.png)
Cyber Crime Junkies
Socializing Cybersecurity. Translating Cyber into business terms. Newest AI, Social Engineering and Ransomware Attack Insight to Protect Businesses and Reduce Risk. Latest Cyber News from the Dark web, research and insider info. Interviews of Global Technology Leaders, sharing True Cyber Crime stories and advice on how to manages cyber risk.
Find all content at www.CyberCrimeJunkies.com and videos on YouTube @CyberCrimeJunkiesPodcast
Cyber Crime Junkies
Power of Storytelling in Cybersecurity
We interview Ron Eddings, CEO of Hacker Valley Media, about his journey into cybersecurity and the Power of Storytelling in Cybersecurity.
Get peace of mind. Get Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com
Imagine setting yourself apart from the competition because your organization is always secure, always available, and always ahead of the curve. That’s NetGain Technologies – your total one source for cybersecurity, IT support, and technology planning.
Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466.
A word from our Sponsor-Kiteworks. Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with Kiteworks' universal, secure file sharing platform made for every organization, and helpful to defense contractors.
Visit kiteworks.com to get started.
🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!
Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/
Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast
Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!
Power of Storytelling in Cybersecurity
We interview Ron Eddings, CEO of Hacker Valley Media, about his journey into cybersecurity and the Power of Storytelling in Cybersecurity.
Ron shares his experience of starting in cybersecurity at a young age and the role mentors played in his career. He emphasizes the value of acquiring rare and valuable skills and the importance of following instructions. Ron also discusses the mission of Hacker Valley Media, which is to help unlock the creative potential of cybersecurity professionals and brands.
The conversation highlights the power of storytelling in cybersecurity, as it allows for effective communication of complex concepts and helps create a connection with the audience. The importance of storytelling and audience-centric communication in cybersecurity, the measurability of cybersecurity, the role of AI in cybersecurity, and the significance of basic hygiene practices in cybersecurity.
Takeaways
Mentors play a crucial role in the cybersecurity field, providing guidance and opportunities for growth.
Acquiring rare and valuable skills is essential for personal and financial freedom in the industry.
Storytelling is a powerful tool in cybersecurity, allowing for effective communication of complex concepts and creating a connection with the audience.
The story circle framework, which includes the protagonist, the explosion, and the new normal, can be used to structure cybersecurity stories.
All brands, including those in cybersecurity, can benefit from storytelling to resonate with decision-makers and communicate the value of their products or services. When presenting to someone, it is important to build your story and cater it to the audience's level of understanding.
Cybersecurity practitioners should focus on measuring and quantifying risk to effectively communicate the importance of cybersecurity.
AI is more than a fad and can be leveraged to improve efficiency and productivity in cybersecurity.
Basic hygiene practices, such as strong passwords and multi-factor authentication, are essential for protecting against cyber threats.
Keynotes
The Importance of Storytelling in the Industry
The Power of Mentors in the Cybersecurity Field The Role of AI in Cybersecurity
The Power of Storytelling in Cybersecurity
Sound Bites
"I'm a son of cybersecurity. It's been the only thing that I know."
"If you know someone at a company, that always pays dividends compared to trying to apply and make it through the front door."
"When someone sees that something's important to you, people around you conspire to help you get it."
"The first step, if you're presenting to someone, is building your story out."
"We're not necessarily catering the story to the audience because they might not know much about technology as a whole."
"We haven't addressed the elephant in the room, which is we are at risk."
Chapters
00:00 Introduction and Chance Encounters in Cybersecurity
02:22 The Power of Storytelling in Cybersecurity
20:35 The Art of Storytelling: Resonating with Decision Makers and Brands
27:01 The Art of Storytelling in Cybersecurity
31:37 The Role of AI and Large Language Models in Cybersecurity
46:49 Fundamentals of Cybersecurity Hygiene
50:28 Upcoming Events and Projects
Topics
Power of Storytelling in Cybersecurity, behind the scenes of a cyber security podcast, best podcast storytelling, benefits of storytelling on podcasts, why storytelling is effective, cybersecurity, storytelling, Hacker Valley Media, education, AI, cyber hygiene, behind the scenes look at podcast, best security tips for small business, best ways to create a security culture, how ai can be used for fraud attacks, how ai will effect cyber security, best security tips for small business, best ways to create a security culture, how ai can be used for fraud attacks, how ai will effect cyber security, how to build a security culture, how to communicate effectively internally in business,
MAURO (00:04.494)
There's a reason we stop scrolling. There are attention grabbers and the arc of stories. There's an art to storytelling which helps keeps us interested.
You know, there's a reason we stop scrolling. There are attention grabbers and there's an arc of certain stories. There's an art to celery still.
MAURO (00:34.488)
There is a reason we stop scrolling. There is an arc of stories and there are attention grabbers and there's an art to storytelling, which helps us stay interested until the end. The power of storytelling in cybersecurity has helped transform security awareness. We're humbled and proud to be part of that movement. So join us in this episode. This is the story of Ron Eddings, a cybersecurity expert
and a fellow storyteller.
D. Mauro (00:03.418)
Hey, well, welcome everybody to Cyber Crime Junkies. I am your host, David Mauro and in the studio today, despite lots of technical hurdles that he's overcome, is my always positive, always illustrious co -host, the Mark Mosher. Mark, how are you, man?
Mark Mosher (00:03.919)
Ron (00:14.808)
Thank you.
Mark Mosher (00:21.199)
wonderful, David. We call those opportunities for achievement. They're not problems. That's exactly right. David, I'm really excited about this episode. The listeners are in for a real treat on this one. Tell us who's in the studio with us.
D. Mauro (00:25.914)
They are opportunities to improve. Yes.
D. Mauro (00:37.882)
Yeah, we have Ron Eddings, CEO of Hacker Valley Media and an experienced cybersecurity practitioner. Ron, thank you so much for joining. Welcome.
Ron (00:49.528)
Thanks for having me. I've been so excited to meet you and get on the show. So it's an honor being here.
D. Mauro (00:57.292)
No, it's our honor. I'll tell you, Mark and I have been huge fans of Hacker Valley Media. As I explained to your partner, Chris Cochran, you know, you guys have the gold standard for podcasting and studio work and the work that you do at the conventions. It's really, really remarkable. And I love your storytelling and the ways that you guys are able to translate cyber.
Mark Mosher (00:57.999)
That's not true.
Mark Mosher (01:02.254)
We have.
Ron (01:24.408)
Thank you.
D. Mauro (01:25.85)
Well, that's great.
Mark Mosher (01:25.87)
we text each other back and forth like a couple of giddy school girls. Hey, did you see what Ron and Chris did? Did you see what they did in this last episode? Go check it out.
D. Mauro (01:33.562)
yeah. I know. I know. And then Mark and I were like, I can't believe they were there. They were talking to like Simone Biles. And I'm like, Yeah, Mark, you'd have to leave your house to do that. I'm like, why don't we get there and go talk to people?
Ron (01:46.712)
What?
It's funny because we met because I saw your live stream on LinkedIn and I was like, wow, I'm impressed with you all were doing something different. Like it didn't feel like you just use Riverside or StreamYard or Restream. You put the you put the sweat equity and the love and the attention to detail. And I think that always stands out.
D. Mauro (02:10.714)
well thank you, that's really nice. I would love to...
Mark Mosher (02:11.758)
Man, that's like my mic drop, that's my mic drop moment right there. I can just leave the episode now. I just had Ron say that on air. Come on.
D. Mauro (02:16.122)
Yeah, I'm going to have to clip that and use that. Yeah, I'm going to have to clip that and use that as an ego boost later. But yeah, I mean, we really like what we do. This is really fun. I mean, we learn so much from people like you. Let's start with your origination story. I love to hear how you first got into cybersecurity. I mean, when people think of the field, they think of...
Ron (02:20.664)
Hehehehe
D. Mauro (02:45.53)
hackers or they think of big industry and cloud data centers and all this stuff. And it's nothing like that. Right. I've been I've been experiencing it for years and it's a great culture. There's so many different initiatives and really good people with with bigger messaging above just their own self -interest. So tell me what what what first got you into it.
Ron (02:50.136)
Heheheheh.
Mark Mosher (03:03.725)
Ready?
Ron (03:09.528)
I'm a son of cybersecurity. It's been the only thing that I know. And I say that I'm a son because I got into cybersecurity through kind of a chance encounter. I've always, you know, liked the idea of hacking and I've been hacked on AOL instant messenger. I'm sure a lot of people, you know, remember that tool. You could send files and I got hacked one time and that's what kind of opened my idea, opened the idea in my mind to being able to break into computers. But...
Mark Mosher (03:26.26)
Thank you.
Ron (03:37.272)
My real intro into cyber was when I was working at a public access channel when I was 16. I was a cameraman. I would go to like sports games, like high school games. I'll go to nursing homes and we will record people and played on the local access channel. And on Sundays, we would allow people to come in and record whatever they want free of charge. And we would edit it up, share the files with them, but also air their content on the local access channel. I was reading a book on computer networking.
D. Mauro (03:43.29)
Mmm.
Mark Mosher (03:51.018)
Thank you.
D. Mauro (04:04.154)
Of course.
Ron (04:07.352)
And there was this gentleman that walks in and he says that he's going to do a bit on cybersecurity. I didn't know what cybersecurity.
D. Mauro (04:12.282)
Now, what? Yeah. How far back was this? I'm sorry to interrupt you, but how far back was this?
Mark Mosher (04:12.618)
What up?
Ron (04:19.448)
This was when I was 16. I was an intern, more or less. I had, like, kind of treated as a full -time person, but I was doing this part of my work -study program. I had a chance encounter to meet the county executive, which is kind of like the mayor for my city, and he got me this job at this public access channel.
D. Mauro (04:40.506)
That's phenomenal. So in back then, people were not putting cybersecurity on video content. Right. So this was this was new. This was new. And what came of that? What was your impression?
Mark Mosher (04:41.001)
Wow.
Ron (04:47.512)
No. No.
Ron (04:53.848)
Yeah, so I was sitting down reading a computer networking book while my senior team members were like setting up the cameras and all that. I was reading the book on CCNA and then this gentleman walks up, his name is Marcus Carey. He says, you want to be a computer networker? And I told him straight up, you know, I'm 16 at the time. No, I'm a hacker. And with so much conviction, so confident, you know, so naive as well.
D. Mauro (05:14.106)
Right, exactly. I'm a hacker. I want to be one of the cool guys.
Mark Mosher (05:14.281)
Ha ha ha.
Ron (05:21.496)
And Marcus thought it was absolutely hilarious. You know, you got this 16 year old kid that really thinks he's a hacker. He's on the right track. He's reading a CCNA book. So he offers mentorship. He's like, hey, you know, we should definitely stay in touch. He told me all the things to do. I'm really good at taking instructions. You tell me what to do. You tell me to get a certification. I could hit the books. So I did all of the things that he recommended. And I was fortunate enough to get my first.
Mark Mosher (05:22.28)
Okay.
Mark Mosher (05:29.8)
Right.
Ron (05:48.025)
professional job full time at Booz Allen Hamilton when I was 19. So just a year after graduating high school.
Mark Mosher (05:52.551)
Wow. That's a nice start.
D. Mauro (05:52.73)
Wow.
That is fancy. So you see you work of all the places you started off at Booz Allen. That's fantastic. Yeah.
Mark Mosher (06:00.359)
You started at the top. You set the bar pretty high for yourself there, Ron.
Ron (06:01.88)
Hahaha
Not only that, but my first job I was working at, I was a contractor for the NSA and my job was essentially to be an APT. So like not only did I have like the perfect company that, you know, I wasn't a government employer, employee, they're paying me bigger bucks. And I was, you know, breaking into systems professionally. It did not get much better at that point. Like I was like, I love this.
Mark Mosher (06:14.854)
Wow.
D. Mauro (06:26.522)
Now, what a great influx. How did you, you know, people hear that story and what the messaging that else I'll get from them is, is but how'd you get that? Like, did you, did you just apply back in the day? Did you, did you have certifications or college degree ahead of time? Like, what, what can you tell us? Like, how did you first just get into that opportunity?
Mark Mosher (06:27.078)
Thank you.
Ron (06:53.944)
Yeah, usually, I think if someone were to hear just that last part, I got my first job at 19, they might think child prodigy. I was not a child prodigy at all. I was just someone that was good at following instructions. So Marcus told me he gave me some really good advice. He said, go to job fairs. So every time that I saw a job fair at high school and also, you know, I was 19. So I was I didn't go to the four university. I went to community college. So whenever I would go to the community college, they would always have things on the bulletin board.
D. Mauro (07:00.73)
Right.
Mark Mosher (07:01.508)
Hahaha.
Ron (07:23.416)
And that's how I kind of learned about opportunities. But I got that job at Booz Allen Hamilton because one of my professors was a Booz Allen employee, and he would always show really cool things in the book. He was really focused on the hacker parts of the book, like the offensive ops. But the book had errors. The book was written three years before the course I took was taken. And...
Mark Mosher (07:36.292)
Cool.
D. Mauro (07:44.57)
Mm -hmm.
Ron (07:52.952)
technology already moves fast. Back then it was still pretty fast. So that the commands in the book were outdated. So I would always raise my hand like, hey, Mr. Price, this is this command doesn't work. And here's why. So he thought I was nuts. He was like, who is this kid that's like calling my instruction incorrect? And he told me he worked at Booz Allen. I'm good at following instruction. You tell me where you work. That means to Google it. So I Googled it. I saw what Booz Allen does. I point blank asked him.
Mark Mosher (08:04.9)
That's a tough one.
Thank you.
D. Mauro (08:11.866)
That's fantastic.
D. Mauro (08:16.698)
yeah.
Ron (08:22.968)
Hey, how do I get a job at Booz Allen? And he said, you want a job? You don't want to like stay in school? I said, no, I'm only in school. And he made the introductions. And what I could say for this opportunity and any opportunity, if you know someone at a company that always pays dividends compared to trying to apply and make it through the front door.
Mark Mosher (08:28.965)
I'm going to go ahead and close the video.
D. Mauro (08:30.81)
Exactly.
D. Mauro (08:45.786)
Well, and you have to demonstrate to that person that you're thirsty, you're hungry, you're following instructions, right? And you did just that, right?
Ron (08:57.112)
It probably helped that I was 19 at the time, too. People really get inspired by the youth. I love to bring on young people. I'm actually about to bring on my nephew for an internship. Young people just kind of bring life to an organization. I think that Marcus Carey and this gentleman, Chad Price, they both recognize that. So they saw that I was hungry, but I didn't have the structure that I have now. I didn't have the mindset. So they're also taking a risk, but investing in the youth, which is very powerful.
D. Mauro (09:25.466)
Absolutely. That is.
Mark Mosher (09:26.564)
Well, you know, I think that's a common denominator with a lot of these people that we talk to that have done well in this field is when they look to others to mentor or to bring into the field, it's always do they have the drive? It's not so much do they have the certs, do they have this cert or that cert, but do they have the drive to really do it? And the ones that make it and are really successful are the ones that can say yes to that question.
Ron (09:52.248)
Mm -hmm.
D. Mauro (09:53.466)
Yeah, absolutely. And you know, another thing that you pointed out, Ron, that is listeners will recognize we recently interviewed Chris Voss, the author of Never Split the Difference. And I'm a huge fan. I was trying not to be a fanboy during the interview. I was like, my God, can I get your autograph? Could you sign my book? But I'll tell you one thing that he talked about things I couldn't find him like he had not talked about before.
Ron (10:05.176)
Ooh, yes, one of my favorite authors.
Mark Mosher (10:06.115)
Yeah.
there.
Yeah.
Ron (10:12.12)
I'm going to go.
D. Mauro (10:22.714)
He was talking about, you know, people when they seek out mentors, they don't follow their advice. It's like they have that confirmation bias. They're like, I think I know what I want to do. I'm going to go ask my mentor if he'll kind of agree and then I'm just going to go do what I was thinking of doing. He's like, he's like the ones that excel, the ones that move up in organizations are the ones that take instruction, right? From people that have already been where you want to go. And he said he came up with a couple of different examples.
Mark Mosher (10:29.826)
and
Ron (10:37.464)
Mm -hmm.
D. Mauro (10:52.442)
working at the Kansas City Police Department and then the FBI and how they hadn't taken the advice of the mentors. And he said, part of the reason I got into the FBI is I listened and I just took instruction. And that's where he founded that the entire never split the difference model was actually when they told him they rejected him from the FBI and they said, you need to go volunteer on a suicide hotline for a while.
Mark Mosher (11:19.232)
Yeah, yeah.
Ron (11:19.672)
Mm -hmm.
D. Mauro (11:20.602)
and you will learn some things that we can't train you on first." And he went and he did it and he came back and they're like, we can't believe you're back. We can't believe you actually did that. And he's like, we tell people all the time and then we never hear from them again. He's like, well, I'm back and I learned a bunch of stuff. And he's like, and then they let him in. So it was really interesting to hear that and that to hear that you identified him, his teachings, and then.
Mark Mosher (11:29.087)
Thank you.
Ron (11:32.808)
You
D. Mauro (11:48.154)
He gave you instructions and you followed through. It's a really good life lesson.
Ron (11:53.176)
to get instruction is a gift. It's feedback, essentially. And I had one more very similar encounter. Around the same time, I was probably like 20 years old at the time, still working at Booz Allen Hamilton. I see these two sharp looking guys in the back of the room. They got full three -piece suits on, these Abe Lincoln -like hats.
D. Mauro (12:13.754)
You don't have to call us out like that, man. You don't have to tell, like we know we met back in the day, but you don't have to, no, I'm just teasing, sorry. That's all I got.
Ron (12:19.128)
Yeah, so I met I saw these two guys in the back of the room and I went up to him. I said these guys are clearly someone I should know. And I think that's kind of a North Star is people that are, you know, have ideas that are great leaders or great coaches. They're going to be inspiring all around. So if you're gravitated towards someone, just take that step. So I go up to these two guys and I say, hey, who are you? And they tell me their names. One is Marco Figueroa. The second one is Kevin Figueroa.
And they say, here's this card. It says unallocated space on it. And I'm like, who are these guys? It's a card. And then I type it into Google. That's what I always do. I go to Google. I type it in. It's a hacker space. So I go to the hacker space later that night. And the gentleman Marco, he tells me to buy a book. It's on C++. I go and buy the book at the bookstore, come in the very next day with the book. He says, you got the book. Wow. I didn't really think you were going to get it.
D. Mauro (12:49.486)
my God.
Mark Mosher (13:01.281)
Thank you.
Mark Mosher (13:11.228)
Thank you.
Ron (13:18.52)
Let me buy it off you." And I was like, what? Okay, here's the book and he buys it off me. And it was kind of a test, but he did want the book. The very next day I show up again at the hacking space with the same book, I rebuy it. I think just those little things really show people like how important something is to you. When someone sees that something's important to you, everyone around you conspires to help you get it.
Mark Mosher (13:32.379)
D. Mauro (13:43.706)
Absolutely. Well, and people want to be mentors, people want to help because they realize, I think we all have a sense of our own regret, right? And we're like, I wish I would have known now what I know then I wouldn't have taken the long way I could have taken the short way if I could only tell somebody when I see them going that way, I could be like, don't go that way, go this way. It's so much there's so much help in.
Mark Mosher (13:43.899)
Yeah.
Ron (13:48.888)
Mm -hmm.
Ron (14:00.472)
Yes.
Mark Mosher (14:01.147)
Yeah.
D. Mauro (14:12.378)
not looking at older people as boomers or as Gen X and actually like asking for some help, right? Like we really want to help. We actually, you know, we came up in the Y2K days, like we might know something. So it's really, it's really fun to mentor. We, we, we always enjoy it. So from there, your career was stellar, man. Like you, you wound up at Palo Alto. You were at Intel. We, we recently had Steve Orin.
Ron (14:25.048)
Mm -hmm.
Ron (14:42.392)
yeah, triple OG.
D. Mauro (14:42.394)
Yeah, the fields, the federal CTO, he's brilliant. Like some of the people that Intel has. How had your role kind of transformed over the years? Did you get yourself additional certifications? Did you find a certain path that was more appealing to you?
Mark Mosher (14:43.457)
Yeah.
Ron (15:04.312)
Yeah, so when I got into the game, I was 19, like I mentioned, Marcus told me to get certifications. It was a very important time in history because this was like 2009, 2010. And CompTIA was on the tail end of having certs that never expire. So I had like six months to get, I got Network Plus, Security Plus, CEH, Convergence Plus. I had my CCNA, but that's always had like an expiration date.
D. Mauro (15:08.218)
Mm -hmm.
Mark Mosher (15:12.951)
Thank you.
D. Mauro (15:16.666)
Mm -hmm.
D. Mauro (15:23.194)
Hmm.
Ron (15:34.04)
So I got got all those certs and like a six month period and I was very fortunate because when I got the job Booz Allen Hamilton I mentioned I was working at NSA to work at NSA you have to get a clearance So for three months I was able just to sit there and wait They called it the beach like you would you would join the company and go sit at the beach So instead of just going and having water cooler talk, I would just go
D. Mauro (15:45.21)
Mm -hmm.
Mark Mosher (15:50.647)
Thanks.
Ron (15:58.04)
to my desk, read a book on CCNA, on networking or security, and then take those search. So I got the search, then I didn't look back. I said, I'm not taking any more search after this point. I got enough. These don't expire. Even if they did, I still wouldn't retake them. I need experience. So I was doing the offensive ops things for about three and a half years. And I realized at some point, I'm using all these government tools. I'm essentially a professional script kiddie. Government has great tools. It takes...
D. Mauro (16:08.794)
Right.
Mark Mosher (16:09.303)
Thank you.
Mark Mosher (16:14.487)
Right.
D. Mauro (16:26.106)
Hmm?
Ron (16:27.768)
a lot of the load off of, you know, what I would have to do as an offensive operator. So I thought I need to get some more experience. Then I took a job at McAfee, did that for about three and a half years where I was just focused on security research, trying to find how people are doing things, doing writings, going to conferences. And then I realized again, man, now I know how to do all the research, but I still don't know how to do any of this stuff. So I took a job at Intel and
Mark Mosher (16:53.207)
Ha ha ha.
D. Mauro (16:54.106)
Right.
Ron (16:57.176)
By the way, the gentleman that was referring to Marco Figueroa is the gentleman that got me the job at Intel. He said, Hey, I'm going to Silicon Valley. Ron, it's the promised land. You're single. You're not married. You have to go to Mecca because if you're, if you don't go, you're going to regret it later in your career. Cause we know what's Silicon Valley is about. It's about startups, it's about big money. So, I go out to Silicon Valley to work at Intel and I was doing threat.
engineering. So I was taking threat data from many different sources and providing a layer of automation on top. And then hit the same kind of point in my thinking, I know how to do this one thing for Intel. I know how to automate threats. I know how to automate data going from one place to another. But would this work at another organization? That was what was going on in my mind. And also, how do I get a bag? I didn't come all this way to San Jose, California, not to walk away with some prize winnings.
Mark Mosher (17:44.023)
Right.
D. Mauro (17:45.082)
Right.
Ron (17:53.368)
Intel paid their employees nicely, but the way that you make a good deal of cash in Silicon Valley is go to a startup, get equity, have a buyout or go IPO. So I go to this website called Crunchbase and I type in, I see that Crunchbase has these filters. I'm like, holy crap. I don't think anybody knows about this. I don't think anybody knows about this. Still, Crunchbase has filters that you could drop down on and say, I want to see all the companies in San Jose, California.
Mark Mosher (18:03.831)
Yep.
D. Mauro (18:04.122)
Right.
Ron (18:22.136)
that have $30 million in funding that were created in the past three years that are not beyond Series B funding that have less than 100 employees. I went to make an impact. So I signed up for a crunch based subscription. It was like 60 bucks for one month. I signed up and then canceled and I found 10 companies that match this criteria. I applied for all 10 and I ended up working at the Misto as a security architect. So I was helping banks.
Mark Mosher (18:37.271)
Thank you.
Ron (18:50.616)
health organizations, enterprise organizations, just automate security workflows. And that went really well. I got all the experience I think I would ever need in the cyber arena because I was automating terminal commands. I was automating APIs. I was automating people's jobs in a way, like, you know, some of the heavy lifting. And yeah, that's how I kind of got here. Domesta was ultimately acquired by Palo Alto Networks.
D. Mauro (19:06.362)
Mm -hmm.
Ron (19:17.432)
And around that time, I was working at the MISTO and Paul Alta Networks. Me and Chris, we started talking on the mics. We didn't know we were doing a podcast. That's why I wouldn't say we started the podcast back then. We just started talking on the mics. We got these nice, sure SM7Bs, which I see that you guys gave it. And everything lined up perfectly. I'm good at following instructions. I'm following my personal legend now. That's my, that's my instruction that I'm following. And all of these.
Mark Mosher (19:27.799)
Okay.
D. Mauro (19:34.106)
They are the best things in the world.
Ron (19:45.336)
chance encounters and circumstances led to me having enough runway to invest in myself to start Hacker Valley full time and let go of being the hands -on practitioner that I used to be.
D. Mauro (19:57.53)
That's phenomenal. What's the mission for Hacker Valley? What are you guys trying to do? Because whatever it is, you guys are doing it really well. I just want to know. But what's the inner driver? What's the root cause?
Mark Mosher (20:02.583)
yeah.
Mark Mosher (20:08.343)
You did really well.
Ron (20:16.408)
Yeah, for sure. So, you know, we, I have a hard time with having a mission and vision for my personal self because, you know, like I said, I like to follow the chance encounters because you can't play in that type of thing. So I could give my personal mission and then also Hacker Valley's mission. Personally, my mission is to acquire rare and valuable skills so I can acquire and, you know, afford
D. Mauro (20:29.498)
Mm -hmm. Yep.
Ron (20:44.824)
financial and personal freedom. I think rare and valuable skills are typically the pathway because they can provide meaning for your life and they can also provide income for your family to support themselves independent, free of other people. So that's my personal. And then our mission at Hacker Valley is to help unleash the creative potential of cybersecurity professionals and brands so that cybersecurity has a voice.
Mark Mosher (20:59.191)
Yeah.
Ron (21:12.888)
That's really, that's what it boils down to.
D. Mauro (21:15.61)
That's fantastic. And that's a great segue into what I wanted to talk about. And that's storytelling, the art of storytelling, and the reason why it matters. So what's your view of storytelling? You guys do a lot of storytelling. You guys are very good at it. Why is it so important in the cybersecurity field?
Mark Mosher (21:16.599)
Yeah.
Mark Mosher (21:34.071)
Yeah.
Ron (21:40.44)
It's important because when you speak about things like breaches, you have to tell the story. Like, that's the only way to communicate something serious is by describing all the details. And what's cool about storytelling is the story is a problem. The solution to that problem is the characters. It's typically the protagonists, especially, but the characters are the solution to the problem.
D. Mauro (21:48.378)
Mm -hmm.
Ron (22:09.496)
And that's exactly how it works in cybersecurity. The story of what happened, we were breached 5 .55 PM on Thursday, June 6th. That's kind of the story. How are we going to fix it? It's all of the people and our technology, but really the people behind it. So I feel like with what we do in cybersecurity, it's just so ripe for telling great stories.
D. Mauro (22:34.33)
absolutely. And you have the cyber crime element, which has the way that it's been developed and organized and productized. It's very there's a lot of analogies to organized crime and mafia. And those have always made for great movies and great stories. And when you dig into the details, you know, a lot of people hear about a breach at a company and they're like, they were probably just terrible at it or they were negligent or whatever.
Mark Mosher (22:35.255)
Yeah.
Ron (22:51.512)
Mm -hmm.
D. Mauro (23:03.674)
and you find, no, it's they were doing a lot of good things right, but something just fell short. Like they have to be right, you know, every single time to thwart these threats and and the threat actors only have to be right once to get in and and to do damage. Now, there are a lot of organizations that clearly just haven't evolved right. But in today's day and age, it's definitely a.
Ron (23:14.872)
Mm -hmm.
Mark Mosher (23:20.183)
Yep.
D. Mauro (23:32.826)
It's a high risk strategy to not take cybersecurity at the board level, at the senior management owner, CEO level. Yeah. And what do you... Storytelling helps. Like, what has your experience been in terms of like a formula for storytelling? Do you find like there's a certain way that resonates more with some people?
Ron (23:43.896)
Mm -hmm.
Ron (24:02.104)
1000%. There is a framework that I think anyone can follow is called the story circle. And the story circle is created by this gentleman named Dan Harmon. It has, it's pretty much a circle. So it's a circle where it kind of breaks out stories into eight pieces. And when you think about a story, I think the most traditional way to think about a story is beginning, middle, and end.
Mark Mosher (24:02.263)
Yeah.
Mark Mosher (24:20.023)
you
Mark Mosher (24:25.343)
All right.
Ron (24:29.56)
If you don't have time for something like a story circle, just think of like that. You know, what is the beginning of this? What is the middle and what is the end? And the way to think about the beginning, middle and end is typically the normal state of a situation, an explosion. That's the middle. And then the third chapter, kind of the end is the new normal, the life that we're going to live now. And the story circle is, you know, follows that same framework all stories do.
Mark Mosher (24:37.655)
Thank you.
Mark Mosher (24:42.359)
Thank you.
D. Mauro (24:48.474)
Mm -hmm.
Ron (24:59.288)
but it breaks it out into more specific components. So like for the story circle, it starts with you and that's establishing the protagonist. The protagonist is living in this great life. I'm in my office in Austin, Texas. Ron was sitting on this podcast with David and Mark and then what they, but Ron wants something. And then this is the need, but Ron wants something.
Mark Mosher (25:01.047)
Thank you.
Ron (25:24.696)
Ron wanted to be the best episode on the Cybercrime Junkies podcast ever. So Ron had to enter in a familiar, unfamiliar situation. This is kind of like getting into that explosion. Ron wanted something. I had to enter into this new situation. Maybe I have to put myself out there and be vulnerable. That, for some people, that's an explosion, big explosion, putting yourself out there, going on a podcast where, you know, trying to step up your storytelling abilities. And then, you know, going...
Mark Mosher (25:34.919)
Yeah.
D. Mauro (25:38.522)
All right.
D. Mauro (25:47.322)
Right? Absolutely.
Ron (25:54.36)
further and I won't go to all of the chapters of the story circle, but the next pieces are all the things that happen during the explosion, you know, paying the piper because we always have to pay a price to hire something completely new. Going after and finding it is often part of the explosion. And then when you get into the new normal, you start to describe how things are different, but the same. It's very important that whoever you're telling a story to,
feels familiar with aspects of each part, the beginning, middle, and end. And the end is always hard in some areas because you have to tie a bow on it or provide some type of resolution. And in cybersecurity, we don't necessarily always have the answers. But I do think that there's always a way to close out a story, whether it's in the form of to be continued. I think you just got to think of a sequel and trilogy mindset. But...
Mark Mosher (26:29.868)
Yeah.
D. Mauro (26:32.794)
Mm -hmm.
Mark Mosher (26:48.817)
Yeah.
Ron (26:52.6)
Yeah, closing out the story I think is actually the hardest part of storytelling for cybersecurity.
D. Mauro (26:58.618)
That's fantastic. I think that's that's absolutely wonderful. All brands can benefit from storytelling. I mean, every company, whether they realize it or not, they are a brand. Their leadership is a brand. They impose a culture. They have products or services, but they are a brand. They are a story. And some definitely articulate that in a more resonating way than others.
Ron (27:07.608)
Yes.
Mark Mosher (27:07.688)
Yeah, absolutely.
Ron (27:25.56)
Mm -hmm.
D. Mauro (27:26.81)
the cybersecurity industry with what Acker Valley Media is doing with unleashing the storytelling and the brands and the benefits. Have you found that what is historically happened in cybersecurity is people talk in technical jargon and they talk features and benefits and it doesn't resonate with the actual decision makers that have to fund
Mark Mosher (27:43.496)
Thank you.
Ron (27:55.384)
Mm -hmm.
D. Mauro (27:56.986)
the, you know, that that would benefit clearly would benefit from reduced risks if they had certain solutions, but they don't necessarily understand it. And those in the cybersecurity field aren't as good as is ideally they could be in articulating that is that is that your experience?
Ron (28:01.336)
Thank you.
Ron (28:19.192)
It is, unfortunately. And not only is it my experience of witnessing that, but I have been also part of that conundrum, creating the conundrum and the problem even bigger. Because when I first got started, I thought I could explain people everything I know. Like I thought I could just like, let me break it down to its most simplest terms and then you'll understand the importance. And that's not how it works. The first step, if you're presenting to someone, you know, is building your story out.
D. Mauro (28:36.346)
Right.
Ron (28:48.664)
But then you have to find out who you're going to be telling that story to and cater the story to that audience. I think a lot of times when we do this storytelling practices in cyber, we're just telling the same story to many different audiences. We're not necessarily catering the story to the audience because they might not know much about technology as a whole. They might actually pride themselves on how little they know about technology. That's an important thing to kind of know before jumping into.
D. Mauro (28:54.682)
Exactly.
Mark Mosher (28:55.236)
So.
Mark Mosher (29:04.42)
Thank you.
Ron (29:15.768)
any type of pitch, whether it be for a project or to ask for more budget or even to talk about a breach.
D. Mauro (29:22.33)
And it's, yeah, and it's a lot more common than we think. Like I've met leaders in hospitals and even banking leaders in financial institutions that almost pride themselves on not being too technical, right? And that's a concern because you don't have to understand the technology and how the technology works, but you have to understand the point of it, right? Like the, like,
Mark Mosher (29:22.34)
That's a good point.
Mark Mosher (29:40.292)
Yeah.
Ron (29:48.888)
Mm -hmm.
D. Mauro (29:50.97)
They are there to have certain protections in place. But oftentimes when they're presented with a proposal or whatever it may be, an initiative, they're presented with the features and benefits. We'll be able to spot this. We'll be able to have reporting on this. And they don't understand why they need it in the first place. Right. We haven't addressed the elephant in the room, which is we are at risk. This will reduce the risk or we are, you know,
Mark Mosher (30:07.075)
Thank you.
Mark Mosher (30:12.931)
Thank you.
D. Mauro (30:17.754)
We have certain levels of fraud and this can reduce the levels of fraud by X percent.
Ron (30:24.376)
Yep.
D. Mauro (30:25.594)
Yeah. And what is your experience? We've talked about this number of times on the show, and that is trying to encapsulate it, trying to put some measurement around it. In an industry, or let's just say, an individual organization rather, sales can say, we're going to hit our target or exceed our target by 11 % this quarter.
we're going to miss our target here. HR can say, we have 8 % of our employees out there looking for a job that could cost this, right? And then the cybersecurity group or the IT professionals for an organization will go, we're kind of at medium risk. And they're like, I don't know what that means. You know what I mean? Like everybody else is able to quantify things, but part of it is because...
Mark Mosher (30:53.635)
Thank you.
Mark Mosher (31:08.162)
Yeah.
D. Mauro (31:18.618)
The threat comes from cyber criminals and crime is an intervening third party act and you never really know when it's going to happen. So that that does create some some ambiguity. But there are ways of measuring risk, are there not?
Ron (31:37.912)
Of course, everything that is perceivable can be measured. It might be difficult to understand how to measure it, but if you can perceive it, you know, your mind and brain are already making measurements and then providing that to your brain. So you can make a picture of, you know, all the light that's entering your eyes. So if you can see it, then you can absolutely measure it. I think that when it comes to cyber, though, we...
Mark Mosher (31:43.233)
Thank you.
Ron (32:03.512)
are very reactive. And I think one day it's going to change to be a little bit more proactive. But at the end of the day, you can't be proactive to something that has not happened yet. So I think that the measurability of cybersecurity comes from more so all the things that you have in place. If you were to call 911 because you have a fire in your home and then the ambulance shows up, they can't measure themselves on how many fires they respond to. But how quickly did you make it out the door?
D. Mauro (32:05.498)
Hmm.
Mark Mosher (32:13.505)
All right.
Ron (32:32.92)
how quickly were you able to put the fire out? Mm -hmm.
D. Mauro (32:32.922)
Exactly. How quickly do they respond? Right. And then there's some assumptions in place by think we'd all agree the faster we can respond, the less damage there's going to be. Same thing with right. Same thing in medicine, fire, et cetera. You know, it's the difference between having your organization be in the news and maybe not being in this, right. So interesting. That's that's that's phenomenal. So I wanted to segue a little because.
Mark Mosher (32:34.335)
Yeah.
Ron (32:44.664)
Exactly.
Mark Mosher (32:44.703)
Right. Right. Yeah.
Ron (32:54.2)
Mm -hmm.
D. Mauro (33:02.074)
I think AI is more than a fad. You know, Mark thought it was going to be gone by December. Mark said this whole AI thing is going to be gone by December.
Mark Mosher (33:05.087)
You know, I don't think it's going away anytime soon.
Ron (33:09.984)
Thank you.
Mark Mosher (33:10.911)
Yeah. And it's just a short run trend that'll be out of here.
D. Mauro (33:15.514)
He thought it was going to go the way of like the Betamax for the VHS. And I was like, I think this is more of like a digital component, man. I think it's here to stay. So what are your views of AI? How are you seeing in your experience, because you're interviewing people in all these different industries all over the world, you speak with leaders all the time, how are organizations grappling?
Mark Mosher (33:20.991)
Yeah, that's it.
Mark Mosher (33:29.887)
and I lost.
Ron (33:29.912)
yeah.
D. Mauro (33:44.698)
it. I just want to start high level and we can dig down a little bit more.
Ron (33:49.752)
In the cybersecurity space, from my perspective, vendors, people that are building the cybersecurity products, they're very reactive, especially to things like large language models, which makes a lot of sense because how do you provide more value to your customer is you have them speak in a language that serves them well. You know, English is my language. I could code in Python, I could code in JavaScript, but it's way easier for me to talk through a process in English.
Mark Mosher (34:00.479)
Yeah.
D. Mauro (34:00.698)
Mm -hmm.
Ron (34:17.272)
And I think that's one of the powers of large language models. They could take that English input and convert that into machine logic for their product, and then give that person the answer that they wanted without clicking through all the UI. So I see that a lot in cybersecurity vendors, I think is amazing. Cybersecurity practitioners that are focused on enterprise security, it's a slower burn. They're not adopting AI as fast as vendors, as fast as attackers, as fast as me as a media person in cyber.
Mark Mosher (34:18.271)
Thank you.
Mark Mosher (34:27.871)
Thanks for watching!
D. Mauro (34:43.642)
Well, there's a lot of concern. They're worried. They're worried, right?
Mark Mosher (34:44.347)
Yeah, yeah, that's a good observation. That's very, very spot on.
Ron (34:52.184)
And it comes down to IP. We as a business owner, I'm sure that you all feel the same way. I didn't realize that how much IP I truly had, like the fact that I had a specific meeting to talk about our process of working through a problem. That's IP. If I record that meeting now, I've captured that IP and I can reuse it over and over again. And organizations and individuals, they see that providing that information to large language models, large language models are doing that already. They're taking that info and
D. Mauro (35:01.498)
yeah.
Ron (35:22.008)
figuring out ways to reuse it over and over again. And it's scary to think that someone might monetize off of your own creation or might leak that information out to the world. I think what's more dangerous in some situations, not all, is not innovating because not innovating leads to a cascading effect of tech debt, competition, and also retention of your employees.
Mark Mosher (35:23.869)
Yeah.
Mark Mosher (35:47.549)
Yep.
D. Mauro (35:47.706)
I would agree. I mean, I mean, the lesson there is if you're not using AI yet, you need to, you need to start at least for at least to start for for your own idioting, right? Like when you're coming up with ideas, you need to do a task at home at work, you need to write a letter, you need to write an email, like put it in AI. And there's, we just had an episode with somebody that's Bill Klayman, who's actually at Apollo, and he's
Mark Mosher (35:54.525)
Hehehehe.
Ron (36:00.12)
Mm -hmm.
D. Mauro (36:16.954)
building the infrastructure for machine learning and LLMs. And he was explaining, he's like, everybody can go into chat GPT and go into the settings and we're where everybody's default setting says, share your information so that we can make the LLMs better. He's like, uncheck that. He's like, if you do that, 80 % of everybody's concern will go away because then it's not taking in, it's not capturing your input.
Ron (36:33.208)
Yeah.
Ron (36:44.664)
Mm -hmm.
D. Mauro (36:44.73)
right? And sharing it with the LLM. That's a great idea. I mean, it's not going to solve everything, but it's certainly helpful. You know, I heard that I immediately while he was talking went and did it. So very helpful. But it's really good for for for for getting ideas kind of sorted or getting things started. And then you could just take that and then you you make it more human. Right. And you make it more personal.
Mark Mosher (36:51.26)
It's a start.
Ron (37:09.82)
Mm -hmm.
D. Mauro (37:14.938)
How has, you know, I think the point that you made was really a big risk that people are seeing and that is people were putting, I forgot which company I thought it might've been Samsung back in the day, like when AI, when generative AI first became kind of mainstream, some people were putting in code there to fix the bugs and it was working, not realizing that then that code was out there, right? And so, but I thought that the initial reaction and,
might have been a different organization by thought it was Samsung. And then the the initial reaction was then just don't use it. And and I think you you bring up a good point. And it's like you don't want people not to use it. You want people to leverage it because while I firmly believe our jobs are not going to be replaced by AI, despite what the media says, despite what Elon says, you know, I think people using AI could be more efficient at their jobs than people that aren't.
Ron (37:58.232)
Mm -hmm.
D. Mauro (38:13.146)
and that will increase competition for your role.
Ron (38:16.504)
Yeah, I mean, imagine what we used to have to do in cybersecurity to even do something like a port scan. Like I would have to go and download Linux. I would be on a Windows device. I got to go download Linux and I got to do an app, get install and map and then kind of like go through the CLI. But now I could just I don't actually have to do that at all. I could just pay twenty dollars, pay somebody twenty bucks. And I don't I didn't have to do any of that. And I could now get.
D. Mauro (38:23.482)
Yes.
Mark Mosher (38:24.57)
Thank you.
Mark Mosher (38:40.986)
I'm sorry.
Ron (38:45.304)
information back on any IP address. Like those types of things are special. And when you are doing more complicated tasks with less effort, it means more money. And you know, like I mentioned, in the beginning, like my personal mission to acquire rare and valuable skills, doing very manual, repetitive work, I don't think is rare, but it might be valuable. So I try to find the nexus between the things that I can, I have competency to do, but that
D. Mauro (38:48.122)
Right.
Mark Mosher (39:08.282)
Thank you very much.
Ron (39:14.104)
not many people are doing.
D. Mauro (39:16.122)
Yeah, that's and that's great advice. Right. I mean, if you're talking to anybody that you want to mentor, like, whatever the field is that your passion is to focus on developing rare skills is really, really important. That's that's that's great wisdom, Ron. Absolutely. I mean, when you when you think about it, too, I mean, I look at it almost like
Ron (39:31.672)
Mm -hmm.
Mark Mosher (39:31.736)
Yeah.
Ron (39:34.52)
Yep.
D. Mauro (39:45.69)
Generative AI, I mean, we've all kind of been conditioned back in the day with Google, right? And that is we do a search, right? The searches are indexed, and then we get a bunch of blue links that are either by blogs or articles or news media, whatever. And then we click on that generative AI is essentially right, read all of that already, and then come up with something new for us. Sometimes it's totally wrong. Sometimes it's very useful. Most of the time, it's very useful.
Mark Mosher (40:05.656)
moment.
Ron (40:05.752)
And then we'll...
Mark Mosher (40:11.0)
Thank you.
D. Mauro (40:15.834)
and at least for a place to start and to start your ideas to ideate. But what I look at that and I think of the automobile and I'm like, well, when the automobile first came out, yeah, we lost a lot of horse and carriage buggy mechanics in that evolution. Like they were out of work, right? But we spurned an industry. We spurned the entire automobile industry and all of the
Ron (40:34.552)
Mm -hmm. Yep.
Mark Mosher (40:40.472)
Thank you.
D. Mauro (40:44.826)
heart suppliers and everything else. Like it was exponentially more beneficial than the way we used to do it because all those people had developed rare and important skills, right? They knew how to develop, how to design, how to implement, how to support, how to design the tires, all of those things. It's really quite cool.
Mark Mosher (40:54.488)
Thank you.
Ron (41:06.456)
Yeah.
Yeah, and you know, I can share how we're using it at Hacker Valley as well, AI.
D. Mauro (41:12.762)
I would love to hear that. And we're going to steal all those ideas. So let's, if we're not recording yet, let's start recording now.
Mark Mosher (41:13.08)
yeah. Start taking notes then, start writing this down.
Ron (41:20.792)
So one of the easiest things that I think you can do right now with AI is leverage large language models. They're almost plug and play. Like you don't need to know how to use it. You don't need to build your own or fine tune a model.
D. Mauro (41:33.594)
You don't need to know how they, what they even are. Just, just play around with it. Right.
Mark Mosher (41:36.876)
you
Ron (41:38.456)
Yes. So what I was doing for a little bit manually, because that's how all process start is by the manual process, is I would take I had this really cool meeting tool called Fathom. Fathom would jump on all of my meetings and will record them. So I started to take some of the meeting transcripts because it would also auto generate transcripts. I would take the meeting transcript, I'll pop it in a chat GPT and I'd say, summarize this meeting. And then right as I was kind of like about to automate that process, Fathom created a
an automation in their platform that automatically summarizes the meetings. I noticed that some of the things in the summarization provided by Fathom were not included. So I went and I checked out how Fathom is doing the summarization. I grabbed the pieces that I liked, I grabbed the pieces that I didn't, that weren't included. And then I made a prompt for it and I said, all right, I need to one, understand what I need to do. But before I even...
Mark Mosher (42:24.372)
Thank you.
Mark Mosher (42:31.638)
Thank you.
Ron (42:34.936)
understand what I need to do. What kind of call was this? Was this a sales call? Was this a marketing call? Was this a podcast? These are very different types of engagements that I interact with. So I need to have some type of bucketing system. So my first prompt in my automation identifies what type of call it is. Is it a sales, marketing, or is it other? And if it's a sales call, what it will do is it will look at the transcript and it will try to identify who is the seller. It's
always me, I say if Ron's on the call, Ron's a seller. If it's one of our other team members on the call, they're the seller. So I've provided very specific conditions for when it goes down the sales path to have a different prompt for creating those action items that I need. Give me the summary, but I also need to know specifically what are Hacker Valley's action items from this call. So from there, it takes that chat GPT output and provides it into Slack.
Mark Mosher (43:07.99)
Thank you.
Mark Mosher (43:24.278)
Bye -hoo.
Ron (43:31.992)
And then when I put it all in the Slack, I thought to myself, this doesn't look good at all. It's just a giant chunk of text. You know, chat GPT formats it in the window nicely. But when you get it in Slack, it needs to be in the Slack format that looks pretty. So I thought, I'm going to have to write some Python or JavaScript. And I have to say, no, I'm not. I could ask chat GPT to write this JavaScript for me.
Mark Mosher (43:36.63)
I'm sorry.
Mark Mosher (43:48.374)
Ta -da!
D. Mauro (43:52.698)
Hehehe.
Ron (43:58.36)
and format it to be in the Slack API call format and then to send it so it looks pretty. So that's exactly what I did for my sales path. If it goes on the sales path, it will use some code that was generated by Chad GPT to automatically get the action items, the notes, and to also put it into our sales Slack channel. And I have similar flows for marketing. I have similar flows for the podcasts. So I try to take...
Mark Mosher (44:07.094)
Thanks.
Ron (44:25.688)
I don't try to automate things end to end, but I try to take information as close to the truth as possible for our team to make some type of decision and action off of.
Mark Mosher (44:34.963)
Now that's good use. That's really good news.
D. Mauro (44:35.482)
That's brilliant. That is why, yeah, that is why you guys are as good as you are. But think about what that is, is you're identifying a manual process that you yourself have to do. And you're leveraging the LLM and the generative component of it to synthesize it. And then when you want to put it into a different system, you're like, I have to go and I have to write the code.
Mark Mosher (44:40.467)
different.
Ron (44:40.792)
I'm sorry.
Ron (44:58.2)
Mm -hmm.
D. Mauro (45:04.858)
no, wait, it already knows code, right? And then you just have it create that for you. It's actually remarkable. And it's a great example of the things to come, right? None of us can predict the future, but that ideation that you just showed us, that whole flow of identifying...
Mark Mosher (45:05.699)
I'm going to go ahead and close the video.
Mark Mosher (45:18.515)
Yep.
D. Mauro (45:28.538)
I need to summarize my notes. I need to identify what did the client actually say, rather than basing it on my own memory and my own handwritten notes. What did they actually say? What were their needs? What were their concerns? Having that filter out and then being able to translate that onto another platform. And you were able to do that all within the system. It's brilliant, man. Fantastic. Well, before we go, I want to ask you...
Mark Mosher (45:51.601)
Yeah, yep.
D. Mauro (45:58.458)
If you were talking to a business owner of a small mid -sized business, right? Think of or a leader in an organization. Maybe it's a bigger company, but they're in charge of a team or something and they have their own division or something and they're concerned about cybersecurity and risks. What are some of the top things that you see organizations
Ron (46:04.152)
Mm -hmm.
D. Mauro (46:21.466)
really everybody's telling organizations to do all these different things and they don't know what to do first. They don't know whether what they're doing is is good enough. What advice can you provide? What insight?
Mark Mosher (46:21.968)
Thank you.
Ron (46:35.416)
If someone came to me with that situation, I would say, you know, go back to the time when you were a kid, right? What were the things that your parents told you to do at the end of the day or the beginning of the day? Like, those are really the important things, right? Brushing your teeth, getting dressed, making yourself presentable, hygiene in all aspects of life is what our parents, you know, prescribe for us. And I would say the same for small to medium sized business owners and even people that work for those.
Mark Mosher (46:40.08)
Thank you.
Mark Mosher (46:54.544)
Thank you.
D. Mauro (46:55.418)
Hmm.
Ron (47:05.176)
size companies. This is also applicable for enterprise as well. But basic hygiene is the most important. I think when you do the basic hygiene, you build two pieces of very important knowledge. You get to understand what are the tools that you have already. I think a great way to find what tools you have is going through your financial records, looking at all the transactions that you've made in the past 365 days. That's going to let you know if you bought a new laptop, you'll see the Apple Store on there.
You'll see your subscriptions, they come monthly or yearly. So looking at Path 365 is typically a good way to go. Get a lay of the land of what you have first. That's going to be important. This is part of asset management. This is the first step to any cybersecurity framework. And even it's a step to a lot of financial frameworks as well, like asset inventory and asset management. So getting a lay of the land for what you have is very important.
Mark Mosher (47:36.493)
Yeah.
Ron (48:00.824)
Then I think the other two basic hygiene pieces that I would do to start with without trying to blow the ocean, make sure that anyone that has an asset that's connected to my systems has a strong password or some type of password manager so they don't have to remember all these passwords. And then the third piece, after you do the asset management, after you kind of like did just a basic setup, making sure that your users have access and good passwords, multi -factor authentication.
Mark Mosher (48:16.301)
Thank you.
Ron (48:29.336)
If you were only to do those three things, there's a very small likelihood that you're going to get compromised off your users. Your data and your applications are a whole different can of worms because they have configuration, but your users should be relatively safe, assuming that your applications aren't compromised.
D. Mauro (48:29.37)
Absolutely.
Mark Mosher (48:30.413)
Yeah.
Mark Mosher (48:48.589)
Yeah, that's a good point. Yeah.
D. Mauro (48:48.954)
Absolutely. Yeah, no, that's really good. That's really good insight. Yeah, I would agree completely. I would, I would, I would, I would as a subset, the only thing I would add to that is just as a subset of that hygiene would be for an organization to just do ongoing education on what they're supposed to be doing, right? Because it changes so much. We've been doing those, those security awareness things for 12 years now, and it changes.
Ron (49:08.024)
Yes.
Mark Mosher (49:09.165)
Yeah. Yeah.
D. Mauro (49:18.33)
every couple months, like the entire framework changes. Like everything is the threats are changing so quickly. But at the end of the day, you're right, like good password, having multifactor authentication. And these are these are kind of table stakes. And but they're the things that when you look at again, getting back to your storytelling, when you tell the story of breaches, like we all do here, right? It usually starts with
Mark Mosher (49:20.492)
Yeah.
D. Mauro (49:48.122)
Well, they used stolen credentials and guess what? They were reusing passwords, right? You know, like you can't reuse a password. Like in the beginning, we used to educate people on creating good passwords. And then what was happening is people would be like, I got a good one. It is really long. Mauro, I put it in your, I put it in your, you know, how strong is my password? It's going to take them a billion years. So I use it on everything.
Ron (49:51.544)
Yep.
Mark Mosher (49:51.98)
Thank you.
Mark Mosher (50:05.964)
I'm gonna use it for everything!
Ron (50:06.584)
Hahaha!
Ron (50:17.184)
Mm -hmm.
D. Mauro (50:17.978)
And I'm like, no, like the other part of that was you can't reuse passwords. And we see that through credential stuffing and a lot of other risks that happen. But you bring up a good point about asset management, and that is so many organizations, they don't have a real good handle of everything that's connected to their network right now.
Ron (50:42.072)
Mm -mm. Scary.
Mark Mosher (50:42.444)
Now, that's very cool.
D. Mauro (50:43.354)
No. I mean, even just think like even smaller. I think of there's so many examples by my mind just flooded with examples. Think of a school district, right? You have buildings all over town, right? And, you know, guess what? Like the elementary school got a grant that's separate from here. They went and bought these devices and they throw them on the network. Somebody else got some some tablets and some boards for a classroom. They threw those on the network. The IT guys, the IT team or the
Ron (51:04.44)
Mm -hmm.
Mark Mosher (51:07.272)
Thank you.
D. Mauro (51:12.378)
the company doing it, whatever, they don't even know those things exist. Right. So how can they protect them and know that they're secure if they don't even know that they're on the network? So it's a really good point. Excellent. Well, Ron, what is on the horizon for you as we as we wind down? We thank you so much. Great, great opportunity. Thank you so much for your time today. What what's on the network? What's on your horizon? Are you guys?
Mark Mosher (51:21.448)
Yep, yep, yep, yep.
Ron (51:21.752)
Exactly.
Mark Mosher (51:30.728)
Yeah!
D. Mauro (51:40.122)
Are you guys speaking somewhere? Do you have anything happening?
Ron (51:44.536)
a bunch, a bunch to, had two things that I'm very excited for. Number one is to get you, my friend on the Hacker Valley Studio podcast. We got to do a live stream together, bring out.
D. Mauro (51:45.658)
I know you guys always do.
Mark Mosher (51:45.832)
Heheheheh
Mark Mosher (51:54.696)
wow.
D. Mauro (51:56.026)
We will love that. That'd be awesome. Yeah.
Ron (51:59.256)
I also feel the mission of unlocking the creative potential for everyone out there in cyber. And then number two is Black Hat and Def Con. I'm super excited for Hacker Summer Camp. I'm going to be there staying through Def Con this year. I haven't been to Def Con in like four years. I've only been to Black Hat, you know, past four years. I'm excited to get back into Def Con because there's the, you know, all of the enterprise components at Black Hat, which are so important. I love that. But there's nothing like getting close to the source, like getting close to the hat, getting close to the breeds.
D. Mauro (52:07.161)
yeah.
D. Mauro (52:15.994)
Yep.
Mark Mosher (52:23.848)
Thank you.
Mark Mosher (52:28.2)
Yeah.
Ron (52:29.336)
That's what Def Con's for.
D. Mauro (52:29.402)
Now in DEF CON is like it is just a trip like that is just that's an experience. That's so cool. that's fun. That's great. And your partner Chris just came out with a with a book. Is it a children's book?
Ron (52:35.032)
Yeah.
Ron (52:45.432)
Yeah, it's a graphic novel. It's designed for young teens, young adults. And it's called Scatty. For anyone that wants to go check it out, it's available, I think, everywhere. You can get it off of Amazon.
D. Mauro (52:47.738)
It's a graphic novel rather. Yeah, yeah, yeah.
D. Mauro (52:57.242)
It is available everywhere. I ordered mine. I still haven't gotten it in. So I was hoping to have it in and to be able to hold it up to be able to to show him, hey man, see, I told you I told you I was going to buy it and I have it. So. But I'm. I know I'm excited about it, but no, that's great. So we'll throw links to to everything you guys are doing in our in our show notes as well. And definitely we will be in touch.
Mark Mosher (53:06.083)
Heheheheh
Ron (53:07.256)
Ha ha ha ha.
Gotta get you a signed copy as well.
Mark Mosher (53:12.899)
Right, right.
D. Mauro (53:26.746)
and we will set up a time for us to do like a joint live stream or something. That'd be great. We love it. We love it. All right, man. Thank you so much. Excellent. Thank you so much. Ron Eddings, Hacker Valley Media, check them out. They are available everywhere and they are the gold standard. So we appreciate your time, brother. Thanks, man.
Mark Mosher (53:31.299)
Thanks, Ron. Yeah, we appreciate it.
Ron (53:31.64)
would love that. Yes, thank you so much, gentlemen. I really appreciate y 'all.
Ron (53:49.688)
Thank you.
