Book Your Complimentary Consultation Book Your Complimentary Consultation
Home / Interviews / Cyber Security for Local Businesses with Dominic Vogel

Cyber Security for Local Businesses with...

 

Jake Van Buschbach 0:00
Hey everybody Jake from umbrella IT services here. Today we're speaking with Dominic Vogel from cyber sc. Dominic is going to break down a ton of information about cyber security for local businesses, including how to keep your business safe, how to make sure your files are secure, and a ton of other information. So don't any further ado, let's jump into it. I'd like to give Tom A big thank you for coming on today and talking with us about cybersecurity and how it can affect local businesses. Don, thank you so much for coming on today. Do you mind giving us a little bit of a background on yourself and how you got into cyber risk management and what your journey looks like to get to where you are today? Absolutely. And Jake, thank you so much for having me on your show. I truly appreciate it and yeah, this cybersecurity has been a passion of mine. Gosh, I think since since my last year of high school, which was way back when kind of thing and

Dominic Vogel 0:51
sort of the Dre I went on to get here was so I went through my university days, and all the

Enough the word cybersecurity was uttered once my whole four year degree. All right. And the person who mentioned it was me, I asked a question about cyber security. So, but a lot of my cybersecurity training and education came at after you know, so I've been very fortunate I've been working in, in the field for close to 15 years, and it's all I've ever known professionally. So I always tell people, I, there's two versions of me there was corporate me, which was the first 10 years of my career. And then the last five years, the current version of me which which you're talking to today, that's entrepreneurial me. So, corporate me worked through various corporate roles actually spent a lot of time in the credit union system here in Greater Vancouver. I was in charge of cyber security for first West credit union. And just one day I realized I hated corporate life. I was not meant for that. I always thought I was a corporate person. And I realized No, there's this entrepreneurial person in me that I want to grow. So it was actually five years ago. This this

So it's my five year anniversary, when I left corporate and form cyber sec, which is my advisory company, and for the past five years have been going on, on that incredible journey of not just growing a business, but this journey of self discovery. finding out more about myself, I always thought I was just introverted quiet person didn't really like talking to people. Turns out, I locked off people, I love doing podcasts. You know, you and I had crossed paths in my corporate days, I probably wouldn't have talked, you know, I wouldn't have wanted to be on on the podcast or anything else. So it's very interesting to see all these qualities that I didn't know that I had, both from, mainly from a business and lifestyle perspective, has been really, really cool. So we're really humbled and very blessed to be able to serve so many amazing small mid sized organizations throughout North America. And for me, personally as well, in terms of cybersecurity, I love being terminated termly, throws thought leader I kind of hate that term, I just refer to myself as a talking head

I love making cybersecurity relatable to non technical people and do so in a way which is engaging fun. Because unfortunately, in it, I mean, I can relate to this, Jake, there's a lot there's a stereotype I think it holds true for a reason that a lot of it insecure people tend to have the personality of a boiled potato. So it's good to be to show that we can be engaging we can make what can be a very technical subject, or at least relatable to non technical people. So that's pretty much been a very strange, large

Jake Van Buschbach 3:32
nutshell. All right, cool. Well, congratulations on your five year anniversary. That's a huge, huge stepping stone every year, you're beating out 80% of the competition's that's, that's awesome. And I think that what you said about having the personality and making sure things are relatable. And being able to break things down for the average person is so important. Like when whenever we're implementing solutions for people, I made sure that everyone understands to not get too technical with folks the informations there, if they need it. But it's most important understand why things are being implemented and what impact they're gonna have inside of an organization. So I was really excited to have you on today and talk to you because cybersecurity is something that we provide as part of our stack. But I always like talking to experts who are completely niche down into a field. So what what would you say is the biggest difference between when you were doing cybersecurity and cyber risk management for this credit union in this corporate world, versus some of your smaller and medium sized businesses that you're working with?

Dominic Vogel 4:31
Yeah, I mean, the I was hitting one of the main differences, again, when we look at large organizations and enterprises for small and mid sized organizations, for the most part, there's still so many small and midsize organizations that are stuck in what I refer to as 1995 thinking. And that's where they say, well, we have we're a small company, no one wants what we have. No one's going to come hack us. Or we have Norton 360 We're good. Yeah, that's one of my personal that's one of my personal favorites. And say, Well, you know what? The these are all valid statements if the calendar read 1995 you know, it's it's 2020. And that's one of the biggest changes that I've seen over the course of my career is that small midsize organizations for the most part, they weren't able to get away by not investing in cybersecurity, just because that whole obscurity thing, it did hold true, but not forever. And as we've seen, now, every single company big or small, they have data, they're online, they have a virtual presence, you are at risk you Are you a target. You know, we're dealing with professional cyber criminals. Now, this is we've gone well past, you know, kiddie hackers and amateurs and all that was taught these moments as organizations. If you take an amateur approach to cybersecurity, right now, that's like bringing a spoon to a gunfight, you're done. You're going up against professionals. So you need to have a professional mindset in dealing with cyber risk.

Jake Van Buschbach 6:00
100% I completely agree with that. And it is very, it's a big problem that there's a lot of small medium business owners out there that are saying, Well, you know, we're not big enough or we don't have anything or there's nothing of value in this company. And there's a lot of value in that company. How many people salaries are you paying for? How much information are you managing? What kind of what kind of clients are you working with? I know one of the statistics is over 50% of people that get hit by ransomware, which is the type of virus that gets in your computer locks your data, and then you have to pay hackers somewhere a ransom to get your data back. The I think it's over 50% of businesses that got hit thought they were too small or not important enough to get ahead. And in my experience, what goes on is they didn't have a proper firewall in place, or one employee was using a remote access method that wasn't secure. Or they had an email server that wasn't secure, or it's just some very niche technical piece of infrastructure in their system wasn't secure the right way. The hackers got access through They hang out for like a month to three months, they just kind of soak up information, look at emails coming in, look at emails coming out, and then they launch. And then all of a sudden, you've just lost all of your backups, which is just a hard drive plugged into the server in the back, and you lost all of your workstations and 10 plus years of your business can be gone. And now you're on the hook for $100,000 us in Bitcoin. And your business is down for on average, two and a half weeks. So again, it can be absolutely devastating. We've got two clients on our roster now that we actually recovery. We work with them after they got hit by ransomware. And they called us to clean up the mess. And both of them almost lost their businesses both times because it's just absolutely devastating for small business to be down for 20 days, and to be paying out $100,000 ransom us with absolutely no notice. So in my experience, it's about insurance, but there's also a lot of growth opportunities while there Working with cyber security. What are some of the ways that cyber sec kind of helps their clients grow, as well as develop while you're focusing on the security aspect of things?

Dominic Vogel 8:12
Yeah, absolutely. Great question. And really great points are about about the ransomware. Jake, one thing, one quick thing I

want to add to that, before answering your question, there was

no I often talk to when I talk to businesses, or to people, I'll say, you know, you know, stuff like cyber risk or ransomware, or data breaches, you know, I always say what size of company has the most to lose? Is it the large enterprises? Or is it the smaller organizations? And so many people will say, well, it's the larger organizations, they have the most money they have the most to lose. And the thing is, that's false. If you look at all the data breaches from all the big companies always want to make the mainstream media. They all recover. They all have been fine. They have the they have the war chest to survive

Jake Van Buschbach 8:55
there in the meantime, that Yeah,

Dominic Vogel 8:56
exactly. It's not an issue. existential threat for them for every large company that you see going through a data breach and surviving. There's anywhere between three to five small organizations that no one's heard about that go under, no. cyber risk is an existential threat to small or small organizations because they don't have the sizable war chest to get through that they cannot afford the makers to pay that ransomware to go offline. So the very existence of their business is at stake. I think that's a piece that a lot of people overlook.

It's not

sort of the how much money you have to lose this is that that is an existential question. So I think it's super important for every business owner and people, especially with a local business perspective, to switch their mindset from the word to small approach to being the this is an existential threat. We

Jake Van Buschbach 9:47
have everything to lose 100% Yeah, when you're small accounting firm, or when your insurance agency or one year product company gets hit by this stuff, you're not getting any press, you know what I mean? Your clients are just going, where are you and you can't email them most of the time. You can't phone them, your CRM is gone. You know what I mean? It's it's a big, big challenge to kind of understand exactly how devastating it is to lose everything digital for a week, and then be scrambling to recover your data. Which is why one of the things we use is backups to prevent this kind of stuff. But yeah, so I know that cyber C's tagline is securing business growth. So I really do want to touch on how investing in security can relate to business growth.

Dominic Vogel 10:33
Absolutely, absolutely. As I went on that rant, I forgot what your question was a thank you for stating that. You know, our tagline is secure and business growth for a reason. And one of the reasons why we do that is it's really about helping organizations break through that myth or stereotype that security is there just for security sake or that it's a sunk cost. And there's Unfortunately, no shortage of have security firms and secure consultants that take a security at all costs approach. Security doesn't happen in a vacuum. It happens in the context of business. And when you're talking to non technical people, business people, business owners, what they care most about is the growth of their business. No one wants to say they have a business. Oh, I'm just hoping to just maintain everything for the next 20 years. No, every business owner wants to have growth. And in this day and age, we feel that security is a key enabler and it empowers businesses to securely reach various stages of business growth, if you want your business to grow, and to do so steadily you need to invest in cybersecurity. I mean, it's trying to reframe things. And rather than seeing security as a cost center, see it as an investment and making sure that your business growth actually does materialize. So again, when we talk about all these things, we're not talking about firewalls or threats or the Chinese around or what have you, really we're talking about, we live in a digital age now. And if you're investing in technology, and you're investing in things like digital transformation, you need to invest in security, that these are all necessary ingredients for business growth. And these are all terms that resonates that resonate with CEOs, CEOs, CFOs what have you. Well, it's not all about the while you need to secure this board.

You don't need to get to that level of granularity. At least not initially. Yeah,

Jake Van Buschbach 12:30
yeah, I entirely agree. What are some of the risks that people are securing themselves against just so people can kind of understand what what it is exactly you're protecting them from?

Dominic Vogel 12:41
Yeah, absolutely. And there there's there's a lot of different venues here. So I mean, the first of all talk about is think about protecting against external threats or external threats could be cyber criminals cybercriminals quote hackers these days The type of people that are trying to steal data. Every organization now has sensitive data. And the data could be confidential business information. It could be your sensitive client or customer information, financial information. data can be so easily monetized. Now, people understand that data is very much a commodity,

especially on the underground market. So

making sure that you're putting in the right, security controls to protect against such theft, that data are used to be able to detect if that theft is in progress. That's one area. Another area is and this is really relevant for b2b business to business organizations, is making sure that you're able to demonstrate to other businesses where you are, especially if you're a small organization or smaller organization. If you're supplying a platform, or service, or some sort of technology you need to be able to demonstrate to your customers to your clients, that you have an act of cybersecurity. programs in place. The reason why that's so important is that larger organizations right now are really clamping down on supply chain risk, and further clamping down on what's referred to as vendor risk management. So they want to make sure that any of the vendors that they rely on, are making sure that any data that they pass along, are you responsible systems are being integrated, that there's sufficient security mechanisms in place. This all came out of when target the US retailer got breached, gosh, over that was, I would say, eight or nine years ago. And the reason that happened was it was through a third party vendor there h back vendor, smaller company that got compromised, and cyber attackers were able to gain access to target's internal network that each bank vendor By the way, no longer exists. So another reason why well, it's it's an existential threat and target still exists. Yeah. But essentially, this is super important and it's where I love to say that this is where cybersecurity as a Very clear business reason now. So I would say if your small company, a small company being, you know, to two companies, let's say they have the same type of platform. And they're both trying to sell to fortune 500 companies, let's say maybe have some HR platform. Company A didn't really bother about cybersecurity. They don't really know anything about that. They don't really care. Company B has taken the time to invest in cybersecurity, and as a result, they're able to actively demonstrate to their potential clients and customers that they have sufficient cybersecurity mechanisms in place. Company B is now in a spot of competitive differentiation. They're able to get through the procurement process Far, far faster and far quicker. And the large companies know that they'll if they're if it comes down to two companies right now, they're going to go with the one that's able to actually demonstrate a proper cybersecurity program. So it's a very clear business reason Why cyber security needs to be invested in. And that's that has excited me because finding sort of those business reasons rather than just focusing on external stuff like after it's really helped to make it real for CEOs and CFOs.

Jake Van Buschbach 16:14
Yeah, hundred percent. I agree, I think one of the way that we explain things is the impact of the business as well. And I do really like the fact that you brought up the vendor threat, because that's been one of the largest ones in my experience. So we have a client, and I want to give any details, but we have a client who has a vendor, and their vendor was compromised for, I don't know, two and a half months or something like that. I had no idea there was some snooping around their emails for two and a half months. And one day three of the executive leaders of this business that we manage, were all sent emails from appropriate emails like it was the middle of a thread, sending data back and forth spreadsheets through OneDrive that just pay basic stuff like that. And they responded saying, Oh, you know what, actually, I think that we need to make some corrections on this file, here are my thoughts. And then there was an attached Excel spreadsheet. And it's from a trusted source. It's in the middle of an email thread. That's like six responses deep for each person at least. And of course, they clicked on the Excel spreadsheets and our AI based antivirus sprung caught it did its thing and the attack was prevented. But it just goes to show that it's even when you're getting emails from people nowadays that you trust that you're in the middle of an email thread with, that can be someone else. And I was shocked to be honest with you that that happened. Of course, again, we make sure we're thinking ahead, we're making sure that we've got multiple layers of security for all of our clients. Again, I don't want to give details about that. But we use at least five layers of security for every level of their infrastructure. We use several different types of backups. So it's very important to me to make sure that when something unexpected like that happens, everyone's prepared and everyone's ready. And I think that's again, one of the value adds that that bringing in a company like cyber sec really does. Because if you're doing an audit, if you're doing an assessment on an existing system, we do this all the time, and I find nine or 10 holes per business on average. I'm sure you find similar sort of thing. But these businesses to tie back to what we were saying originally, if these businesses want to avoid, avoid downtime, they want to preserve their reputation. And if they want to make sure their data remains secure, like it's not so easy, like you said, is just saying, Well, I have Norton 360 like whatever. Like, you know, Norton 360, in my opinion is worse than Windows Defender by itself. And it's a cost you know, so the free the Free Antivirus that comes with your computer is is better than Norton Antivirus. That's my heartache of the day. So yeah, you know, I think that it's very, it's a good opportunity for people like you and I right now to be able to educate people. And while the rest of the industry is going but mo gigabits, and the ram And these other really, really technical things that people don't care about. You and I are going this is gonna have a bad impact on your business unless you secure this, like, I was able to get access to your internal private Wi Fi network sitting in your lobby waiting for you to me when you need to focus on this stuff because all it's gonna take is one robot programmed by a 14 year old Ukrainian kids scanning the internet to accidentally stumble upon your business. And you're gonna owe him $100,000 us by the end of the week, and no one's gonna be working for the next two to three weeks here. And I think people really need to understand that side of it.

Dominic Vogel 19:36
That's so so so so true, Jake, no, and the

two quick thoughts on that. And with the Great example with that email thread there, in terms of how I hate using the term sophisticated, I think it shows the evolution of male female based threats and again, the mindset of again that people are still stuck in 1995 when we talk to prospects about Email based threats are like, Well, our staff know not to click on the Nigerian prince scams. And again, no, great, great. Again, if this was the mid 90s. And Bill Gates was still CEO of Microsoft. Yeah, I'd say, Sure, good job. But this again, is 2020 get your head out of the friggin gutter. You're not living in the mid 90s. Now, you know, the Spice Girls aren't around anymore. It's it's a totally different mentality. Now. And so I think there's still almost as well for this false sense of security that so many organizations and businesses have. I think that's the most dangerous thing. You know, people will say about whether or not they have the right technology in place or, or the right processes to me It all comes down to the mindset if you're CEO, CFO, CEO, whomever business owner has that mindset. You can have the best technology in the world you're still screwed because you know from the top down, that leadership approach is going to do is gonna do me to failure. From a from a security perspective, so I think it's super important that people talk about where do we start when it comes to cybersecurity is the mindset realizing that, like I said, it's 2020. And every business is at risk, restart your restart your mindset and don't come from a false sense of security because you're likely you're setting yourself up to failure. And the other quick point is that so many of our when we when we talk to prospects, so many of them are referred to as reactive, they come to us after the breach after a negative incident, not something I'm going to try and do proactive. And even then, we find that there's still so many organizations and I'll give you an example here, there was a prospect who their their business was literally the the owner told us he said, our business literally days away from shutting down, the days away and I was like, Okay, okay, well So when we went back to the proposals, okay, well, here's how we're going to help him from a cyber risk leadership perspective. Here's what we'll do, you know, in terms of assessments and working with your IT team and that type of thing. And then she said, Oh, wow, I was thinking, you know, maybe 200 bucks a month. And I was like, You told me that your organization, your organization that you own your business, basically everything that you told me that you had built up over the past 35 years that you became within the whiskers legs of being shut down. And you're saying that value to you is $200 a month to try and make sure that doesn't happen again. Yeah. I was like, okay, we're oceans apart. You know, sure. I may not be the world's greatest salesman, but I do think the world's greatest salesperson will be able to bridge that type of cap. So yeah. The scary thing is that there's that there's still that prevalent mindset that even when they go through this, and we've all said even if the longer it goes, so we've talked to people six months after an incident and like well, it's been six months and nothing bad has happened. I was like wow. There's a lot of recency bias as well, which affects the mindset. So that's why I would say, the mindset piece, you really have to just convince more and more people that this isn't make believe stuff. This is this is real. And it's not just about worrying about hackers. What's at stake? Is your very lively.

Jake Van Buschbach 23:20
Yeah. And it's not like a lightning strike, like you're more likely to get hit again, if you've been hit once.

Dominic Vogel 23:25
Yes, especially with something like ransomware if you paid ransom once, you're more than likely to be paying it again very, very soon.

Jake Van Buschbach 23:32
And yeah, I think one of the reasons why people are so not hesitant to spend money but one of the reasons why people are so skeptical of people like you, you and I now is it kind of bleeds over from the computer repair days, like when I was doing iPhone repair and stuff like that people be like, Oh, it's so expensive. Why is it so expensive, and there was all these so you have apple and they're doing the phone screen repairs, and then you have people like myself and a bunch of other small business owners that were fixing phone screens and stuff. 75% of people fixing phone screens are doing shady stuff like I remember there's a place out in Burnaby. And I would have people go there and then they would come see me and I was like, I should just stand outside there with a sign saying, did this company break your thing, because they would be they would be literally taking batteries out of phones and replacing it with non OEM batteries. So they could resell the batteries to other people. And they would be putting in screens where the glass would separate and pop out of the actual screen and then charge the person twice for a good screen. And it's very similar in my experience now with companies for saying that their cybersecurity experts and their their it providers and our it consultants and our managed services company and they don't even use backups, they don't use they don't use data protection. They don't train people staff. There's so many basic tenants of what you have to do to manage a company's it that are just like not being taken care of by these people. And I think that when people see their bill which can be thousands and thousands of dollars a month and they pay that bill thousands and thousands dollars a month. And then when it's time to put the rubber to the road, they find that this company is basically been scamming them for the last six months, two years, five years, whatever it's been, they're incredibly hesitant to invest in other people. So I think that's one of the big sources is that our industry because it is such a wild wild west, it's so important for clients to do research on people to look into their background to see if they're reputable talk to their existing clients, and really dig into the person before they do business with them. So they can make sure the value the person is going to provide them matches with that number. Because, again, we still have some clients for 200 bucks a month, we're talking about individuals and, and just very small businesses. I'm very happy to work with nonprofits and whatever. But I have a lot of people that are 60 person companies, 45 person companies, and when we give them a proposal for like, again, not $1,000 a month, not $500 a month. They're like what is Why? What is this and it's like, well, you're you're safe. to full time salaries to manager, entire organization, you're getting all of this software, you're getting all of this maintenance, you're getting all the security stuff, all these backups, etc. And they still say, well, the last guy was cheaper. And it's like, Yes, yeah, the last guy was cheaper, but he's also the reason why you didn't have any business for 20 days, 30 days, why you didn't have any backups in place in my costume again 80 to $100,000 us in my experience. So I think it's it's up to people like you and I to really kind of call out other folks in the industry that we see doing the shady stuff, because it really does hurt all of us when when that one scammer who can talk really nicely goes in and starts to sell people on solutions that they don't need. I think it's so important to kind of call those folks out.

Dominic Vogel 26:48
Absolutely. And it's, it's, it's, it's something which I completely agree with. People like you and I are unfortunately paying for the sins of those who came before us. And that's one of the Biggest roadblocks that we come up against is that in some, at some point in the past, I'll say three to eight years, a lot of our prospects that we talked to have said, Well, we brought in a security consultant, or we brought the leverage another organization and it's either one or they said, you know, we paid 60 k for this huge security assessment report. It was like 400 pages told us all the things we were doing wrong, but we didn't know what to do with it. Yeah. And again, not to name names, I'll just refer to the Big Four. Those advisory firms in which they often will try and take the enterprise approach to how they do cyber risk management and try and RAM that down the throat of a small midsize organization. You know, small midsize organizations, they don't need some big fancy report they need to know practically what should they be focusing on this year than the year after year after they need to have that almost at handholding to be able to get get there. This isn't some fancy report which is going to be stamped a bunch of times and go before the

audit committee and some other enterprise risks.

You can't take an enterprise approach approach to risk and think that that will be applicable to a small midsize organization. And even with other security vendors An example is we were dealing with a prospect and they said, Nope, we're good. We actually spent, like 200,000 on this state of the art security tool. They couldn't even know what the what the tool was. It was a was a security information event monitoring tool. And they said, Yeah, the salesperson said that this is all we need, that we can install it and forget about it and help protect our environment. I was like, Really? I said, you might if I take a look at it, so took a look at it. And I was like, Who wants it's it's a rack

Jake Van Buschbach 28:42
here and whose actual device and appliance

Dominic Vogel 28:45
appliance and I was like, hmm, I've been powered on and behind and and there's no, there's no, there's no power cable. And I said, so I went back out and I said I said who put Put it in the server room and they said that, oh, the sales rep helped us put in for us. I was like, oh, does anyone ever check to see but you know, generate reports or anything or generate alerts. I said, Oh, no, no, we've never checked. He said, he says, basically set it and forget it. I said, Well, just an FYI. It's not even powered off. The I could see the color drain from their face. And, you know, they had spent like, upwards of $250,000 over the past four years, or five years, wherever was on that appliance, again, false sense of security. And this was a non technical person, being taken advantage of by a salesperson, was able to do you know, be charming enough and have enough sales lingo and security lingo to scare someone into buying a product or buying a platform is a silver bullet syndrome and it's dangerous. You know, it's a shame that the in our industry is tainted by The minority or at least a few individuals that do do that, but it's it smears the rest of us

Jake Van Buschbach 30:06
exactly. What would you say, is something? So let's say that I'm a small business owner, and I really don't know a lot about this stuff. Where can I get started? And what areas of my business should I focus on when I'm gonna get serious about security?

Dominic Vogel 30:21
That's a really, really good question.

So I'll give two parts to that. The Part one is,

like a broken record here is the mindset, making sure that your cell phone whatever however, larger executive team, is, making sure that you recognize that cyber risk is an area that you need to focus on as an organization. And you also need to realize that as the CFO or CEO, whomever ultimately that you're responsible for cyber risk that you need to have leadership when it comes to that. Just like any business, CEO as expertise In the business and in growth, you know, CFO has expertise in finance. You take your average woman size organization, you have leadership when it comes to operations, business, finance, HR, what have you. There's a leadership void when it comes to cyber risk. cyber risk is an area which as I said earlier, you cannot take an amateur approach to it. So I hope this doesn't sound too much like a shameless plug, but you need to be able to engage with people who can provide cyber risk leadership help you as a business and those organization understand what elements are, what threats and what cyber subsections of cyber risks you need to focus on. cyber risk is something which it's different for every organization is different organizations have different regulations, they have to deal with different threats that they may face depending on what sector they're in. Different government regulations, different contractual obligations with their clients and, and stakeholders. So it you need to take almost it's like a tailored suit, you need to take a tailored approach to it as well. cookie cutter approach. So engaging with someone who was able to provide that type of leadership, that type of advisory capability that to me is a starting point because you need to know what you're dealing with. And even if you don't want to pay with for something, get you something a high level assessment. Again, shameless plug, go to cyber sec, you know, there's a 16 question questionnaire. It's all simple yes or no questions. And there's a free report that gets generated from that high level, you'll be able to see what areas your organization should be focusing on from a cyber risk perspective.

Jake Van Buschbach 32:33
Yeah. Yeah, I think that's really important for people to notice. Do you segment the businesses at all into different categories, like for example, when we're working on them? I like to break things down for folks in terms of cloud services, networks, users, workstations, servers, that kind of stuff. Do you do anything like that when you're explaining things to folks?

Dominic Vogel 32:52
Absolutely, absolutely. Absolutely. So one of the one of my personal

favorite frameworks

that we use for So the majority of our clients with the majority of our clients have never assessed or thought about maturing their cyber security platform or cyber risk management. So we use the CIS o center for information security, top 20 security controls. It's a global standard, it's a very quick and dirty way of being able to assess the security posture of an organization does a great job of looking at people process and technology, and also different areas of who's from a technology perspective, where cyber risk can exist, like you're saying there, the workstation level at the user level, at the application level, right across the board, kind of at the network level. So it's important to be able to do that. And that's always Our first step is what I refer to as baselining. Because you need to know what your starting point is. And if you've never assessed it before, you need to know where you're growing from. So we can see that and then based on what we find, though, you're able to say okay, year over year, recognizing that suit user journey. It's not just like saying, oh, let's upgrade to Office 365. And then we'll wash our hands and be done with it. Security evolves as the company evolves. So that's where working with leadership, we can say, okay, based on growth projections, based on where you want the company to go and grow. Here's what we're recommending, in terms of security improvements year over year. So I say something like the CIS framework is a great starting point. And then as things evolve, if it needs to become more, more serious, shall we say, there's other frameworks and other secure certifications that can be started or pursued, but to me, you need to start somewhere and then be able to grow

Jake Van Buschbach 34:40
from there, hundred percent. You mentioned, Microsoft 365. There. If people move to a cloud service like that Microsoft 365 or G Suite or Dropbox, etc, they're safe, right? They don't need to worry about security.

Dominic Vogel 34:58
The

other one, my favorite, man You know, it's it's that understanding again as well of almost this is fine, which, to me, it's the next iteration of the the myth which I often hear with other organizations is that oh, you know, our it MSP handles cybersecurity, if something happens, it's on them. It's like, Well, not really, it doesn't exactly work like that, you know, it's again, it's that out of sight, out of mind, in which you know, you don't you can't outsource the risk. Yes, you may be outsourcing operational elements of that. But again, if your organization gets breached you know, it's it's your customers and your clients are gonna be looking at you. It's not your internal IT team or come after your IT manager come after it managers provider at the end of the day. And what's so many business owners executives still need to understand is that when it comes to due care, due diligence, and a fiduciary responsibility that is on you as a business As a business executive, you need to provide the right governance and oversight on that risk, you own that risk, you can't outsource that risk. You can do things to lower that risk by engaging in it MSP having cyber insurance, bringing in people like cyber se, those are all things that can help to lower the risk. But ultimately, you still own that risk. And by doing nothing, or saying, Oh, you know, we went to Office 365. It's all on them. Now, if there's a breach now doesn't work that way. Yeah, you still need to make sure that there's sufficient steps being taken, especially with the cloud. That's a shared responsibility model, that you understand what your cloud service provider is taking care of from a risk perspective, and what responsibility you still have as organization in terms of managing that risk. There's too many people who still wash their hands and things and again, mindset. That's a dangerous mindset.

Jake Van Buschbach 36:54
Yeah, I think it's super important for people to keep in mind that 91% of attacks that happen on small businesses come in through the people, not the technology. And it's so important to note that if you move your stuff on to the cloud, it's really not that secure, it's actually more accessible in terms of locking down the data and the encryption and this kind of stuff. It is, in my opinion, much better than having like an on premise file server, both in terms of redundancy in terms of the encryption and all these other things. But in regards to a business thinking that just because you've moved to the cloud, and you're secure, that doesn't really mean a lot. In my opinion, it doesn't matter what technology you're using, that comes down to the mindset that you talked about earlier, and making sure that you have redundancy in place. And I always use that word thousand times in every meeting. Because you need to have redundancy across your devices, across your applications across your software, across everything. And if you don't have that redundancy, then when something happens, you're going to be in a lot of trouble again, I don't sell anyone any sort of false stories. I tell them coming in to look at the existing house of cards that your previous it providers set up. Now I'm going to build you a different house of cards. It's not infallible, there's no such thing as as security proof or virus proof. But here are the contingency plans that we have in place in case something happens in the future. And when I take that approach, people seem to be a lot more responsive to it versus, again, a lot of these shysters out there they go, it's the best it's proof all you got to do is turn on this box in the back room and it's gonna make sure that everything is taken care of and it's like that is If it sounds too good to be true. It is too good to be true. And I think the fact that it is kind of shrouded in this mystery and a lot of people festered, it's just black magic, makes it really easy for people to take advantage of them but you really do have to take the same mindset as when I go to the mechanic you know, if I go to a mechanic all your oil pans leak and it's okay is it is it on my on my car, is it really it's leaking again, the same way was last time Wow, okay, no, no, thank you, I'm good. You know, you if you have a skeptical mindset when you're talking them, and you come from a positive place, and you're trying to understand they're trying to help, and you just kind of dig in a little bit, take notes while you're doing it. A lot of these people will contradict themselves, you know what I mean? A lot of these people will give you solutions. And you can go look up those solutions, and go talk to their other clients. It's the same thing as if you're hiring a staff member, like I would highly recommend that you take whatever information they give you ask them for a couple of their existing clients and go, Hey, excuse me, do you use this service? And what is your experience been with it? And has this helped you at all? Do you get this these reports they're talking about? Are you getting these solutions they're talking about? Have you noticed a benefit from having this individual around, etc. It's or this organization around and people are going to be able to give them that feedback. Because if you don't do that due diligence and you walk into a mechanic shop, they can it's like a shark with blood in the water. You know, and I mean, a lot of these guys as soon as people are like, Oh, I don't know anything. about this, I don't understand, like, I just want you to handle it that, uh, they do take advantage. And it's very, very frustrating for me because, again, as you mentioned, it ruins it for everybody. And I want to make sure that people are starting to look at it the same way they look at accounting and bookkeeping, right? It's, it sucks. It's not a lot of fun. People like you and I, the weirdos we get excited by it. But again, the same thing with the accountants right. But at the end of the day, it is another one of those boring facets of your business that now is crucial. If you're not doing your accounting, you're going to you're going to prison. I mean, and if you don't do your IT security and your IT management, your it strategizing, your business is either going to fall behind, or it's going to be destroyed and eradicated by one of these 14 year old Ukrainian kids and one of those little robots. And it's kind of ridiculous that we live in this dystopian movie now, where I've seen literally a bunch of 1617 year old Ukrainian kids get into banks. I've seen Get into giant organizations multi and they get jobs out of it now as well. Or they're making hundreds of thousands of dollars a year because at 14, they roll the break into Wells Fargo or Goldman Sachs, you know what I mean? So it is odd that we live in this world now. But it is just so crucial for business owners to understand that you don't have to break the bank. You don't have to go nuts, but having a quarterly meeting with an IT consultant and just saying, this is where I am, this is where I want to be, what do I need to do to get there securely, you can just do that. And they can tell you, Hey, I'm just going to come in. I'm going to spend a couple hours looking at your systems, couple hours talking to your staff. I'll send out a form whatever, and just need to see kind of where you guys are at again after three months. And they can kind of make these tuneups. There's so many different ways that people can do things without spending 10,020 $5,000 a month.

Like I mentioned, we're able to protect some people for like, the equivalent of a cup of coffee every day. You know what I mean? So it's, you know, Don't have to break the bank, you don't have to be overwhelmed. All you need to do is have the same sort of relationship with an IT provider that you have with your account. I think that's that's one of the most important things that I'd want people to walk away from listening to this from.

Dominic Vogel 42:14
That's such a great takeaway, Jake. I honestly don't think I could

stop that. I totally agree.

Hundred percent. I think that that's such an important takeaway. And one little thing I'll add, I love

our for to r&r one or being redundancy. another hour, which is a favorite of mine is resiliency, you know, in this day and age, again, it's not about having that mindset of, oh, we'll never have a virus never get breached. No, there's no such thing as 100% security. What you want though, is to have a organization that is resilient in the face of dynamic cyber threats. You want to have an organization that's resilient in the face of ongoing cyber threats. That is the goal not to have 100% security.

Jake Van Buschbach 42:57
Yeah, couldn't agree more. What are some things basic strategies that you recommend the businesses that they can put in place to kind of secure their their stuff.

Dominic Vogel 43:07
Yeah, to me the there's a couple strong points. One is to make sure that you have a very strong relationship with again, your internal IT team, or you outsourced it managed service provider. If, since with so many executives in which they just blindly trust what their IT manager or their IT managers provider is saying, because, you know, the communication plans are like this, while the technical team is speaking in tech talk, the senior management and senior executives have no idea what they're saying. And a lot of them don't want to appear to be foolish in the face of that and we'll just say, okay, okay. I think they'll know what they're agreeing to. So to me, one of the foundational spots there is to have a very firm, really great relationship, if you're still unable to speak on the right communication. plane, and again, this is somewhat of a shameless plug. This is where again, bring in an advisor or an outside consultant like us, we always refer to ourselves as a conduit in which we can talk to the business, we can talk to the tech team, right? We're able to speak multiple languages, even if that language is still English, we're still, you know, tech Tech Talk needs to be translated to the business and vice versa. So by getting everyone on the same page there, that to me is often one of the most important foundational starting points, you get all the other security controls removed, unless you're able to communicate effectively with each other.

Jake Van Buschbach 44:28
Yeah. And I think that I would add on to that is that I think it's so important that when you bring in a consultant that they're able to work with the existing IT team, because I've had a lot of people come in and they go, Oh, so horrible, what is just a law. And I'm like, Hey, give me a proposal. Give me your proposal, and we'll look at what you got to say, cuz I'm very interested in making sure my clients are protected. I want to be the best we can. So if we have a hole in our security here, we'll go through it. And again, literally, I've seen somebody say you need Norton 360 instead of whatever this other one is, because I've never heard of it and you need to make sure that you're using Dropbox for your backups. And again, when they're talking to the business owner, the business owner will trust them a little bit more than they'll trust us, even though we've got this long term relationship, because they were referred in usually, in my experiences, that's the CEOs wife's brother, you know, I mean, it's someone like that. And it's like, well, he said this, and it's like, okay, let's all have a meeting. Let's all have a big discussion. Let's get everything out on the table and see what's wrong and why it's wrong. And as long as you're able to have civil positive, productive discussions with the consultant, that's great. And 99% of the time, that's my experience, but I have had one or two people that come in, and you can tell that they're just starving. It's like, it's like a used car salesman, but the bad year, you know, they're just like, any, any hook they can grab on to, they will. And all they want to do is just get their foot in the door and get a new client. And again, they're willing to put in inferior solutions are willing to lie about things, and those people are out there. So as the business owner again, I think it's true super important to find someone like yourself, who's able to cooperate and have a productive conversation with the existing IT team. And if the existing IT team is completely inferior and completely not up to the task, you'd be able to provide factual data that that team would have to acknowledge. They would have to say, You know what? He's right. We haven't been doing backups three times a day off site to an archive location as well as to an on site appliance. And this is a real risk, but we weren't doing that. Because you said the cost was too high. You know what I mean? Like, there's always gonna be reasons for it. Yeah. But the fact is, now the business owner can go, Oh, this is a liability that exists in my business. And it is something that I did tell them no, but they didn't revisit it because they're not structured the same way that a consultant or a company like umbrella IT services. So it's very important, I think, again, just to make a final point there that when you're bringing in consultants, has to be someone who wants to solve problems, not someone that wants to critique and tear things down. Exactly. Super, super important.

Dominic Vogel 47:08
Exactly, Jake. And

a final takeaway is, again, isn't for your listeners and for your viewers here, if they're talking to security consultants, if you are talking to a consultant, or security advisor and they are talking about tech solutions, in terms of how to solve problems, all you need to put in product action, you put a product Why? And like you're saying that they're trying to find problems. Two things run far, far away. Yeah. What you need someone who's willing to engage in dialogue, what someone who's willing to look at big picture, and someone who's willing to work with everyone at the table. Yeah, people who are just set try and say I'll put in product x, I will solve your problems. Don't Don't do it run far, far, far away.

Jake Van Buschbach 47:51
Exactly. There's got to be a lot more that they're bringing to the table because again, sometimes you do need products. But if that's all they're saying, That's not true. Like you, you need to have ongoing support, you need to have constant meetings, you're not to the point where it's detrimental. Again, the entire point of you and I've been brought in is to avoid downtime, and wasting six hours a week with us as His downtime, in my opinion. But yeah, there's so much more to be brought to the table than just, yeah, throw this box in the back and never worry about this again, like, it's, it's very much, okay, we're going to put this in, it's going to do these things, here are the risks with it. This is what we're going to do to make sure we have contingency plans for those risks. And then moving forward, we'll sit down and we'll figure out where you're going to be in three months. And then we'll make sure that it's going to last and this is my my plan for the next three to five years for you guys with this new thing that we're going to implement. And then we're going to take a look every three months and make sure that it still doesn't need any updates or we're not missing anything or it's not over being overpaid for being over used. So yeah, I think you're right where if someone just comes in, they go buy this product, set it Forget it. Don't worry about it ever again. It's like that's not that doesn't sound Write again too good to be true. There's no no oil change that's gonna last you 100,000 miles.

Unknown Speaker 49:06
So true. no free lunch.

Jake Van Buschbach 49:07
Yeah, yeah, exactly. Um, Gemini advice for businesses that are they've been hit by a cyber attack or they've been compromised, or they have a feeling that they've been compromised. What can what can folks like that do to kind of see what's going on inside of their business and to get more awareness?

Dominic Vogel 49:28
Yeah, I mean, if they've been compromised if they've been hit by something, I think it's really important to, to engage with with experts. One of the things that I always tell people is that you need to know what happened and it was a subset of security called Digital Forensics, and which is almost like the CSI squad to be able to figure out what what happened. And, again, yes, it can be expensive, but again, you've you've almost deferred those costs by not investing in cybersecurity. So you know, it's I would like to say it's a debt that you took out and now That loans being called, you have to pay back and pay back that debt. So I think it's super important that when that happens, again, yes, it can be scary. Yes, it can be worrisome. But I also use it as an opportunity and which it can be a learning opportunity to get you to a spot where your organization needs to be. So bring in digital forensics, bring in a cyber risk leaders who can then look at what happened, look at bigger picture, look to a much deeper assessment, say, Okay, here's how we're going to get your security maturity from the dirt floor where it is right now, to a spot where it makes sense and fits with the overall risk tolerance of the organization. So it's and don't try and navigate those waters alone. You like to tell people that cybersecurity has come a long way, you know, used to be a field ruled by generalists now. It's a very hyper specialized field. So you need to make sure that you're engaged with experts.

Jake Van Buschbach 50:53
Yeah, I agree. What are some common mistakes that you see people making when they're trying to implement this stuff?

Dominic Vogel 51:00
Oh, gosh, you know, to me, I would say the it would be a misalignment between sort of the policy and the technology. Yeah, often, it'll be okay. Well, we're going to install endpoint protection on things to protect the laptops and workstations and maybe the tech team or away and install that came SP my way and install that. It's done in a vacuum as long as not going back to mapping back to capabilities, or mapping back to what types of risks are we trying to mitigate? Yeah, if they're just rolling things out with the default policies and not trying to customize it at all, again, yeah, we're getting some protection, but we're not doing it in the way in which we're really focusing on redundancy and resiliency. You need to take a more structured approach rather than just trying to just throw stuff out there. It's okay, take the time to be methodical about it. Make sure that the policies and what we're expecting from a risk reduction point of view that's actually mapped back to the actual technology. That's being implemented. Yeah.

Jake Van Buschbach 52:01
And what does that look like? Exactly? Like if you were gonna say this as a solution to that problem, what does that look like? Yeah, to

Dominic Vogel 52:08
me back to the earlier point about about having making sure that there's sufficient dialogue. It's not just it's not just a, okay. We need to we need to have a new anti malware solution. When you have Endpoint Protection. It's like, okay, let's just buy a product and slap it in there. Like, no, let's define what our requirements are, who's going to be using it? Are we going to be monitoring it? What type of alerts are we going to be trying to get from that? What type of risk reduction in terms of malware are we expecting? What type of user interface? Are we expecting our staff to be able to interact with it? Or is it just going to be IP support or like the helpdesk or whomever has to be managing it you need to go through a very structured approach to things because at the end of the day, this all these things all map back to some level of business process or business workflow. Too many people still take the I've just pick product x installed product x, wash my hands and walk away. You need to take a lack of better term structured almost like a project management approach to things. Yeah.

Jake Van Buschbach 53:15
Yeah, I entirely agree. Yeah, give me tools that you would recommend people look into if they're starting to kind of take this seriously themselves. Because again, I think for the smaller businesses, it would be the most important to focus on because again, the larger businesses, they have the resources, they can reach out to somebody like yourself, or if they are concerned or they have any second, they want to get a second opinion. But for the smaller businesses out there that don't have budgets, to be able to reach out and do a, I think you said $3,000 security assessment is what one of these places was charged. And we're happy to do complimentary assessments for folks. But in your experience, what are some of these tools that a small business owner with let's say to a set like an assistant And ended an apprentice won't be able to use to make sure that they're on the right track.

Dominic Vogel 54:06
actually even even then making sure that you have some basic things in place, you know, and even if that's something with example, there's a lot of organizations that use Mac books now. And so you like making sure that you have a good free anti malware solution. So FOSS as an example, as a really great Mac solution. You know, just saying I have a Mac, I'm

secured and that's

wrong type of mindset there. Even if you're running Windows 10, or Windows Defender, I think there's good basic things in place. I think what's important, especially as the operating systems have become much, much more resilient in recent years, is making sure that you are leveraging

an updated operating system. If

you're still running Windows XP or Windows seven, get the hell off that you shouldn't. You shouldn't be writing that to me, we're talking about even get to the point of tools. Just from a mindset perspective, run updated technologies and make sure that whatever programs or operating systems you're running, making sure that those say updated as well. Yeah. That to me is one of the best things to focus on. Rather than saying Oh, use tool accurate tool, why I mean, I just try and break it down into that simplest component. And not another thing as well is that something which will be developed at cyber se is an automated course or it will produce a YouTube series of shorts for organizations that

are small, really small companies

that they want to learn bit more about how we could take a structured approach to cybersecurity and how they can be better accountability partners with their it providers. It's almost like why referred to as a DIY Do It Yourself approach. Yep. cybersecurity, so if you can't, you're not putting up where you can afford larger advisory services. It's, it's almost the example I like giving is if you need to buy a new dishwasher, you can either hire a professional or if you're not able to Watch the YouTube video and see if you're able to do it yourself. Hopefully you don't flood your, like your main floor or anything. But that's sort of the approach that we're taking with this in which it's a DIY approach to really help people better understand the basics, and what they what they should do as a small, very small business owner, and who and the questions that they should be asking. So that's something which will be coming out hopefully sometime in late September. Perfect. Yeah,

Jake Van Buschbach 56:23
whenever you get that to send me the link, throw it into the script. Absolutely. Because Yeah, I think it's, I think it's so important for that, like, we do a couple seminars here on introduction to Microsoft 365, Introduction to G Suite, social engineering, information security, one on one. All those are up on the channel here, underneath our seminar section away from interviews. And again, like I've had a lot of people reach out and just go thank you so much for making this like, I just get a little bit more peace of mind now that I understand like, these are the ways someone is going to reach out and try to hack my business. And these are the most common ways last year that this happened. The feedback I get is mostly like I didn't understand a lot of this but Now I understand more of it now that I've watched this video, and I feel a lot better having discussions with you and with other people in the space about this, like, I'm not going to again lie and say, oh, everyone's like, Oh, no, I'm a cybersecurity genius, because I watched your two hour seminar, but they're like, I genuinely did appreciate that you made the effort to put this out. I watched about half of it. It was really, really informative. I got overwhelmed, because it's just so much information. But I'm going to come back at it. And I'm going to watch it under 15 minutes. I'm going to watch it on the 15 minutes. And after a couple of months of it being up now people are telling me to watch the whole thing. And now I'm keeping an eye out when I get a phone call. Am I giving out personal information? When I make a vacation responder? Am I telling people how long I'm going to be gone for and where I'm going, you know, there's all these little tiny things now that people are starting to pick up. And they're starting to understand why it's a risk and in 2020 why it's so risky, to just be giving out information because even if you're telling people going to Mexico on your Instagram, it's very easy for somebody to Against spoof your email address and say, guys, I'm stuck in Mexico, my wallet got stolen, I need you to send me 1600 bucks for my transfer for a plane ticket home because they took everything, please send it to my email right now and you click you know what I mean? And then you're done. So there's so many different avenues for people to get into. And if people are looking for a really simple way to break things down that that's easy to approach, I'm going to be sure to send them your way.

Dominic Vogel 58:25
Absolutely. And I think it's so important to generate that type of useful content. Jake, you know, I think that's the way that will will end up changing the mindsets of both individuals and business executives, especially in the SMB world is through that good consistent content. And I definitely would love people to think if they want to see good content, learn some basic stuff around cybersecurity, and what I would produce mildly entertaining as well. Please have people can check out cyber se on our LinkedIn page or any other social media channels Instagram, Twitter, or YouTube page, a lot of great content there for people to peruse as well.

Jake Van Buschbach 59:06
Yeah, I've learned a couple of things, just just going through your LinkedIn to be honest with you. And, again, I think that a lot of folks, again, it's not this thing where you need to learn it. You know, a lot of people don't don't care. You know, a lot of financial advisors, a lot of lawyers, they don't care. Like they don't understand a lot of basic stuff. And they don't care because they're so busy. But being able to scroll through your Instagram in the morning when you're having your coffee or go through your Twitter feed, or go through Google News, or go through whatever it is that you're scrolling through whenever you're scrolling, or have an email, newsletter, whatever, being able to just have that little one line of text that says, Here's your tip of the day from cyber sec. Like that's huge and it adds up over time. And eventually, the same way that you get a little bit of a nugget about a sports team or you get a little nugget about new air pod that came out or the new iPhones gonna have four cameras. Oh my god, you know all these little tiny things happen. Having a little bit of someone like yourself or myself in your newsfeed, where it's a little tiny nugget of just one line of information, like your data should be in three places at all times. Easy. You know what I mean? And people just scroll through and they wonder why that is anyways. And then they're getting in an interview with someone trying to get an IT guy. And he goes, Yeah, no, you only need to have your data in Dropbox, it's fine. Then you go, Well, I saw on a thing that is supposed to be in three places, why wouldn't you want to have it in three places? Well, because this, this, this, whatever. And again, like you can get your data backed up in different places for as low as $6, a terabyte. So it's very inexpensive, but my entire point sorry, is that people should be focused on finding easy solutions and a lot of information out there in an easy way. Or they should be trying to work with somebody personable like yourself, so that when they do need to focus on this stuff the same way you go through your year end audit with your accountant, you're going to To break things down for them in a way that makes sense, where it's friendly, it's easy for them to understand, and then they can go back to not caring until your next quarterly meeting.

Dominic Vogel 1:01:10
It's exactly Jake, you know, and it's, it's, is that what I've referred to as a, as a, as a ripple effect in which those things add up? Exactly. You're saying they're add up over time. And really just the more aware we can make people better. So it's, it's, I think it's so important that over time that there's great people, especially like yourself to be able to get that message out there that resonates with people. And I think that's eventually How will will, will sort of turn the tide so to speak and have more and more organizations be more cyber aware?

Jake Van Buschbach 1:01:46
Yeah, absolutely. And I think long form content like this is important, but at the end of the day, I do think that it's going to be that that image without line of text, you know, it's going to be that one tweet, or that my again, my favorite thing is LinkedIn now, because I brought up ton of people like yourself after just starting the show, a bunch of people added me on. And now I'm seeing all these experts like yourself just posting once a day, a couple times a day. And it's just these little tiny things when I'm just waiting in line. Or if I'm, you know, I mean, if I'm waiting in line, I'm scrolling through LinkedIn, I can totally like, Oh, I didn't know that this new thing happened to Microsoft. I didn't know that this breach happened here. Oh, that's kind of interesting. Why is this software better than that software, and then I am going to be my interest is going to be piqued and I can dig into it more. But again, I think a lot of people don't care. I think a lot of people won't care. But I think it's important that when they realize they kind of have to care. There's easy to approach people giving them small digestible bits of information. Yeah, I think I think we're at kind of that turning point now where in 2020, it's, it's unavoidable. You need to start taking it and cybersecurity seriously. If you're going to be a small business owner in today's day and age, because not having basic tenants can be the difference between having a business in a week and operating normally. It's it's gotten a little bit intense like that, unfortunately, and I don't like the fear based mindset, a lot of people have. But I do like it again, when speaking with someone like yourself, or it's a productive, positive conversation.

Dominic Vogel 1:03:23
Absolutely, no, I think you know, that's the so referred to as the seeds of change. So I'm very hopeful that over the next few years, we get to that point and having that type of positive dialogue, that that's how we inflict positive change on on the environment. And I think it's through these types of conversations that people become more informed. And, man, I can't believe how fast that that combo flew by.

Jake Van Buschbach 1:03:46
Yeah, it's fun. Absolutely. Um, do you have any resources or market leaders or any individuals that you'd like to follow that you can recommend people if they are interested in learning more about this stuff? Obviously following yourself and cyber se on LinkedIn, Twitter, and Ram, but you have any fall any people that you're following or any corporations that you're following that could be of interest?

Dominic Vogel 1:04:06
Absolutely. And especially for those in Greater Vancouver here, another great organization organization called cobalt IO. They're wonderful organization to allow great security, security, monitoring work as well. Highly recommend them that they're great thought leaders in the space. But in terms of other security, thought leaders, gosh, I'd be I'd be hard pressed because a lot of them are much more technical in nature but I think I always recommend to people in terms of a good security resource or security podcast to even listen to is one called down the rabbit hole. It does get a little technical, but it's it's really interesting. They talk about so many different interesting security tales and things like that happens organizations So for people who do like a good listener, a good yarn to listen to, I do recommend that podcast. Yeah.

Jake Van Buschbach 1:05:05
And I think the team is so focused and other Vancouver based company, they're great. A lot of their Instagram and all that stuff. They do a great job educating folks. Yeah, I think that's, that's a pretty good summary of anyone else you'd recommend.

Dominic Vogel 1:05:19
The Gosh, I mean, our press event to think of someone else, you know, the thing that I would recommend this as well is just if people are interested in different security products that you're mentioning there, there are some great vendors that put out good work. CrowdStrike continuum are also really great to follow on their social media channels. They have a lot of really great interesting reports is always the Verizon data breach incident response report that comes out once a year. It's also chock full of really interesting tidbits and there's certain there's some sections which are very well written and that he in the

business person non technical person will understand.

Jake Van Buschbach 1:05:59
Yeah. That's awesome. And do you have anything you'd like to promote? Before we start wrapping up?

Dominic Vogel 1:06:04
I know just just like I mentioned there, the the online course, for those really small organizations. So please do stay tuned for that. As well as we have a podcast. It's called cyber security matters. We're all bringing different security people as well as other LinkedIn thought leaders, we've been very lucky to have some amazing LinkedIn thought leaders. Join us on on our show. So it's another great resource, where we talk all things security, and just all things business as well.

And now I think about the need to do a reversal.

You come on the show, and I'll be the I'll be the one interviewing you know, I

Jake Van Buschbach 1:06:46
love to come on web. Awesome. Alrighty, again, thank you so much, Don, from coming on, coming on from cyber se here. And I think that does it for today's interview. So I hope everybody got a fresh perspective on Cyprus. guarantee and I hope we were able to kind of shed some light on some insider thoughts on on the sector here and leave some business owners with some good outlooks and kind of some tools they can use when picking a vendor, finding out their own solutions and just kind of looking at their business. Again, with a fresh perspective when it comes to cybersecurity doesn't need to be this overwhelming, stressful activity. Think of it more of a boring one like your accountant. So everybody, please make sure to check out DOM and cyber se using the links in the description. And again, thank you so much for coming on. Dom we'll talk to you soon. Thanks, Jake. Have a good one you as well. Bye. I think that does it for today's video. If you could please leave a like on this video. It really helps us out. If you want to see more videos like this then please hit subscribe. If you have a suggestion for a future video or a guest you'd like to see on the show. Please leave a comment down below or email us at Tech Tips at umbrella it services.ca Have a great day. I'll see you all soon.