Close out 2023 right and start 2024 strong.
Follow & like the podcast!
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Speaker 1: I was going, patrick and Dwayne, like I feel like
00:00:03
we've been trying to plan this thing for like a year now.
00:00:05
Hey Joe, yeah.
00:00:07
Speaker 2: I feel like old friends.
00:00:08
I asked you have we talked before?
00:00:10
And you're like I don't think so.
00:00:13
Speaker 3: We keep trying.
00:00:13
It feels like it, though.
00:00:14
It feels like it.
00:00:16
Speaker 1: Right, yeah, we've been pen pals over email for a
00:00:19
year.
00:00:21
Speaker 3: Whatever happened to pen pals?
00:00:22
They used to do that in schools .
00:00:23
You used to write a letter, snail mail them.
00:00:25
Now it's just, it's all dying art.
00:00:28
Speaker 2: I actually got letters in the Gulf War.
00:00:30
When I was on the front lines in Iraq, I got letters from kids
00:00:33
and it was actually quite fun for the soldiers to get those
00:00:36
letters.
00:00:36
Speaker 3: So that's cool, bring it back.
00:00:38
Speaker 1: I'm not sure if I ever did that in grade school.
00:00:41
Speaker 3: Oh, really.
00:00:42
Yeah, it used to be a thing Like you'd write letters and
00:00:44
you'd send them off and then, mysteriously, they'd maybe
00:00:48
respond or not.
00:00:49
I don't know.
00:00:49
It's cool.
00:00:49
Yeah, it was magical to get a letter, open it up in the
00:00:52
mailbox, see the postman delivering it.
00:00:54
It's like Christmas.
00:00:56
Speaker 1: I don't know.
00:00:56
I mean that's interesting.
00:00:58
I mean I don't feel that old, but I guess maybe I'm getting
00:01:01
old.
00:01:04
Speaker 3: It's entirely possible.
00:01:05
It's entirely possible.
00:01:08
Speaker 1: Yeah, it's a.
00:01:09
It's surprising.
00:01:11
I just had my first, my first kid.
00:01:13
She's just turned nine months.
00:01:15
Congratulations, like for the first time I feel like an old
00:01:19
man, it's like what is going on right now.
00:01:21
Speaker 2: Where do your grandkids can roll their eyes?
00:01:24
Speaker 3: Then, let me know.
00:01:25
That's when you know you've made it.
00:01:27
Yeah.
00:01:28
Speaker 2: Yeah, when you become lame to your grandchildren.
00:01:32
You pretty much accomplished their life, right.
00:01:38
Speaker 1: Well, guys, I start with everyone's background and
00:01:41
I'll tell you why I do that.
00:01:42
It's because I have a varied audience.
00:01:45
I have a group of my audience that could be trying to get into
00:01:49
IT or security, maybe straight out of college, or they're
00:01:53
trying to do a career change.
00:01:54
You know, they may not know that it's possible for them,
00:01:58
right?
00:01:58
And I've found, after doing over 150 episodes now, that I
00:02:04
haven't heard the same background twice.
00:02:06
So I feel like I remember when I was trying to get into
00:02:11
security and IT, hearing other people talk about how they got
00:02:16
into it made it feel like, okay, this is obtainable for me.
00:02:20
Speaker 2: It's absolutely obtainable.
00:02:21
Speaker 1: Yeah Right, so why don't we start with you?
00:02:24
How did you get into IT?
00:02:25
How did you get into security?
00:02:27
Maybe what sparked that interest in you that brought you
00:02:31
into this?
00:02:31
Speaker 3: field.
00:02:32
Oh my gosh.
00:02:33
Well, this will date me, but for me it actually happened in
00:02:38
high school.
00:02:38
So in high school I got my amateur radio license and that
00:02:45
hobby is all about tinkering with radio waves and electronics
00:02:48
and figuring out how it all works, like doing the
00:02:52
mathematics of building your own antenna right and then how you
00:02:56
can transmit on that antenna and bounce it off the ionosphere
00:03:00
and then talk to somebody 7 miles away.
00:03:02
And you get into that world of really tinkering and figuring
00:03:08
things out.
00:03:09
And at the time the Apple IIE came out and my parents spent a
00:03:13
fortune on an Apple IIE and my brother and I were enamored with
00:03:17
it and then later on, you know, started pulling apart our 386
00:03:21
computer, doing online BBSs and bringing it.
00:03:27
So that world sort of grasped us and part of it, honestly, was
00:03:31
video games back then, because you couldn't just click a game
00:03:36
and play it.
00:03:36
Back then it was like you had to install it and then move
00:03:40
memory drivers around and then like decide whether you wanted
00:03:43
the mouse, because if you didn't want the mouse you could save
00:03:46
memory.
00:03:47
Speaker 2: And then there was cheating, right.
00:03:51
Speaker 3: So there's all that tinkering involved with
00:03:53
computers back in those days and we started playing around with
00:03:57
bulletin board systems and for the listeners who might not know
00:04:00
what a bulletin board system is you'd have a modem and you
00:04:03
would dial up another computer that was running a program that
00:04:06
you could then log into, in essence, and play what they
00:04:09
called door games, and then it was probing the systems there.
00:04:13
Well, what else can I do?
00:04:14
Can I get it to give me a command?
00:04:16
Can I get it to do these types of things?
00:04:18
And that's when I started early on in cybersecurity.
00:04:20
There was an incident in high school.
00:04:23
I did get suspended for computer acts that we won't talk
00:04:28
about.
00:04:29
Fast forward, got my computer science degree.
00:04:31
Actually, oddly enough, I went to a Benedictine Monk College
00:04:36
because most of the engineering colleges turned me down at the
00:04:39
time.
00:04:39
They were like listen, we don't want a student with your
00:04:40
background Right In computer nefariousness.
00:04:45
Speaker 2: Now, they'd be dying for him.
00:04:47
They'd be lining up, so I applied it.
00:04:50
Speaker 3: That's the way I started a career, right, I
00:04:53
applied it at St Anne's own college, so it's a Benedictine
00:04:55
Monk.
00:04:55
I mean literally the monks with the brown robes and the rope
00:04:59
ties and that sort of stuff, and they're like you know what?
00:05:01
We think we can reform you, we think you can.
00:05:03
So yeah, you can get your computer science degree here,
00:05:08
they're wrong.
00:05:10
So then when I graduated, I had my computer science degree, my
00:05:14
Bachelor of Arts in computer science, and I started teaching
00:05:17
for Microsoft and I was doing Microsoft courses at that time
00:05:20
and teaching TCPIP and that sort of thing, and I went to take my
00:05:24
next course, which was in commerce server Patrick.
00:05:29
Speaker 2: Merch.
00:05:30
Yeah, it was commerce server.
00:05:31
Commerce server.
00:05:31
We transitioned from merchant server.
00:05:34
Speaker 3: So I was taking my next course so that I could
00:05:36
deliver solutions to customers and, lo and behold, my
00:05:39
instructor, this old crotchety West Point graduate, Patrick
00:05:44
Hines, was like hey, we should start working together.
00:05:48
And this is in 2000.
00:05:49
This is March of 2000.
00:05:50
So yeah, long, long time ago.
00:05:53
So that's how I got into it.
00:05:54
And then hilarity ensued.
00:05:56
So it's all downhill from there .
00:06:01
Speaker 1: And Patrick, you know how did you get your start.
00:06:04
Speaker 2: So I went to the military academy at West Point.
00:06:08
I did not focus on computers, but I bought one and I was into
00:06:13
it and I was playing gunship and the games of the day.
00:06:16
And so I became the infantrymen who knew computers in my unit
00:06:22
and so I was repairing computers and doing things that you know
00:06:26
people were afraid to do, and I just wasn't afraid to break it
00:06:28
because I'd already broken mine so many times.
00:06:30
And then, when I got out of the service after the Gulf War, I
00:06:36
went in the reserves but I wanted to go into the civilian
00:06:40
sector.
00:06:41
I started programming and I got into security right away
00:06:44
because I always thought about the military side of things and
00:06:47
the adversarial thinking.
00:06:49
I guess that's the way I would describe it when I was after
00:06:53
going to West Point.
00:06:55
When people look at like nice pictures of meadows and tree
00:06:59
lines and things like that, they think about picnics and
00:07:02
butterflies and I think where I'm going to put the machine
00:07:04
guns, and so I think about systems as far as what could go
00:07:09
wrong, and that put me in the right mindset.
00:07:11
And so once I started working with Dwayne this is where we
00:07:16
went we started doing pen tests and vulnerability assessments
00:07:20
and risk analysis.
00:07:21
Almost 20 years ago actually, right after we started, we
00:07:25
started looking for this kind of work and we did a lot of
00:07:27
programming, a lot of system enterprise stuff.
00:07:30
Between us, we've probably visited 80% of the Fortune 500
00:07:35
and the global 1000 over the last 20 years and a lot of free
00:07:38
letters.
00:07:39
Yeah, and not always as a pen tester, but a lot of times as a
00:07:44
security engineer, and so now that's all we do.
00:07:49
Speaker 1: That's really interesting when you bring up
00:07:55
your mentality right.
00:07:57
That kind of, I guess, directed you towards security.
00:08:01
I can really relate to that, and so my wife and I, you know,
00:08:06
we fairly recently we built our house.
00:08:08
So when you build a house, you got to, I mean, there's a
00:08:12
million decisions.
00:08:13
Speaker 2: And my condolences.
00:08:14
Congratulations, congratulations Right.
00:08:18
Speaker 1: I will never financially recover from this
00:08:20
decision.
00:08:20
But you know you go through a million different choices.
00:08:25
You know and, like you know, in the front of the house there's
00:08:28
a big window.
00:08:29
My wife loved it and I'm sitting here thinking, well,
00:08:32
that's a non-defensible structure.
00:08:34
You know like anyone get through that thing and she's
00:08:38
like hey, can you take your security hat off?
00:08:40
Speaker 2: for a bit.
00:08:41
No, just think about aesthetics .
00:08:43
No, it's your job, though yeah, she's like who hurts you as a
00:08:47
child so do you have a big front yard?
00:08:48
Do you have a big front yard?
00:08:50
It's a good amount.
00:08:51
Yeah, you know, you can put some piles in and put, like,
00:08:55
some PVC pipe in the wood piles and you can use those as
00:08:58
fighting positions.
00:08:59
Speaker 3: Yeah, see, yeah, the thing that always struck me, the
00:09:04
thing that made me start thinking about physical
00:09:06
securities when I met Patrick because I was always into the
00:09:08
digital security, tearing computers apart and that sort of
00:09:10
stuff but we'd sit down in a conference room with a customer
00:09:14
or something like that Patrick, very specifically, would pick a
00:09:17
chair, like he would.
00:09:18
It would always be a chair facing the door.
00:09:21
I'm like what are you doing?
00:09:23
He's like I want to see him coming.
00:09:24
I was like what is wrong with you?
00:09:26
Like seriously, yeah, yeah, that's always the mentality I've
00:09:32
been tested.
00:09:33
Speaker 2: There's nothing wrong with me, but we don't have
00:09:40
computer science.
00:09:41
Dwayne has a computer science degree.
00:09:42
He doesn't have a cybersecurity .
00:09:44
I don't have.
00:09:44
You have a computer science degree.
00:09:45
I'm all self-taught.
00:09:47
The bottom line is we've got veterans, we've got people who
00:09:50
used to work as mechanics.
00:09:51
We've got all sorts of people who work for us who are
00:09:55
excellent cybersecurity engineers who never started in
00:09:57
technology.
00:09:57
It's a long road, but you can self-service your way to it.
00:10:03
Speaker 3: One of our great pen testers.
00:10:04
His job before this is he was a salesperson.
00:10:07
I think he was a salesperson at Oracle, really yeah, and he
00:10:11
used to sell a technical product , but he's fantastic at ripping
00:10:15
apart websites Like just you name it.
00:10:18
He can swizzle and tear apart a website like you wouldn't
00:10:22
believe it.
00:10:24
Really, hacking is a mentality.
00:10:26
You want to know how it all works.
00:10:27
You want to tear it apart and see the insides and, I don't
00:10:30
know, sometimes put it back together, but mostly just break
00:10:32
it and we find somebody else's job, isn't it, if we're doing?
00:10:38
it right somebody else.
00:10:39
So we find that mentality is the most important part.
00:10:42
Oh, not the technical background of the know-how or
00:10:45
whatever that can all be taught, it's really just the drive to
00:10:49
understand how it all works problem solving.
00:10:52
Speaker 2: So some people come at it differently.
00:10:53
Some people are gamers.
00:10:54
Gamers like to solve problems and they like the challenge.
00:10:57
Some people it's the aesthetic.
00:10:59
They're more into Sudoku and they like there's no one
00:11:02
personality type.
00:11:03
She can't be intellectually lazy.
00:11:05
That's probably the biggest thing.
00:11:06
You have to be curious.
00:11:08
What I like to tell people who are trying to get into it
00:11:10
because I think that's where you're going with this is you
00:11:13
need to learn all the buzzwords.
00:11:14
Not because you're trying to fool anybody, but if you're
00:11:17
hacking a system and you find a file that says something about
00:11:20
kubernetes, you need to know what that means so that you know
00:11:22
where to go with it.
00:11:23
If you find something that talks about indexes, you know
00:11:26
what that means.
00:11:27
Or x 500?
00:11:28
Terminology is the first obstacle.
00:11:31
It's kind of like anatomy for doctors.
00:11:33
A doctor's have to learn grades anatomy.
00:11:34
It washes out a lot of people in medical school.
00:11:36
The same thing's true here.
00:11:37
We tell people when they start they need to learn a little
00:11:41
about a lot.
00:11:42
So listen to the first ten minutes of a Hundred ten hour
00:11:47
courses, because you only need to know the buzzwords.
00:11:50
What's the, what's this?
00:11:50
Oh well, that's what it's used for.
00:11:52
Okay, great.
00:11:52
Moving on and then eventually you come back for the depth and
00:11:56
you learn the hacking skills and things like that.
00:11:58
But there's a lot of Cyber security positions that aren't a
00:12:02
Offensive, that aren't what we do we're.
00:12:04
We're like red team hackers and that's.
00:12:06
You know, that's kind of the dramatized.
00:12:09
There's one, there's one of us on on the mission impossible
00:12:11
team.
00:12:12
There's one of us on every break-in crew and it's like well
00:12:15
, you want me to hack the NSA?
00:12:16
This is gonna be tough.
00:12:18
Speaker 1: I'm in you know, that doesn't actually work.
00:12:22
Speaker 2: But but the advice would be it is a lot easier to
00:12:26
get into, it's a lot harder to stay in Because you have to run
00:12:30
the whole time.
00:12:32
Speaker 1: Yeah, yeah, that's.
00:12:33
That's a really good point.
00:12:35
You know that.
00:12:36
That's why, that's why there's so much burnout in security
00:12:41
People.
00:12:41
People don't understand that from the outside.
00:12:43
It's.
00:12:44
Like you know, I constantly need to be on top of my stuff,
00:12:49
you know, if I miss, if I miss one thing, and yep, and my boss
00:12:53
starts to be like, oh, he's not, he's not where I thought he was
00:12:57
.
00:12:57
Yeah, you know, like this field is a hundred percent employed.
00:13:00
It's not.
00:13:01
Like you know, 50% of us are, you know, unemployed at any one
00:13:05
point in time.
00:13:05
Like you know, my buddy, I was at a.
00:13:08
I was at a mortgage company when the interest rates started
00:13:11
to turn, yeah, and so immediately they laid off like
00:13:14
12 people.
00:13:15
My buddy on the security team Was a part of those 12
00:13:19
people in the first round of layoffs.
00:13:21
Right, yeah, this was a Monday or a Tuesday.
00:13:25
By Friday he had an offer in hand.
00:13:27
Speaker 2: Yeah, right ago, as a security specialist, you could
00:13:30
forget how to speak English and they would make allowances.
00:13:34
Speaker 1: Most don't know how to speak English.
00:13:36
Speaker 2: Yeah, that's true.
00:13:39
Speaker 1: I'm better than I speak in English.
00:13:42
Speaker 3: Right, but you're exactly right, you get that like
00:13:44
it's a treadmill.
00:13:45
I like constantly.
00:13:46
My wife is like listen, I love the fact that you love what you
00:13:49
do and I hate the fact that you love what you do, because it's
00:13:53
like my my phone's always blowing up and I'm like, oh wait
00:13:56
, hold on.
00:13:56
There's this really cool Citrix hack that just came out.
00:13:59
Let me read about it.
00:14:00
Or there's this you know, there's a really new.
00:14:02
I don't know if you've seen this Logo fail, but there's a
00:14:06
way to breach any computer right now by injecting a logo into
00:14:09
the BIOS.
00:14:10
Then it bypasses all security.
00:14:11
And there's like and I'm reading these things and my god,
00:14:14
this cool is a rock chain or is it whatever?
00:14:16
And she's like oh, it's great that you're excited, but
00:14:17
honestly, put it away.
00:14:18
And I'm like, every five seconds something is happening,
00:14:21
there's a breach in some major system.
00:14:23
Right, and it's yeah, it's constantly moving.
00:14:26
You got one of you ever heard our Pat.
00:14:27
Speaker 2: Pat podcast.
00:14:28
Every time something's horribly bad, dwayne's loving it.
00:14:31
Speaker 3: Oh, I do I.
00:14:31
Speaker 1: When the internet's on fire is what I'm my happiest
00:14:34
yeah, I mean my Another one of my my buddies at another company
00:14:41
.
00:14:41
He, he's been dealing with a hack for the past month.
00:14:45
They just like keep on targeting them in different ways
00:14:48
.
00:14:48
I mean he's on a team of like five people.
00:14:51
I'm like, dude, I need to tell your CISO to, like you know,
00:14:54
hire me.
00:14:54
Yeah, yeah, yeah, beef up the team, you know.
00:14:59
Speaker 2: There's also I'm sorry, interrupt, but there's
00:15:01
also people I've encountered in our space that are burning out
00:15:05
because the clients just don't listen and it's like they feel
00:15:10
like they're, they're, they're this feels like they're I Don't
00:15:15
want to use a bad, bad term, but they're they're moving against
00:15:18
the tide how about that?
00:15:19
And they're just sick of the fact that they know what the
00:15:23
people need to do.
00:15:24
They've told them what they need to do and they won't do it.
00:15:26
Like patching, like just you know, don't don't be stupid
00:15:30
about it, just patch, you know.
00:15:32
Or you change the password policy and don't let the
00:15:36
executives get away with cheating, because it's not like
00:15:39
other things, like when you park , where you know it's, it's rank
00:15:43
, habits, privileges.
00:15:44
If you get hacked, everybody gets hacked with you.
00:15:48
Speaker 1: Right, yeah, that's it.
00:15:50
That's a really, that's a really good point.
00:15:53
I actually just encountered this yesterday of you know
00:15:57
you're presenting these vulnerabilities Right of like.
00:16:00
Hey, you know this has been here since September.
00:16:03
Like this was patched by Microsoft's patch Tuesday in
00:16:07
September, yeah, and you still have this throughout the entire
00:16:11
environment.
00:16:11
You know what are we, what are we talking about right now?
00:16:14
Like, what are you guys paying for?
00:16:16
Please, please, tell me what you're paying for, because now I
00:16:19
feel guilty, because I'm doing my job, but I feel like I'm not
00:16:23
enabling you, you know right.
00:16:25
Speaker 2: Dwayne had an excellent analogy of you go to
00:16:27
your doctor and they say you need to eat some fruits and
00:16:29
vegetables.
00:16:29
And you need to and you're like , no, that can happen and that's
00:16:33
how it feels, but I still don't .
00:16:35
I understand that I don't want to eat fruits and vegetables
00:16:37
thing, but I don't understand that I don't want to patch when
00:16:41
a patch is available.
00:16:41
Thing doesn't make sense now.
00:16:44
Speaker 1: It's amazing my mentality with the fruits and
00:16:46
vegetables.
00:16:47
I actually just got told you know, I need to eat more fruits
00:16:50
and vegetables and I'm like so I can't just work out harder.
00:16:53
Speaker 2: I just think we got a thing that whole thing, just
00:16:56
work out harder.
00:16:58
Speaker 3: Patrick.
00:16:58
Patrick always says when we, when we go out to dinner or
00:17:01
whatever, they'll bring like a hamper, and Patrick would be
00:17:05
like, hey, and they'll be like, do you want tomato, do you want
00:17:07
lettuce?
00:17:07
And be like, no, no, no, keep all that stuff, that's what food
00:17:09
eats.
00:17:09
Yeah, that's it.
00:17:10
Yeah, yeah, but it's tough, you know.
00:17:18
You got a, I feel, for the doctors now, where they're like,
00:17:20
hey, you should work out more, you should eat better, you
00:17:23
should, you know, drink more water.
00:17:25
And and all of us are like, yeah, but is there like a pill
00:17:28
or something you give me, like something?
00:17:29
And then you see it in the cyber, yeah, you see it in the
00:17:33
cyber security space, where you're like you should patch,
00:17:35
you should have better password policies, you should have, you
00:17:38
know, some sort of global aggregated log that you can look
00:17:41
there.
00:17:41
And they're like, yeah, but is there just like some simple
00:17:43
product I can buy that'll make me a hundred percent secure?
00:17:45
You're like, no, there isn't, like you have to do these things
00:17:49
.
00:17:50
Speaker 1: Even if there was a product that you could deploy
00:17:53
and you'll be a hundred percent secure, you still have to do the
00:17:56
work and deploy it and configure it and you need to
00:18:00
maintain it.
00:18:00
And you know guess what?
00:18:01
You need to keep it updated.
00:18:03
So if you're not updating your windows, you know You're
00:18:06
probably not gonna update this thing right, like there's still
00:18:10
work involved.
00:18:11
Speaker 3: Yep, yep, here's what you do.
00:18:12
You go into the customer.
00:18:13
You get like absolutely, I can do this, I can make you a
00:18:15
hundred percent secure.
00:18:15
And you power the computer off and you walk off.
00:18:17
You're like you good, you good, just leave that off, don't turn
00:18:19
that back on you good, nobody can act you well.
00:18:22
Speaker 2: We've also seen a lot of complaints by big companies
00:18:25
that they'll hire a Company to do a pen test or an audit or
00:18:29
something and they'll get something that's a completely
00:18:32
Inactionable and useless because there's a shortage of people in
00:18:35
our field.
00:18:36
There's also a lot of people who are willing to deliver sub
00:18:39
par products and they don't get called for it.
00:18:40
A lot of our customers have said we're only gonna deal with
00:18:43
you once because we've had such bad results in your industry.
00:18:47
We're, we're gonna play the field and we some of those
00:18:51
customers are working with us for three, four years now.
00:18:54
Speaker 3: Yeah, and a lot of it is like listen, there is a
00:18:56
shortage in this field.
00:18:57
I, you know the three of us probably know better than most
00:19:01
we don't have a sales staff, we don't need one.
00:19:03
It's just people who need cybersecurity.
00:19:06
Hear from other people who have had services with you.
00:19:09
It's just such a crazy market right now.
00:19:10
But the problem is you do you run into those, those providers
00:19:15
who are like oh, you know what I'm gonna do.
00:19:16
I'm gonna take this automated scanner, I'm gonna run it
00:19:18
against you, I'm gonna call it a pen test.
00:19:19
I'm gonna throw your report.
00:19:20
That's 900 lines long.
00:19:22
That really doesn't mean anything.
00:19:23
And then I'm gonna move on to the next customer.
00:19:25
And, yeah, it's unfortunate that that happens, because
00:19:28
really doesn't help anybody at that point.
00:19:30
Speaker 1: No, yeah, that's a, that's a really good point.
00:19:34
You know, it's interesting because several years ago I
00:19:39
started my LSE to start, you know, kind of like consulting
00:19:42
and whatever else, right, cuz I always have the habit of doing a
00:19:46
whole, just shit ton of Side work.
00:19:49
You know, yeah, and so I'm like okay, like I need to do this a
00:19:53
little bit more smart.
00:19:54
You know, let's get an LSE going and you do that whole
00:19:57
thing out and you know, I don't know what got into me.
00:20:00
I put like security consultant in my title on LinkedIn, right,
00:20:04
and when I was forming the LSE, I'm like, well, I'm not gonna
00:20:06
get any customers.
00:20:07
You know, I'm one man show, I don't know anything.
00:20:10
You know Like, yeah, I engineered this product really
00:20:13
well, but that's really a.
00:20:14
You know, no one's gonna, no one's gonna hire me.
00:20:16
And I mean, I did that on Monday and by Friday at three
00:20:20
customers.
00:20:20
Yeah, I'm like crazy, like I had to figure out how to write a
00:20:24
contract and all that sort of stuff.
00:20:26
I mean we're talking like last minute.
00:20:28
It's like guys like I don't know what the hell, I don't know
00:20:31
if I know what I'm doing.
00:20:34
Speaker 2: Well, your first mistake was listing cyber on
00:20:37
your resume, but but there's such a short.
00:20:41
This I the last numbers I saw was half a million open
00:20:44
positions in the United States and three million worldwide, and
00:20:48
I, I basically it's in and that's for people who can
00:20:53
actually help you get secure, not just people who are Fixing
00:20:57
after, after you get like forensics and that's for stuff.
00:21:00
Speaker 1: Yeah, yeah yeah, you know, it's actually a lot easier
00:21:04
to stand out in the field.
00:21:05
Then I think people realize the reason why I say that is, you
00:21:11
know, so I, my first like big boy cert right, was the CCSP
00:21:16
Mm-hmm.
00:21:17
Extremely, it was extremely difficult for me to get it.
00:21:20
There's a huge leap forward and I figured I'm one of a million.
00:21:24
You know, like, it's not gonna make me stand out, it's just
00:21:28
gonna help me start a conversation again.
00:21:30
The cloud security, right, that's how I viewed it and you
00:21:34
know, recently, actually fairly recently I got that several
00:21:37
years ago, fairly recently I looked at the numbers of how
00:21:40
many actually have the certification.
00:21:42
It's like 5 people Mm-hmm.
00:21:45
Yeah, either it was either worldwide or in North America,
00:21:48
but either way that number is insane away because you have
00:21:52
this, you have this high level cert in Cloud security.
00:21:55
Cloud security is a field of security.
00:21:56
That's, you know, blowing up, right, that's where everything
00:21:59
is going and there's 5 people that have this cert.
00:22:02
I mean, you know, you put in the time, you put in the work,
00:22:07
you get the cert and now you're standing apart, yeah, from the
00:22:11
other.
00:22:11
You know, 10 million of us that are in security right.
00:22:15
Speaker 2: So I used to be a big , secure a certification guy
00:22:18
Back in the old days when you two were probably both in high
00:22:21
school or junior high school.
00:22:22
So I, yeah.
00:22:24
So I had one point.
00:22:25
I had 55.
00:22:27
Now I 55 Microsoft sort of technical certifications MCSE,
00:22:32
mcsd, mcp, everything, oh yeah, mct and I went from 50 to 55 and
00:22:38
no one cared at that point.
00:22:40
I could have stopped at 10 and nobody.
00:22:42
So what's happens is it's become so rare.
00:22:45
If I'm not saying you shouldn't get certification, I really
00:22:47
like certifications.
00:22:47
But you Like CISSP, specific cloud stuff, ai that is going to
00:22:53
be coming out soon OSCP, oswe, the Offset stuff, the right SAN
00:23:00
certifications those are all excellent advertisements, but as
00:23:03
long as you can do the work and not just it be a book
00:23:08
certification, but that's what the interview is all about.
00:23:10
So I would recommend, if people can get a certification like
00:23:14
that, it is a great way to be, and once you can get one of
00:23:18
those certifications, you're in the industry.
00:23:20
Speaker 3: Yeah, and I'm on that .
00:23:21
I'm on the side of, like, if there's a new certification in
00:23:24
cloud security or like I have, you know, my OSCP, my Pen 300, I
00:23:31
have my GX pen, so I'm always looking for what classes and
00:23:38
training can I get that's going to teach me new tactics and
00:23:41
techniques I might not otherwise run into and I want to go and
00:23:44
get the certification to prove.
00:23:45
Yeah, I do know these things and I agree, you know what
00:23:49
happens in the beginning of a field and cybersecurity really
00:23:52
is kind of just blowing up.
00:23:53
What happens in the beginning of the field is how do you tell
00:23:56
you're right absolutely, joe from the other 10 million people
00:23:59
who say they're cybersecurity experts because they know
00:24:01
cybersecurity is a big field and yesterday they were a network
00:24:04
administrator and now they changed their title to
00:24:05
cybersecurity administrator, how do you know that that person
00:24:09
knows what they're doing?
00:24:10
Right, and certifications set us apart.
00:24:13
You know, maybe 10, 15 years from now everybody has those
00:24:16
certs right, because you know it's kind of commonplace for
00:24:19
them to take them.
00:24:19
We saw that with the MCSC back in the late 90s, early 2000
00:24:23
range.
00:24:24
Right, if you were an MCSC in, you know 96, 97, 98, like you
00:24:29
were countably few and then when you got into like 2005, 2006,
00:24:33
you get a busload of MCSCs for 100 bucks, right, and I'm hoping
00:24:37
cybersecurity goes there.
00:24:38
But honestly I just don't think anybody.
00:24:40
There's such a treadmill this day in cybersecurity.
00:24:43
I think people won't want to keep doing it.
00:24:47
So we'll see what happens.
00:24:48
Speaker 2: But I don't know.
00:24:49
I think they'll get paper.
00:24:51
I think we're already seeing some of that where paper
00:24:53
security engineers who are willing to give you a rote
00:24:59
answer and collect the fee, and so I think there's some of that
00:25:04
there now.
00:25:04
But yeah, in order to actually hold your own, you need to stay
00:25:07
on the treadmill Because it's changed so much.
00:25:10
Speaker 1: Yeah, I think you know what I always recommend,
00:25:14
right, let's assume someone's trying to get into cloud
00:25:16
security.
00:25:17
What I recommend typically is, you know, let's start with a
00:25:22
broad cert, right, and then choose a cloud, and you may not
00:25:28
have to necessarily go like deep in terms of get all 25 of the
00:25:32
AWS certs right, or however many .
00:25:35
Speaker 2: They have 23, 24, whatever.
00:25:37
Speaker 1: Yeah, whatever, I've only had two AWS certs, but I
00:25:40
had their foundations level cert and then I had their like
00:25:44
hardest security cert, right, and that was a terrible mistake
00:25:48
that I made because, like literally the week of taking my
00:25:54
exam, I learned oh, I should have taken like this other cert
00:25:58
before taking it.
00:25:59
Like this is meant to build onto that.
00:26:01
Speaker 3: Yeah, baby steps, show, baby steps.
00:26:04
Speaker 1: But, like, the reason I give you know is one you have
00:26:09
to know the language, like what you guys were talking about.
00:26:11
You have to know all the buzzwords, you have to actually
00:26:14
have a good understanding you know.
00:26:15
So that overarching non-technical cert will get you
00:26:19
there.
00:26:19
And then you have that deep dive technical cert, like the
00:26:24
AWS security specialist certification, which is actually
00:26:28
very surprisingly technical.
00:26:29
Yes, it's a multiple choice.
00:26:33
You know nothing but words exam , but you need to know where it
00:26:40
ends and out.
00:26:41
You know you don't need to just like know the terms.
00:26:43
You're thinking about IAM, roles and rules and how you
00:26:47
would deploy it, and then you have to troubleshoot it and
00:26:50
talking about services, talking to each other, I mean that is
00:26:54
technical.
00:26:54
I was actually proven, you know , in my current role, my current
00:26:58
day job, where you know I was on this call.
00:27:01
It was like week one of starting and they were like, oh,
00:27:04
we can't do it, we have to open up.
00:27:06
This thing is very like obscure .
00:27:08
I was going to put the organization at risk.
00:27:10
I was like guys like AWS, you know, has this thing it's called
00:27:13
a VPC endpoint Like can we just deploy that?
00:27:16
Or a bastion host, like they're the same thing, different words
00:27:20
and he goes, oh no that doesn't exist.
00:27:22
I'm like I'm pretty sure it exists because they just beat it
00:27:25
into me for this exam.
00:27:26
Speaker 3: But maybe I'm wrong, you know, yeah, and within 30
00:27:30
minutes.
00:27:30
Speaker 1: he was like, oh, he's right, We'll do that.
00:27:33
Speaker 3: Yeah, yeah, and that's that's a majority.
00:27:38
Like cloud right now is there's so many moving parts in cloud
00:27:42
and there's so many new and upcoming services and should we
00:27:45
put an ELB on that?
00:27:46
Let's use an Elkstag and let's use like and a lot of people,
00:27:49
and there's not only just the terminology, but then the the
00:27:52
hey, we got this new microservice that we're offering
00:27:54
over here and it's like okay, well, how do I secure it?
00:27:56
Like so it's real easy for customers to architect
00:27:59
themselves I say architect with air quotes into a very bad place
00:28:03
.
00:28:03
Like ah, let me just click the start button on all these
00:28:06
services and we're good, and you're like no, no, you really
00:28:09
need an expert who knows how to actually control the data flow.
00:28:13
Speaker 2: And there's a lot of things that that they don't,
00:28:16
that aren't the default as far as backups and recovery and logs
00:28:19
I mean all the logs that you might need for a breach.
00:28:22
How many times have we gone in with a somebody's had a business
00:28:26
business?
00:28:28
Speaker 3: email compromise or something like that Exactly.
00:28:31
Speaker 2: And we have to go in and it's like none of the logs
00:28:32
are turned on.
00:28:33
So next time we'll get them yeah.
00:28:36
Speaker 3: Not this time, right, ooh, so close.
00:28:40
Speaker 1: Yeah, it's a and all of the clouds are like speaking
00:28:45
different languages.
00:28:45
You know you have to.
00:28:47
It's not just like even buzz terms, too, because they operate
00:28:51
differently.
00:28:52
Yeah, yeah, and it's it's like for the tech industry just
00:28:57
overall.
00:28:58
You know, like cloud security is going to turn into a place
00:29:01
where it's like, okay, we have a cloud security AWS team and
00:29:05
then we have a cloud security Azure team, 100%.
00:29:07
You know, I was, I was recently talking to someone that is, you
00:29:11
know, entirely into Azure and I'm, you know, well-certified in
00:29:15
AWS and I understand, you know, azure overall, right, but I
00:29:20
couldn't tell you any of the terms.
00:29:21
Yeah, yeah, I'm over here with a cheat sheet, you know looking
00:29:25
it up, you know like you're talking foreign language.
00:29:27
Speaker 3: Yeah, exactly.
00:29:28
Yeah, it's like oh, they use this word.
00:29:29
All right, right, well, it's tough too, because each of those
00:29:32
clouds was designed with a different customer in mind.
00:29:34
Right, aws's cloud initially was designed with developers in
00:29:37
mind and then, when they started getting into the enterprise,
00:29:39
they were like, oh crap, we could have changed how we
00:29:41
architect things.
00:29:42
The Microsoft was designed with enterprise in mind, but then
00:29:46
when you, you're an individual trying to use it as a developer,
00:29:48
and that's where we're like, ah well, there's a lot of weird
00:29:51
kind of oddities here.
00:29:52
So, yeah, you're absolutely right and unfortunately, right
00:29:54
now I agreed Joe, eventually it's going to be oh, are you an
00:29:57
Azure cloud security guy?
00:29:59
Right now, they're like, okay, can you spell security and cloud
00:30:03
?
00:30:03
Because we're going to put you in any cloud we can, because
00:30:06
you're just not enough people to specialize.
00:30:07
Speaker 2: You missed two vows.
00:30:08
Okay, we're going to accept that it's fine.
00:30:10
Speaker 3: It's fine.
00:30:19
Speaker 1: So how do you, how do you guys, maintain your mental
00:30:22
health while you know being?
00:30:25
Speaker 2: in this field.
00:30:25
Oh, bold assumption there.
00:30:26
How do you bold assumption that we have mental health?
00:30:29
Speaker 3: I mean, you know, alcohol no.
00:30:34
Speaker 1: I mean I've had people on that just like
00:30:36
admitted to like pretty destructive behaviors.
00:30:38
So as long as you're not an alcoholic, I think you'll be
00:30:41
okay.
00:30:42
Speaker 3: No.
00:30:42
So honestly, for me, I'm a martial arts instructor, so
00:30:46
three days a week I get out of the house and I go and and you
00:30:50
just do martial arts or or teach martial arts.
00:30:53
And then I'm also a robotics mentor.
00:30:55
So I work with local high school and I mentor robotics.
00:31:00
So that's that's also three days a week.
00:31:02
So in the evenings, you know, I'm forced to step away and just
00:31:07
go do something else, and it's still either in the tech field
00:31:09
or with martial arts.
00:31:10
There's actually an odd sort of symbiosis between hacking and
00:31:14
martial arts, like hackers manipulate computers to do
00:31:17
things that they weren't designed to do and martial
00:31:20
artists manipulate the human body to do things, Generally,
00:31:23
they weren't designed to do.
00:31:24
But yeah, that's that's for me, that's, it is just really
00:31:29
getting out either doing martial arts, doing robotics and and
00:31:32
then coming fresh to do it.
00:31:35
Speaker 2: Yeah, and I I like to cleanse my palate with
00:31:38
something a lot less technical, and that's why I have a quantum
00:31:40
computing podcast.
00:31:41
Okay, you know something like Nezzie?
00:31:46
Speaker 1: Yeah let's spice that up Right.
00:31:48
Speaker 2: Well, Dwayne stole my answer.
00:31:49
I've been doing martial arts for 50 years and he stole my
00:31:52
answer.
00:31:52
Speaker 3: I let him go first, but it's pretty common, honestly
00:31:54
, in this field.
00:31:55
There are a lot of martial artists and that's I think
00:31:57
that's one of the things is like it's, it's martial artists.
00:32:02
Speaker 2: I think it's.
00:32:02
The seeking of control is what we have.
00:32:05
Speaker 3: It could be, but it also, I think it's also it's a
00:32:08
it's a heady enough sport where there's a lot of thinking and
00:32:11
puzzle solving in it.
00:32:12
That's true, but it's also still a sport.
00:32:14
It still gets you out onto the field and doing things and it's
00:32:18
still the sort of the natural progression of someone who
00:32:20
really likes to break things apart and solve problems and
00:32:23
twist Like elbows and then go break elbows and twist people.
00:32:27
Speaker 1: Yeah, yeah I'm.
00:32:30
I'm actually going to start getting back into jujitsu here.
00:32:33
Speaker 2: Nice, nice, I'm excited Japanese or Brazilian,
00:32:38
brazilian that's a funny comment .
00:32:39
I hold rank in Nihon jujitsu, which is the Japanese started by
00:32:45
master say Sato, who I met several times.
00:32:48
My son-in-law is big in Brazilian jujitsu and so we kind
00:32:51
of have our lanes.
00:32:52
He does Brazilian and I stay over here and Japanese.
00:32:55
Yeah, there's a lot of overlap though.
00:32:57
Speaker 1: Yeah, it's, you know you.
00:32:59
You bring up the, the control aspect of it and that's a.
00:33:03
It's really interesting.
00:33:04
You know, when I was in high school right, I was a wrestler
00:33:07
in high school and I mean week one you learn, you know, control
00:33:11
the head and you'll control where they go, control their
00:33:15
hips and you know you're going to win.
00:33:17
They'll do whatever you want them to do.
00:33:19
You don't, you don't really understand it and you're going
00:33:22
through these moves, but like thinking back and then being in,
00:33:24
like you know, real confrontations is like, yeah,
00:33:30
like those basics, you know, like there's, there's literally,
00:33:33
you know there's a lot of you know like you know, you can't
00:33:35
really you know you can't really .
00:33:37
You know you can't really.
00:33:40
You know you can't really.
00:33:41
You know you can't really.
00:33:43
You know you can't really.
00:33:43
They're defining principles.
00:33:44
Yeah, there's no chance that anyone defends that if they
00:33:47
don't understand when you're controlling their hips, right.
00:33:49
Speaker 3: And why you're doing it and how you're doing it,
00:33:50
where you're applying pressure.
00:33:51
It's like, yeah, you're just going to feed into it.
00:33:52
You know at that point, and it's it's funny you say that
00:33:53
because then translate that over to what we do in offensive
00:33:55
cybersecurity.
00:33:55
We do the same thing.
00:33:55
We apply the pressure because we know they're not going to be
00:33:57
able to defend against it.
00:33:58
So sometimes, like we'll be really loud on one part of the
00:34:00
networks that we can exfiltrate data from another side of the
00:34:03
network and and we know how they're going to react, and we
00:34:06
know if we, you know, cause enough noise, the sock is going
00:34:09
to go nuts over the SQL server over here and not pay attention
00:34:12
to this file server there we're completely, you know, pulling
00:34:14
data off of.
00:34:14
So there's, yeah, there's, there's all sorts of those same
00:34:17
sort of tactics from a logical standpoint, in what we do as
00:34:21
well.
00:34:21
So, yeah, that's.
00:34:22
Speaker 2: Well, you also do a lot of things to see if you get
00:34:25
a reaction.
00:34:25
Yeah, so, if you're, if you're in a, a competition will call it
00:34:30
or a fight, and you're well over matched.
00:34:32
That's when you might like experiment a little bit, so to
00:34:36
see if the, the CERT team, or the, the, the, the, the socks
00:34:40
that they're using will see?
00:34:42
Why don't?
00:34:42
Why aren't they seeing this?
00:34:43
We're setting up red flares.
00:34:44
How come they're not?
00:34:45
We shut down, we uninstalled their agent.
00:34:48
Why are they not?
00:34:48
Speaker 3: seeing this, oh my God, most recent pen test we had
00:34:51
.
00:34:51
We've all we all know about net cat right Very common ability
00:34:56
to get a reverse shell on a server.
00:34:57
We never use it because it's detected by every AV on the
00:34:59
planet.
00:35:00
For the last decade and we had super fancy reverse shells we
00:35:03
were using and all of them were getting caught and we're like
00:35:05
you know what, just throw this oldie on there.
00:35:07
And we threw like straight up net cat and it's fine, like
00:35:10
defender didn't care, nothing cared.
00:35:11
It was like oh yeah, this is a tool from you know the nineties
00:35:14
and you're like this is nuts, yeah, so definitely, probing the
00:35:18
defenses is is something that ties to both martial arts and
00:35:22
hacking as well.
00:35:25
Speaker 1: Yeah, maybe I don't know.
00:35:30
I've seen that too.
00:35:32
I've encountered situations where teams, or pretty large
00:35:39
teams of people will say oh yeah , I know what to do if we're
00:35:42
going to DDoS, or I know what to do if there's data being
00:35:46
exfiltrated or whatnot.
00:35:47
And then you get to the tabletop exercise and the
00:35:55
developer team didn't even tell security that this was going on.
00:35:58
And then the question is asked well, what's alerting on it?
00:36:02
Well, nothing's alerting on it.
00:36:05
Speaker 3: There's no longs for this, it's just going through.
00:36:09
Speaker 1: You're just begrudgingly going through the
00:36:13
next hour or two hours of a tabletop exercise.
00:36:16
It's like, well, yeah, we failed.
00:36:18
There's always a couple of people that are confident yeah,
00:36:22
we did good, guys, we got breached, yeah we did it with
00:36:27
style, but it could have been worse.
00:36:28
Speaker 3: I love that rationale .
00:36:30
Speaker 1: Yeah, we only got breached 2% of our data, guys.
00:36:36
That's all we have available for the exercise.
00:36:39
Speaker 3: Yeah, 23 and me or whatever.
00:36:41
They came, they got breached and they said, oh, it was only
00:36:44
14 accounts, that's it.
00:36:46
You guys are good, you're good.
00:36:47
And then two days ago they came back and they were like our bad
00:36:49
, it was actually 6.9 million and it was half of our database,
00:36:53
but only half.
00:36:56
You went from 0.01% of your database to half of it, but the
00:37:00
other half secure.
00:37:01
You're like, yeah, okay, or Okta or LastPass, exactly yes.
00:37:09
Speaker 1: The story is Thankfully Okta isn't a sponsor
00:37:12
of the podcast, but like If they were, they wouldn't be soon.
00:37:15
Yeah, I cannot believe that.
00:37:18
Like you know, before they were like oh yeah, it was only
00:37:23
targeted on the government clients.
00:37:24
You know, that's what they said , and they're like oh, there's a
00:37:27
couple stragglers to.
00:37:29
Speaker 3: I do.
00:37:30
Speaker 1: Like guys, you know I'm in security.
00:37:33
Okay, like you can find this out before you make your first
00:37:38
post.
00:37:38
Yeah, but you knew this, you 100% knew it 100%.
00:37:40
If someone at your company knew Yep.
00:37:42
Like you, can't tell me you didn't know.
00:37:44
Speaker 2: Somebody knew, but always I'm very charitable in
00:37:48
that I subscribe to the thing.
00:37:49
It's never ascribed to malice what can be explained by
00:37:52
incompetence, and so it's very possible that the person giving
00:37:56
the statement believe what they said at the time that they said
00:37:59
it and they just are not communicating.
00:38:02
It doesn't make them any look any better, but at least they're
00:38:04
not evil.
00:38:06
Speaker 1: I guess that's possible.
00:38:07
You know, they didn't trust the highly paid hopefully highly
00:38:11
paid engineer and architect that told them, hey, this was 100%.
00:38:15
They were like, no, it can't be 100%.
00:38:18
Speaker 3: And it's only 1%, right, right that highly paid,
00:38:24
overworked, probably not as highly paid as he or she should
00:38:27
be engineer who right now is like oh, my God, Probably
00:38:31
recently fired, Exactly Right.
00:38:37
Speaker 1: But you guys also have a podcast, right?
00:38:40
How do you stay motivated with staying up on top of the podcast
00:38:45
?
00:38:45
Because I feel like doing it myself, doing a day job, doing
00:38:51
some consulting, doing a podcast .
00:38:54
At least the first two are kind of related.
00:38:57
The first two you get away with doing one and you know how to
00:39:01
do the other.
00:39:01
But doing a podcast and marketing and getting on guests
00:39:05
and all that sort of stuff, Right?
00:39:07
I mean, like I just told you right, Like we started the
00:39:09
conversation off with, like it's literally been a year since we
00:39:13
started talking about this, yeah , you know like, how do you, how
00:39:18
do you manage it?
00:39:19
Speaker 2: Because I'm having a terrible time doing it.
00:39:23
You're not going to like the answer.
00:39:24
You're not going to like the answer at all.
00:39:26
So for security this week.
00:39:27
So our podcast that we do weekly is securitythisweekcom.
00:39:31
We have a partner in that, Carl Franklin, who is a gifted
00:39:37
programmer, someone I've known for for many years, even as long
00:39:41
as I've known Dwayne almost and he and I got together many
00:39:46
years ago and he had a podcast that he still has called Dotnet
00:39:50
Rocks, and I was the first guest on his podcast.
00:39:53
I didn't know what a podcast was until he explained it to me.
00:39:55
Speaker 3: So 2005, 2001.
00:39:59
Speaker 1: Yeah, so I thought him and his grandmother would be
00:40:01
the only ones that ever heard of this, yeah.
00:40:04
Speaker 2: So he does the technology, he does the
00:40:08
recording and we all you know, promote it through.
00:40:10
So it's a three man team.
00:40:12
It's a lot.
00:40:12
Have more hands, make light, work For my podcast, my other,
00:40:16
my partner in the Quantum podcast, entanglethingscom, is a
00:40:21
PhD in AI out of Romania who is more busy than me and I'm
00:40:26
pretty busy.
00:40:26
So we have our CIO is an audio engineer.
00:40:30
He does the recordings and the editing.
00:40:32
Our head of marketing gets the guests on and does the
00:40:35
promotions and so we cheat fair and square.
00:40:37
If I was doing this alone, it would be.
00:40:40
It would be a.
00:40:41
It's a lot of work, we know it.
00:40:42
Speaker 3: Yeah, and I'd say for security this week, for content
00:40:45
.
00:40:45
So the goal of security this week is, for the last seven days
00:40:50
, what were the biggest stories in cybersecurity and which of
00:40:53
them were just type and you shouldn't worry about, and which
00:40:56
of them are marketing.
00:40:57
Enough play and you really should take a peek at?
00:40:59
And and for me, those stories are the stories I'm already
00:41:04
reading.
00:41:04
I'm already constantly have these.
00:41:06
Now all I have to do is bookmark them and say, hey, we
00:41:09
want to talk about this on the pod this week.
00:41:11
That's it.
00:41:12
So from a content standpoint there, I think we've only had
00:41:16
one guest in two years, two and a half years, whatever we're
00:41:19
doing.
00:41:19
Speaker 2: Yeah, we had one special episode, we might do
00:41:21
another.
00:41:22
It's not a guest base.
00:41:23
We're each other's guests.
00:41:25
Speaker 3: There's three of us, I know right, just like now.
00:41:27
So so, yeah, so from that standpoint the content's easy,
00:41:30
because my day job is keeping up on all of the scary things that
00:41:33
are happening and I just mark the ones that I think are
00:41:36
interesting, that I think the public should know about, and
00:41:38
then we go and talk about them.
00:41:40
Speaker 1: So yeah, it's very different when you, when you're
00:41:44
doing it with other people, yes, so I actually started out
00:41:49
having a co-host and it was.
00:41:50
It was totally different.
00:41:52
It was so much more, you know, significantly easier, because
00:41:57
you could rely on another person .
00:41:59
It's like, oh, this guest, you know, canceled on me, not a big
00:42:02
deal, you know, I have someone that I can fill the space with,
00:42:07
right.
00:42:07
Well, now, if there's no guest, it's just me talking.
00:42:14
I mean, no one really wants to hear that, you know so like it's
00:42:18
just, it's a different ballgame , you know, like adding on these
00:42:21
layers of difficulty, but I also think it's kind of that.
00:42:25
It's kind of that mentality of security that we talked about in
00:42:28
the beginning, of like, okay, I need to be learning, I need to
00:42:31
be doing something new.
00:42:31
You know what's a good way to maybe voice your opinion on
00:42:37
something or get your feedback out there.
00:42:39
Right, that gains more traction .
00:42:41
Oh, podcast is a great way of doing that.
00:42:44
Speaker 3: Yes, yeah, absolutely yeah.
00:42:46
And you're absolutely right With us with three hosts, like,
00:42:49
if there's a week I'm in some skiff, you know, hacking into a
00:42:53
train, then the other two of them can just talk, right, and
00:43:00
they, you know, they can go through stories and security and
00:43:02
whatever right.
00:43:03
So there's always at least two of us, you know, who can then
00:43:05
sit down and do the podcast and it doesn't become a monologue.
00:43:08
But yeah, it's, it's.
00:43:09
I'd say it's tough being being on your own.
00:43:14
Speaker 1: So you know, Dwayne, I saw you are potentially good
00:43:19
with cryptography.
00:43:20
How in the world do you get good with cryptography?
00:43:25
Speaker 3: Oh, that's so.
00:43:26
That story actually brings me to getting on a no fly list.
00:43:30
Okay, well watch.
00:43:33
Speaker 1: It's a ride of messages security.
00:43:35
Speaker 3: Yeah, exactly, apparently I pissed off Malaysia
00:43:39
and back up that story, microsoft came to us and said,
00:43:44
hey, listen, you know I'd like you to do a lecture.
00:43:45
And I said, well, you know, cryptography is something I've
00:43:48
always loved.
00:43:48
The math I always do like the mathematics of SSL and that sort
00:43:51
of stuff when I'm giving lectures to developers and that
00:43:53
sort of stuff so they understand how it all works.
00:43:55
And this is back early, early days.
00:43:58
I've been doing like mathematics and cryptography and that sort
00:44:01
of stuff.
00:44:01
I mean heck, even for my three kids as they were growing up.
00:44:04
I would actually give them crypto quips a day and be like,
00:44:08
okay, solve these.
00:44:09
And even to the point where my daughter's like, oh my gosh,
00:44:11
she's going looking at colleges now and she's like, I remember,
00:44:13
she's like I want to go work for the NSA, I think, because I was
00:44:16
doing these, these crypto puzzles like all the time.
00:44:19
But so, you know, fast forward, I do, I'm doing this lecture
00:44:23
for Microsoft.
00:44:23
And they're like, well, we wanted on distributed computing.
00:44:25
I was like, okay, cool, so I created a distributed computing
00:44:28
app for for scalping tickets at concert events.
00:44:35
Speaker 2: And mobile mobile, mobile, mobile.
00:44:38
Speaker 3: Yeah, and we of course didn't want the
00:44:41
authorities to be able to know what we're doing.
00:44:43
So I entered in like frequency hopping in different layers of
00:44:46
encryption and all sorts of stuff, and it was more to show
00:44:49
how you would do encryption inside of a database at row
00:44:51
level and how you do encryption at the disk level and how you do
00:44:53
encryption at the protocol level, and that's where stuff.
00:44:55
Well, I had a buddy who worked for the VA, who was going for
00:45:00
higher and higher levels clearances and he got flagged.
00:45:02
He was like they're like, you know this guy?
00:45:04
They're like, oh my God.
00:45:05
So they started to research me but for the, for the course of a
00:45:09
year, I was the guy who always got pulled out at the airport to
00:45:12
get searched and I was like Dude, this is crazy.
00:45:14
And then even on connecting flights, I go from like Boston
00:45:17
to Baltimore to, you know, seattle, and in Baltimore they'd
00:45:22
pull me out and I was like Boston, just check me.
00:45:24
Like seriously, what's going on ?
00:45:26
Come to find out.
00:45:27
My lecture that I had posted got picked up by the government of
00:45:30
Malaysia and they put it on their website and they were like
00:45:32
look how horrible Americans are .
00:45:33
And you know, microsoft is supporting them, stealing things
00:45:37
and that sort of stuff.
00:45:37
And if you're a US citizen and your name shows up on a foreign
00:45:40
website, you instantly get on this, this watch list, where you
00:45:45
go pull that.
00:45:45
Yeah, so that's how my love of security made it hard to travel,
00:45:49
or a cryptography that made it hard to travel, but more was
00:45:52
just the love of the mathematics and the puzzles, like that's
00:45:55
why I love offensive securities.
00:45:56
It's the puzzle.
00:45:57
Speaker 2: He's off the list now , but he's still not going to
00:46:00
Malaysia.
00:46:02
Speaker 3: I'm still never going to Malaysia.
00:46:09
Speaker 1: How do you get started?
00:46:10
You know going down that path right, because that's that's an
00:46:13
area that's always interested me .
00:46:16
Speaker 3: I know it's always interested other people?
00:46:18
Yeah, but the good news is it's all starting over.
00:46:21
That's good.
00:46:21
That's the good news.
00:46:22
Yeah, it's all changing.
00:46:24
Speaker 2: So let me, let me jump in here.
00:46:25
So, yeah, math is a part of your future.
00:46:28
If you want to be in cryptography, a little bit of
00:46:30
math, a little bit at least.
00:46:32
There's some really good YouTube videos that will explain
00:46:34
step by step, using really small numbers, how to do RSA and
00:46:39
how it works for for asymmetric encryption.
00:46:42
So the first thing you need to understand is there's two
00:46:44
different types of encryption.
00:46:46
There's the one where we share a key I hope you don't mind me
00:46:49
going through this here, no, it's great.
00:46:51
There's one where we share a key and we have to be in the
00:46:54
same place or in a secret compartment or the cone of
00:46:56
silence, if you remember, get smart or whatever and we have to
00:47:00
share that secret, which is not always possible.
00:47:02
When I go to a vendor that I've never visited before, I have to
00:47:06
share a key in public.
00:47:07
Right, that's where public, private key encryption, rsa,
00:47:12
elliptical curved.
00:47:13
If he helmet come in, okay.
00:47:15
So that's, this is current day encryption.
00:47:17
So with symmetric encryption, it's fast and it handles very
00:47:22
large things.
00:47:23
If you encrypt a file or hard drive, it's symmetric encryption
00:47:26
and you may be like, okay, well , what about a transaction on
00:47:31
the internet?
00:47:31
Yeah, every time you order something on the internet, it's
00:47:33
using symmetric encryption for all your communications.
00:47:36
But how did I get?
00:47:38
Speaker 3: How did I get that key?
00:47:39
Speaker 2: Yeah, how did 1 flowers free plug get that key
00:47:44
so that I could have a secure transmission?
00:47:46
Well, they exchange the key as part of a symmetric encryption
00:47:52
with RSA, because it is not suitable, it's not fast and it
00:47:56
also doesn't accommodate large pieces of information, but it's
00:47:59
enough for us to share a secret key.
00:48:00
So RSA is really the big standard, but you can also use
00:48:05
elliptical curve, and they're all using the discrete log
00:48:08
problem of.
00:48:09
It's really hard to take really large primes, multiply them
00:48:15
together and then factor those primes, because that's how you
00:48:18
break it if you're not one of the Pete parties to the
00:48:20
encryption.
00:48:22
So fast forward to quantum computers, and quantum computers
00:48:26
, through Peter Schor's algorithm mathematician
00:48:29
professor at MIT, will break RSA not in a billion years or a
00:48:36
trillion years, which is what it would currently take, but in
00:48:40
minutes or hours.
00:48:41
And so when quantum becomes ubiquitous, which is probably
00:48:46
not more than a decade or certainly not more than two
00:48:49
decades away, then we need a new encryption standard that we're
00:48:52
already been using, and so NIST has come up with new encryption
00:48:56
standards based on mostly crystal technology and which is
00:49:00
more geometric, and so the good news is, if you want to get an
00:49:03
encryption now, you probably have to learn what's going on
00:49:06
now, but you have to really focus on what's coming, and so I
00:49:09
would encourage organizations to start getting ahead on this,
00:49:12
because if you thought the old stuff was hard, the new stuff's
00:49:14
going to be harder.
00:49:16
Speaker 3: Yeah, when you start talking about crystals dilithium
00:49:18
and crystals kyber and, like I know, right.
00:49:20
So crystals.
00:49:22
Speaker 2: kyber is the key encapsulation mechanism.
00:49:26
It's the RSA encryption mechanism replacement and
00:49:32
dilithium is the signature technology using crystals, and
00:49:36
we could do a whole show on that , but maybe we should.
00:49:40
But it's a good time to get into it because you can start
00:49:45
learning about this new technology and learn a little
00:49:47
bit about the other and you'll be in demand because the
00:49:50
government has mandated that organizations start using.
00:49:52
If you want to work with the government, you're going to have
00:49:54
to start using the new encryption because there's fear
00:49:56
that the certain nations that I probably won't travel to anytime
00:50:00
soon, like Russia and China, are collecting this information
00:50:04
so that they can crack it later.
00:50:05
Right.
00:50:06
Speaker 3: Using the old encryption.
00:50:07
Imagine if you could collect all of the encrypted data today
00:50:11
and knowing in about 10, 15 years you'll be able to open it
00:50:13
all up.
00:50:14
It won't be declassified at that point, but yeah.
00:50:18
Speaker 2: It will be to you.
00:50:18
Did that answer your question or did I go way off in a tangent
00:50:22
?
00:50:22
Speaker 1: No, I think that makes sense and I think that
00:50:24
they both build on each other.
00:50:26
That was actually going to be my follow-up question, because I
00:50:33
find it interesting and me as someone that is paranoid, I
00:50:37
guess from the job market, I always want to be ahead of the
00:50:41
curve.
00:50:42
So 10 years ago I identified cloud security as something I
00:50:46
wanted to get into.
00:50:47
Did the work in the cloud security.
00:50:49
Now it's like okay, I have that expertise, when am I going next
00:50:52
?
00:50:52
Well, quantum is where everything is going next Come on
00:50:55
Aquano.
00:50:55
How the hell do I get into quantum?
00:51:00
Speaker 2: If you think it's hard to find engineers for cyber
00:51:03
, wait 20 years and watch quantum, because, oh my gosh,
00:51:07
it's not that hard if you're willing to have an open mind,
00:51:10
but there's some basics you've got to really accept.
00:51:13
The hardest part about the quantum stuff is once you start
00:51:16
getting into it.
00:51:16
Is you want to understand why?
00:51:17
That's a dangerous question?
00:51:19
Because, honestly, we don't know why You're going to be
00:51:23
disappointed into, just like suspend belief and act like it's
00:51:25
a Superman movie.
00:51:26
Oh yeah, he can fly, just move on.
00:51:29
Speaker 3: Now what can we do?
00:51:29
He can fly, Assuming he flies.
00:51:31
Now what do we do?
00:51:32
Yeah, exactly.
00:51:37
Speaker 1: So the two solutions that you talked about are those
00:51:42
what's considered like, it's like quantum resistant
00:51:47
technology.
00:51:49
Speaker 2: Yes, yeah, they're quantum resistant algorithms and
00:51:54
they're trying to.
00:51:54
Nist, the National Institute of Standards and Technologies,
00:51:57
came out with their recommendations.
00:51:58
They started with 57 different mechanisms and they had all
00:52:03
sorts of cool names, and some of them are still going to be in
00:52:06
use, but the winners seem to be the crystalsorg.
00:52:10
There's a company called Crystals.
00:52:12
They don't sell Aura charts or anything like that and they've
00:52:16
come up with these algorithms.
00:52:18
There's a company called PQ Shield that's very heavily
00:52:21
involved and if you're interested in this, you might
00:52:23
want to get in their mailing list.
00:52:24
They sent out a lot of interesting articles.
00:52:25
They did an article where they talked about what it would take
00:52:29
to take the signal app, the communications app, and change
00:52:34
its algorithms to be quantum resistant and use the new
00:52:39
algorithms.
00:52:40
So there's a lot coming here.
00:52:42
There's also a lot of promise that quantum itself will solve
00:52:47
some of these problems with quantum key distribution, the
00:52:50
ability to generate unbreakable keys using quantum technology.
00:52:54
But that's kind of a chicken and egg thing.
00:52:56
You can't wait for that because by the time that's ready for
00:53:00
prime time, your data's already toast.
00:53:02
So you need to get ahead with the nist recommendations, the
00:53:06
crystal stuff, and then get into it.
00:53:08
I can explain the crystal stuff a little bit more.
00:53:10
But yeah, sure, okay, all right , glutton for punishment.
00:53:14
So imagine a matrix, a diagram, just a 2D XY axis, and so if I
00:53:22
say the matrix is 1, 1, that means every whole number point
00:53:26
on that whole grid is a potential point.
00:53:29
It's a valid point in the matrix, in the lattice we call
00:53:35
it.
00:53:35
Now.
00:53:35
A two-dimensional array is pretty simple and you can
00:53:38
imagine things with it.
00:53:39
But if I say it's 2, 2, then that means 0, 0 would be a point
00:53:46
, 2, 0 would be a point, 2, 2 would be a point, but 1, 1 would
00:53:50
not be a point on that lattice.
00:53:52
It's not a valid point.
00:53:53
So I can basically come up with any number of lattices that I
00:53:57
want, but they're always whole numbers and it's an infinite
00:54:00
space.
00:54:01
Speaker 3: Now-.
00:54:02
Speaker 2: That's an n-dimensional, yeah, but now
00:54:04
multiply it by a thousand dimensions or a hundred
00:54:07
dimensions.
00:54:07
And if I look at the 2D space and I say, ok, I'm going to give
00:54:13
you a number, I'm going to give you a point that's not on the
00:54:16
lattice, and we're going to use the most, the closest valid
00:54:22
point on the lattice to that as the key.
00:54:24
And you're going to be like, well, that's trivial, I give you
00:54:27
a point of, I give you a lattice of 2, 2, and I give you
00:54:30
a point of 1.9, 1.9, right, and the 2, 2 point is the closest
00:54:38
point.
00:54:38
That's easy to see.
00:54:40
But what they do is they build in errors.
00:54:43
Learning with errors is what they call it, which I still
00:54:47
haven't got a good analogy for it.
00:54:48
They build in some errors and then they multiply it by a
00:54:52
thousand fold and then it becomes really, really hard for
00:54:57
a computer to figure out where the closest point is, and it
00:55:00
becomes impossible for humans because we can't think in a
00:55:01
thousand dimensions.
00:55:02
And so they're using a geometric relationships and
00:55:05
there's different ways of relationships that you can use.
00:55:09
So that's what crystals is doing.
00:55:11
That's what lattice encryption is all about.
00:55:14
I hope that was quick enough, wow.
00:55:18
Speaker 1: Yeah, I mean.
00:55:20
Speaker 3: I was going to say it's enough to bake your noodle.
00:55:21
It's fun.
00:55:23
Speaker 1: Yeah, like I feel like I'm done for the day now.
00:55:27
You know, like I'm just going to tell my boss hey, like I went
00:55:31
too deep on quantum, I got to take it.
00:55:34
I'll be back next week, I'll be back next week.
00:55:36
Speaker 2: That's all you need to know.
00:55:37
Yeah, well, and again, if you nibble at it, you'll get there,
00:55:41
just like cyber.
00:55:41
None of us learned, none of us became cyber engineers overnight
00:55:44
.
00:55:44
It was a process.
00:55:46
Quantum's the same way, ai is the same way.
00:55:48
And I think those are the three key technologies that if you're
00:55:51
good with one, you can do the others, because it takes a.
00:55:55
You got to be curious for all of them.
00:55:57
And I think unfortunately, they're going to compete for
00:55:59
each other, for people.
00:56:01
Speaker 1: Yeah.
00:56:01
So with when we're talking about going into an emerging
00:56:06
field right like quantum, how do you become recognized, as you
00:56:13
know, knowing anything that knows about it.
00:56:15
How do you become recognized?
00:56:17
Because there's no certs, there's extremely few jobs.
00:56:21
Most companies aren't even thinking about quantum right now
00:56:24
in order.
00:56:25
Do they want to?
00:56:26
Speaker 2: So here's how quantum would work in my opinion.
00:56:28
And first thing is you got to know what you're talking about.
00:56:32
So you got to go and consume and understand the basics and
00:56:36
you've got to look.
00:56:37
You're going to, you're going to go to lectures.
00:56:38
My first lecture on quantum computing was More than ten
00:56:44
years ago, before there was a quantum computer, and I was like
00:56:48
fascinated by it.
00:56:48
And then I saw, I seeked out people, I started reading books,
00:56:51
I brushed up on my math which it was pretty good anyways and
00:56:55
then a big turning point was I took the MIT courses on quantum.
00:57:01
I actually went and, you know, had to pay something for it, but
00:57:03
they were great.
00:57:04
They filled in some blanks and I found like-minded people and I
00:57:08
started doing presentations at code camps and Other user groups
00:57:12
on the topic to become, you know, well, this is the guy,
00:57:16
he's speaking about it, so he must, and I admitted early on
00:57:19
I'm an amateur, I'm just learning it.
00:57:20
And then I managed to start a podcast three years ago with a
00:57:25
guy who's you know, one of the brightest guys I've ever met,
00:57:28
outside of present company, of course, and and I've been doing
00:57:32
this podcast, so I've been talking to professors and CEOs
00:57:36
the government of Finland Seeked us out to talk.
00:57:39
So actually having a podcast not a bad idea.
00:57:41
And I would say that I'm pretty well known now in the small
00:57:46
pond that is quantum, because I talk about it all the time and
00:57:49
I'm reading about it all the time and the guys send me
00:57:51
articles all the time and I'm constantly bringing it places
00:57:54
like this where no one expects it.
00:57:57
But, honestly, just being able to have the conversation and
00:58:00
applying for the job and knowing the terms, you're probably in
00:58:04
the secret handshake is yeah, you know you, somebody tells an
00:58:07
entanglement joke and you get it , you know, or something like
00:58:10
that.
00:58:10
Or or somebody makes a reference.
00:58:12
They might ask you some questions, but if you know your
00:58:14
stuff, it's really not hard because there's so there's gonna
00:58:17
be so much demand.
00:58:18
We're still very early days quantum if you're not doing the
00:58:20
hardware stuff, but you can program right now.
00:58:22
So I'm gonna reveal something and I know I'm doing too much
00:58:25
talking.
00:58:26
We were gonna do a startup, dwayne and I with some other
00:58:30
friends, where we were gonna build a product to help develop
00:58:36
new material science, new materials using quantum.
00:58:40
Microsoft just released it and so we killed our idea.
00:58:44
But it's Microsoft, my Microsoft, has a Quantum
00:58:49
essentials.
00:58:50
They basically will help you take development of new
00:58:54
materials and Accelerate it the way most people think it would
00:58:58
take AI to do.
00:58:59
But really you need AI plus quantum, and so there's tons of
00:59:03
opportunities.
00:59:03
There's gonna be tons of startup and in the next five
00:59:06
years We'll probably see tons of money going into startups not
00:59:09
for AI as much, but the money will switch over to quantum, so
00:59:12
it's a good time to get ahead of that.
00:59:16
Speaker 1: Yeah, I got a lot of work.
00:59:21
Speaker 2: You're still sleeping , I bet you know there's a lot
00:59:23
of.
00:59:25
Speaker 3: Tell you he has a nine-month old.
00:59:26
He isn't sleeping.
00:59:27
Speaker 2: He's asleep.
00:59:27
There you go.
00:59:28
Yeah, what we talk about sleep.
00:59:30
Speaker 3: What is this sleep thing you talk about?
00:59:31
I?
00:59:34
Speaker 2: Mean it's self-serving, but podcasts go a
00:59:35
long way, so this I love Patrick opens up with.
00:59:39
Speaker 3: Well, all you got to do is take the courses at MIT,
00:59:42
and then, you know, I didn't build on that as a foundation.
00:59:45
Speaker 2: You're like oh, I didn't have to go as get
00:59:47
accepted as an undergraduate.
00:59:49
Speaker 1: Just pay, yeah because that's, anyone can just
00:59:55
go to MIT.
00:59:56
Speaker 2: Honestly, if you have $1, you can, but you have
01:00:01
to also understand.
01:00:02
So I'll be full disclosure.
01:00:04
I spent it was only 10 hours a week for eight weeks, but I was
01:00:09
spending another 20 hours a week on math, yeah, on revisiting
01:00:13
linear algebra, matrix math.
01:00:16
I went back to you Euclidean geometry just because I was
01:00:20
trying to understand some of the things they were saying and I
01:00:22
got a lot out of it.
01:00:23
I mean, I got every single little bit out of it.
01:00:26
So your, your mileage may vary, but it was very helpful to me.
01:00:31
Speaker 1: Huh, well, you know, in the next five years, I mean
01:00:36
this will be, this will be where we leave it.
01:00:38
Of course I don't mean to go over time.
01:00:39
I know you guys are busy, but you know, if you had to pick
01:00:43
three fields for people to start getting into, right, obviously
01:00:47
quantum is gonna be one of them.
01:00:49
What are other emerging fields that you think are gonna be?
01:00:53
You know, blowing up will be beneficial for someone to.
01:00:57
You know, get some sort of specialty in to kind of, you
01:01:01
know, secure that career, that career.
01:01:03
Speaker 3: So one that I would offer up.
01:01:05
You know, of course, cybersecurity, but cybersecurity
01:01:08
is too general.
01:01:08
I think what we're gonna start seeing is cybersecurity around
01:01:11
AI and, and more specifically, you're gonna start with things
01:01:15
like cybersecurity around LLMs and Then move into more.
01:01:20
You know, securing the corpus of data that an AI may either
01:01:24
have access to.
01:01:25
So I think you're gonna start to see more fields around really
01:01:29
artificial intelligence.
01:01:31
You know slash machine learning, but but yeah, and and
01:01:34
cybersecurity, I think that's that's gonna be a hot field
01:01:38
coming up very shortly.
01:01:39
And then obviously, quantum.
01:01:41
Yeah, I think you know quantum in general, but then quantum
01:01:45
cybersecurity is a whole other mind-blowing thing Around.
01:01:50
You know understanding how lattices work and crystals and
01:01:54
how to do entanglement of data, and you know there's there's a
01:01:57
lot going on there too.
01:01:59
Speaker 2: If you want to be specific, I think it the the,
01:02:02
the new quantum resistant encryption is a big space.
01:02:04
Hmm, as we were talking about, as Dwayne was talking about, the
01:02:08
AI.
01:02:09
You know, put the security on AI.
01:02:11
You gotta understand AI and you gotta understand security.
01:02:13
That's an intersection that's gonna be big.
01:02:15
But if I had to go big picture, it's gonna still be quantum AI
01:02:21
and cyber.
01:02:21
Those are the three fields that are gonna keep on, those are
01:02:23
the gifts that are gonna keep on giving, and then it's the
01:02:26
Intersections and maybe there's something new that's gonna get
01:02:28
invented we never heard of, but big data is still big and and
01:02:32
you know, can't material science is gonna be impacted by all of
01:02:35
these.
01:02:38
Speaker 1: Yeah, it's.
01:02:38
Uh, it sounds like we probably need to have another
01:02:41
conversation, maybe, maybe, in a year we'll be able to.
01:02:47
Speaker 3: Maybe, we'll make it semi-annually.
01:02:53
Speaker 1: Awesome.
01:02:53
Well, before I let you guys go, you know how about you tell my
01:02:55
audience.
01:02:56
You know where they could find you, what your podcasts are and
01:03:00
your website and all that good information so they could they
01:03:03
could locate you and learn more about you if they want.
01:03:06
Speaker 2: So we pulse our securities, the company we work
01:03:10
for, that we you know we founded Security this week.
01:03:14
Calm is where we talk every week about cyber and Entangle
01:03:19
things.
01:03:19
Calm is where I talk about quantum and Dwayne tries to
01:03:22
avoid, and that's about it.
01:03:24
We go to conferences, we speak at code camps and things like
01:03:27
that.
01:03:27
We're gonna probably start a few up in New Hampshire.
01:03:30
We're about an hour north of Boston, so that's where we are.
01:03:33
If you're looking for me, I'm in the basement with my guns, so
01:03:39
make sure I know you're coming, yeah.
01:03:43
Speaker 1: Awesome.
01:03:44
Well, thanks guys.
01:03:45
I really appreciate you coming on.
01:03:46
It was a fantastic conversation .
01:03:48
Well, I absolutely have to do it again, you know, sooner
01:03:53
rather than later.
01:03:54
Thanks, joe.
01:03:55
Speaker 3: I can't be awesome.
01:03:56
This was a lot of fun.
01:03:56
Yeah, anytime, joe.
01:03:59
Speaker 1: Absolutely.
01:03:59
Thanks everyone.
01:04:01
Hope you enjoyed this episode.