00:39:24,310 --> 00:39:26,170 operations and how they run their day-to-day. 699 00:39:26,710 --> 00:39:30,370 How early should a company come to you if they do want you to take a look at 700 00:39:30,370 --> 00:39:32,290 that in m and a transaction. 701 00:39:32,560 --> 00:39:35,560 As early as they've got a potential target in mind? 702 00:39:37,300 --> 00:39:40,690 And the reason I say that is because my business experience, 703 00:39:41,080 --> 00:39:44,650 there's a whole bunch of other things besides just looking at the technology 704 00:39:44,860 --> 00:39:49,360 that I'm going to ask them questions about that third parties and suppliers, 705 00:39:49,540 --> 00:39:52,180 how are they thinking about how are they managing that risk? 706 00:39:52,510 --> 00:39:56,470 One of the big things that we talk about a lot with the companies that we work 707 00:39:56,480 --> 00:39:59,770 with is supplier related risk almost. 708 00:40:00,460 --> 00:40:01,870 I don't want to quote the wrong number, 709 00:40:01,870 --> 00:40:06,310 so I'm going to say a significant number of breaches are as a result of third 710 00:40:06,310 --> 00:40:10,060 parties that are compromised. You look at Target, that was a huge, 711 00:40:10,060 --> 00:40:12,400 very popular breach many years ago, 712 00:40:12,940 --> 00:40:14,950 but they were compromised their HVAC provider. 713 00:40:15,490 --> 00:40:20,380 So you think about how large companies are very well protected and 714 00:40:20,390 --> 00:40:21,610 very well resourced, 715 00:40:21,910 --> 00:40:26,320 but their suppliers tend to be smaller and tend to not be. Those are the ones 716 00:40:26,320 --> 00:40:29,050 that are a target. So a lot of times we'll have people say, oh, 717 00:40:29,050 --> 00:40:32,740 but I'm not big enough to be a target of a cyber attack. 718 00:40:32,740 --> 00:40:36,730 I have no valuable data. We're not on anybody's radar. 719 00:40:37,090 --> 00:40:41,980 And it's not that you specifically are targeted, it's who your clients are. 720 00:40:42,100 --> 00:40:44,470 And frankly, sometimes it's just that no one's targeted. 721 00:40:44,470 --> 00:40:48,580 It's just easy pickings. If you leave your car unlocked in the mall parking lot, 722 00:40:48,580 --> 00:40:51,250 someone one day will eventually pull the handle and take everything that's 723 00:40:51,250 --> 00:40:51,790 inside. 724 00:40:51,790 --> 00:40:56,740 So sometimes it's also just a matter of opportunity that you have to be 725 00:40:56,740 --> 00:40:57,573 aware of. 726 00:40:57,880 --> 00:40:59,560 I tell the story all the time, Kathy, 727 00:40:59,560 --> 00:41:04,120 of how when I switched to a business 728 00:41:04,120 --> 00:41:08,150 fiber internet connection, I went from 729 00:41:09,710 --> 00:41:12,400 a variable IP to a static ip, 730 00:41:12,700 --> 00:41:17,290 and they didn't tell me that they were moving me to a static ip and they didn't 731 00:41:17,290 --> 00:41:21,160 tell me the risk of having an ip that didn't change all the time, 732 00:41:21,430 --> 00:41:23,320 every time we we logged in. 733 00:41:23,860 --> 00:41:28,720 So my phone vendor happened to say to me, Hey, listen, 734 00:41:28,730 --> 00:41:31,330 now that you're on fiber, you have a static ip, 735 00:41:31,330 --> 00:41:33,370 so you absolutely need a firewall. 736 00:41:33,740 --> 00:41:38,720 And I ordered one and it took two days for the firewall to get there. 737 00:41:38,900 --> 00:41:42,260 During that two day period, I woke up one morning, 738 00:41:42,410 --> 00:41:45,410 the second day that I had this turned on my computer. 739 00:41:45,470 --> 00:41:50,420 There was a text file on the desktop and the text file when I opened it had 740 00:41:50,690 --> 00:41:55,580 a digitally drawn smiley face with zeros and ones, 741 00:41:55,790 --> 00:41:59,540 and it said, your data is exposed. You need a firewall. 742 00:41:59,690 --> 00:42:02,420 You're lucky you have nothing of value, or it would be mine. 743 00:42:02,900 --> 00:42:06,860 And I freaked out, I unplugged everything, 744 00:42:06,860 --> 00:42:08,270 turned everything off, 745 00:42:08,450 --> 00:42:13,130 and I got in the car and drove and bought the firewall and installed it 746 00:42:13,190 --> 00:42:17,390 like that day. So I mean, 747 00:42:17,400 --> 00:42:18,770 you think it can't happen to you. 748 00:42:18,770 --> 00:42:23,540 I'm a guy operating a business out of my house with a dozen contractors that 749 00:42:23,540 --> 00:42:24,380 work for me. 750 00:42:24,620 --> 00:42:29,270 I got nothing of value yet within like 24 751 00:42:29,270 --> 00:42:32,000 hours of having a static ip, 752 00:42:32,300 --> 00:42:37,130 somebody found my vulnerable system and was in it incredible, 753 00:42:37,430 --> 00:42:38,720 absolutely incredible. 754 00:42:39,110 --> 00:42:44,060 So it's amazing to me explain for the people who don't know, 755 00:42:44,180 --> 00:42:47,390 right? There's an entrepreneur here who is, 756 00:42:47,960 --> 00:42:50,690 he owns a railroad in Pennsylvania. I know. 757 00:42:50,720 --> 00:42:53,960 We actually have one guy who listens to the show who actually owns a railroad in 758 00:42:53,960 --> 00:42:55,430 Pennsylvania. I met him through Vistage. 759 00:42:55,610 --> 00:43:00,380 So he may not know what backing up 760 00:43:00,380 --> 00:43:02,030 stuff to the cloud means, 761 00:43:02,120 --> 00:43:05,600 and he may not know how to select the right vendor to do that. 762 00:43:05,900 --> 00:43:10,760 So what is the difference for that guy for hiring 763 00:43:10,940 --> 00:43:15,410 you to back up all his data to the cloud versus dragging and dropping a 764 00:43:15,410 --> 00:43:17,210 file into Dropbox? 765 00:43:17,630 --> 00:43:20,270 So there's a whole bunch of differences. 766 00:43:20,510 --> 00:43:22,970 The first thing I'll say is if you're running a real business, 767 00:43:23,000 --> 00:43:25,400 you need a real business backup solution. 768 00:43:25,760 --> 00:43:28,340 You don't want to use a consumer tool to do it. 769 00:43:29,330 --> 00:43:33,890 You don't want to use a Dropbox or OneDrive or a Google Drive. 770 00:43:34,670 --> 00:43:37,910 Those are actually cloud sync tools. They're not cloud backup tools. 771 00:43:37,910 --> 00:43:42,440 It's a common misperception when you think about it like this. 772 00:43:42,440 --> 00:43:44,630 If your computer gets compromised, 773 00:43:44,630 --> 00:43:47,930 you click on a bad link that came through an email of somebody that looked 774 00:43:47,940 --> 00:43:48,590 familiar, 775 00:43:48,590 --> 00:43:52,970 and all of a sudden your computer is infected with a virus and your 776 00:43:53,000 --> 00:43:56,900 files all get corrupted. So they get jumbled up. They're all there, 777 00:43:56,900 --> 00:43:59,630 but you try to open them. You can't actually make heads or tails of it. 778 00:43:59,630 --> 00:44:01,520 You can't see it. You can't use any of the data. 779 00:44:02,420 --> 00:44:05,930 If you are using Dropbox Sync or OneDrive sync, 780 00:44:06,380 --> 00:44:10,820 then the copy of that file that lives in your cloud that you think is your 781 00:44:10,820 --> 00:44:12,860 backup is now also corrupted to, 782 00:44:13,040 --> 00:44:15,260 right? So the changes are kind of indiscriminate. 783 00:44:15,620 --> 00:44:17,810 If you delete a file from your computer, 784 00:44:18,140 --> 00:44:21,020 then the copy in the cloud can be deleted also. 785 00:44:21,590 --> 00:44:25,640 So what we always tell folks is that you don't want a constant synchronization 786 00:44:25,650 --> 00:44:26,483 of your data. 787 00:44:26,780 --> 00:44:31,440 A real backup is going to be as of a point in time where eight 788 00:44:31,440 --> 00:44:34,050 o'clock every night, you're going to take a backup of your files. 789 00:44:34,080 --> 00:44:36,720 If something happens after that backup at eight o'clock, 790 00:44:36,720 --> 00:44:40,710 you can roll back everything on your system back to a single point in time. 791 00:44:40,710 --> 00:44:42,270 So there's consistency there. 792 00:44:42,900 --> 00:44:47,820 The other thing is that a tool like Dropbox won't allow you to control when new 793 00:44:47,820 --> 00:44:52,290 versions get made and how many versions get saved, right? You buy a plan, 794 00:44:52,560 --> 00:44:54,300 the plan includes however many versions. 795 00:44:54,300 --> 00:44:57,330 They often don't tell you because they want to be able to change that behind the 796 00:44:57,330 --> 00:44:59,310 scenes. It's not part of what you pay for, 797 00:44:59,700 --> 00:45:02,850 and you don't get to control that version history. Whereas again, 798 00:45:02,860 --> 00:45:04,110 if you have business grade backup, 799 00:45:04,200 --> 00:45:08,220 you can decide that the backup happens once a night at eight o'clock. 800 00:45:08,580 --> 00:45:11,730 It happens every six hours. It happens every two hours, right? 801 00:45:11,730 --> 00:45:15,030 So you control frequency and you also control retention. 802 00:45:15,090 --> 00:45:18,810 I need that backup to be saved for 30 days, 60 days, 803 00:45:18,870 --> 00:45:22,140 seven years because of my regulatory requirements. 804 00:45:22,150 --> 00:45:24,570 And so you now have a lot more control. 805 00:45:25,230 --> 00:45:27,930 So that's really one of the first things. 806 00:45:28,230 --> 00:45:30,810 The second thing is you want to make sure your backups are encrypted, 807 00:45:31,230 --> 00:45:34,200 because if something ever happens to that provider, 808 00:45:34,470 --> 00:45:36,600 if something ever happens to that storage, 809 00:45:36,610 --> 00:45:39,750 you want to make sure that even if it falls into the wrong hands, 810 00:45:40,050 --> 00:45:43,170 nobody can actually view the files and take them and use them. 811 00:45:43,440 --> 00:45:48,180 And if you were to have a leak of private information, if it's encrypted, 812 00:45:48,180 --> 00:45:52,170 that's going to help you quite a bit as far as your breach responsibilities and 813 00:45:52,170 --> 00:45:56,220 what the implications might be. And then the other thing is that you want those 814 00:45:56,230 --> 00:45:58,140 backups to be completely automatic. 815 00:45:58,200 --> 00:46:02,700 There's a lot of organizations I talk to where the backup is so-and-so's job 816 00:46:03,120 --> 00:46:07,290 when so-and-so gets sick or is on vacation or just gets really busy and forgets 817 00:46:07,620 --> 00:46:08,640 your backups don't happen. 818 00:46:08,970 --> 00:46:13,770 And too often we find companies that think they have a set of backups and a set 819 00:46:13,770 --> 00:46:17,820 of routines, but nobody's checking on them. So you don't realize that, oh, well, 820 00:46:17,820 --> 00:46:20,040 that was a task of somebody that we fired six months ago, 821 00:46:20,040 --> 00:46:21,030 and so they haven't been happening, 822 00:46:21,510 --> 00:46:25,140 and then they go to restore from a cyber attack or a ransomware incident, 823 00:46:25,620 --> 00:46:26,730 and lo and behold, 824 00:46:26,730 --> 00:46:31,020 there are no backups or the backups that they have are two months old because no 825 00:46:31,020 --> 00:46:32,370 one's been watching the store. 826 00:46:33,060 --> 00:46:37,620 So when you have a business grade backup service and business backup 827 00:46:37,620 --> 00:46:40,230 software that's happening for you automatically, 828 00:46:40,320 --> 00:46:44,220 it's run by outside people. So that's like my team. That's all they do. 829 00:46:44,640 --> 00:46:46,560 They run the backups, they check 'em every morning. 830 00:46:46,800 --> 00:46:51,150 We call clients proactively when something happens. I'll never forget, 831 00:46:51,180 --> 00:46:53,220 in the beginning of covid, people started traveling a lot. 832 00:46:53,230 --> 00:46:58,050 And so we saw one organization, their clinical psychologist, 833 00:46:58,080 --> 00:47:01,110 and we noticed that the backups hadn't happened for a while. 834 00:47:01,110 --> 00:47:03,390 So one of our team members called her up and said, oh, 835 00:47:03,400 --> 00:47:06,480 I'm working for a beach house in Delaware. I got a new computer. Oh, well, 836 00:47:06,480 --> 00:47:10,890 you kind of got to let us know that so we can get you set up for your new 837 00:47:10,890 --> 00:47:11,310 equipment. 838 00:47:11,310 --> 00:47:15,030 So that's an example of the level of personalized service that when you have a 839 00:47:15,570 --> 00:47:18,330 good system, someone's watching for you, 840 00:47:18,330 --> 00:47:23,250 think about it like an outsourced IT department dedicated just to managing your 841 00:47:23,250 --> 00:47:24,083 backups. 842 00:47:24,300 --> 00:47:27,930 Whereas you can swipe your credit card on a website and get access to some 843 00:47:27,940 --> 00:47:31,540 software, but there's nobody who's monitoring that for you. Trust me, 844 00:47:31,540 --> 00:47:34,480 the call center in the Philippines is not paying attention to your backups and 845 00:47:34,480 --> 00:47:37,960 going to give you a call when something that they spot is unusual. 846 00:47:38,560 --> 00:47:40,900 Oh, that's great. This reminds me of, 847 00:47:40,900 --> 00:47:42,160 it's almost like being in the medical field. 848 00:47:42,160 --> 00:47:46,060 Someone's monitoring where your heart rate is at a regular basis. 849 00:47:46,060 --> 00:47:47,560 There's doctors behind the scenes doing it. 850 00:47:47,560 --> 00:47:51,190 If you're someone who has had the device implanted, you have the monitor on, 851 00:47:51,340 --> 00:47:53,530 and then they're watching it in real time calling you. I mean, 852 00:47:53,530 --> 00:47:55,240 this is really first level service. 853 00:47:55,240 --> 00:47:58,960 What we're talking about here is someone is out there watching out for you, 854 00:47:58,990 --> 00:48:02,890 calling you when it's happening, so that they can work with you immediately to, 855 00:48:02,900 --> 00:48:03,250 I'm sure, 856 00:48:03,250 --> 00:48:08,020 catch this a lot sooner and prevent a major issue then when they start to 857 00:48:08,030 --> 00:48:08,380 notice it, 858 00:48:08,380 --> 00:48:12,130 which for those of us who are unsophisticated handling data or cybersecurity 859 00:48:12,130 --> 00:48:14,230 issues, that could be well down the road, I'd. 860 00:48:14,230 --> 00:48:17,470 Imagine. Yeah, no, absolutely. And I'll tell you a quick story. 861 00:48:18,970 --> 00:48:23,410 One of the things that people tell me often is that while I don't need backups 862 00:48:23,410 --> 00:48:25,930 from a third party, my team's already got that covered. 863 00:48:26,110 --> 00:48:30,700 We pay this vendor to manage all of our IT and backups are included as a part of 864 00:48:30,700 --> 00:48:35,650 it. And while that may be true, a couple years ago there was an M S P, 865 00:48:35,650 --> 00:48:38,320 A managed service provider, one of these outsourced IT departments. 866 00:48:38,350 --> 00:48:41,890 They have about 200 or so clients in the South Florida area, 867 00:48:42,160 --> 00:48:45,640 including sports teams that teams you and I would've watched on tv. 868 00:48:46,030 --> 00:48:48,610 So they serve big clients. 869 00:48:49,630 --> 00:48:54,070 The M S P was hit with a ransomware attack. And unfortunately, 870 00:48:54,280 --> 00:48:59,230 all of the clients who that M S P served and 871 00:48:59,470 --> 00:49:02,950 had access to their systems, they all got infected too. 872 00:49:03,790 --> 00:49:07,690 And there was about a dozen or so of those companies that we happened to share 873 00:49:07,690 --> 00:49:12,670 in common. So way earlier on, they'd been with us for 10, 15 years. 874 00:49:13,480 --> 00:49:17,050 They called us up right away and they said, look, this is the situation. 875 00:49:17,890 --> 00:49:20,980 Our M S P can barely return. Phone calls. 876 00:49:20,990 --> 00:49:24,460 Their folks were working around the clock and no knock against them. I mean, 877 00:49:24,460 --> 00:49:27,670 they were literally pulling people off of the billing desk to answer level one 878 00:49:27,670 --> 00:49:32,110 help desk calls and try to troubleshoot what was going on. But they said, 879 00:49:32,110 --> 00:49:35,380 it's been several hours. No one's getting back to me. 880 00:49:35,380 --> 00:49:39,550 Can you just restore my backups from your copy because I can't wait for them. 881 00:49:39,940 --> 00:49:42,520 And so we did, and lo and behold, 882 00:49:42,820 --> 00:49:47,620 all of those local backups that were managed by that M S P were completely 883 00:49:47,620 --> 00:49:50,110 trashed. And it was just because you have, 884 00:49:50,740 --> 00:49:54,010 one of the things you learn when you're in the resiliency business is you don't 885 00:49:54,010 --> 00:49:58,120 want a lot of things that look the same. Too much commonality puts you at risk. 886 00:49:58,150 --> 00:49:59,230 It's concentration risk. 887 00:49:59,620 --> 00:50:04,360 So you had the same people who were managing the production servers and machines 888 00:50:04,540 --> 00:50:07,870 that were also managing the backups. Same accounts, same passwords, right? 889 00:50:07,870 --> 00:50:10,780 Same personnel. And so when they were compromised, 890 00:50:10,840 --> 00:50:14,320 everything they touched was essentially poisoned. Whereas our team, 891 00:50:14,320 --> 00:50:17,680 it was a different team, different accounts, different platform. 892 00:50:17,680 --> 00:50:20,620 We don't actually run and save our backups on windows. 893 00:50:20,890 --> 00:50:25,060 We use Linux for added variety. We store them on a different network. 894 00:50:25,120 --> 00:50:29,150 We store them offsite. So we had all these different factors where we've, 895 00:50:29,150 --> 00:50:32,690 at this point in that situation, but also ever since I bought the business, 896 00:50:32,690 --> 00:50:37,010 we have a 100% ransomware recovery rate. And we actually tested that, 897 00:50:37,010 --> 00:50:39,440 just I want to say two, three weeks ago. 898 00:50:40,010 --> 00:50:42,350 We're a regional healthcare provider client of our same thing. 899 00:50:42,380 --> 00:50:46,520 They got ransomware, their internal backups were hosed, ours were not. 900 00:50:46,520 --> 00:50:49,040 So you got to ask yourself the question, right? If my data is really, 901 00:50:49,040 --> 00:50:49,880 really important, 902 00:50:50,240 --> 00:50:54,380 how many layers of protection am I willing to put in place to ensure that when 903 00:50:54,380 --> 00:50:58,310 that worst day happens, I have a means to recover? 904 00:50:58,320 --> 00:50:59,870 I have experts who I can call upon, 905 00:50:59,870 --> 00:51:02,840 who will roll up their sleeves and get into my systems and actually do it for me 906 00:51:02,840 --> 00:51:07,640 or do it with me. That's really the value of having EIS backups. 907 00:51:08,240 --> 00:51:13,100 So you must have to segregate data from specific industries 908 00:51:13,700 --> 00:51:17,690 from everything else. So for example, medical data has to be, 909 00:51:17,960 --> 00:51:19,190 everybody has to have their own, 910 00:51:19,280 --> 00:51:21,500 I don't know if they have their own separate server or whatever, 911 00:51:21,500 --> 00:51:26,180 but everybody has to have their own separate little area where you can't, 912 00:51:26,570 --> 00:51:30,470 because that can never be compromised if that gets out. 913 00:51:30,860 --> 00:51:32,960 There's a huge issue with that. I mean, 914 00:51:32,960 --> 00:51:36,560 there's an issue with all data getting out, but medical data especially, 915 00:51:36,560 --> 00:51:39,980 or client specific data for a law firm, 916 00:51:39,980 --> 00:51:42,770 I have a client who got hit with a ransomware attack, 917 00:51:42,830 --> 00:51:47,540 and the entire firm was rendered helpless for a week because they didn't have 918 00:51:47,540 --> 00:51:50,510 access to their information. 919 00:51:50,520 --> 00:51:53,480 And they were very tight-lipped about it because they didn't want the word 920 00:51:53,480 --> 00:51:55,850 getting out that they had gotten hit with a ransomware attack. 921 00:51:55,850 --> 00:51:59,360 And I have to believe they didn't have an effective backup system like you're 922 00:51:59,360 --> 00:52:03,560 talking about. Otherwise it wouldn't have been as big a deal. 923 00:52:03,830 --> 00:52:08,660 But how do you segregate that data and how is it tested for 924 00:52:08,660 --> 00:52:09,950 compliance purposes? 925 00:52:11,120 --> 00:52:16,040 How is your backup data tested for HIPAA compliance or for compliance with 926 00:52:16,040 --> 00:52:18,050 FINRA's rules for financial data, that sort thing. 927 00:52:18,560 --> 00:52:23,030 So we treat all of our clients as if whatever information that they're backing 928 00:52:23,030 --> 00:52:24,890 up with us is the most important thing in the world. 929 00:52:25,220 --> 00:52:26,990 So we apply the same level of protection, 930 00:52:26,990 --> 00:52:30,620 the same high bar to everyone and everything because to be honest, 931 00:52:30,950 --> 00:52:33,440 by the time the data comes to us, we don't actually know what it's, 932 00:52:33,470 --> 00:52:38,000 we can't see it. Even our staff can't unencrypt and view our client's data, 933 00:52:38,000 --> 00:52:39,050 and we do that on purpose. 934 00:52:39,680 --> 00:52:44,270 We have no reason to need to see any of the information that you back up and 935 00:52:44,270 --> 00:52:48,860 trust with us. So we have separate encryption keys for each of our customers, 936 00:52:49,130 --> 00:52:53,270 which means that even if we were to have some kind of a widespread breach that 937 00:52:53,420 --> 00:52:56,090 you couldn't get to all the data of our individual clients, 938 00:52:56,090 --> 00:52:57,470 only they have those keys. 939 00:52:57,710 --> 00:53:01,730 So that's one of the protection measures that we have. The other thing is, 940 00:53:01,730 --> 00:53:03,920 what I'll say is it's logical separation. 941 00:53:03,920 --> 00:53:08,000 So even though the data might be physically stored on the same physical server 942 00:53:08,000 --> 00:53:09,530 as part of our private cloud, 943 00:53:09,950 --> 00:53:12,860 because of the way that we store it and how we store it, 944 00:53:13,040 --> 00:53:16,400 it is logically separated. And so there's no crossover access. 945 00:53:16,400 --> 00:53:20,330 There's no ability to see from your backups. Nicola, 946 00:53:20,330 --> 00:53:22,310 could you see Dave's data on the other side? 947 00:53:22,730 --> 00:53:26,790 And so the encryption piece though is incredibly key to that. 948 00:53:27,750 --> 00:53:31,920 The other thing I would say is that when you are in the business of data 949 00:53:31,920 --> 00:53:35,730 protection, you design, we call it security by design. 950 00:53:35,730 --> 00:53:40,080 So everything from the ground up is designed to ensure that things are 951 00:53:40,080 --> 00:53:42,000 segmented, that there's zero trust, 952 00:53:42,030 --> 00:53:46,860 that there isn't the ability for if somebody were to get into our 953 00:53:46,860 --> 00:53:48,990 environment to be able to move between servers. 954 00:53:48,990 --> 00:53:52,590 So that's ultimately how I'm able to sleep at night because I know that we've 955 00:53:52,590 --> 00:53:56,820 put in place those correct protections. To be honest with you, 956 00:53:57,210 --> 00:54:01,890 the weakest link in the entire chain, and this is often where it happens, 957 00:54:02,520 --> 00:54:06,930 is people and my clients have to have access, 958 00:54:07,140 --> 00:54:09,840 username, password that gets them into their own backups, 959 00:54:09,870 --> 00:54:13,890 and that is what I worry about the most because they use the same password for 960 00:54:13,890 --> 00:54:16,530 that as they use for other things. 961 00:54:16,530 --> 00:54:21,510 So a lot of what we do is education with our clients on here 962 00:54:21,510 --> 00:54:26,430 are good cyber hygiene practices that you should be applying 963 00:54:26,440 --> 00:54:27,690 in every area of your life, 964 00:54:27,720 --> 00:54:30,870 not just as it pertains to data that you protect with us, 965 00:54:31,410 --> 00:54:33,960 but you should be turning on multi-factor authentication. 966 00:54:34,020 --> 00:54:37,080 If you don't know what that is, message me and I'll help you get it set up. 967 00:54:37,770 --> 00:54:42,390 That is the single best thing that you can be doing to protect your accounts, 968 00:54:42,390 --> 00:54:46,140 whether that's your bank account, your Amazon account, your backup account, 969 00:54:46,150 --> 00:54:49,350 all of it. And that just ensures that when you log into something, 970 00:54:49,360 --> 00:54:53,550 you're using multiple ways to authenticate yourself to that system. 971 00:54:53,970 --> 00:54:55,620 It's a combination of something you have, 972 00:54:55,620 --> 00:54:59,850 which is a password and something which is often like a six digit code they get 973 00:54:59,850 --> 00:55:04,200 sent to you on your phone, and there's even layers of security within that. 974 00:55:04,200 --> 00:55:06,900 There's good M F A practices and not so good ones. 975 00:55:07,530 --> 00:55:10,830 So that's where we do a lot of just education on here are the things that you 976 00:55:10,830 --> 00:55:14,970 need to do to play your part in securing your own data. 977 00:55:15,750 --> 00:55:19,320 So let me ask a question that I'd imagine there's a lot of people sitting in our 978 00:55:19,320 --> 00:55:23,610 audience right now that are thinking, I have a million passwords. Kathy, 979 00:55:23,610 --> 00:55:25,950 where's the best place to store those? 980 00:55:25,950 --> 00:55:30,330 Because I'm sick of saving and worrying about every password that I have to 981 00:55:30,360 --> 00:55:31,890 every different account. I was. 982 00:55:31,890 --> 00:55:33,240 Going to say, so before I. 983 00:55:33,240 --> 00:55:34,140 Tell you, definitely don't write them. 984 00:55:34,150 --> 00:55:36,270 Though. You tell me where you're storing yours. 985 00:55:37,890 --> 00:55:38,723 Oh, Dave. 986 00:55:40,950 --> 00:55:41,880 Nicola, what do you do? 987 00:55:43,380 --> 00:55:44,910 What do I do? I have, well, 988 00:55:44,910 --> 00:55:47,880 I have a password protected file that have passwords in them. 989 00:55:50,250 --> 00:55:53,400 So you have an Excel spreadsheet that has a password, 990 00:55:53,550 --> 00:55:58,200 and it's the password spreadsheet and the password is password 1, 2, 3. 991 00:55:59,230 --> 00:56:02,850 Then no password whatsoever. Mine is not a complicated one. 992 00:56:02,860 --> 00:56:06,030 All of them are unique and they're complicated. They're long. 993 00:56:06,660 --> 00:56:08,910 There's nothing that's uniquely identifiable. 994 00:56:10,080 --> 00:56:14,910 So I use LastPass and I used an assigned, 995 00:56:15,180 --> 00:56:19,230 I used a randomized password to get me into LastPass, 996 00:56:19,500 --> 00:56:21,570 and so every time I forget the damn thing, 997 00:56:21,570 --> 00:56:26,200 it takes me an hour to get all my passwords, but I think it's safe. 998 00:56:26,200 --> 00:56:29,020 I mean, I think they had a breach at one point, but 999 00:56:30,610 --> 00:56:32,620 I think that's the best I can do, right? 1000 00:56:32,710 --> 00:56:36,520 Yeah, so a password manager or password vault, like a LastPass, 1001 00:56:36,760 --> 00:56:40,630 but maybe a different one would be the easiest thing to do. 1002 00:56:40,690 --> 00:56:44,140 So I love what Nicole said about having totally unique, 1003 00:56:44,200 --> 00:56:47,170 totally randomized passwords, hopefully really long ones. 1004 00:56:48,040 --> 00:56:51,190 You can Google time it takes to crack a password, 1005 00:56:51,190 --> 00:56:55,000 and you get these really scary charts that'll show you that even if it has eight 1006 00:56:55,000 --> 00:56:58,390 characters and it has a combination of upper and lowercase and numbers and 1007 00:56:58,390 --> 00:56:59,170 symbols and all that, 1008 00:56:59,170 --> 00:57:02,530 it takes like 0.3 seconds for somebody to breach it with the right hardware. 1009 00:57:03,400 --> 00:57:06,880 So you really need a long, strong, complex password, 1010 00:57:07,210 --> 00:57:11,500 but then you store it in a vault like one password is a good one or there's a 1011 00:57:11,500 --> 00:57:13,840 whole bunch of them out there. If you're on LastPass, 1012 00:57:13,840 --> 00:57:17,290 I would recommend moving away from it because of the breach that happened. 1013 00:57:17,890 --> 00:57:19,600 Interestingly enough, in the breach, 1014 00:57:19,960 --> 00:57:24,130 the attacker stole a backup copy of the databases. 1015 00:57:24,220 --> 00:57:28,960 So that's why I advise people against it or to move on to 1016 00:57:28,960 --> 00:57:31,750 something else. But that's really the best that you can do. 1017 00:57:32,980 --> 00:57:35,350 But I would say if you have a password vault, 1018 00:57:35,350 --> 00:57:39,580 you've got unique passwords and you've turned on M F A in every system that 1019 00:57:39,580 --> 00:57:40,450 supports it, 1020 00:57:40,810 --> 00:57:45,100 then you've at least covered off the basics of the things that you should be 1021 00:57:45,110 --> 00:57:46,930 doing to secure your accounts. 1022 00:57:47,410 --> 00:57:51,880 Kathy, explain to people, when I travel, I use A V P N. 1023 00:57:51,890 --> 00:57:56,560 Explain to people the value of using A V P N and why 1024 00:57:56,560 --> 00:57:58,870 people need to use A V P N. 1025 00:57:58,990 --> 00:58:02,110 Yeah. V P N stands for Virtual Private network, 1026 00:58:02,710 --> 00:58:07,570 and it creates a secure tunnel between your computer and the websites that 1027 00:58:07,580 --> 00:58:08,650 you're communicating with. 1028 00:58:09,100 --> 00:58:14,020 And why that matters is if you travel often and you're in airports, 1029 00:58:14,020 --> 00:58:16,720 hotels, Starbucks, you're on public wifi. 1030 00:58:17,170 --> 00:58:19,600 If that wifi is not properly protected, 1031 00:58:19,610 --> 00:58:24,400 any other individual who's on that same network can potentially be spying on 1032 00:58:24,400 --> 00:58:28,900 your communications or even intercepting and changing the communications that 1033 00:58:28,900 --> 00:58:33,040 are occurring between your computer and your bank's website or whatever, 1034 00:58:33,190 --> 00:58:34,300 whatever it is that you're doing. 1035 00:58:34,960 --> 00:58:38,110 A V P N helps to eliminate that by creating that secure tunnel. 1036 00:58:39,250 --> 00:58:42,040 The other thing that's nice for folks who travel a lot, 1037 00:58:42,040 --> 00:58:43,150 especially if it's out of country, 1038 00:58:43,150 --> 00:58:47,530 is they'll use a V P N to be able to watch American shows and countries where 1039 00:58:47,530 --> 00:58:50,980 that stuff is blocked. But from my point of view, that's a nice to have. 1040 00:58:50,980 --> 00:58:54,820 It's the security value that I think is really important for anyone who's on the 1041 00:58:54,820 --> 00:58:55,653 road. 1042 00:58:56,680 --> 00:58:59,140 If you've ever been on an airplane and 1043 00:59:00,730 --> 00:59:05,200 you open your Bluetooth or you click on the wifi and you see Joe's 1044 00:59:05,210 --> 00:59:09,550 iPhone pop up as an option, that's why you need a P n, 1045 00:59:09,670 --> 00:59:11,620 because if Joe's iPhone is popping up, 1046 00:59:11,620 --> 00:59:15,790 you can be damn sure your computer's going to pop up there too. So, 1047 00:59:17,140 --> 00:59:22,070 oh man, that is, for me, that is the scariest, the absolute scariest thing, 1048 00:59:22,250 --> 00:59:26,690 especially people who have access to confidential client information and they're 1049 00:59:26,990 --> 00:59:31,880 sitting in the airline club doing their work on that confidential client 1050 00:59:31,880 --> 00:59:36,740 information using the airline club wifi without any 1051 00:59:36,740 --> 00:59:40,340 type of protection whatsoever. It scares me. Alright, Kathy, 1052 00:59:40,340 --> 00:59:42,710 before we let you go, let's talk a little bit about 1053 00:59:44,270 --> 00:59:45,410 how you get clients. 1054 00:59:46,040 --> 00:59:50,120 So how does EIL find companies to work with? 1055 00:59:50,150 --> 00:59:52,610 99% Of our clients come through referrals. 1056 00:59:53,210 --> 00:59:56,030 So we work with trusted advisors, 1057 00:59:56,040 --> 00:59:58,460 whether that's attorneys or accountants, 1058 00:59:59,030 --> 01:00:01,610 also their IT provider. 1059 01:00:01,610 --> 01:00:06,530 So you think most small to mid-size organizations do some level of outsourcing 1060 01:00:06,530 --> 01:00:08,000 to another IT provider, 1061 01:00:08,210 --> 01:00:11,150 and those are often the ones that bring us in because they know that what we 1062 01:00:11,150 --> 01:00:15,560 offer in terms of expertise and services is going to be a little different than 1063 01:00:15,560 --> 01:00:19,700 what they do day to day. So that's always been our best source of. 1064 01:00:19,700 --> 01:00:20,360 Clients. Kathy, 1065 01:00:20,360 --> 01:00:25,100 what's the most frequently asked question that leads to clients doing 1066 01:00:25,110 --> 01:00:25,943 business with you? 1067 01:00:26,030 --> 01:00:26,300 Yeah, 1068 01:00:26,300 --> 01:00:31,130 I think probably the most common place that they're at when they come to us is 1069 01:00:31,140 --> 01:00:35,030 if I had a security incident tomorrow, I don't know how I would do. 1070 01:00:35,810 --> 01:00:40,520 And it's that fear of the unknown and the recognition that whatever I'm doing, 1071 01:00:40,520 --> 01:00:41,750 it's probably not enough, 1072 01:00:42,140 --> 01:00:44,900 is really what motivates them to reach out and call us. 1073 01:00:45,680 --> 01:00:49,040 I want to touch on one more thing and then I'll turn it over to Nicole. 1074 01:00:49,050 --> 01:00:50,210 And that last thing is, 1075 01:00:50,930 --> 01:00:55,820 your business as an entrepreneur is a really good business model 1076 01:00:55,820 --> 01:00:59,510 because when you onboard a client, I would guess, 1077 01:00:59,510 --> 01:01:00,710 and you can tell me if I'm wrong, 1078 01:01:00,710 --> 01:01:05,690 probably upwards of 90% of your clients are recurring revenue clients in that 1079 01:01:05,870 --> 01:01:10,580 you bring them on and then they're going to pay you for a service monthly or 1080 01:01:10,580 --> 01:01:13,040 annually, over and over and over again. 1081 01:01:14,090 --> 01:01:18,410 Did that factor into the type of business that you were looking to buy? 1082 01:01:19,070 --> 01:01:21,830 And if it didn't explain, or even if it did, 1083 01:01:21,830 --> 01:01:25,970 explain the benefits of having a recurring revenue model in your business? 1084 01:01:26,840 --> 01:01:27,230 Yeah, 1085 01:01:27,230 --> 01:01:31,940 so having recurring revenue was an absolute core criteria as part of my top 1086 01:01:31,940 --> 01:01:34,280 three criteria when I was shopping for businesses. 1087 01:01:34,760 --> 01:01:39,500 And what I loved about this business model was that you 1088 01:01:39,500 --> 01:01:42,530 build the technology once, I call it build once, sell many, 1089 01:01:43,130 --> 01:01:46,760 just like people with cloud websites, it's same sort of thing. 1090 01:01:46,760 --> 01:01:48,890 You build it once and every improvement, 1091 01:01:48,890 --> 01:01:51,770 every enhancement can be shared by all of your clients. 1092 01:01:51,770 --> 01:01:53,990 So that was the big appeal for me. 1093 01:01:54,620 --> 01:01:56,450 It's actually why the consulting side of the business, 1094 01:01:56,720 --> 01:01:57,980 it was a little bit surprising. 1095 01:01:58,250 --> 01:02:01,100 We do strive to make that a recurring relationship, 1096 01:02:01,160 --> 01:02:03,980 but a lot of it sometimes is one time, 1097 01:02:03,980 --> 01:02:06,800 and that wasn't necessarily our focus in the very, very beginning. 1098 01:02:07,460 --> 01:02:09,740 But what I would tell you is that in this space, 1099 01:02:09,770 --> 01:02:12,320 if you treat your clients well and you do good work, 1100 01:02:12,380 --> 01:02:13,580 they will stay with you forever. 1101 01:02:14,330 --> 01:02:18,110 We've got customers that have been with us for 15, 16, 17 years. 1102 01:02:18,470 --> 01:02:21,420 When I bought business, that was the last time I did the analytics on it, 1103 01:02:21,420 --> 01:02:24,510 but at the time, our average retention was like nine and a half years, 1104 01:02:24,510 --> 01:02:28,350 and it's only increased since then. So I think that's huge. 1105 01:02:28,980 --> 01:02:33,600 That's part of what enables us to do what we do is we've got a 1106 01:02:33,610 --> 01:02:36,270 core base, core service that we can offer them, 1107 01:02:36,270 --> 01:02:38,100 and everything else is kind of value on top. 1108 01:02:38,970 --> 01:02:41,850 So that's really one of the things that I love the most about this. 1109 01:02:42,510 --> 01:02:43,920 What do you think, Kathy, what's, 1110 01:02:43,920 --> 01:02:45,900 what's your vision for the company for the next few years? 1111 01:02:45,900 --> 01:02:48,180 Where do you see the company, and I'll use the benchmark 40, 1112 01:02:48,190 --> 01:02:49,800 where do you see the company in five years? 1113 01:02:50,250 --> 01:02:53,990 That's a hard question. Where do I see it in five years? 1114 01:02:54,600 --> 01:02:59,100 So I would like to say that we're 50 1115 01:02:59,100 --> 01:03:03,600 50, the cybersecurity consulting side and backups. 1116 01:03:03,900 --> 01:03:06,930 As much as I love the backup side of the business, 1117 01:03:06,960 --> 01:03:10,740 it is harder and harder to sell standalone backups as a service. 1118 01:03:10,980 --> 01:03:15,720 There are so many other service providers that bundle that with other things. 1119 01:03:16,530 --> 01:03:21,480 So I would say we would be 50 50 on that mix and we would play an even 1120 01:03:21,480 --> 01:03:24,990 bigger role in terms of disaster recovery and business continuity planning. 1121 01:03:24,990 --> 01:03:28,410 And what I mean by that is a lot of small businesses don't put a lot of thought 1122 01:03:28,410 --> 01:03:33,390 into those business continuity plans, but mid-size organizations absolutely do. 1123 01:03:33,720 --> 01:03:37,320 And they understand that it's an orchestration of not just technology, 1124 01:03:37,330 --> 01:03:42,090 but also their whole operations and people process as well as 1125 01:03:42,090 --> 01:03:46,830 tools. And so I think we are uniquely positioned to help them build business 1126 01:03:46,830 --> 01:03:47,650 resiliency, 1127 01:03:47,650 --> 01:03:52,620 business continuity plans that take into account both the technology component 1128 01:03:52,620 --> 01:03:54,150 but also the cyber side. 1129 01:03:54,840 --> 01:03:58,710 So things that intersect across those different areas. 1130 01:03:59,250 --> 01:04:03,990 That's where I would love to be and twice the size of where we are right now in 1131 01:04:03,990 --> 01:04:04,950 those couple of years. 1132 01:04:05,970 --> 01:04:09,000 Kathy, when you're thinking about, and I know you've thought about this, 1133 01:04:09,150 --> 01:04:12,750 I know you, when you're thinking about how this ends, 1134 01:04:13,590 --> 01:04:15,000 what would an exit look like? 1135 01:04:15,000 --> 01:04:19,350 Would an exit look like East Silo being acquired by one of the bigger players? 1136 01:04:19,530 --> 01:04:24,060 Or would an exit look like you merging with another local 1137 01:04:24,150 --> 01:04:27,750 technology provider that's complimentary to you where you 1138 01:04:29,130 --> 01:04:32,670 remain an investor, but you step out of the day to day? 1139 01:04:32,820 --> 01:04:35,100 What's your vision for an exit from East Silo? 1140 01:04:35,670 --> 01:04:38,010 It'd be a strategic acquisition by another, 1141 01:04:38,100 --> 01:04:40,770 and I'm going to use local in quotes because it doesn't have to be in South 1142 01:04:40,770 --> 01:04:41,603 Florida, 1143 01:04:42,210 --> 01:04:47,040 but most likely another service provider where what we do and what they 1144 01:04:47,040 --> 01:04:49,440 do is very yin and yang, very complimentary. 1145 01:04:50,220 --> 01:04:54,540 I don't foresee us being acquired by a big player in the industry. 1146 01:04:54,540 --> 01:04:59,250 We're not that tools focused where I think we would be an attractive 1147 01:04:59,250 --> 01:05:03,240 acquisition candidate in that regard. But definitely on the services side, 1148 01:05:03,240 --> 01:05:04,470 I think that's where we would have our play. 1149 01:05:05,100 --> 01:05:09,870 And do you envision yourself as kind of a serial entrepreneur, 1150 01:05:09,870 --> 01:05:12,900 maybe investing in something else or, I mean, 1151 01:05:12,900 --> 01:05:16,380 you could do that as the c e o of East silo and invest in something else. 1152 01:05:16,390 --> 01:05:17,223 I mean, 1153 01:05:17,560 --> 01:05:21,460 is that something you see yourself doing or are you just sticking to the 1154 01:05:21,460 --> 01:05:23,170 knitting and focusing on East Silo? 1155 01:05:23,770 --> 01:05:28,210 I would say I'm a very, what's here and now, what's right in front of me person? 1156 01:05:28,210 --> 01:05:31,480 I give it off my full attention. When I bought the business, 1157 01:05:31,480 --> 01:05:33,640 I remember someone asked me, well, what's your exit strategy? I said, 1158 01:05:33,650 --> 01:05:36,730 I don't get married to plan my divorce. I get married for life, 1159 01:05:36,730 --> 01:05:38,530 and this is what I'm going to do until I'm unhappy. 1160 01:05:38,530 --> 01:05:40,930 And then I'll start thinking about options if I ever get unhappy. 1161 01:05:42,010 --> 01:05:44,110 But I would say that a dream of mine. 1162 01:05:44,380 --> 01:05:47,290 So my husband is also in the cybersecurity space, 1163 01:05:47,740 --> 01:05:50,980 and he's pretty active in the scene here in South Florida. 1164 01:05:50,980 --> 01:05:53,770 He's actually on Governor DeSantis cybersecurity committee, 1165 01:05:54,070 --> 01:05:57,580 and he has all of these amazing ideas. He's a big ideas guy, 1166 01:05:57,970 --> 01:06:02,380 and I would love for us to be able to go into business together where 1167 01:06:02,770 --> 01:06:06,490 he's executing on the vision and I'm kind of standing behind him and making sure 1168 01:06:06,490 --> 01:06:10,090 the trains run on time. So I would love to do something like that, 1169 01:06:10,090 --> 01:06:14,230 but I'm not sure that I'm ready to have both of us take the leap into 1170 01:06:14,230 --> 01:06:14,890 entrepreneurship. 1171 01:06:14,890 --> 01:06:17,320 It's nice that he's still on the corporate track and I'm able to have the 1172 01:06:17,320 --> 01:06:19,510 freedom to do this. So we'll have to see. 1173 01:06:20,620 --> 01:06:22,930 There it is. Complimentary partnerships. 1174 01:06:23,260 --> 01:06:26,650 Complimentary partnerships. We need to have a conversation about that. 1175 01:06:26,810 --> 01:06:30,790 Let me tell you, oh boy. The way you have it set up now, 1176 01:06:30,790 --> 01:06:33,880 Kathy is probably ideal. You both can understand each other, 1177 01:06:33,970 --> 01:06:37,720 but your worlds are completely separate, which is fantastic. 1178 01:06:39,390 --> 01:06:42,790 Exactly. All right, Nicole, what have you got for Kathy? Before we let her go? 1179 01:06:43,540 --> 01:06:45,400 What I want to do is kind of bring this full circle. 1180 01:06:45,400 --> 01:06:49,180 So we've spent a good deal of time getting to know you, 1181 01:06:49,180 --> 01:06:52,690 really digging into some of the technical aspects of cybersecurity for our 1182 01:06:52,690 --> 01:06:55,300 audience. And we've buried the lead a little bit. 1183 01:06:55,300 --> 01:06:59,170 We want to have you come back as a reoccurring guest free segment with Cyber 1184 01:06:59,170 --> 01:07:03,490 Kathy. And so I just wanted to hear your thoughts on that, 1185 01:07:03,700 --> 01:07:04,870 what might be, 1186 01:07:04,880 --> 01:07:07,900 and you can just give a short preview in store for some of the things we can 1187 01:07:07,900 --> 01:07:11,470 discuss with and bring to the entrepreneurs who are listening to the podcast. 1188 01:07:12,190 --> 01:07:13,720 Well, I would absolutely love that. 1189 01:07:14,530 --> 01:07:17,860 I have so much that I always want to share with other business leaders. 1190 01:07:18,610 --> 01:07:22,600 There's a lot of myths, I think that people believe about cybersecurity, 1191 01:07:22,630 --> 01:07:24,700 either how easy or how hard it is. 1192 01:07:25,090 --> 01:07:27,520 And so I'd love to dispel a lot of those myths. 1193 01:07:27,520 --> 01:07:30,460 I do a ton of different trainings for business leaders on those exact topics. 1194 01:07:30,460 --> 01:07:33,400 So I think that's a great opportunity. 1195 01:07:33,760 --> 01:07:36,940 And then the buzzword right now is generative ai, 1196 01:07:36,940 --> 01:07:39,370 and everybody's thinking about how to apply it in their businesses. 1197 01:07:39,380 --> 01:07:41,230 And not that I ever want to be a naysayer, 1198 01:07:41,260 --> 01:07:45,790 because us cybersecurity and risk management people can get a reputation for 1199 01:07:45,790 --> 01:07:47,170 being the poo-poos of things. 1200 01:07:47,170 --> 01:07:52,150 But I think being smart about how you use tools like 1201 01:07:52,150 --> 01:07:56,770 that and where your data goes and how to still take advantage of those tools, 1202 01:07:56,770 --> 01:07:58,000 but in a safe way, 1203 01:07:58,000 --> 01:08:00,910 I think would be a really important topic for us to dig into on a future 1204 01:08:00,910 --> 01:08:01,743 episode. 1205 01:08:01,990 --> 01:08:06,130 Oh, that's great. I love that. I think that's a fantastic idea. 1206 01:08:07,030 --> 01:08:10,120 Alright, so cyber, Kathy Myron, thank you for joining us. 1207 01:08:10,120 --> 01:08:12,460 I want everybody we're going to put down in the show notes, 1208 01:08:12,460 --> 01:08:15,290 I want you to subscribe to Kathy's YouTube channel. 1209 01:08:15,590 --> 01:08:20,030 I see her shorts pop up all the time, and her shorts are outstanding. 1210 01:08:20,030 --> 01:08:24,980 You're doing a great job with the information that you're sharing with folks on 1211 01:08:24,980 --> 01:08:28,670 YouTube. And I will tell you that every time I watch one of those, I'm like, 1212 01:08:29,000 --> 01:08:31,040 oh man, there's another thing I didn't know. 1213 01:08:31,610 --> 01:08:35,690 Which is, and I got to go do Thank you for watching and for listening us today. 1214 01:08:35,750 --> 01:08:39,290 It's been such a pleasure having you, Kathy Myron, join us today on the show. 1215 01:08:39,560 --> 01:08:40,460 We've learned so much, 1216 01:08:40,490 --> 01:08:44,150 and yet there's so much more in store for those of you who are following our 1217 01:08:44,150 --> 01:08:47,600 podcast. So if you enjoyed today's episode, please watch another one. 1218 01:08:48,320 --> 01:08:51,920 This is the Inside B Show. I'm Nicki G, and you are. 1219 01:08:53,270 --> 01:08:55,940 I don't even remember Dave Lorenzo, the Godfather of Growth. 1220 01:08:57,470 --> 01:08:58,490 We'll see you tomorrow. We'll see.