Episode Transcript
[00:00:00] Speaker A: You're listening to Protect it all, where Aaron Crow expands the conversation beyond just ot, delving into the interconnected worlds of IT and OT cybersecurity.
Get ready for essential strategies and insights.
Here's your host, Aaron Crowe.
All right, excited for this one? Thanks for joining me today. Shane, why don't you go ahead and introduce yourself. Tell the audience who you are, what you do, and obviously you're with Morgan Franken, which I'm with as well. I'm really excited about this conversation and some of the new stuff we've got going on. So I'll kick it over to you, sir.
[00:00:35] Speaker B: Sounds good, Aaron. It's really good to be here. I'm excited about the conversation as well. Everyone, my name is Shane Cox. I lead our cyber fusion center managed services here at Morgan Franklin Cyber that includes everything from advanced detection and response to incident response, adversary simulation, threat hunting, et cetera, et cetera. So a full suite of kind of SOC services that is complemented by an entire portfolio of security service throughout Morgan Franklin Cyber, including ot, which I'm really excited about. I'm sure we'll talk about a little bit in this conversation. I've been in the industry for over 25 years. I've been leading managed services for over a decade, building teams and building programs and services, and leading people are the things that I'm really passionate about. So I'm just really, really excited to be on the, on this podcast and be able to talk a little bit about what we're doing and what the future looks like.
[00:01:33] Speaker A: Yeah, we, we tried to have. Have a live one of these at rsa, but technical problems happened and, and it didn't work out. So I'm excited to finally, finally get an opportunity to dig into this because I think this is, this is a topic that, that is near and dear to so many people's, you know, problem statements. Right. Is. Is no matter if you're in IT or ot, if you've got most, most places, most larger entities especially have both, and they're not to fit things in, and they don't really necessarily have the skill set or desire to build out their own team. So there's a lot of hybrid models, there's a lot of completely outsourcing, there's a lot of completely insourcing. And I think there's a mix of things, no matter where you are in that spectrum, where a consultancy like ours that has this offering can help you like it's standing up, helping you stand up your own kind of helping run some of those things. For you taking parts and pieces and building something or just, just doing it all for you. So there's a lot of things and depending on your organization, it's going to depend on where your value statements are, where your needs are. And if you need to stand up something by yourself, it's no different than anything. Right? Is getting that expertise and somebody that's done it for decades and has been doing this, it's not your first time.
Trying to reinvent the wheel or start stuff from scratch can be really difficult. Getting trusted advisors to kind of help speed that, that process up or hey, I need this up and running tomorrow, right? That, that's something that we can do that is unique to us that you can't do on your own. Like, I don't care how good you are, I, I've been doing this a long time. There's no way I could stand up a manage or a sock at all tomorrow. Right. I just don't have the skill set or even if I personally have that skill set, I got to find other people that I can bring on and build a team of people. It's not just a one person show, right?
[00:03:29] Speaker B: That's exactly right. And what's interesting is there's been an evolution in managed soc services over the last decade.
There's been a lot of buzz about all the things we can do with automation, and only part of that has really come to fruition over the last few years where even managed services companies have been pressed to do more with less. And what's happened is this expectation of high maturity and high value has, has shifted a bit. And you know, there's a lot of folks would say, hey, managed stock services, mssp, the market is just saturated. And especially for MDR services, which we'll talk about in a little bit, the market's really saturated. But in reality, when you talk to CISOs of the Fortune 500, what they're saying is that by and large incumbents aren't providing the value that they promised. And so they feel like that they're paying for a premium service and they aren't getting a premium return on their investment. And so. And that becomes more and more difficult to make sweeping changes in very large organizations and large programs when you have so many people that have to be retrained in technology that has to be adjusted and that has to be done over time. It's a bit like trying to turn an oil tanker with an ore. Right. Versus if you're a little smaller and you're a little more nimble and if you have the ability to build integrations and integrated processes from the ground up, it's huge advantage. So one of the things that is the kind of the underlying premise for us is two things. It starts with partnership and value. So the partnership means that when we come in and with any of our services, it isn't a black box that says this is just what we do and your needs have to fit into our service. We actually flip that around and say our service is flexible and agile enough to flex not only in the beginning to where a client is in their security journey, but then continue to evolve with the client without being change ordered to death. Right. That's, that's how we build in our programs to be at that true partner and demonstrate that true value over time. And to your point earlier, what's interesting is we also pride ourselves in flexing in that it isn't that we're only going to sell you a service if you want to keep us and sign a long term contract for a lot of clients, we come in and help them build their programs out, short term help over a period of time and then we release that to them and then we're still trusted advisors doing other things for them, etc. But running the gambit from helping them define and build a program all the, all the way through running the entire program, we can kind of meet clients where they are. So that's, I think that's, that's really important that when we look at the partnership element and then the value component, what we've done is we've taken our suite of security services within the cyber fusion center and we've created something that is really unique, where the whole is greater than the sum of the parts. We have created integrated processes where inputs and outputs from each individual service feed other services or receive information from other services. So there's an ecosystem of data that is constantly kind of like an iron sharpens iron thing, where we're constantly evolving and constantly improving as a natural part of how the services have been defined and integrated. So I think that's something that's really special and, and something that we've been doing for a while and we've been very successful at.
Would now be a good time to kind of talk about like the new MDR service and kind of what that looks like.
[00:07:02] Speaker A: Yeah, really quick before we do that, before we pivot. Because I definitely want to get there.
[00:07:06] Speaker B: Sure.
[00:07:06] Speaker A: You hit on something that is hugely important and I want to, I want to, you know, kind of tie a bow around it in that everybody's organization. And I don't care if you're, you're FedEx, if you're Duke Energy, if you're Coca Cola, it doesn't matter. Like they have. Or you're a small company, right? Like they, they're, they're gonna have multiple products, security products, infrastructure products. You know, they're gonna have OT stuff, they're gonna have IT stuff. They're gonna have a cons, you know, a conglomerate of different tools and, and data and different things. So you hit on something that's really important in that. I came from another consultancy, large, you know, f one of the big four. And we really had to do our own thing in that. You know, this is the tool set that we had. Now, obviously they were a.
But what one of the things I love about, you know, Morgan Franklin is, is we're small enough that we can go to the customer and say, hey, what do you have? Okay, we'll work with that. Like, you don't have to rip and replace your firewalls, you know, firewall vendor A with firewall vendor B, because that's the one we're trained on. Right. And I don't have to, you know, spin up a new team because you changed them. Like you. I start with customer today and they're using firewall vendor A. And then three years down the road they decide to swap them with firewall vendor B. That shouldn't be a big deal to me. I should just be like, okay, I'll just adjust the. Make sure that my alerts are set up for the new format and all that kind of stuff. And that's hugely powerful because especially in OT and obviously OT is near and dear to my heart. My OT organization is going to be so vastly different than my IT organization. Right. It's one of the conversations that we have in the space today is do I need a separate sock for my OT versus my it? And the main reason people think that or need that? And, and I, and I think it's a V. It's, there's, there's, it's not a black and white answer. I think every person, every environment is different, but it really comes down to I have different skill sets that I need. I have different data points that I need. I'm getting data from different things. I may have, you know, again, vendor A firewalls in my IT organization and vendor B firewalls in my OT organization. So I need to be able to, you know, do with both of those things. Right. And my responses are different. My run Books are different. Like all that stuff is a little bit different. And being able to as an organization, as we're taking on, yes, we can do that and here's how it looks. And not change ordering it to death. Like that's the other side of the coin is yes, any of those people can do it, but are they going to change order you? Oh, well that wasn't in our original scope, so we'll have to change that now. Obviously there has to be a charge for things. Nothing's free. But the point is that we're looking at that from the beginning, expecting those things, not trying to get you with a, you know, bait and switch of hey, we'll do it for X. Oh well all that's not included. Now it's going to be really expensive and you don't have a choice because you've already signed this multi year thing and it's too expensive or difficult to change it out. So that's, that's something I really think is important for whoever you're looking for to do your sock.
Making sure that it's not technology dependent and that you can be nimble and switch out my asset inventory tool or switch out my ERP system or switch out my sock or my SIM or any of those things. Things can be swapped and the socks should just continue to run. Yeah, I gotta update, run books. But that, that should be a no big deal. Like that should be a Tuesday.
[00:10:35] Speaker B: Yeah, no, I love the point that you're making there because I think that our services kind of across the board, when I say our, I mean Morgan Franklin is vendor agnostic. We can, we are so deep that we have the ability to work across the board. And to your point, that partnership where we come in and say we are here with you in it.
[00:10:53] Speaker A: Right.
[00:10:53] Speaker B: We are in the foxhole with you. We are, we are going to work through this together and figure this out together because that's what a partnership is. Rather than I'm going to sell you this service and then it's a black box, I'm going to turn around and walk away. And if you ask me, if you ask me for anything, then I'm going to ask you for more money. That's just not the way we operate within certain tolerances, of course, to your point. And so I think that's really, really key when it comes to the OT side. It's really specialized, as you're well aware, far more than I am.
[00:11:22] Speaker A: Right.
[00:11:22] Speaker B: It's so specialized that again within Morgan Franklin Cyber across the board we can partner and come in and say within your organization and in your business and the regions with which you operate, this is what this looks like and this is what you need to accommodate for. And sometimes that means separate socks, sometimes that means just separate escalation paths and run books within the same SOC environment with different routing being routed to different teams when certain things happen. So I think that our ability to be agnostic and come in and just meet clients where they are and say there isn't a one size fits all. Let's understand, understand what exactly your needs are. And then we will be here in the trenches with you to help you get from point A to point B and then summit after summit. Right. Over time. I love that about our business and partnerships.
[00:12:07] Speaker A: Yeah, that, that's awesome. And so what does look like really quick. What does it look like? And I know it's. It vastly varies depending on the customer and all that kind of stuff, but how quickly can we spin up and get something running with, you know, a customer's interested, you know, and needing to stand up a sock. They don't have anything, or maybe they have one and they're not happy with that. The one you just talked about, like, how quickly can we spin up and start showing value to a customer in this space?
[00:12:35] Speaker B: Yeah, so that's a really interesting question. And for the listeners, especially those that have a lot of experience in socks, they're probably like, oh yeah, let's, let's wait and see what this answer is going to be. Is this going to be a real answer? And the real answer is it depends. Right. So we have a very large client that we onboarded in a weekend. A weekend. It was an emergency situation and it's what the partner needed. Now, was everything in place at the end of that weekend? Of course not. But all the basic fundamental things like access, it was within the client's technology stack. We were able to get access, get basic run books in place, basic escalation protocols in place, and really take over and start delivering monitoring in a weekend. And then over the next couple of months, we spent time buttoning everything up and tightening everything up. So that's as fast as it can go. And then it also depends on what the, the, the client has, is from a resource perspective, what they can offer because it's a partnership. Right. So as we come into a client environment, if they have people that can work with us that are kind of dedicated for a short period of time to help us work through problems, things accelerate. Sometimes businesses don't have the ability to do that they have a small staff, they're doing multiple things at the same time. And so sometimes those things and it kind of goes at the pace that the client can go. So as fast as they can go, we can go. One of the things that we're able to do, and we'll talk about a little bit in our MDR platform is accelerated onboarding of log sources and accelerated deep integrations as far as API integrations for additional data enrichment and mitigating and containment actions and things like that. So I think it's a great point. I'm really glad you brought it up because accelerated onboarding and getting value as fast as possible is really key.
It's very difficult to do though. It is not easy to do and it does take the partner to kind of meet, meet us where we are and kind of help us accelerate through that process.
[00:14:32] Speaker A: Yeah, but that's, that's key to see in that if you need it, if there's emergency situation, you, you can get onboarded pretty quickly or knowing that it's not going to be perfect, it's not going to be everything. Like it's going to be like I can, I can triage and say, hey, these are the things that we've got to get done. We can, we can onboard those things and get RO and then start building out, go get, you know that 8020 rule, start working on the rest after the fact as, after we've got basic capabilities up and running. Like I've triaged the situation, we're, we're managing the bleeding and now we're going to, we're going to, you know, take them to surgery and come out the other side a whole human. Right.
[00:15:14] Speaker B: I love it.
[00:15:14] Speaker A: So definitely want to dig into the MDR now. So why don't you. First of all, what is mdr? Some people probably know it, we've all heard it, but why don't we dive into just basically what that is and then dive into our new offering as a firm?
[00:15:30] Speaker B: Sure, yeah. So MDR managed detection Response or XDR extended detection and response. Today those terms are used a bit interchangeably. And essentially what that means is you have a technology stack, typically cloud based, where a client sends all of their logs into that platform. And there's a number of different capabilities depending on the mdr XDR solution that does automation, does threat intelligence, data enrichment, automated threat hunting, et cetera, et cetera, providing value back to the client.
And there's a number of different versions and ways that that goes. And so what's ultimately happened, as I was mentioning before where there's quite a few incumbents out there that have unhappy clients, which is why we decided to invest in this. We saw a real opportunity to bring partnerships and value to clients and value through maturity and measurable defensible risk reduction. Right. Not, not just words, but in action and in value over time. So a lot of them out there, they, there's a lot of automation, so automated responses that go back out to the client that just says here's what the log is, here's an automated response of what it means and what you should probably go do about it.
And, and that's largely the service. Right. And so a lot of organizations, depending on the size and skill set of their security team, will take those things. And for some teams, maybe that works. For other teams, they're finding themselves needing more context and information like what exactly is this meaning? Or this was a really simple fix. Why didn't you just do this for me? Right. And so that's where we kind of come in. That's kind of where we're. Where we're different. Different.
So from an MDR perspective, XDR perspective, we leverage the Stellar Cyber platform. The Stellar Cyber platform is an AI driven next gen SIM with data enrichment and a really large library of automated integrations as well as the ability for relatively easy API to API integration to really harness the full power of the client security control goals.
It's an outstanding platform.
Data onboarding and normalization and viewing of that data is exceptional in that platform and accelerated, which adds to the short time of onboarding. And so really with that MDR solution, we bring that now into the portfolio to give us the ability to meet more clients where they are. So we have the ability to work directly in a client environment with all of their technology uniquely separate from MDR white glove like really deep integration into their processes and teams, bringing our program to bear and helping them solve problems. With our SOC services. Then we have the MDR service where we have tiers of the MDR service where depending on what a client needs and what they can afford, what's in their budget currently, we can kind of scale how many integrations do we want, you know, how much data do we want, how large is the organization, what is the expectation for from logging into their environment, taking actions or having additional automations, there's a ease of ability to allow clients to have a lot of visibility into the platform and what's happening and create dashboards and things like that.
So it's really great. Now we also have the ability to do both. Right. We have our advanced detection and response inside the client environment and we have our mdr. We can now bring those together and we can still be be inside the client environment, typically with a vdi. In addition to leveraging our MDR platform, bringing that full suite of services into a client environment at a very cost effective price for the value that they're getting. Right. And we're able to easily demonstrate that value to them as well. So what we're trying to do again is bridge that gap between the more commoditized managed detection and response offerings that are out there and bring forward something that is not only extremely flexible and agile, but also something that really brings that value and where we can pivot new log sources, new detections, there's new adversary behavior and campaigns out there that we need to accommodate for. The integration of threat intelligence, automated threat hunting, all of these things are just part of the solution. They aren't add ons, you don't pay extra for those things. It's just a normal, natural part of the suite and we, we continue to add and modify those across the board.
The one additional thing I'll add that for the suite of services, but this is also kind of special for the MDR piece is our readout. So our client success managers work with the CISOs and client teams on a continuous basis to not only understand what's happened, what are the underlying changes that are happening within the business, but also bring our threat intelligence to what's happening in the threat landscape and help define a model of progression and then report out metrics and project plans and things like that on how to get from where we are, the things that we see coming and to continue to evolve to address those things. Again, a normal, natural part of the service that just isn't part of most of the MDR solutions that are out there. It's a black box. Send us your data, we'll tell you what we think you need to know. And that's kind of the service and.
[00:20:49] Speaker A: That'S where the line stops.
[00:20:50] Speaker B: That's right. That's right. Versus we want that partnership and we want that value and we want these partnerships to be meaningful, long lasting partnerships.
[00:20:58] Speaker A: Right, sure.
[00:20:59] Speaker B: So that's kind of at a very high level. That's our MDR offering. We're extremely excited about it.
We launched it just a few days ago and at least publicly. And so we're really excited about the future of this and what we can do for clients.
[00:21:18] Speaker A: So, so talk us, walk us through a simple use case of I I've got a sock. I'm managing, you know, basic logs, but I don't have an MDR Talk. Walk us through a use case where what that MDR and xdr, you know, environment and capability, what that does for a customer and where that value comes in.
[00:21:38] Speaker B: Absolutely. So obviously it depends on the level of service and the level of integration and you know, how we're partnering with a client. But one example would be a simple phishing example. So when we take a look at a phishing email, when oftentimes if you only have a SIM or you only have a separate spam email box or phishing email box that's being monitored, everything is manual and slow. So somebody has to realize that that actually came into that box manually, pick it up, take a look at it, look at any indicators, look at the logs from the email, all the headers and everything else. And that's all a manual process. So when you have an mdr, specifically Orion MDR through Morgan Franklin Consulting, when you have that, what will happen is that email will actually come in and be processed. The artifacts will be pulled out and pulled into the platform and weighed against existing threat intelligence. And as an example, let's say that there's a link and that link was detected to be malicious. It's no, it's known malicious, part of a campaign. So you can have automation that automatically goes out to their email platform of choice through integration and say, how many users have clicked on this link from a web content filtering perspective. And then you can say, hey, all of these users have clicked on. So first all of these users have received it. We're going to go clean that up. All of these users have clicked on it. It we're going to go and reset the passwords for all of those users and send emails out saying your password's being reset because of this malicious link.
And then, and then basically continue that triage process where the continued cleanup, the continued monitoring, et cetera. So that process can go from taking an hour to minutes from realization that there's an issue, identifying the scope of what the issue is, taking actions to contain it, and then notifying all of the folks what has happened and why and what they need to do as far as following up. So again, hour or more, depending on the size of the team, whether it's 24 by seven, et cetera, two minutes from end to end. So that's just one example of the types of things that can be done with those deep integrations, you know, data enrichment from threat, intelligent threat intelligence, and of Course, I should bring up authorization, authorization from the client to actually automate in an automated way, take those actions. Now as an example, part of that process would be adding that, the domain or that URI to a block list, right? Part of that would be part of the process. Now here's the thing. Depending on the business, the business may not want that particular action being taken in an automated fashion. They may want some degree of control over that. So we have the ability to send an email or a text or something like that, that, and have them respond with approved or rejected, or if there's no response, it just sits in queue from an automation thread perspective. And if, then, if they respond back and say approved as an example, then it would go ahead and continue that fork in the path and go down and perform those additional actions. So there's a lot of flexibility in how we can work with clients. So we don't impact their business, but still provide the maximum value at an accelerated pace.
[00:24:52] Speaker A: Yeah, yeah. I mean that's, that's the key there is. You know, we hear about automation, we hear about AI and all the different things. And especially in the OT space, we're, we're always concerned around turning over too much to, you know, the bots, the, the automated process. Because, you know, especially in ot, you, you may run this process once a year and if you haven't considered that, then you, and you automate everything, then you can break stuff. Right? So, so being able to say I'm only going to automatically do things up to a certain point and then I can insert my man in the middle for approval before I block, before I turn something off, before I disable something. Are you sure you want to do this? Like, so there's somebody in there that's an approval process and that fork in the road that you go through that approval process and then it does all the automated stuff, like even those things, even if you have to have a man in every decision, but they're just clicking the link and then the system does the work, that, that hugely saves time, resources. It. The other piece of this that we don't always think about as an outsider, but obviously we do. But the, the amount of things, the human error things like it's not that, that Bob is a bad person, it's that Bob, you know, didn't drink his coffee and he's a little tired and he didn't like he looked at it, but it did, it looked fine to him, like he wasn't sure what was going on. So all that to say it's it's, it's very easy to miss something. And with that these automated tools and processes are, are, are, are the way of getting to that next place and it makes it where I don't have to have as big of a team and I can have more advanced capabilities without having to have a huge budget. All these things. Yes, there's a cost to it, but I'm spending X instead of X plus Y plus Z in people. Process and technology. Some of times that technology and process can help us make things more efficient and make it faster, leaner, better. I mean we don't build cars by hand on purpose. Like we, we automate that process and we've been automating things for, for a century and there's huge value in that. This is no different.
[00:27:06] Speaker B: Yeah, I agree. I think that when we look at now, what I would say though is that we've been talking about the level of automation that I just mentioned, like through that process of a phishing email. We've been talking about that for well over a decade. We've been talking about that for probably 15 years and there's been all kinds of promises on what that looks like. Like, and what we found as an industry was, despite what we say, what clients are seeing is it's a bit more difficult to do than we thought. And so there's a lot of individual automations, but having a really complex playbook that can go out and do data enrichment and do weighted decisioning and then take actions based on agreed upon criteria with the client and that full end to end automation all the way through containment is difficult to do and it takes time because you could very easily impact the running business if you don't do it right.
So again, what we've done is from the ground up, we have built that ecosystem of data inputs and outputs across our services and the processes that basically make that a natural motion, which is the key. If it's a manual thing that somebody has to do and remembered to do, etc. Then things can be missed and you lose some of that value. But when it's integrated and built in as a fundamental component of the underlying way that we operate, it just happens as a natural course of doing business and providing services, which is where that value comes in. And so then we just continue to build on that, on that premise.
[00:28:38] Speaker A: So how quickly, man, it's super exciting because, because you're right, like we've been talking about automating all this stuff for decades and we've come a long ways. Don't get Me wrong. We've come a long ways in automating things. But you know, the we, I think we've really just scratched the surface of what's the art of the possible, of the things that we can, we can automate. And obviously again, we've got to be careful and we've got to be really intentional about these things. But the more that we get better at figuring out how to automate and again, and I'm not just talking about automatically, you know, throw it to the system and fire all your people and the computer will take care of it all. Like that's, that's not at all what I'm talking about. Maybe one day we'll get there. I don't think we're there right now. But just the more that we can get the, you know, I have, you know, reminders on my phone to do basic tasks. Like it pops up so that I don't forget because it's not that I want to not, you know, take the trash out or you know, buy my wife flowers, but sometimes I'm just busy doing other things and it skips my mind, right? So having those little things that pop up and say, hey, hey, don't forget this and click on something, right? That those little things like that can make us more efficient things stop falling through the cracks. Like, you know, when you're, when you're looking at, at code, you know, the ability to, you know, a, a 20 year expert, you know, developer looking through code is very good, but still thousands of lines of code. It's very easy to miss a semicolon in the wrong spot, right? It's super simple to do. And granted we have tool, you know, change color and highlight things and all those things are true, we've come a long ways, but there's no way that a human can ever just look at text and be as efficient as a computer. I'm not saying that you should have AI do all of your coding. I'm saying that it's a really good junior response to dump all that stuff into something, into a tool, automate the thing and then have your expert look at the details and see if they approve or they agree. That's where I think we're at in this space. I think we're on an evolution of our processes to be able to get to that next space. I think AI is going to help us with a lot of those things because to your point, we can automate so much of this and even if it's just a do the first round and then Make a recommendation, hey, here's what we see. You can either block it, block the domain, change everybody's password, the example you gave, or maybe you just alert people. Like, depending on the environment, there may be a couple of options that you take, but still you're prompting. It's not just hoping that Bob logged in in time to see it this morning because it may be lunchtime before he actually logs into that process because he was stuck in meetings or he, he got stuck in traffic that day, or any number of things that could have happened. It's not malicious, but he's off that day he'd called in sick. So nobody actually logged in to check the email system. So it's sitting there saying, hey, I've got a problem, but nobody notices. Like there's, there's multiple examples I can give of that exact scenario where there's, the system is blaring that I've got a problem, but just nobody's there to listen to it. So it's just screaming help me. And nobody's there to take action. So the more that we can say, have a system to send out so that multiple people get it, so that it's giving you options, hey, this is what we think at least a first pass. This is what we're, you know, you've got option A, B and C, or just A and B, or just do something that's going to hugely help us to take action.
[00:32:12] Speaker B: So I really enjoyed some of the things that you were talking about as far as, you know, where we are in automation and the value to clients, et cetera. And one of the things I think is really important is there are a lot of really good technologies out there, a lot of vendor partners out there that have very meaningful capabilities that empower security teams to do exactly what we're talking about.
In my experience, the challenge has been organizations having, and even service providers having the right people with the right skill sets to fully take advantage of those capabilities. And I think that's one of the differentiators of our MDR platform is our team, the people that we bring to bear to deliver these services and to continue to evolve those services and meet clients where they are, is the difference maker. It is the people.
And so I think that we're going to see more and more of that as we see more and more disruption in the market from a lack of return on investment for some premium services that maybe aren't, are no longer premium. And so that's, that's kind of where we're coming in and bringing Our team and our program to bear in combination with that, you know, tremendous technology from Stellar Cyber.
[00:33:23] Speaker A: Well, it's, it's, it's a, it's an amazing point. And I say this all the time. You know, it's people, process and technology, right? It's, it doesn't matter. Great. The tech, the tech is. And the analogy I always give is I can buy the finest woodworking tools in the world and have all of them in my garage, but they are not going to build me furniture, they are not going to build me cabinets, they are not going to build me anything. I have to go out there, and if I don't know how to use those tools, it doesn't matter how great the tools are, my cabinet's still going to look like crap. Not because the tools are bad, but because I don't know how to wield those tools to do the things that are needed. Right? And it's no different in technology. You can have the best firewall wall, the best sim, the best mdr, the best whatever, but if you don't have the proficiency, the technical understanding, and it's more than just how to configure the firewall. It's so layered.
I need to know how these tools work and how they will impact the things downstream from them and how to pull all those things together.
And A plus B plus C plus the square root of PI and all those things together. It is a science project, not A.
There's not a single person that is going to know all those answers to all those variables. So it's, it's a matter of. And you, you talk about partnership multiple times in this conversation. It's partnering with our part, with our, with our customers. Right. And, and it's being, you know, having to bring in the right people. Okay, well, if we do this, then what is happening? And making sure that you're asking the right questions and, and you have the right people at the table, because there's no way I'm going to know all the questions to ask. So I have to make sure, sure that we bring in all the right people so that when I'm saying these things, you know, Bob in the corner is like, yeah, you. That's great, Aaron, but have you thought about this? Because that's going to impact us and be like, oh, wow, no, I didn't think about that. How do we solve that problem? Right? And getting all those things out front and putting the ego down, putting the. I'm, I'm, I'm a consultant. Like, I've been Doing this forever. I know all the answers like nobody does. Right. It's a batter of, of partnering with our, with our customers, with, with other teams within Morgan Franklin, with our vendors that we're working with for the products that were there. And we're all one big team with the outcome of getting the customer where they need to go.
And when we think about it that way and realize that people process the technology, without that, the tools don't matter. Right. I'd rather have an inferior product and a superior team than the environment.
[00:35:57] Speaker B: That's exactly right.
[00:35:58] Speaker A: It just doesn't, it doesn't matter how great the tools are if I don't have the people and the know how to implement them and actually use them. Because even the other side of this coin and I. And I'll get off my soapbox, but the other side of this coin is Aaron and his team at Morgan Franklin could come in and stand up. Or you and your team can stand up all these amazing tools and then we hand them the keys and walk away.
And if they don't know how to maintain that and continue to run it, then again, I gave them a Ferrari. But they don't know how to drive a Ferrari. They don't know how to drive a stick. So that just sits in the parking lot. Nobody uses it. Right. So it's this great thing that was stood up and has all this capability, but they were never trained. They don't have the staff to run it. They don't have the, the know how to run it. They don't have the, you know, the real understanding of how to get the value out of the thing so that when it comes time to renew it, when they're talking to the board or when they have an incident, they know how to wield those tools to help themselves and protect their organization.
[00:36:56] Speaker B: That's right. Or a partner that can come in correct, done it before having a lot of these things already pre built that they can just come in an accelerated pace and deliver that additional value and that additional capability. For sure.
[00:37:08] Speaker A: Exactly. And that's the piece to this. And that's why, you know, organizations and services like ours, and it's not just us, right. This is a team sport. Right.
It's not just, you know, we're working with the vendors, we're working with the clients. Clients and but our skill set. And that's, that's part of the thing that you pay for with getting a consultancy. It's like we've implemented this, right. We've done this before. Like not in your Organization. Not saying I have all the answers, but I. I'm better. I understand what questions to ask. I know. I know where some of the bodies are hidden and I know some of the gotchas. I'm not going to know them all. I'm not saying it's going to be completely smooth and we're not going to have any hiccups, but we're going to know a lot of the things. Hey, yeah, we've done this before, and this is the problem we had when we did that. And these are things to watch out for when we're implementing this technology in these spaces and this way with these integrations and this automation and all that kind of stuff that, that experience. You don't pay the guy. You know, the, the old analogy where the guy comes in to fix the thing and he comes in and he's charging exorbitant amount of money and he fixes it in five seconds. And like, well, you only were there for five seconds. I'm not going to pay that bill. He goes, you didn't pay me for the five seconds I was there. You pay me for the 40 years of experience to know exactly what I need to do in that five seconds to fix your problem. Right. That's the experience that you're paying for, not the time. Like, when I pay a mechanic, I'm not necessarily just paying him for the hours he's working on my car. It's the years of experience because he does it in an hour where it would take me two months to do the same amount of work.
[00:38:38] Speaker B: That's exactly right. I agree 100%.
[00:38:40] Speaker A: Yeah. So. So all that we. We've kind of talked around of a lot of different things and a lot of cool, exciting things with all that we got going on and all that. All that, you see always kind of wrap up with this question, you know, what's in the next five to ten years? What's. What's one thing that maybe you see coming up over the horizon that's exciting? And maybe one thing that may be a little concerning that you're like, we got to pay attention to that, you know, interestingly.
[00:39:07] Speaker B: And I. This isn't going to be a surprise to you or any of your listeners. It really centers around the use of AI and the combination of bringing people, people and technology to bear and bringing that together in a meaningful way in the right areas, with the right approach. I think that right now my concern is that there's a lot of promises being made about AI. There's a lot of Uninformed forecasting of what things are going to look like. And I think that, and some folks are kind of making bets on those things and they aren't quite proven, proven out with data yet. We don't really know what those things are. And I think. So that's the biggest risk that I see is maybe folks going a little too fast and not fully understanding how it applies to their unique business and how to integrate people into those processes. Because the idea of just letting AI do all of the things without some checks and balances, including on the back end on how it's all the way from how it's trained and purpose built to how it's used used and then how we, how a business makes sure that they don't have business interruption through poisoning of, of the, the training through data of that AI, et cetera, et cetera. Right. So where do people fit in and what does that look like? I think that there's some risk there. Now the flip side of that coin is I see tremendous value there. And what I don't see is a lot of positions being displaced. I, I don't see a lot of people use it, losing their jobs. What I do see though is an increased capacity, capacity for enterprises to do more with what they have. So rather than looking forward, and that goes for managed services organizations as well. Right. The better we get at figuring out that approach for different use cases on how to bring together technology, specifically AI and advanced machine learning with people and programs, the better off we're going to be. And what we're going to see is the ability for the same amount of people to do far more work.
[00:41:08] Speaker A: Right.
[00:41:09] Speaker B: And, and I think that, and the other thing that I see that's a risk, I would say that I'm concerned about moving forward is with the, with the increased use of AI. There's, there's a kind of this thing, you know, you and I have been in this industry for a long time and probably like me, you kind of grew up in the trenches. You know, I was a network admin, I was a server admin, I was, was a security analyst, incident responder, all of those things all the way through, up the chain. So at the beginning I had to learn all of the various domains. I had to learn all the various things. And now with the advent of AI and additional advanced capabilities, as an example, how many security analysts out there know how to dissect a packet, know what field lengths should be and what type of data should be in each field and things like that. Now some of those attachments attacks are less prevalent or less prevalent than they were back in the day. But it's a good example that that skill set, a lot of those initial skill sets now move away because it's all automated, a lot of that data enrichment and decision, all that things. And so how do we get security practitioners to have that really great foundation at a senior level? It's going to be difficult because a lot of it will be automated and we're going to have to find creative ways, which we are doing at Morgan Franklin within our soc as far as training programs, et cetera. But you have to find ways to bridge that gap to make sure that in the future the folks that are at those levels can partner well and have the experience to second guess and really, you know, have critical thinking skills and problem solving skills on the outputs of AI to make sure that, you know, it's the right thing, particularly from a security perspective. So my kind of, you know, my excitement as well as my concern over the next five years or so definitely of centers around automation and AI and what that ultimately evolves into and how people leverage it or don't.
[00:43:09] Speaker A: Yeah, and I'm excited about the same thing. I mean, you know, you look at, and I'll give it a simple example, doing an assessment, a firewall review, right? I can take a firewall, a configuration on a local model running, you know, not in the cloud, not chat, GPT. I'm talking about a local model and I can have it process that firewall wall and I can have it give me its first pass. And the way I look at it as right now, AI is like your junior admin, right? It's a junior analyst. I can give that junior analyst and say, hey, give me a review of what you think of this firewall as an example, right? So they're going to say, hey, Telnet is open and SSH is there and it's not using HTTPs and you know, it's not on the latest firmware and it's got an any, any going from here to here and you know, all that type of stuff. And then me, I still need to go through that and give my expertise from my decades of experience of doing this. But I'm, I've already got the basic stuff done and I'm just validating, I'm going through. Yep, okay, I agree with that. Yep, I agree with that. Yep. Oh, wait, what about that? Nah, I don't think that's a problem or in this situation it's not applicable because of xyz, whatever Right. So then I'm spending less time, time going line by line, right. Every one of those things and I'm using it as a first pass. And then I, it's, I can go through it a lot faster. Which means again, the AI is gonna not miss things that I, maybe I would have missed the, the telnet thing, right? Maybe I, I, oh, I forgot that when I, I skimmed past it. Honest mistake. Right. So little things like that make me faster, make me more efficient. Efficient. And again, I can, I can train. But to your point, I can do that because I have decades of experience doing these things. The new folks coming up, if they've only ever used the tools, they don't necessarily know what to look for. So it's super important that we, we pass on that experience and understanding to the next generation so they, we can train them on those things. So I, I agree. I think it's going to be a huge tool and capability. It's just a matter of how we use it. That's going to matter. So, call to action. Anything you want people to know, listeners to know. I know we're going to be at rsa. We got a big thing going on at RSA and Black Hat. Anything else? Obviously, with this new mdr, how do we, how do we find that? We'll put show notes, links in the show notes to, you know, kind of a information on that as well. But yeah, any, any other call to actions for the, for the listeners, you.
[00:45:35] Speaker B: Know, the call to action, I would say is that if you have questions about your program, if you have any interest in any services, whether they're sock services or other services, and you just need more information, reach out, reach out on LinkedIn, reach out, you know, through your podcast, etc and bring us in even just to have a conversation. I mean, I, I have potential clients that come in and we have conversations where they just say, hey, I'm not really understanding what's happening here. Can we have a 30 minute conversation on what this means, what you would recommend? And we just do that as a normal course of wanting to be good members of the security community and be good to people. And we're all on the same team ultimately. And so I guess that is really my call to action. We're really all on the same team. Let's all help each other secure us. I mean the bad guys are helping each other out and leveraging each other and leveraging their tool sets and skill sets and communities. We need to do the same and we need to be better. So I would say reach out, ask for help, ask for partners. That doesn't necessarily mean signing a deal and spending money.
[00:46:38] Speaker A: Absolutely.
[00:46:39] Speaker B: Yeah. So that would be my call to action. Thanks.
[00:46:41] Speaker A: I love it. Awesome. Shane. Hey man, I appreciate it. I'm really excited about the offering and seeing how that goes and being part of it and help it. You know, rolling this out at customers in both OT and IT and cloud and all the different spaces, I definitely see the value add and really just, you know, securing our world.
This is never going to change. It's only going to get more so and I'm excited to to help be, you know, a part of an organization that's helping to wield some of those capabilities for good.
[00:47:11] Speaker B: That's right.
[00:47:11] Speaker A: That's right. Thanks for your time man. I appreciate it.
[00:47:13] Speaker B: Thanks Aaron. It's a pleasure.
[00:47:16] Speaker A: Thanks for joining us on Protect it all, where we explore the crossroads of IT and OT cybersecurity.
Remember to subscribe wherever you get your podcasts to stay ahead in this ever evolving field. Until next time.
