Another Cloud Podcast

A podcast designed to bring you stories from the smartest minds in IT, operations and business, and learn how they're using Cloud Technology to improve business and the customer experience.

AI, Security, and Process Improvement

with Alex McBratney and Jeff Young

Don't have time to listen? Read the full transcription.


Chris, Alex, Jeff


Alex 00:00

Hello, and welcome to another cloud podcast podcast designed to bring you stories from the smartest minds in it, operations and business and learn how they're using cloud technology to improve business and customer experience. All right, well, we're excited today. I'm especially excited because we have Chris lebeau from Advanced Technology Services. He's a director of IT, cybersecurity. And it's just a pleasure to have you on the show, Chris, thanks for thanks for joining us.


Chris 00:31

No, it's great to be here. Thank you.


Alex 00:33

And Jeff, good to see you. Again. I always like having you along as my co pilot on these podcasts. Talk technology. Good. See you again.


Jeff 00:41

Pleasure being here. And Hi, Chris, good to see you again.


Chris 00:43

Good afternoon.


Alex 00:45

So Chris, one of the things that we like to do at the beginning of the podcast is just to give the audience and the viewers a chance just to get to know you a little bit, you can just take a minute, two minutes, just to give them the background of how you got to where you're at, at advanced technologies. And just that that career path and how you got into technology and cybersecurity.


Chris 01:06

Sure, I think it started with being an underachiever in high school, I sort of looked at college, like high school with bills, and that didn't seem very appealing. So I decided I was going to join the military, and then kind of re engage my education on my own terms. And my dad gave me a very good piece of advice. He said, you know, look, you can, you can do that. And there's great benefit in doing it that way. But try to pick a skill or a field that's always going to be there and always going to grow. And he spent his career at the telephone company, right. So I looked at basically two different fields. One was medical technology, which fit that definition. And then the other was communications. So I ended up in the army doing satellite communications was part of something called army Space Command, it was a fantastic job. And all the requirements to progress through that sort of changed my view about learning, right and in what it meant to really engage material and get smarter and learn more and be capable of doing more, all the things I didn't pay attention to in high school. So it sort of changed my trajectory a bit. So I did that for about six years. And when I got out, the telecom act was the next big thing on the horizon. Right, as they deregulated the phone company a few years previous now, they were opening up long distance. But before that, I worked for IBM for a little while, and then went from IBM to ameritech, which was the telephone company here in the Midwest, and worked on their long distance project, you know, very cool, you know, trying to build something from the ground floor up within the safe space of a large company like that, that have been doing it for, you know, 80 years at that point. So really learned a lot. But as that sort of changed, right, that market moved very quickly. And everything commoditized before we ever really even got done with that project, and came Voice over IP. And I went to work for Cisco Systems and was a consulting systems engineer for a few years working with service providers that were trying to bypass the phone company. So have sort of an interesting adventure. And sort of from there and as some independent consulting and ultimately came across ATF through a partnership opportunity at the time, they had a outsourced IT Services Division, in addition to their industrial Services Division. And they were looking for a program manager to help them scale. And so this was 11. and a half years ago, I arrived at AES and they said, Look, you're going to be a program manager, you're going to figure all this out, we're going to develop new services, and you're going to help us get bigger. Okay? And like, oh, by the way, you know, network stuff. Great. Why don't you manage the network systems for the whole company? Oh, okay. That team, then the next day, they're like, Oh, you did service support and call center services and all that in the meantime, and ameritech, great, why don't you run our helpdesk, and so on, and so on, right, so I eventually got more and more responsibilities and ended up running all the operations for the IT Services Division. And over the period of about two and a half years, we went from about 20 million almost 50 in net, dramatically expanded our scope of services and did a whole variety of other things, and started to invest in new technologies that would improve the way we deliver that service. And along the way, we had a corresponding Director of Information Systems that worked on SAP and a lot of core systems, that person left and they ultimately asked me to take on all the responsibilities for the company about nine years ago. So today, I own all the network all the security, information security, and all the application development for the variety of businesses that ATF has.


Alex 04:26

That is quite a story for for a high schooler that didn't want to go to college.


Jeff 04:32

Great story.


Alex 04:33

It just shows you though, you know, and this is you know, kind of off topic but you know, to say to an 18-17 year old Hey, go figure out the rest of your life you know, at this college is such a young age. It's just so young. I think you know, the the military is a great stomping ground to kind of figure yourself out especially for I think, as men, as we get into our 20s is like, what am I going to do with my life and it gives it gives you that chance to sort sort through all that and kind of find a path without having to do it right out of high school. So I think that's great.



All the way I feel kind of cheated, right? Because nobody told me that like, you know, golf pro was a job. I didn't know you could go do all these other jobs I was aware of. So now I do. Anyway,



We got


Alex 05:12

You got, We kind of got sucked into technology, right without knowing we could all be gone.


Chris 05:17

There was a point it was just too late now, but yeah, anyway. Yeah.


Jeff 05:22

Yeah, Chris, I'm in. I'm in the Midwest, too, and that it's been a long time since I heard the name ameritech. So that's an interesting flash in the past to hear you talk about ameritech. offerings through Yeah,


Chris 05:37

That was the Bell System at&t then SBC, then you know, I mean, now it's all at&t again.


Jeff 05:43

So right, because I'm in Indiana, so is Indiana Bell, and converted to ameritech. Yeah.


Alex 05:49

So tell us a little bit about what ATF does and what you're, what you're responsible for, again, a little bit about what you're doing now and all the responsibilities that have been thrown onto your plate. But as a company in general, like, What does ATF do? How does How do they go to market? what's changing? What do you see happening? Just in the in the market in your industry?


Chris 06:09

Sure. So ATF Advanced Technology Services about 35 years ago as a division inside of Caterpillar, and it was Caterpillar Advanced Technology Services at the time and our founder. I got into Blago said, Look, there's a lot more technology coming out of the factory floor. My team maintains that they do a good job, that's a sellable service. Why don't you let me go do that. And they did. And he went off, and it was successful. And he later came back and said, Hey, this isn't your core business fund, you sell me the division. And they did that too. And that's ultimately how ETS was formed. And, you know, they had a big marketing departments, they took the sea off the front and just left it Advanced Technology Services. But that was in 1985, started with about 35 people. And the whole thing was about that technology aspect on the factory floor. And working with that, that level of automation, which was reasonably new at that time. Along the way, some started as an IT company, but primarily with industrial focus. And along the way, you know, they they added IT services, I mentioned, when I joined a one and a half years ago, that was a big part of the business, it was a division. But the biggest part of the business is industrial services. So we do outsource factory maintenance, which means we come in with our teams, our technology, our programs, and we take over maintenance is a function inside our customer factories. So we're looking at the way these machines run, we're learning, you know, things we learned at one customer, we can translate to another just like any other leverage service provider. And my challenge really is to build the tools and technology that helped us, you know, assign our word, track our work, reflect value to the customer start to learn more about how these machines operates that we can pump become more predictive, and spend less labor doing it being in a labor intensive company today, we're really trying to move to be much more data driven. So over the last really nine years in this role, we took what was an internal IT department running a lot of old systems that were sort of put in because they were needed to run the company, whether it was an old finance system, or old HR system, or whatever, and modernizing everything to the point where we put the company in the cloud on solutions that will continue to improve themselves, right. And then our job is really to be an integrator, what we've also done those who've taken the primary tools that we use to deliver service, and we've designed and built those on our own. So we built a lot of things that are specific to enabling our people getting information out of our customers environments, correlating that information across sites. In the last two years, we put together something we call reliability 360, which is sort of a control center concept that has visibility over all those locations, and is there for high level troubleshooting the coordination of subject matter experts, you know, identifying opportunities for improvement, and communicating those to all the places where that improvement could take place, you know, really taking everything we know and doing a lot more with it. So that's been an interesting challenge. As you as you look at, you know, how do I take non value added labor activities, like running around with a clipboard, taking measurements, and start to do that with a sensor? You know, how do I take a critical piece of equipment and start to understand how it's performing, versus waiting for it to break and surprise me? You know, how do I use that information to predict when I should act when new conditions come in? So for example, somebody comes in and says, Hey, we got a big order, we got to run heavy next week, what's the increased likelihood of failure at that higher volume? And should we shut down and do some repairs at a time it turns was much more into a maintenance advisor with a much better understanding of how the customer environment works, our role in it, then our ability to perform and basically give them uptime capacity and reliability as outcomes. So it's pretty interesting. We're primarily in North America, but also Mexico, and in Europe, primarily out of the UK.


Alex 09:45

Yeah, that's, really interesting. And I like the house specialize that niches for you guys and how you're creating software processes specifically for for that industry that are using To you and have that having that intellectual property to be able to go to other units and other manufacturers and say, you know, find things that work and repeat it, how and it sounds like a lot of what you're doing. And it is business related as well as most it executives we talked to, they're just keeping lights on, they're not as involved on the business side to increase revenue and make things run smoother, you know, as far as the business side. So how have you seen that in your careers bars, being on the business side versus just kind of maintaining with it?


Chris 10:33

Well, what's interesting is that, you know, as I progressed as a technician, you think of everything in terms of inputs and outputs, right. So when I have a bad input, that means my problems are coming from somewhere. So as I progressed through my career, I was wanting to get on the other side of that and fix those problems, only realize they were bad inputs coming in there, too. You know, you're always kind of chasing that continuum. But at the end of the day, what I learned along the way was that your technology is only the right answer, if you've asked the right question. And it only exists to support some business activity that people are interested in either buying or selling or evolve. So it's really about the role of technology. You know, I mean, I used to be incredibly technical, you know, routers, switches, telephone equipment, all that I couldn't do any of that anymore. And you my job today is to really know what technologies for the role that plays with the business and make sure the people that do know how to do that have what they need to understand how to hit the right objectives, they've got the right amount of capacity, they've got the right amount of funding, you know, working within the constraints, Every business has to try to hit the objectives that we have. It's been an interesting process. I mean, my job is still a great mix of making the phones ring, keeping the lights on, you know, but also working with our business leaders to understand the challenges they have in the market, things that are working against them in the field, things that customers are looking for, that we don't have, and then trying to synthesize all of that into what should we do next?


Alex 11:59

Yeah. As far as, yeah, go ahead, Jeff.


Jeff 12:04

I was gonna say I think the it's really interesting to me to hear the caterpillar story, because, you know, many companies have have have built things they're very proud of, you know, within their own four walls. Now, in order to do what what you're talking about to be able to manage their floor. And and it is fairly new, because we're not that far from those printed routers, they used to travel with materials as manufacturing did what they did. So it is a fairly new area, and the fact that that cat, you know, understood what 80 s was, and we're, you know, we're able to realize that they've made something that others can benefit from get it out there marketed. I think that's fabulous. That's, you know, it came right out of the four walls, how could it have been designed any better than coming right off the caterpillars floor? It's fabulous. Yeah, and


Chris 12:54

That doesn't always happen. Right? No, it doesn't make the leap. Right. You never you never get that breakaway moment, for a number of reasons. But you know, it's a sci fi story. It's, it's a very cool company. And we're doing some interesting things. We talked about, you know, sort of, you know, I guess the buzzword, and I suppose this is probably a future question as we navigate this, but you know, digital transformation, right? That's the word of the day. And so as I look at our journey, where we've modernized a lot of our systems, what we've really done is put ourselves in a place where I don't have to rethink the way I do HR, I don't have to rethink the way I do finance, I don't have to rethink any of those things, I can now really focus on how I combine all these capabilities into new value for customers. And if you think about being a labor based outsourced service provider, a lot of what you build is about improvement. So again, we're performing this function inside the factory, and what do I need to know, in order to be able to do that, I've got to understand the right mix of skills, given the environment, I'm going into job descriptions, I've got to be able to recruit and hire those people. So that I have the staff I need to perform the service, I've got to be able to train those people and improve them from level one to level two or ever that's designated, I've got to be able to keep them safe, right? Because nobody wants to work for an unsafe company and that type of environment. And certainly nobody wants to hire me, right? These are dangerous places. I've got to assign them. We're trackwork report on work, you know, do all those different things have a method of operation, all of that. Those are all things that we built to be better at what we do to provide those outcomes, right availability, capacity and reliability. But every one of those things is available to everybody else performing a similar function. So any service provider, you basically have to look at who you are and how you do do, what value does that have other people that may not make the leap to pay you to do it for them? Can you help them? Can you augment what to do and can you be an advisor? You know, what we have what we've learned over 30 years of doing this operating currently in 100 different plants in multiple different countries, dozen different industries and all kinds of different products. You know, we're able to make you grow to learn more, we're able to make different types of investments, we're able to consolidate activities, and you look at any individual factory trying to replicate or walk up that ladder, it's, it's pretty steep, right? Where you talk about what you can then do as a service providers walk in and provide them an outcome, a way to do it, you know, it shortens their time to value, it's more economical, gives you more scale. And then there's that whole service provider thing where it sort of feeds itself.


Jeff 15:29

Yeah, it's just something that the expertise just isn't in every factory, not every floors got the ability to do this. If I could, real quick, Alex, I'd like to dive a little deeper into this, because I just know, I know, the audience is going to care about a couple things that you know, me as a former it exec thinks about, you know, first off, when you're doing the things you're talking about pre you know, preventing, you know, preventing unwanted repair and preventing downtime. So what I'm sure you're doing work with infrared, you're looking at circuits, you're doing vibration analysis, correct? Yeah. So, but what you're doing through all this process is you're generating mounds of data. And the biggest thing that I would see, when when I thought of shop floor systems and data collection, and I'm trying to understand furnace profiles, or gauge profiles, on coils, etc, is how do you manage all that data. So you are managing a mound of information for these companies. And you know, whether you keep the bulk of that data within your walls, and how you interface to bring the important data to your clients, I think it'd be interesting to hear how you how you talk about how you handle that massive data and what you do make available to your customers?


Chris 16:43

Yeah, so the first thing is, where does the data come from? Right, it's a it's a byproduct, at least in the case of our work order data, and the activity tracking, it's a byproduct of a service contract or performing that service for the customer. Now, the customer owns that data. But at the same time, that's work, we performed against common industry assets that has value with a larger pool of such information. So we think of it like healthcare information, where you know, if you abstract or take out certain details, you still have a lot of usable attributes and information without being able to designate who it was for. So that's a lot of what we do, right. So I mean, so for example, you know, 50 year old male that has high blood pressure that lives in the zip code, right? That doesn't mean anybody knows, it's me, you know, same thing with a customer, right. And even with monitoring data, where you're integrated with a machine tool, or tied into a customer's operational network, it's a different story. It's a much more complicated ones, project based integration. But if you're putting discrete sensors on existing machines, typically, that's a gets encrypted, it doesn't mean anything to contextualize it. I mean, in the case of temperature gradients, 85 degrees until you know, where and on what motor At what point or what customer, it doesn't really mean anything. So, you know, sort of by design, segmenting how data is created, you know, abstracting the the sum total of that data so that it has a broader value to everybody that's participating. And then where and how you contextualize the data that you're collecting over and above, you know, regular work order activity based data is important. And we've had to put a great deal of thought and, you know, the design, where we put that, how we manage it, how we secure it, you know, in the unfortunate event that a contract ends, you know, that discussion about data ownership, it's already been had, right? So there's an expectation of what's going to occur at the end of there's no confusion about that. And we're able to share that back to the customer. In like, in all cases, you know, without the context of the applications that made the data, it always doesn't mean the same thing when you when you spit it out. But when you try to do a good job with that, so there's some residual value for the work we did, because we did that for them in partnership, right, a contract. So in all those things are important. But you're now we're getting into more complex questions about the data. You get into machine learning, pattern recognition, all those different things. Yeah. And I'll use a simple example is, you know, a lot of these plants are in the southern part of the United States, or even in Mexico, where it's generally quite warm weather wise. So what is temperatures relationship to failure? Right? Why have weather data, accurate weather data going all the way back to 1950? Something so I have that to work from, I have all the failure history on a timeline for all the work I've already done to plan. And now I can walk in today and add an ambient temperature sensor and sensors on particular pieces of equipment. And I can start to build a correlated model that helps me understand the relationship of temperature to failure. So again, that goes back to that scenario where the plant manager comes in on a Friday and says, Hey, we got a big word next week. And oh, by the way, it's gonna be 103 degrees every day. What's my risk? Well, if I know production volume, I know I know the temperature forecast, I can pretty much go in and say you have an increased likelihood of failure on these three or four things. Let's shut down replace those, we have a much better shot of getting through the week without incident. And that's just a simple example of how you can take everything you Hurry no and start to mix it with other data using these new methods and techniques. New people talk about artificial intelligence, like it's an outcome. Right? We have AI. Oh, great. You know, the questions are, what are you doing with? You know, and I always kind of in my head substitute, you know, when somebody says that I'm using artificial intelligence, I sort of substitute it with, I'm using internal combustion. Okay, are you are you building one Moore's are building Formula One engines, right? There's a fundamentally different set of questions you're trying to answer with that technique or that technology. Just because you can say you're using it doesn't necessarily mean anything. So like all things, it there's a lot of hype.


Alex 20:40

Yeah. And AI is definitely the buzzword out there right next to digital transformation, right. And we've had a few guests on the podcast and talked about AI. And just the big thing that the takeaway that I have had with some of these guests is that AI, you just don't plug it in and off you go, you're good. It's the input output, asking the right questions. And then not only that, but it's the training of it, they say treat it like an employee, if you don't nurture it, care for it, train it, and grow it into what you want it to be. It's not going to work. So how do you how have you seen AI working just for the machine learning what you want to call it like with what you're doing and how that's changing how your organization looks at projects now?


Chris 21:23

Well, there's the there's the art of the possible and then there's the the limitations of the practical, I guess, is kind of how I always approach it. Right. So I mean, if you look at what AI is, at the end of the day, it's it's some form of math. So the question is, what what are you really trying to accomplish? Or what can you do? So for example, one of the things that we're doing is, because we're in so many different places, we have so many different types of machines we maintain. The question is always what can I build or work on I focus that has the most value that most places? Right, so one of the decisions that we're always faced with is is the unknown in terms of predicting when something's going to fail? You know, again, conditions in the factory are going to change. Yeah, is there is there a risk associated with the equipment that I'm going to depend on with those changes. So what we've tried to do is introduce things like remaining useful life calculations. And that's a trainable model, right. So for example, you'll get a little bit of data, and it'll approximate, you know, what your Hang on one second. Sorry, I clicked the wrong button, did not answer the phone, you'll get a little bit of data, and it will give you an approximate remaining useful life on that item with a very broad degree of confidence, you know, it doesn't know. But as it gets smarter, and it gets more data, and it gets more examples, and all those other different things that line up, one of the things that will fail move and your confidence about that day will increase. So you know, where we find common applications, we have quite a bit of data to lean on already, that we can bring to bear for a new instance of that same thing. But almost anything we're monitoring, we can begin to start to learn how it behaves, and then start to use that information to inform when we maintain it, how much energy we put into it, what the risk of it failing is all those other different things. So that's that's sort of our approach is to sort of practically take these tools and use them to change the behaviors that result in frankly, more labor, or more work or more wasted effort says if we can remove that, that frees us up to do a lot of other different things. And now in now you get into automated responses to failures and things like that, which is sort of the next frontier, you know, I'm not just learning how equipments performing I'm now responding to the information it's giving me and making changes automatically.


Jeff 23:39

Right? Yeah. And, and the big thing here just does like, like you already said, all of this data, for it to be able to be a later response, after what you've learned, you have to absolutely have saved all the parameters that that made that made that situation what it was, so that you will because you have to compare, when you have that next red light go on, you first have to make sure that you have all of your environment and everything matches as well. So that you know that your response is appropriate. So that's a it's complicated. It's a big deal. It's something you have to be applauded for figuring out how to do this.


Chris 24:19

It's not a figured out. I mean, it's always about the approach. I mean, you accept false positives are a huge problem, right? I mean, just monitor something doesn't mean that you should or that you're going to get what you want from doing so. So you've really got to kind of monitor these things and baseline them what is normal, you know, I have two identical motors running two different factories will have slightly different applications, I'm going to get completely different behaviors. So I've got to be able to observe and monitor and determine when normal is there and then react to abnormal. So there's a training aspect. There's the ability to set appropriate thresholds, there's time. You know, it can get it can get tricky if you want to get super complicated with it. And again, you always kind of have to Fall back to what's practical, I could do that. But there's a there's a unintended consequence to doing that, I'm going to back off a little bit stay here, because that's where the most value is.


Alex 25:09

Yeah. And there's always, you know, there's a tendency at times to overcomplicate things that don't need to be over complicated, just because we can pull 1000s of data points and plug it into a AI machine, doesn't mean it's always the best thing to do. Right? It's like, keep it simple, make it practical. So you actually get the results and get the information back that you're looking for not just throw everything in there just because we can nowadays. One of the things that you touched on earlier, before we started talking about AI. Now I was a little bit about security. And you just mentioned it briefly. But I know security and AI, those are two big topics right now that are just on the top of everyone's mind. So going down the security side, we talked before this podcast a little bit about it as well, like, where do you see the challenges arising for your organization with security? Because you are getting information from all these different plants, all these different companies? How do you see that evolving? And how do you guys mitigate some of that risk?


Chris 26:05

Yeah, I mean, so like every company, we have all the same security challenges anybody else does, right, identifying our assets, securing our information, putting controls around it, we're spending a lot of time today around the concept of the extended enterprise, all the partners and vendors that we're interconnected with, that support various business functions within the company, and being able to make sure that they're doing things consistent with what our goals and objectives are, and that we can prove that to each other. So that's what every company is doing. But in the industrial space, you know, factories are interesting in that they're unique places put on the earth to make something no other building was put on the earth to make, right. So in some cases, they are very different from one another, they have many common challenges. But most of them are old. And when they were built, the internet wasn't a consideration, or there, the plant didn't need to be networked. In a lot of cases, in order for it to operate and continue to run. In any investment in changing the way it works usually comes with an opportunity cost, right, you have to shut down, you lose productivity, you know, all that. So the investment cycle for these factories is typically very, very slow on the operational technology, the controllers, and all these things are often running really old embedded operating systems, like in some case, Windows XP, a special version made for that particular machine. And it gives the minute you plug any one of these things into the internet, you're exposed to every known vulnerability for that particular operating system. So the challenge for us as a service provider is that, you know, if we have the data, we can do X, Y, and Z, and that's valuable. But the plant can't give it to me in a safe and secure way. Or it becomes a project that if you added up the cost to do it maybe doesn't you know, it hurts the business case of doing it right, the investment is inordinate so the real challenge for the for the manufacturing industry, I think, and their strive for industry 4.0, which is that that modern factory concept is to create a safe data exchange, right. So each interval individual plant collect can collect the data locally, then potentially upload it to some kind of service layer, where service providers like us and manufacturers and others can interact with. Because otherwise, we've got to go to each individual plant project by project basis, try to figure out how to get this information and address all the security issues of that one particular location. And that's difficult to do, right. So it's much better if we can put all this in the middle and everybody can interact with it. But that's a shift in the industry, that's not something I can necessarily control directly. But it is a barrier to entry, right? It's a barrier to value, the fact that I can do all these things doesn't do me any good if I don't have the fuel the data to be able to do them. So you know, to get that connection to get that figured out, I think it's going to be important, then in many manufacturers are making the investment. You know, some of them very slowly, you know, some of them are making a big play in this space. But we deal with a lot of small and midsize manufacturers that you know, they don't have the resources to step up and do that. So we're looking at partnerships around operational technology, security and compliance where they can come in and do audits and take a look at where the risk really is. other providers that can come in and do network projects that can create a better environment for the customer and a safer way for us to get that information. Now we obviously can't do all that for them. So those are some of the challenges that we have. But data is the that's the new landscape. Right? So how do we how do we connect all this stuff together in a way that makes sense for everybody is secure. Right?


Alex 29:27



Jeff 29:27

And, like segment?


Alex 29:30

No, I was gonna say, Jeff, you probably are dealing with the same thing before you retire, like how did you how do you look at security and just piggybacking on to what Chris said,


Jeff 29:38

well, you're really the thing and as Chris was gonna ask you about, you've got a plan maintenance system of sorts, right? You do and you're going to have to interface that to all these companies, enterprise systems, you know, for some level because they're gonna want to understand the work orders. The high level information not, not the raw data, not the machine. data, but the higher level data and what you get into Alex's, you know, how do you segregate this this information? How do you segment your network to make sure that these, these control machines that, like Chris said, probably aren't even have a operating system level that you could even put today's protection, you know, to make sure so you can't face these, this equipment to the internet at all, because you can't protect it. But you need to get the information moved, you know, over from from the segment that you must keep completely dark into a segment where the data can be readily available. And that's really the big challenge. And that's why, you know, I'm sure a company like ATS can always help people do this, this is the kind of thing that people within house expertise can't always handle, right, Chris, they need without your help. It's a it's a very complicated, and then when you add the amount of data that comes out of ml type type of engagements, then you've got a double edged sword you're trying to deal with. So that's why I admire what you're doing and understand the value.


Chris 31:08

Well, they're all different, right? I mean, I can have the same control to different plants from a similar function, but they're programmed differently. You know, even though I have a protocol converter, I can talk to it. I don't know what it's telling me until somebody explains it to me, right? All right to it and work with it, right. So there's just a lot of challenges in that space. You know, that make it interesting when we are trying to do though, these are applications, we're trying to build them in a very modern way, right, where we can share access to them for different roles of the customer, we're not necessarily doing all the work, sometimes we're working with engineering teams, and others that are there on site. And we want to see all that activity the same way. We're building in authentication mechanisms that are consistent with commercial applications, we're building an API layer that allows us to sort of transact with these external systems versus these were good versions of years passwords a project to set it up and maintain it, we're removing flat files, old data back and forth, it's never quite right. We would rather you know, exchange the right information at the right time. But in order to do that, you kind of have to look at it like an equation, right? You know, if this is the answer we want, where all the variables come from, I have half of them, you have half of them, you know, where does this data come from in your environment, and then try to focus your integration or your communication between systems on those elements. So that when things happen, that data makes its way over, now your equation is complete, and you get what you want it. If you try to do too much, or it's too wide open, it usually turns into a project that you don't like what you get at the spend a lot of effort to get very little. But if you're focused on what you're trying to accomplish coming in, and you know, what feeds it, it's much more targeted. You know, that from there, you can do anything, but at least you're doing those things from the box.


Jeff 32:47

Sounds good.


Alex 32:48

Yeah. You mentioned you know, that some organizations or manufacturers are trying to get there. And sometimes the barrier, the barrier of entry to do it is might be too high. Do you find that with industries that are more equipped to make that jump? Or are there specific industries that, you know, kind of like, it's gonna be harder for them to make that jump just because they're just more archaic? In general, just as blunt, you know, over like a blanket statement?


Chris 33:15

Yeah, I think your process industries are more apt to get there. Because in many cases, they already have some version of a control system to monitor the process. And so we're already sort of thinking in that mindset and have some of the basic things there in some cases, or even making data that we can use from a maintenance perspective. If we have visibility to it, they're generally a bit more mature. Now. It depends on the industry in the process. Customers that make you know, cold rolled steel, and all kinds of things like that Yes process, but it's not at all food production. Right. Many cases, the machine breaks down that one right next to it that does the same thing. And we'll just use that, in some industries use run to failures, and all right, but when something fails, it surprises you. So surprise, avoidance becomes an outcome there. So there's lots of ways to look at it, I think. It really does depend on what they make in how they're set up from a production standpoint. net new factory, yeah, they're gonna have all that. But what is what is interesting is, is I did a seminar earlier in the year about IoT monitoring and all that. And there's a concept about the connected machine. And so I buy a machine tool, it has a controller, the OEM the manufacturer, that machine can talk to it, and they're getting all kinds of data. And that's fine, except that machine is step three of a nine step process. So in the context of my process, how useful is that connection, and the fact that that information is going outside of my organization, I can't use it. You know, so it really is about context. It's about, you know, the usability of this information. And then the other thing that introduces is IoT, it's better today. Three years ago, I have a slide it has about 800 different logos broken into different categories. And the point is, is that every one of those people solve a problem with the technology of the day and their own innovation, which means in most cases, its proprietor. Which means it doesn't talk to anything else, right? So there's lots of ways to solve a problem. But your approach has to be able to scale, you've got to be desktop longevity, you've got to be able to add new things to it. And in most of those are what I call kind of like services on a stick, I have a sensor, a gateway and a dashboard. And that's it just straight up, right, there's that can't add anything else to it, I can't do anything else with it, I can't send that anywhere else. We find a lot of that stuff in better than customers environments, because they needed a solution to a problem they found and then realize they had other problems, then that typically becomes our opportunity to work with them to potentially add additional visibility and look at it a little bit different way. And then that's the challenge that we have is that we're working in 100 different plants a little bit more than that today. I don't control a single one of those environments. So everything I need to be able to do I have to figure out how to bring their or or or installed it without having to turn that into a major one off project that's unique to that location without value elsewhere. And that's not easy.


Alex 36:15

No. Do you see? Do you see the industry evolving? Because we've worked a lot with commercial contractors. And it's the same thing because they have all the everyone's got a different language on their programming, and it doesn't all talk to each other? How do you see Do you see that changing in the in that manufacturing side where the, I guess the suppliers to the machines, right, that are making the conveyors and all the different aspects to a manufacturing plant, getting together and say let's have a common language that they all kind of can go off of? Where do you see that changing?


Chris 36:46

I don't know, I didn't make the manufacturers conference this last year, it was all virtual, I usually like to go to show, talk to people. So I didn't I didn't do the online version this year. But what I noticed, it moves very quickly, right things are changing all the time. And if you look five years ago, at phone systems, they don't look like they do today, right? So we started this conversation, the manufacturing will move slower. And these are big these machines are big capital investments that sometimes are depreciated over decades. So the rate of innovation doesn't necessarily reflect the rate of consumption in the market for these machines. What I do think, though, is that there's going to be increasing pressure from the customers to say, Look, I'm gonna put your machine in my environment, I need to communicate with the other machines, and they do it like this, I think you're gonna see that sort of services layer, sort of create itself, which will be protocols and standards for communications, interoperability. I mean, we have this in the IT world with things like SNMP, and all of that, and I think you'll see some some version of that start to form. And even over the last three years, the IoT space has converged around a few protocols and standards that have increased the the interoperability of different vendors. But it doesn't mean that people didn't put in proprietary things they can't buy any more of. There was an article about four years ago about smart cities, and cities that were putting in automated parking meters and all this stuff. But they were doing it using proprietary technology. And the estimate at the time was that there could be $80 billion spent on bad Smart City technology based on being ahead of the curve. And going too fast and picking solutions that weren't standards based for vendors that won't exist by the time the project's done. Right, for sure. You know, which is pretty scary, because that's all taxpayer money. Right?


Alex 38:32

That's right. Don't worry the government never waste taxpayer money. So I really like that where this is going. So how about like, what, just a little bit more in security? Well, before we wrap it up, we talked a little bit before about just government regulation, and where you see that coming in on the security side to make it you know, so there's a protocol around it right that companies can follow. Do you see that? How do you see that evolving? And where it is now to where do you think it'll be in the next five years with having some sort of regulation by the government for security standard?


Chris 39:05

Well, the regulation, how you codify that into a bill, or a law or a set of requirements, I think becomes a second part of the conversation. But so I'm a member of something called infragard, which is a joint venture between the FBI and then in the private sector around critical infrastructure protection. So I'm actually the sector chief for the Chicago area infragard chapter for manufacturing, and then allows me to interface with about 13 or 14 other people to cover the other areas of critical infrastructure. And it's interesting to see the commonalities, right. So for example, you look at programmable logic controllers, right? The computers that run factory machines, those are used to raise draw bridges. They're used to run water treatment facilities, they're used to do all kinds of things. So it ends up representing a common vulnerability in a lot of different places where bad things can happen. Power Generation facilities, I mean, all that. So there's definitely some The tension that needs to be paid there sort of at a tactical level, I think when you get into the regulatory side of it, you I talked about third party risk and sort of vetting our vendors and all that. Our customers do that to us as well, right. And I think all over the place, people are exchanging security surveys, and all they're really doing is injecting projects into each other's organizations. Because every survey is a different format. It may be a question you've seen before, but they've asked it differently, or they want to see the answer in a different format, don't have a common way to exchange information about our security posture to one another. Now, NIST 801 71, for non classified non federal systems are 53, if you work with the federal government, is a really good structure. But it was not really auditable before, right? I mean, I have this program, I run all of our stuff that way to that guideline, including all policies, procedures, documents, controls all of it. But nobody would believe that I have no way to prove it, other than to answer all the questions appropriately when I'm asked, well, the cmmc is a program that's primarily going to be for vendors that do business with the federal government. That's the cybersecurity maturity model. The other C's for you can look it up. But it's a it's a standard has five levels. So you can be audited, and accredited or certified at one of those five levels, depending on who you are, who you do business with the federal government, everything else. My hope is that that cmmc standard, there's about 300,000, businesses are going to have to get audited and certified because they do business with the federal government becomes a standard way for us to communicate with one another about our security posture. And then from there, that serves as a framework to change the requirements we all operate in, within the government and business in the US and abroad. So that's my hope, that made me naively optimistic. But I do think it's a it's the first attempt, we've really had here to set a standard at all right? I mean, before that, there was ISO 27,001. Unless you're a giant multinational, with with all these other requirement, you're never going to do that to yourself to never be able to afford to do it, where you had like sock two, which is an extension of financial controls. And that was accepted because it existed not because it was any good. So I think having a security specific system around cmmc, and all that giving businesses a way to exchange and coordinate this information amongst one another creates a framework to potentially do more at a collective level, whether it's through regulation or otherwise.


Jeff 42:38

And CMMC is really heightened awareness to Chris. Yeah, the fact that that's there is making everyone you know, reopen that cabinet and pull out what they've done. And, and I'm with you, I hope that it will all give them, it'll give all of us a standard way to look to look at where you're at on the curve of protection with regard to what CMC is regulating.


Chris 43:03

Yeah, and then, you know, again, if we have that standard way to exchange, you know where we're at with it, it just makes it so much easier, because otherwise every one of these security surveys, even when they're small, they're a project, right, you have to stop what you're doing, figure out how you've been asked these questions and how you're going to have to answer them. And what's the format? We can get past all that?


Jeff 43:21

Well, yeah, because you can spend hours a week doing that. From all the different sources you're having that come in, in different formats, like you said,


Chris 43:30



Alex 43:32

Definitely. It's very interesting. Yeah, definitely a forklift for sure. It's not a fun task, as you get more and more vendors out there. And there's like you said, all the IoT vendors at the beginning, and everyone's asking for different surveys. So definitely interesting, Chris, absolute pleasure having you on here today. And I love the AI conversation. Security is always a big topic. And just getting to know your industry and aTS better, you know, it's been it's been a pleasure having you on so thank you for joining us. \


Chris 43:58

No, glad to share. And Jeff, always good having you on. Thanks. Thanks for coming into.


Jeff 44:04

Yeah. Glad enjoyed this conversation. Appreciate your insights, Chris.


Alex 44:09

Absolutely. All right. Thanks, gentlemen. We'll we'll talk to you soon.


Chris 44:13

All right. Thanks, sir.


Alex 44:15

Well, that wraps up the show for today. Thanks for joining. And don't forget to join us next week as we bring another guest in to talk about the trends around cloud contact center and customer experience. Also, you can find us at Adler advisors. com, LinkedIn, or your favorite podcast platform. We'll see you next week on another cloud podcast.