Another Cloud Podcast
A podcast designed to bring you stories from the smartest minds in IT, operations and business, and learn how they're using Cloud Technology to improve business and the customer experience.
80/20 Rule - Security 2021 - IT moving to the Executive Table with Brad Bilotta & Jeff Young
with Alex McBratney and Jeff Young
Don't have time to listen? Read the full transcription.
Hello, and welcome to another cloud podcast podcast designed to bring you stories from the smartest minds in it, operations and business and learn how they're using cloud technology to improve business and customer experience. Welcome to another cloud podcast. I'm so excited to have Brad balada. Here he is the IT manager over at magnaflux. Brad, good to have you on. Thank you for having me. Enjoy to spend some time talking about some awesome it. concepts. Absolutely. We're looking forward to it. There's so much to talk about in it. And so we're only going to be able to scratch the surface a little bit. But we also have Jeff young. He is the CIO and residents over at the confer group. Jeff, welcome. Welcome as a co host, and thanks for joining us here as well. Yes, appreciate you having me. Alex, how are you today? And Bren? we're doing we're doing good. We're doing good. So Brad, I have to ask and we were talking about this a little bit for the audience that doesn't know or that might not be a Midwesterner. What's the the logo on the back behind you there? What is what's that all about?
Yep, so I went to Good, good old U of I down in Champaign, Illinois. And this is their chief was the mascot, who is no longer currently their mascot, they use a big letter block I but this is from from my college days. So it's, it's I'd like to show other people the some heritage of where I came from. So Absolutely. Well, hopefully, it doesn't date you too much by how long the ice has been there, versus how long the chief was, was the mascot. But now it's good to know, I love I love that. And, you know, one of the things we like to do at the beginning of the podcast with our guests is just learn a little bit more about them how they got to where they're at, give us a little you know, a cliff notes version for those that you know, in the 90s, I went to high school and had Cliff Notes, but about how you got to where you're at magnaflux in it as a leader and where you start and how you just how you fell into it. And in that story. Sure, I actually my my undergrad degree is actually in hospitality management and focused on the business side of things. And if you really look at that degree it it's basically business without the manufacturing point to it. So if you look at where I'm at now, my last job including the current job, have been manufacturing oriented. So moving into manufacturing has been a new breath for learning the business side and how things happen within our whole supply chain. And then the IoT portion of it really came into my last year or so of undergrad college, I was very interested in what a lot of my friends were doing and programming in it. So I decided to jump into a master's program at DePaul University and have a master's in Information Systems. So I decided to kind of marry the two together and focus on business and IT and and this is where I've come to
I love that story. A lot of the people that we talked to don't always come straight from college having that it background, they sometimes just get thrust into the role and have to really lean on their admins or their you know, telco engineers and things like that to learn the business. But I love how you came from college and just straight it straight into it. Talk a little bit about so magnaflux just so people that might not know who who they are what they do. What's a little background about magnifiques? What do you guys do over there? And how's it played? That started that rolling? Fix making it all working parts? Keep going?
Sure yeah. magnaflux is a part of it w so Illinois tool works a very large organization in our kind of niche is non destructive testing equipment and chemicals. So we manufacture the chemicals and or equipment or accessories for people to do tests on life safety kind of concepts. If you throw big wheels on a underneath a train, how do you know those big metal wheels are built strong enough? Or how do you know that they were manufactured properly to withstand the weight of a train, right? So pretty important piece to the train running on the tracks properly. So we can test we have come up with ways to test and validate that those wheels or the axles or welds or any kind of piece of that has been manufactured properly. And that's really what we focus on is really being a part of life safety and the benefits of everything that we do every day, we're within feet of it.
You really get to see the fruits of your labor all over the place, right? I mean, trains in different, you know, manufacturing and industry, and all that good stuff. So one of the topics that we wanted to bring up and we talked about this before in the past was this protos 8020 rule. And I think there's a lot of leaders out there such as yourself that are trying to manage a team. They're trying to manage it for their whole organization and there's a lot of moving parts. A lot of times it is stretched thin, they don't have all the staff necessary to really run it as best they can. So talk a little bit about this framework that you've adopted and used over the years and how that came to be into your into your that tool belt that you use to manage it. Sure, so a lot of companies have passing fads or they have
strategies or or guidelines that they use ITW is a little different, I wouldn't really put those in the same category I it's really a lifestyle here, I ITW utilizes and trains all of its business units to use 8020, or the perito principle to help drive the business. And what I mean by that is if you look at the basic rule, 80% of your revenue is pretty much provided by 20% of your customers. So the customers that you want to make sure you over serve, solve their problems are the people who provide most of your revenue. So we look at 20% of our customers and try to over serve or solve their problems. Now, you would probably say, Well, what do you do with the other customers? Well, we don't want to lose those customers either. But we do handle them in different fashions. So we may use distributors to help handle the majority of the customers that do lower amounts of business. Or we may do other kinds of assessments that may be more broad based where it's helping out some of the needs and desires of a smaller business for sale, per se.
Exactly. And so Jeff, you know, going to you, Jeff, I'm curious, you know, you have over 30 years of experience in it. You're the CIO, Brett Haynes International, how did you approach it? And like, did you have a framework? Was there any sort of resemblance to a parados rule or anything like that to when you're managing and, you know, trying to effectively, you know, make make it effective? And, you know, all right,
well, you know, I think, formalizing it as as ITW has, and Brad is your described, it's fantastic. I think I think we all do exactly what you say or we're forced to do it to some degree. And and to actually practice it as a principal is much better than just closing the door at the end of the day, knowing that you you'll have a fulfilled the list of duties, you're supposed to get done that day, you know, the biggest thing for me was in training, my staff was, you know, how do you? How do you prioritize what you have to do, you can never go home, with everything complete, you know, there's always going to be something else you got to do, and you got to be able to feel good about yourself. You know, I had somebody that worked for me, that would work 10 hours a day and apologize every day for going on saying I didn't get this done, I didn't get this done. So you cannot work 10 hours a day and feel bad about how you work, you just can't. So So it's very important to to be able to do what Brad's describing and to, to prioritize and obviously, look at what keeps the lights on first. You don't take care of your what, what's key to keep the things running, keeping things working, and then you work on other things as you have time.
As part of that, too, is having that kind of a thought pattern or that lifestyle entrenched within your organization. You may say, Well, that's great. We can pinpoint who our top customers and we can over serve them. But how do you drive that down and tie it in with it? It's the same concept, but it's slightly different. If you apply it directly to what it does, for example, antivirus, you can't, you cannot deploy 80% of your computers with antivirus. Because you still have, you still have 20% that do it right and that 20% or one even could possibly infect your whole your whole network. So there are some reasons to not deploy an ad 20 concept. But from the benefit side at 20 is deployed, even down to my email for from a daily perspective, I look at my email, and I try to fulfill 20% of my emails that give me 80% of the value. So what's important customer emailing me, or somehow I'm working with to help them fix something. I'm working with a customer service team who's trying to get an invoice out to a customer, maybe I'm talking to my boss, because we need to get a priority done on a project that will streamline and cut costs. Those are the 80. Now if my boss emails me on something that's not important, I still need to look at that email. I can't apply the rule broadly, you have to be smart about it. But having it work towards what a customer would benefit a customer is really what the rule kind of signifies.
I think that's really important. Good because one of the things that I stressed the company I worked for the majority of my career, we made metal, and I would say it in the meeting over and over. As you know, I said we make and we sell metal. So our job was to sell report all of the functions that made and sold metal. And sometimes on the IT side, you can you can get off to a tangent and you can get working on something that Wait a minute, guys, we just spent a week doing this, what's the value here? You know, how did this help us ship to our product? How does this help us test our product? Make our product if it didn't stop? So in your case, I think that's true. You know, in your case, with your top customers with your testing, does this help us do our job? If it doesn't, you have to rethink it?
Or what gives a better customer experience? Ultimately, what we're doing in this pre or post time of a pandemic? is how do we how do we have a customer that feels heard? How do we have a customer who is taken care of how do we make sure they have the tools they need to be successful consumers of our products. And you know, we've we were deploying already, before the pandemic came a storefront that allows our customers to basically get confirmation to look at real time pricing that they have to look at all the different pieces that go into their order and make sure that they're taken care of so that they they don't play two, three days of back and forth of fixing things on a purchase order. Right? Those are the things that make that customer experience more acceptable.
Yeah, absolutely. You know, it's funny on the on the podcast, we've talked to a lot of people about customer experience and customer experience leaders. And it's interesting to now be on the IT side. And to hear from you that like that's important, too, is on the it is not just about keeping the lights on. That's kind of like the foundation. But then it's like, well, how do we support what's you know, supporting us, which is our customers and the revenue that they bring in? So I'd pose this question to kind of the both of you is how has it always been that way? And if it hadn't, what like What's changed? or How can someone that maybe doesn't have a customer experience forward thinking IT department help get it there?
Yeah, so from my experience it for a long time, was a service we were thought of is, you know, someone who's delivering a product because it was necessary. So we would deliver the product of changing computers out or helping a user figure out how to use Excel or something to that effect. And, and it was a cost. Part of today's IT leaders, part of their duties is to really show the company, that it is not just a cost, it can be a part of a product, some of the initiatives that we may get to in the future, maybe looking at IoT, and how can we actually predict equipment failure before it happens? That's an additional service that could actually be tied to revenue. Could we take, though that statistics that we get in can we provide additional value to our customers based on their testing or their equipment? specs? You know, those are the things where now I'm starting to take it knowledge and drive it to a customer benefit, you know, handling a server for files, no customer is going to pay me more because I have a file server for my users to use. So So ultimately, let's outsource that. Let's get that out to the cloud and not have to maintain a server.
And, Jeff, how about you when you were at Hanes in your experience and just working with CIOs and your colleagues? Did you see that transition happen? Do you see kind of a mix of some are still stuck in that? Yeah, it is just a cost center. They don't bring value to the customer? Or do you? Did you see that transition starting towards the end of your career?
Oh, yeah, yeah, it was started. I tried. I hopefully I helped move that forward a little bit. Because the thing is, Brad's right, you know, it was absolutely just the cost center, it was an unnecessary piece of the business that was required, you know, in order to get invoicing out, you'll get customers build to get items shipped bill of ladings printed, but, you know, it becomes a business leader. And it wasn't thought of that way, you know, it was was just an overhead department, but it has since moved into a leadership role. And I think, you know, really got a seat at the table. You know, there wasn't a C level position for the IT manager, in my opinion, 20 years ago. You know, when you look at CIOs today, they were IT managers that normally reported to the CFO, but they they didn't necessarily have a seat at the table. And now it does, you'll help help drive the business or should because the thing is, you have to have it. So you can either have it just as a cost center, to in fact, you know, keep the lights on or get things printed and get the job done. Or you can extend it, you know, and get value out of out of it as well which spread what Brad's talking about. So that's that's what we also tried to do. It's funny because in it, it is concerned about backups and recovery. So you talk about disaster recovery. within it is one thing of how you protect a computer room. But there was every department, every personnel, everybody that was at employed at display at the place, had some area that they needed to think about continuity and business continuity, and how to protect themselves what to take home, what's backed up, what do I do if this fails? So you carry that kind of mindset, you know, throughout the organization, which makes it valuable.
Yeah, exactly. And, you know, and going into that business continuity and disaster recovery. And, you know, Brad, as far as like what you've seen, in your experience, how often are you getting pulled down to fix those issues, versus being able to look forward and look at that 20%, you know, the 8020, towards expanding that customer experience using technology, as a revenue generator, you get pulled down a lot to those foundational things like disaster recovery, and Dr. And file servers and things like that. Yeah, we, you know, we can't necessarily remove technology, sometimes without taking on extra costs that the business may not be able to absorb. So we still have to keep the lights on. And from an 8020 perspective, right.
I have my team, my staff, and they do an awesome job. And we focus them in on not only backing each other up so that the business doesn't stop when someone's out on vacation or leaves, but also focusing on certain parts of the business. So from the old days of it and supporting users, you know, what I focus one of my team members purely on helpdesk, right, you know, how do we take 80% of their day and make sure they're running the needs of the organization? I have another person that I focus on systems, right? So how do we maintain and manage and have security being kept up with, so we focused on that I myself have been shifting more off of those day to day items, and getting into focusing on what drives either costs down up more streamlined processes, you know, or even drive a customer experience to a better state? You know, and we actually have, you know, a phrase for that, as we say, ASAP. So we have assess, streamline and action. So when we have a process that we want to review, you know, we stop, we look at it and say, Hey, what are we currently doing? And why are we doing it? Right. So that's the assessed part. And then the next part, you know, after we go through a few meetings, and have some discovery with our management to make sure that they agree with where we're at, then we streamline it, then we come back and say, Hey, why are we doing this? And what if we don't do it anymore? If this is a, what we call it, a 20 item, if this is an unimportant item, and no one cares what you know, to why we're doing it? Why are we even doing it? So we either eliminate it, we automate it, or we, you know, in some cases, it's better to just do it manually, and just make it more efficient. And then on the last step there, again, we will meet with our management and kind of give them our report out and where we want to go with it, right? How do we make this better, and then we action on that. And we basically say, this is how we're going to get it to a better state. So we try it, and we can test it. And hopefully, if it is, the better state that we want it to. And in some cases, it's a complete shift. I mentioned a little earlier about a storefront. You know, we ran out of ways to make a meaningful streamline out of our customer service area. So what was the next thing is we had to implement technology to see that shift? And that's how we got to a better state.
And Jeff, how about yourself, when you seen those struggles, right, where you do get pulled down, you're able to delegate to team members will sort of approach did you have to make sure that you weren't getting sucked into those day to day, you know, break fixed type situations, but rather more strategic?
Well, just like Brad said, you know, you have two choices, you either have to find a way to completely segment your day, but you can't, because you can say I'm going to spend these next three hours doing this. But if a break call comes in a break call comes in. So So the thing is, what you had to do was, make sure you had people that were really dedicated to, to take that, to take that break, fix on, if you will, so that the people that you want it to be, you know, doing more of the forward thinking more of the strategic work, I have the window to do so because it's you just you just can't pick and say, Okay, I'm gonna spend the first half my day here, second half my day here, it doesn't work that way. And, you know, the only other choice is to start early, because if you, you get the only way to get to quiet hours in the morning to get something done before you get interrupted is to be there two hours before anyone interrupts you. And that's, that's not always easy to do. So we We would do the same thing you have somebody you know, in charge the help desk and and then you know, try it, try to make sure that you want everybody to be able to be involved in innovation and strategic work. But the fact the matter is some, some people are going to have to stay in the trenches and make sure we're okay, because problems don't go away, you know, they show up every day. And they might take a few minutes to fix, but you have to be on a quick because you don't want your users to be ineffective at all. And, and we've also found another way to handle this is to really train up our business unit users really get buy in and have a business owner for different systems. For example, we we didn't want to manage file servers, you know, and we're not quite often file servers yet, but we've moved our daily dependence on to like a SharePoint. And each SharePoint site that we have for each department has an owner and we trained up power users, right, and we have a business owner that can go in and edit and make changes and give permissions and, and does that does it is that kind of doing some of the it work. In some cases it is. But in the other side of this, we're empowering our users to be able to make the changes, they need to be come more efficient with the workflows and things that they put in place on these systems to utilize them to get the daily job done. And that's, that's to me spreading the workload. Yeah, those business liaisons are very important. That's a great idea. Another way that I use those, Brad was remote sites, because you had to have, so I don't know if you work in remote sites in your situation or not. But you've got to have eyes on the problem. And you need to have somebody and I had a liaison to it at each physical site. So I had somebody that could step over and, and take a look, it's not as important now. Because these days, you can take over a PC, and you'll have to be in front of me more, but in the day, sometimes you had to be in front of them. So those kinds of people liaison at the business level, and or at remote levels are both really a great, great way to help your core team to move forward with other things.
Yeah, one of the things we're seeing, and we touched on it earlier about how with the technology changing, and it becoming having a getting a seat at the executive table, is because a lot of the technology is changed to the cloud, it's changed to be more streamlined and easy to use. And so one of the things we see is a lot of these products, whether it's contact center, you know, hosted, you know, phone platform, there's so much easier to implement manage, a call center manager can go in and make changes, so call queue and five minutes where they don't have to pick up the phone for internal help to say, hey, I need to change these change three things. And it takes a week or two weeks for it to get to it. And so I think you see a lot of the you can delegate more out to your other business users to find that champion that says, Yeah, I can I can run this phone. So I can go make when someone comes on board and make it make it an easy switch or take someone off. And so what have you seen as a been the technology changing, making it easier where you've seen, okay, like, it gives you some breathing room to then go out? And then second would be Where's like AI coming into this? Right. And we talked a little bit about, you know, the, you know, IoT, being able to focus on IoT focus on I believe, AI as well, to use these upcoming technologies to continue to, I guess, alleviate some of that burden that it faces. And have you seen much of that? Or where do you see that going as far as magnaflux? And, you know, in the future?
Yeah, so we're definitely evaluating things like RPA robotic process automation, we're looking at things that are traditionally hard for us to spend time on, or we don't have the expertise, security. You know, we we utilize a platform that uses AI and machine learning to really cut through all of the bulk of the logs and all of the information that we don't have time to sift through or to be quite frank have the experience to assess. So we can utilize that the AI and machine learning to really get down to what actions do we need to take and guess what we can action on that. And we can utilize that to our advantage and back to you know, robotic process automation, you know, do who really wants to open up all these bills and pay and enter them into the system and you know, this is repetitive work over and over again. And it's you know, we have the technologies to OCR. We have the technology to take data and transfer it from one system to another. You know what, maybe we just need to put some parameters around how that data is worked and what can happen if I put a purchase order out for $1,000 for a computer and I I get a bill from our vendor for computers for $1,000, the same vendor I put into our system and and it's $1,000 Why not just automatically pay the bill? Why do we have to go through and approve it again and have five people look at it. So using some of the, the processes that are in our heads and getting them get the logic out into the system is really where we see a lot of our efficiencies going.
Yeah, I really see that being the reason that it is more and more becoming that that executive leader on at the table, because the technology's changed to such a point where everyone needs to be looking at these, you know, RPA AI, IoT. And the right is, you know, the, the CFOs CEOs, they're not the ones that are leading that charge. Typically, it's the CTOs CIOs, IT leaders, where it's like, these things can drive a lot of value for an organization as just as matured, that way everything is going, you know, to AI and better technology. So they're almost like they're being forced to the table to rise to the top. And it can almost be, I'd say, right there next to the CEO, because when it comes to strategy, that's what's going to lead the way. I mean, we see what Amazon's doing, and their RPA and all their efficiencies, and there are a bookstore 1520 years ago, online bookstore, right. So it's, it's amazing to see, Jeff, what about you? like where do you see that, you know, that AI that RPA, you know, moving in, in the with your colleagues that you've talked to and what you see in the industry.
Sometimes, those technologies can be perceived as threatening, I guess, because you perceive that it's going to eliminate jobs. But for me, the intent of any of this technology isn't to eliminate any jobs, the intent is for efficiency. So one thing if you have repetitive jobs, and you can automate, then you you take the errors that are potential in that repetitive job down to zero. Because if you've got, if you've taken taken it, automate it, you're not going to have any errors. And then you've got your personnel focused on what they need to be focused on, which is the exceptions, obviously, that may come up out of the process, but also focused on improving the process, you know, not not spending all of their day just dotting your i's and crossing the T's, they get to actually move into a more, you know, something that could make a difference for the bottom line for the company. So and the other thing with, with AI, the other thing that happens is you're capturing knowledge, and that's critical, because very difficult to capture knowledge from from workers and and to capture knowledge. So the base knowledge will help the longevity of the company,
Every time and the touch base on what you said, Jeff, you know, a lot of times, I think in traditional businesses, deploying technology was to eliminate jobs. I fully agree with you into some sense, it still is. But I agree with you that it's not necessarily the goal for most organizations, I think you, you want to deploy your resources in forward thinking or customer forward roles. So you can take, maybe you can shrink a department. But guess what, now you can expand that department to sell more, because now you have more people on the phones talking to customers. But it all comes back to headcount. So how do you deploy that headcount appropriately. And to be honest, I mean, I think you want also engaged employees, and when you put them in front of a process, that all they're doing is paying a bill all day long. You know, that's not very engaging, if you can change someone's job to not be monotonous, but to be using the intelligence that they have to perform or make decisions or enlighten a customer or whatever pieces that their job duties require. I think your customer, your employees, engage more, and I think you end up with a happier employee at the same time.
You do and that's reflected out to the customers as well. Customers can sense that.
Yeah, you know,
and empowering them right now. Go ahead, Brad Gilbert.
Yeah. And, I mean, you guys have said it both. Talking about the executive sponsor, I forget the word you use, you know, bringing it up into that executive, I wanted to ask you as a question on that. It traditionally doesn't just get an automatic seat at the table. I mean, where do you guys see that going? Because I have my own thoughts around that, too.
Yeah, you know, from my end, I've done in the industry 13 years or so ago into telecom and you know, whatnot. And when I first started, I was very much so it was the, you know, the stepchild, you know, the black sheep sort of thing is always seen as a cost center. But I've really seen the last, I'd say five years, especially as we sold more and more, you know, cloudfone Systems contact centers, how they're leading the charge now and they need it because that's such a strategic advantage. And I think they're just there as being they're being pulled up into that role for the organizations that see the value of technology. Because the way we see it, and the way our clients we've talked to a scene is, if you're not looking at AI, if you're not looking at RPA, and all those, the technology that's driving most of the industry, now, you're dying, you're gonna get gobbled up, or you're going to, you're going to be left in the dust. And that's the CEOs that see that, see it so much more as a resource. And the higher that they either have a CTO that's purely in that role of PR, you know, empowering technology for the org orient the CIO, that kind of plays both roles, or, you know, IT managers, directors, whatever the size is, we definitely see that that poll pulling them up into that role. And, Jeff, what about you?
Well, I just, there are conversations that happen at the staff level, that it's important for that that technology minded person, to be there to listen to those discussions that may not have anything to do with with it itself. You know, this discussion can be between, you know, shipping and manufacturing, or sales and shipping or wherever it is. But it's going to be, something's going to come out and that conversation where, where your CIO or whoever's your chief technology officer that's privy to that conversation can say, I can help here, or something we can do that that feels the other two parties that are discussing their issue, don't know, what you can do from a technology point of view, necessarily to help that. And so having that perspective at the tables, what's important, because it just brings another potential solution to what would be, you know, a problem that might have been handled a different way, if technology wasn't used to help solve it. So that's why I believe you need to have that CIO at the table.
Yeah, and I think a lot of it can also be brought on ourselves, we may not be able to make that decision to go sit at the table, we may not be invited to that table. But I think the the important part is that you're there, you're engaged, that you're ready, when an opportunity comes up to say, hey, look, this is what we can do, or, you know, set aside a time and start having lunch with the GM or, or someone in operations and just ask them questions. How are you doing? What are your challenges? And how can I help you? You know, those are the simple things that I found that really helped me get engaged with my company and my different departments. That to be quite frank, some of the things I know nothing about, I don't know.
You know exactly how some of our chemicals work. But guess what, I asked the questions and make sure I know what that person's job is and how they go about it. I mean, I have the technical expertise they have, but at least I can help them make their job faster, or better. Yeah, I think just you taking a proactive approach. So if a company isn't in that phase yet, where they really see it as a value add for it. That's one way to get yourself there, right is just be proactive with it, meet with other business units, meet with if you've reported the CFO meet with a CFO on a consistent basis and let them know or her know, like, have a meeting with those these other business units. Here's an idea I have right and there's like, then they start to think that through like, oh, wow, you know, this person is really engaged. And maybe he or she should be at the table with us or, you know, make that case for it. So the switch gears a little bit. I want to talk about security. And I think it's a perfect time because of the colonial pipeline disaster on the East Coast with a ransomware attack and I want to just start off with like, how do you look at it or like it, look at security magnaflux and ITW and, and you know, are there are you do you have things in place? Obviously, you have certain things in place, but how do you approach security now, even with these ransomware attacks, and just just to kind of get into that, that little venue there as far as security goes up for you?
Yeah, I mean, security has ramped up, I would say three to fourfold in concern. Since the pandemic ITW has a lot of niche manufacturing and, and we have some businesses that, you know, you would think aren't very vulnerable, but the concern is still there, right. And it's really not necessarily, you know, do I have the right security, but do I have the layers of security and for me, it's about building out what are your biggest gaps? Also, knowing that it's not a matter of if I get hit? It's a matter of when so do I have everything in place to be able to recover? Do I have my timelines appropriate? Do I have backups that don't all sit on one system maybe I have to have it on multiple systems are different you know, other considerations? I mean, our plant is directly west of us by about three hours from Chicago? Well, we know whether it goes from the west to the east. So something that hits our plant there could hit us here. So do I plan appropriately for most common scenarios? those are the pieces to security that that you really have to start thinking about, and how do you layer them to be most effective? And for me, I actually met with one other business unit recently. And I kind of gave them some visibility to how I look at this and kind of three sectors. One is network and backups. Is your network set, is it strengthened? Is it segregated? So that things can't crossover? Where they're not supposed to? Do you have simple rules in place that the computers lock automatically? Do they have appropriate passwords? All the way through backup and timeline? And how much data can we lose? How much is acceptable? How much isn't? then looking at the user training? And this is actually my number one thing user training, if we don't teach our users who are the most vulnerable to phishing attempts, we don't train them and consistently test them. And now not to shame them not to get angry at them or or write them up. But to basically say, Hey, I'm going to test you and when you fail, because I know, I have failed our own phishing test once. But when you fail, how do we get better? How can I give you a small little training for 30 to 30 seconds to a minute? And how can I make you better at that next time? So fishing was on its own, it's fish testing, and cyber training was its own silo. And then the last one was really around visibility, how do I get visibility to what's going on in my network and outside my network, I think you cannot be traditional ideas, and say, I only need to know when they break in. Well, guess what I don't want to know when they break in, I want to know when they're trying to break in, I want to know when something is happening. So I can go and pre block it and stop it before it actually happens. Because I don't want to give you that chance to find that vulnerability. I just wanted to say no, there's no reason traffic should be coming from, for example, Zimbabwe or something, right? Like we're not doing any business there. Why is it hitting our network at a high rate? So let's just block that. Let's just not even play with it. And that those are the three kind of areas that I look at. You know, backup, also kind of consists of your business continuity, how do you fail? over and back again?
Yeah, and like you said, like, the acceptable timeframes to get it back, or how much data you're willing to lose and things like that, on the continuity part. Jeff, how about you and how you've approached security and what you see others doing in the market to, you know, to mitigate these these attacks and these ransom wares and DDoS attacks and whatnot.
Right? Well, for starters, what what Brad just said about the user training, that's, you have, you have to start there yet your end users and I tell you, the phishing attempts have become so sophisticated, on how that they can socially, the, you know, the people trying to break in can socially engineer that, that email they're sending to the users and that, it becomes very difficult. So, so having two users, you know, always top of mind. For me, it wasn't, it wasn't that you wanted to set the users down for a four hour session on how to be secure on your computer's once a year, it was what I wanted to do was I wanted to give them a 10 or 15 minute reminder every month, because it's something you just have to keep talking about. You can't it's not like you'll say, you know, harassment training that you may go to on an annual basis is something you really have to live. So it was something that we wanted to talk about a lot. And that's why you do the phishing testing that you do because you want to keep users on their toes. And you want to explain to them, you know, when they make a mistake, I had one Tell me, so I didn't open that. So Well, no, no, you did, because it's under report, which means you did. And it's okay. But here's why you did and here's why you should not when you train like that. The other thing to echo again, what Brad said, I was very keen on safety nets. As Brad said, it's not if you're going to get an attack, it's when and what you have to do. And you mentioned layering, Brad, you have to make sure you look and say, all right, if this gets compromised, what do I have underneath it? To protect me? I know, I know that I'm going to get an attack here. What's behind that to protect that? Whether it's a snapshot, you know, whether it's a special backup, whether it's, you know, whatever, you're doing a replicate, and then let's say that, you know, I'm going to have an attack there. What do I do underneath that? So I tried, I wanted to be four or five, six layers deep. And you know, from the top layer being user training and passwords, you'll strong passwords, you'll, and then of course, you think about physical security, because you'll have half of your breaches are, you know, intentional or not intentional are gonna be internal. Yeah, they're gonna come from an internal, you know, an email that got inside. But they're going to be an internally generated, if you will, even if they come from an outside email, but so you have to make sure and handle that. And, and you just have to know, like Brad said, it's going to happen. So it's very, very important to do, Larry and I know that I would get questions from from Board of Directors personnel say, tell me that we're safe. And no, it can't tell you that we're safe. Because we're not safe, you know, I can't ensure this company will not get infiltrated. What we did is A, B, C, and D, to make sure that if we it does happen that we you know, can catch it. My biggest concern are the ones you hear about it, you hear about the things like bread, you know, this has been in a computer system for six months, there's been a company for eight or nine months, that the payloads that get set into the company and then activated later. And those those keep you up at night. Trust me.
Yeah, it's definitely I see it, you know, similar to policing, right? When a police are more of a reactive and not proactive, you know, state of mind, it changes, you know, you get more crime and all that. So if you're, if companies aren't proactive, it just leaves more and more vulnerability for those attacks. But, you know, I think it's people on the other side that maybe aren't in it, and they look at security and go like, he should be 100%. But like you said, there's really no 100%. But here are all the steps we've taken, and then using going back to the 8020 rules. Okay, is there anything that's, you know, that can be vulnerable? Or is there anything like, you know, re evaluating and seeing, is there anything else that we can add that was going to add value to that security stack to make sure that we're even more protected? But how have you seen it, you know, being is or push back as far as Costco because it's not cheap? To have security vendors come in and do certain things? And like, how have you seen as far as like the, you know, CFOs, and CEOs look at the cost of security, and what they want are willing to spend a security environment.
I think, you know, the justification is much easier after something has happened. However, you don't want to experience what just happened, you don't want that to happen, or you don't want to lose your proprietary data, because now they sat there for six months and copied everything out. That's very damaging to a business. So how do you go in and not scare your CEO? Right? How do you start to layer and make annual improvements? I mean, let's just be frank, you know, we've talked about the how hard it is for it to get out of the daily work. But how do you position it to make incremental changes? You know, we're looking at how do we strengthen the MFA that we have in place? How do we make that better? How do we help train our users? Or how do we put, you know, our corporate putting notifications on our email that said, Okay, if you're, if you're using it here in Chicago, and an hour later, you're in London, and it's coming from an IP address in London, that that's impossible travel. So what if we just deploy some simple rules or tools that can actually think about what just happened? And just say, yeah, that didn't we didn't travel in an hour or two there. So leveraging technology is one thing, having a plan and making incremental changes is another. But the third is really about just it's a reality you have to live with, and no one solution solves everything. So you really have to just continue to refine and, and reevaluate every year.
Yeah, absolutely. I think that's a, that's spot on. And we'll, there's a million we can talk so much longer about security and all the frameworks and all like, the horror stories and success stories, hopefully, too. But we are up against time. And I want to be respectful of everyone's day, but it's been an absolute pleasure having you on Brad. I'm glad. I'm glad we did this. And there's some good conversation. I really appreciated it. Thank you for coming on. Yeah, thank you for having me. I thoroughly enjoyed talking it and, and business. I love mixing the two. So anytime you guys want to talk, ring me up? Absolutely. And the 8020. That's great.
So I know you had an article on a brand and great concepts there. I think it's, there's there's not a role in a company that can't benefit from, from what you're promoting there. So that's excellent.
If you're interested in any more on at 20, obviously google it or look me up on LinkedIn, and I'd be happy to share an article with you too. Yeah, we'll put that link to the article that you wrote a little bit ago. On the comments below.
But Jeff, thanks for co pilot with us with us today too, and co hosting this with me. I'm glad you guys both had a lot of good things to come to talk about. So appreciate it.
Well, that wraps up the show for today. Thanks for joining. And don't forget to join us next week as we bring another guest in to talk about the trends around cloud contact center and customer experience. Also, you can find us at Adler, advisors.com, LinkedIn, or your favorite podcast platform. We'll see you next week on another cloud podcast.