Cybercrime vs Small Business. Insider View of Cyber Crime. Artwork

Cyber Crime Junkies

Translating Cyber into Plain Terms. Newest AI, Social Engineering, and Ransomware Attack Insight to Protect Businesses and Reduce Risk. Latest Cyber News from the Dark web, research, and insider info. Interviews of Global Technology Leaders, sharing True Cyber Crime stories and advice on how to manage cyber risk.

Find all content at www.CyberCrimeJunkies.com and videos on YouTube @CyberCrimeJunkiesPodcast

All Episodes

Cyber Crime Junkies

Cybercrime vs Small Business. Insider View of Cyber Crime.

January 19, 2025 • Cyber Crime Junkies. Host David Mauro. • Season 6 • Episode 29

Ron Sharon, a well-known cybersecurity & IT leader having served at such great companies as CANNON, LA Clippers, Universal Music, Mercedes, and more. Ron is a mentor to IT and cyber professionals across the globe and a friend of this show.

Chapters

00:00 The Journey into Cybersecurity
04:58 Cyber Crime vs Small Business
09:56 Insider View of Cyber Crime
14:52 Entry-Level Opportunities in Cybersecurity
19:55 The Broad Scope of Cybersecurity Roles
26:15 Small Business Cyber Risk
34:59 The Need for Governance in AI
40:02 Understanding Modern Cybercriminals

Send us a text

Grow without Interruption. Stop Breaches. Leverage Advances in Technology with NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com

Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-446

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss a video episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Youtube (FKA Google) Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Ron Sharon, well-known cybersecurity & IT leader having served at such great companies as CANNON, LA Clippers, Universal Music, Mercedes and more. Ron is a mentor to IT and cyber professionals across the globe and a friend of this show.

Cybercrime vs Small Business. Insider View of Cyber Crime.

https://www.buzzsprout.com/2014652/episodes/16440356

Topics: CybercrimevsSmallBusines, cyber crime vs small business, insiderviewofcybercrime, cyberleadershipinsight, cyberleaderadviceforsmallbusiness, whysmallbusinessistargetedbycybercrime, cybercrimeagainstsmallbusinesses, cybercrimeandsmallbusinessesrisk, smallbusinesscyberrisk, cybersecurityrisksforsmallbusiness, smallbusinesscyberrisk, mostcommoncyberattacksonsmallbusinesses, inside the dark web. how criminals work,

Inside the World of Cybercrime: Why Small Businesses Are the Perfect Target

Cyber Leadership Insights: Protecting Small Businesses from Cyber Attacks

Cybercrime vs. Small Business: insider View Of Cyber Crime

Small Business Cyber Risks: Expert Advice from a Cyber Leader

The Most Common Cyber Threats Small Businesses Face—and How to Beat Them

Why Small Businesses Are Prime Targets for Cybercrime (And How to Respond)

Cybersecurity for Small Businesses: Risks, Realities, and Resilience

Cybercrime Uncovered: Practical Advice for Small Business Owners

From Risk to Resilience: Cyber Leadership Lessons for Small Businesses

Breaking Down Cybercrime Against Small Businesses: Tips from a Pro

cybersecurity, IT, career, challenges, job market, entry-level, GRC, incident response, mentoring, small business, phishing, AI, cybercrime, cybersecurity, governance, social engineering, data protection, security awareness, virtual CSO, threat detection

Summary In this conversation, Ron Sharon shares his journey into the world of IT and cybersecurity, discussing the challenges faced by small to mid-sized businesses in securing their systems. He emphasizes the importance of understanding the distinction between IT and cybersecurity roles, the difficulties in the job market for aspiring cybersecurity professionals, and the need for proper training and mentoring. Ron also highlights the broad scope of cybersecurity roles, including GRC, and the necessity of having cybersecurity controls in place for businesses today. In this conversation, CCJ and Ron Sharon delve into the evolving landscape of cybersecurity, focusing on the persistent threat of phishing, the role of AI in cybercrime, and the need for governance in the use of AI technologies. They discuss the sophistication of modern cybercriminals, the importance of professional guidance in cybersecurity practices, and the best strategies for organizations to protect themselves against cyber threats. The conversation emphasizes the necessity of understanding the current cyber threat landscape and implementing effective security measures.

Takeaways

Ron Sharon's journey into IT began with a fascination for technology.
Self-education in IT was more challenging before the internet.
Small businesses often rely on IT teams for cybersecurity, which can be problematic.
Cybersecurity is never 100% secure; breaches are inevitable.
Incident response is crucial after a breach occurs.
Organizations often lack the resources to train new cybersecurity hires.
Entry-level cybersecurity roles require foundational IT knowledge.
Recruiters often misunderstand the requirements for cybersecurity roles.
GRC roles are essential for compliance and risk management.
Cybersecurity impacts various sectors, including legal and insurance. Phishing attacks occur daily, affecting countless individuals and organizations.
Cybercriminals have become increasingly sophisticated, utilizing AI to enhance their tactics.
AI is often misrepresented as a cure-all for cybersecurity issues.
Governance and policies are crucial in managing AI's impact on security.
Modern hackers operate as organized criminal enterprises, not just individuals.
Social media and open-source intelligence can expose individuals to cyber threats.
Professional cybersecurity guidance is essential for effective protection.
Tools and technologies must be used by trained professionals to be effective.
Early detection of breaches can prevent significant damage.
Organizations must prioritize cybersecurity as a core aspect of their operations.

Chapters

00:00The Journey into Cybersecurity
04:58The Challenges of Cybersecurity Today
09:56Navigating the Cybersecurity Job Market
14:52Entry-Level Opportunities in Cybersecurity
19:55The Broad Scope of Cybersecurity Roles
26:15The Persistent Threat of Phishing
34:59The Need for Governance in AI
40:02Understanding Modern Cybercriminals

CCJ (00:03.596)
Welcome everybody to Cybercrime Junkies. I am your host, David Mauro and in the studio today is a special guest, Ron Sharon He's a well-known cybersecurity and IT leader, served as a founder of several organizations, various director roles and IT roles at such great companies as Canon, the LA Clippers, Universal Music, Mercedes, and more. He's a mentor to IT and cybersecurity professionals across the globe.

Very active, one of the top voices on LinkedIn as well, and a longtime friend of the show. Ron, welcome, sir.

Ron Sharon (00:40.596)
It's great to be here, David. Thank you for having me.

CCJ (00:42.72)
No, I'm excited about having you. So for those that might not be familiar with you, walk us through kind of like what drove you to get into IT and cybersecurity in the beginning.

Ron Sharon (00:57.336)
So I think it's a common story. I was always fascinated with computers. I was always fascinated with technology. So my first computer was 286 XT Turbo, one of those nameless white boxes with like eight megabytes of memory back in the day, which was like, that's a lot of memory. My dad came back once and said,

CCJ (01:11.264)
yeah, they were big. They were big. Mm-hmm.

CCJ (01:21.208)
Ha ha.

Ron Sharon (01:24.854)
I got a hard drive, it's 500 megabytes and I'm like, 500 megabytes. What am I going to do with all that space? That was my initial reaction. It's so much, you know, open Napster back in the day, just start downloading tons of music and tons of videos and everything. And I'm like, that's exciting. This is a, this is a world I would like to get into. had the MIRC, if you remember that client for the IRC network, you talk to people around the world and it was.

CCJ (01:28.44)
Wow. You're like.

Ron Sharon (01:54.146)
the best thing ever for like a up and coming teenager. It was kind of the first chatting application, think, yeah. Maybe there were before, but it was the first one that I ever got my hands there. Yeah, and I got ICQ later and then AOL and then MS Messenger and all those ones. I had all of them because if you had a person that had MS Messenger, you had to contact them with MS Messenger, right?

CCJ (01:57.678)
That was like the first chat, wasn't it? Wasn't that like the... Yeah. Yeah.

CCJ (02:06.798)
Yeah, the first mainstream one, the one that kind of got popular.

CCJ (02:20.631)
right.

Ron Sharon (02:21.506)
You had a bunch of applications. So I got into this world and I'm like, this is exciting. This is something that interests me. So that's how I got into, you know, taking apart computers, taking about radios, putting them back together. Sometimes there's no success. Putting those memory chips. You remember when you upgraded from eight megabytes to 16 megabytes, you didn't have those blocks that you put today. You had like these small chips that you have to put into the computer. So I was amazed as a young kid.

I'm like, that's it. This is what I want to do. And I've never studied computers formally in college. When I attended college, I went to psychology. It took me, I think one or two semesters of microeconomics to say, what the heck am I doing here? Why am I studying microeconomics? I have no clue. was economics. like, I don't understand any of it. So I left. what I did was I self-taught myself. And back then it was harder.

because there was no YouTube, there was no Google, you had to find forums and...

CCJ (03:19.992)
Yeah, right. yeah, there, there. mean, if you think about all the areas where you can find self-education now, I mean, there's platforms and systems and everything. Plus there's, you know.

Ron Sharon (03:32.526)
Everything, yeah. In your fingertips, have to actually look for forums or buy an actual book that's taught you how to do things, which I did. And then I self-taught, I self-teached myself everything to do with IT and networking and Exchange 2000 and Microsoft Server 2000 and Exchange 5.5 back in the day.

CCJ (03:39.928)
Mm-hmm.

Ron Sharon (03:59.244)
And that's how I got into it. And then somebody just gave me a chance. They hired me and said, Hey, Ron, we need you to manage this. teach the it for this 70 person company inside it. And I said, sure, I'll do it. I don't know. I'm self-taught, but, and I did it. and then I moved on from there and I started in it, like everyone else, like system, like it managers, system engineer, windows, the next, Excel, you know, all the usual stuff.

Exchange 5.5 back in the day where you needed to upgrade it to 2000. You had to redo the entire thing because there was no direct path for upgrade. So I did all of that. And in one of my jobs, I went into my boss and said, hey, there's this thing, cybersecurity. We need to take care of the security of this, all the systems we have who's doing it. And he said, you do it. And I said, And that's how I got into cybersecurity. So I really started again, self-taught.

going into cybersecurity.

CCJ (04:58.402)
What's amazing about that? Yeah, what's a man? I'm so glad you share that. What's amazing about that is I think a lot of small mid-sized businesses today kind of are still there, right? They have an IT person or an IT group that they've been relying on. And when they say, hey, handle our security, right? It's a different world today, right? I mean, it's really...

Ron Sharon (05:23.171)
Yes.

CCJ (05:25.91)
It's really a challenge for an organization to stay secure today compared to 20 years ago or so, right?

Ron Sharon (05:32.748)
Yep. It's, it's extremely challenging. And first of all, even medium sized businesses, the go to people saying, Hey, I need somebody to do cybersecurity to go to the IT team. despite the fact that's not really in their wheelhouse because the survey security side or the information security side is more of like, and I gave that example before and I, and I like using it is you're building a house. There's an inspector coming to your house and say, all of this security.

CCJ (05:44.163)
Right.

CCJ (05:48.512)
No, and yeah. Right.

Ron Sharon (06:02.666)
You know, things, you know, do you don't want the roof falling on in your head needs to be fixed. You need to patch here. You need to have this pole moved 10, 10, 10 inches to the left and all that, that cyber security, know, the people that actually move the pole that's IT. Right. And there's, and there's it's. And there's it's a distinction between the two and, sad, sad, it's not sadly small, medium sized businesses can't afford to get a dedicated.

CCJ (06:18.53)
Right. That's a good analogy. That's a good analogy.

Ron Sharon (06:32.206)
person for managing their information security. That's the main issue.

CCJ (06:37.518)
Right. Well, and even and even so, one person really can't do it all right. They still have to pick the right vendors and they have to do that. What's your take on the industry in general? Like the the and here's why I'm asking. To me, it seems like the industry sometimes has done a disservice to some some small to mid-sized businesses, and I don't mean that.

Ron Sharon (06:42.902)
And one person can't do it all. Yeah.

CCJ (07:04.63)
necessarily as a slam because they're capitalists and they're trying to gain market share and what they have is good. But sometimes I think they might be right on that line of over promising. Like if you buy this box, you will be secure. And it doesn't work like that. Like they're just waiting to get that box over at DEF CON and blow the thing up. You know?

Ron Sharon (07:26.444)
Yeah. And that's the thing, right? There's, and when I talk to small business owners, medium business owners or any business owner, or even like when I have a conversation with IT people or service security people, my go-to sentence is it's not going to be a hundred percent. You're never, we are never going, whatever we put in place, it's not going to be a hundred percent secure. And my stance is you will eventually something, there will be a breach. It could be a small one.

You know, somebody just guesses a password and circumvent MFA on one negligible account, or could it be a big one? But there's going to be an event. There is going to be an event because nothing is a hundred percent perfect. You can have all that we can buy all the protection in the world. can buy all the platforms in the world. You can have all the frameworks in the world. can have a SOC 2, you can have a SOC 2 dissertation. You can have an ISO certification. You can be CMMC 2.0 even. Nothing promises that you're not going to get breached.

CCJ (07:55.022)
Mm-hmm.

CCJ (08:11.019)
Absolutely.

Ron Sharon (08:24.618)
And the way that determines what happens after you get breached is always your incident response. And this is a part where IT falls because IT doesn't work on incident response. That's an information security slash cybersecurity role, which is neglected in a lot of organizations because they like to spend the money on the protection and not of what happens after.

CCJ (08:47.832)
Right, the incident response, the tabletop exercises, that building of operational resilience, that's what you're talking about, right? Because not all breaches are created equal. Some could be relatively minor and some could be brutal and the length of your recovery and the cost of it really depends on how prepared you are.

Ron Sharon (08:55.042)
Yep, exactly.

not all breaches are created equally.

Ron Sharon (09:12.034)
Yep. A hundred percent. And whomever ever built like a business plan for their business, right? They have like a long list of things that needs to happen while you're planning to open a business. So the same thing in a business plan or in future planning inside a business that there always needs to be something that plans to information technology and information security again, two separate issues, but it needs to be planned. needs to be written down. It needs to be exercised so people would know exactly.

CCJ (09:14.379)
Amazing. Yeah.

Ron Sharon (09:42.03)
what's going to happen and of course it has to be cost, it has to become prohibitive to the organization because the number one thing always in a business plan unless you're opening a nonprofit is the goal of the business is to make money.

CCJ (09:55.278)
And to grow, right? And the way I look at security, yeah, right.

Ron Sharon (09:56.814)
and to grow, make money and grow and then everything else, provide a services, provide whatever things they do. And that's it. So if the business needs to make money. So if a solution costs $2 million and the business makes $20,000 a year, that's just not gonna work.

CCJ (10:14.626)
Well, right. Yeah. Yeah. Well, and then you've got to worry about the business model of that solution provider if they're offering something that's going to cost two million dollars. But there are there are a lot of relatively reasonably priced security layers that can be placed even at the small business level. And sometimes, you know, people don't find out about them necessarily. Right. Or they or they

Ron Sharon (10:20.618)
Exactly.

Ron Sharon (10:42.638)
Yeah. And that's why, uh, yeah, exactly. And that's why, uh, if small and midsize businesses, like I said, don't have sometimes funding and that's okay. Not a lot of companies have this extra, you know, hundred, a hundred and fifty, $200,000 a year to get a CISO or to get like a top level, um, cybersecurity professional to do all of that. And that's why, you know, there are these fractional CISOs, V-CISOs and all these kinds of companies.

CCJ (11:11.115)
Exactly.

Ron Sharon (11:12.61)
that can do it, but always, and this is my advice to everybody that's looking for some sort of a VC sale or service like that, always research the company, always research the individuals you're looking at, always dig into their past activities, their past roles, and see if they actually know what they're doing. Because there's a lot of things out there. There's a lot of people out there

that I've seen that were, for instance, database administrators. And a year later, they became CISOs. So that makes you wonder, like, how did you get from a database administrator to be a CISO? I don't see the progression of it. I don't know what your, yeah, not in a year anyway, right? It takes a while. So always look into the company you're getting and, or if it's an individual you're getting, always look at their resume. Always look at their track record.

CCJ (11:46.316)
Right, great point, great point, right.

CCJ (11:57.034)
Not in a year anyway, right? Exactly. Yeah. Right.

Ron Sharon (12:09.868)
and make sure you're getting somebody that's really professional that knows cybersecurity inside and out.

CCJ (12:15.342)
Absolutely. Yeah, that's that's excellent insight. You know, let's circle back to the gentleman that got that said, hey, you want to manage the IT for for this small group. There's so many people that want to break into cybersecurity now. mean, data breaches are always in the news, things like that. What are some of the biggest challenges for people wanting to break into cyber today? Because you do a lot of mentoring for people wanting to break in, people wanting to either break into the entire field

from marketing or from sales or from other non-technical backgrounds, or let's say they were help desk or they were database administrator and they want to lean into the cybersecurity realm. What are some of the biggest challenges that you're helping people with?

Ron Sharon (13:04.824)
So there's a lot of challenges and most of them come from the understanding of the role because like we said, medium size, small size and even core, huge enterprise sized businesses sometimes recruiters do not understand what we do. I've seen strange things out there and it's an example I like to always put out. I've seen a CISO requirement that has a accounting degree. It says we want a CISO.

CCJ (13:10.606)
Hmm.

Ron Sharon (13:34.062)
And the role requirement says accounting degree preferred. Now I don't know how many CISOs have accounting degrees out there, maybe five, 10, I don't know. But that's a tough ask. And a lot of these kind of companies ask you, for instance, I'm looking for a penetration tester, has to have five years experience in a CISSP. And I'm like, first of all, CISSP has nothing to do with pen testing.

CCJ (13:39.309)
Wow.

CCJ (13:45.346)
Yeah, that's a tough ask, isn't it?

CCJ (13:59.68)
Yeah, I was going to say the CISSP cert isn't the penetration cert, right? Like, yeah.

Ron Sharon (14:04.32)
It's not a penetration search. they copy it. So the first thing you need to, they don't understand. say, need a penetration that has either a CISSP or a CISM. And none of these two certifications, anything to do with penetration testing. Right? But they see it in other job posting and they copy and paste it. And the first hurdle that people, that new candidates needs to overcome is that.

CCJ (14:09.492)
They're getting the acronyms because they don't understand, right?

Ron Sharon (14:34.774)
Right. And, and, you know, recruiters would look at your resume and says, he doesn't have a CSSP. He has this weird certifications that EG, whatever. And then they're going to just put you into reject pile or it's going to be rejected automatically because it doesn't say that you have CSSP. so it's

CCJ (14:43.074)
Right. Yeah.

CCJ (14:52.078)
Well, and there's so many boot, there's so many platforms and boot camps and capture the flags and all of the like hack the box. And there's all these ways where a candidate, and correct me if I'm wrong, cause you live this more than I do. But to me as an observer, it seems like there's a lot of ways somebody could have their own portfolio, almost like an artist to show them here's things that I've done. Right. And be like,

Ron Sharon (15:16.032)
Yes, 100%.

CCJ (15:19.52)
I did this, I was top 5 % and hacked the box or whatever. That's demonstrating that they are penetration testers, essentially, right? To some degree, right?

Ron Sharon (15:23.694)
100 percent.

Ron Sharon (15:28.59)
100 % yes. It's 100 % true. The only issue is that most recruiters are not cybersecurity recruiters. They're general recruiters. They get an ask from a hiring manager and the hiring manager gives them a list. Exactly, they're an attorney one day, they're hiring a salesperson the next, and they're hiring a database engineer the next day. And then all of a sudden they got

CCJ (15:38.144)
Right. Yeah. Right.

CCJ (15:44.482)
Right, they're hiring an attorney one day and then they're hiring this the other day. Right. Yeah.

CCJ (15:53.914)
that's tough.

Ron Sharon (15:56.376)
a sock analyst or a penetration tester requirement, and they just do the same steps. They don't understand the industry. And that's what I've noticed, which is the biggest hurdle. All the things that we can do, that people can do, is we can try and change. And that's part of what I do. I'm trying to educate companies and recruiters out there how to look.

CCJ (16:06.754)
Yeah.

CCJ (16:16.462)
Yeah, you do a really good job. Yeah, you do a really good job. One of the things I love is you say, and it's something I want to ask you about, is you say, you point out like entry level cybersecurity job and it requires five years experience. Like I've seen you point that out too. And that's a tough ask. The question I wanted to ask you is what's your opinion on that? Because should cybersecurity

be an entry level job? Do know what I'm saying? Like it's more serious than it's more serious for an organization than just managing the IT necessarily. Right. And so is it and maybe it's not an entry level. I'm thinking aloud, so I apologize, but maybe it's not an entry level IT technology job. But there are entry level steps within cybersecurity, if that makes sense.

Ron Sharon (16:50.046)
yes.

Ron Sharon (16:57.698)
That's a yeah.

Ron Sharon (17:13.134)
Yeah, there's entry level steps in cybersecurity that you can take. And one of the things you can do is always start in IT because a lot of roles, and I'm talking about, instance, cybersecurity, let's distinguish a little bit cybersecurity, information security. Cybersecurity in cybersecurity, there's a lot of terminology. There's a lot of, know, you need to know, for instance, just as an example, if you're a stock analyst and you don't know what DNS is, where NS lookup is.

or IP config or if config, if you're working on Linux, it's a problem. You have to have to know that basic information of what is that? What are the Windows, DOS, Linux commands? How does a packet is built? That's why I'm always saying, I always recommend to people to, they don't have to take the A plus network plus certifications and pay for them because again, it's money.

CCJ (17:46.346)
Absolutely.

Ron Sharon (18:08.984)
but they need to read and understand that material. Because if they don't, in the cybersecurity world, and we're not talking about, you know, I'm not talking about forensics or policies and procedures because that's different, but if you want to be a SOC analyst and if you want to be a penetration tester, you know, you need to know all of that. Because how are you going to penetrate something? How are you going to penetrate a computer system when you don't know basic computers? How are you going to read a packet if you don't know what a packet even is?

CCJ (18:33.998)
Absolutely.

Ron Sharon (18:39.374)
So you have to know that basic, basic, basic. So backing into the question of, it an entry-level job? It can be, but it has to come with training with inside of the organization. And it's like three to five months training and shadowing and mentoring inside of your organization that picks you. And if they have that capability to do it, then it will be an entry-level job.

CCJ (18:53.314)
Mm-hmm.

Ron Sharon (19:07.776)
If the expectation, but sadly, let's go back one step. Sadly, most organization today don't have time to train and mentor you. They don't. And that's why you've seen a lot of job requirements today. And that's the key phrase hit the ground running. Hit the ground running pretty much means we don't have any time to train you. I need you to know everything on day one. That's what it means. And that's why.

CCJ (19:23.509)
Mm-hmm.

Ron Sharon (19:33.582)
cybersecurity can be an entry-level position if the organization, for instance, that you're applying for, it can get you the training, shadowing, mentoring that you need. If you're starting from scratch and you don't have that and you need to hit the ground running, then that's pretty much impossible.

CCJ (19:55.276)
Right. Well, and that's where people like you and organizations like, I mean, there's so many of them out there now that you can get some of this mentoring or some of this hands on experience to learn it, even whether you're you do that before the job or while you're while you're learning on the job. mean, it seems to me cybersecurity is always. Yeah.

Ron Sharon (20:17.806)
Yeah. Hack the box, try HackMaze, two of the prevalent platforms that offers you those kind of hands-on experiences without actually breaking anything, which is always important. Yeah. Yeah. And there's a, I mentioned before, like when I used to study this stuff, there wasn't any platform. There were no platforms to learn for. There was no YouTube. There was nothing. If you wanted something, again.

CCJ (20:28.942)
Right, yeah, they're all like in a sandbox environment or a Linux environment or something.

CCJ (20:41.13)
No. Right.

Ron Sharon (20:45.358)
forums, BBSs, good old times, or just buy a book. You have to buy a book, an actual physical book that came with a CD. And the CD had a small lab environment on it that you can run. That's the best you can do.

CCJ (21:02.776)
which is brute. And that's just a brutal way of learning when you think about it today. Right. Like now they have interactive things. The software is built. It's teaching you. It's you know, you can click here and then do a demo like all these. It's so well done today. But I remember everything when I was learning. You'd have to do the book and you know, you'd read like 20 pages and then it was like click here, click there. Like you're like I read 20 like it took me

Ron Sharon (21:28.43)
Click exactly.

CCJ (21:30.848)
all this time just to know that it'd be so nice if somebody was standing right there, I could see a video, right? But they didn't have it then. So it's amazing. Yeah, that's, that's, that's, that's so good. And what about, I mean, obviously it, it also depends on where they want to be within cybersecurity because cybersecurity is such a broad platform or broad industry. You mentioned the policy Elm. So like,

Ron Sharon (21:37.166)
100%.

CCJ (22:00.546)
let's say somebody's not very technical, but they're more a political science background, philosophy background. And let's say they're not really into the code aspect of it, right? Or the technical aspect, but they're still GRC, right? There's that whole realm of understanding risk and policy. And it's almost like giving legal advice in a sense, right? It's giving risk management advice.

Ron Sharon (22:20.354)
risk and policy and compliance. Yep. 100. Well, it's, it's, it's, yeah, GRC people and lawyers work very close together because there's some, some things that, you know, lawyers needs to interpret and GRC people need to, you know, get some clarifications on. So when I used to hold the GRC role, me and the, the general counsel of that company that I work with, we literally on a daily basis, emailing it's like, Hey,

CCJ (22:29.698)
Yeah.

CCJ (22:33.838)
Of course, yeah.

CCJ (22:46.7)
Yep. Yes.

Ron Sharon (22:49.198)
this came out on this state because GRC is federal, local and state, state and local. And it's everybody has their own variation of things. So California has something else than Virginia. That's something else than the federal. And even the federal is not equal. For instance, if you're a financial firm, go, you need to do, there's SEC has rules of governance for public. If you're a public company, it's the FTC. If it's, if you're, again, if you're a medical office, it's HIPAA and high trust.

CCJ (22:55.373)
Right.

CCJ (23:00.6)
Right.

CCJ (23:06.744)
Right.

Ron Sharon (23:18.233)
So there's variations.

CCJ (23:18.264)
Right. And now with manufacturing, a lot of businesses that manufacture parts that eventually wind up in a rocket or a tank. Now, CMMC is coming and they've got a that's a whole other.

Ron Sharon (23:26.444)
Yeah, so you have to be CMMCs. Exactly, CMMC 2.0 now you have to be. That's a whole nother thing. Each one of those, it's different. It's the same. Some of the aspects are the same and some of the aspects are different. So you need to imagine if you're a company that does medical things for the space shuttle. So you have the SCDMMC and you have the HIPAA.

CCJ (23:33.347)
Yeah.

CCJ (23:36.76)
Mm-hmm.

Ron Sharon (23:52.384)
And you have the FTC if you're a private, if you're a public company and all of those have regulations that you need to adhere and it's different regulations that you have to adhere to. Some of them again are the same and some of them are not. And the government can come in and say, we're going to inspect you next week. Be ready. And you have to walk a bunch of people from the FTC around and show them your cybersecurity controls. And they ask to see this. You told them I have, I have.

MFA enabled and they want to see it. So you have to show them this is how it works. This is This is what we do. When's the last time you had a tabletop exercises you have to show them the tabletop exercise

CCJ (24:29.646)
Well, and regardless, yeah. Well, and regardless of the industry, let's say you're not even regulated. If you want to buy cyber insurance today, right? It really is in your best interests to have some of the cybersecurity controls in place, like to...

Ron Sharon (24:49.048)
Well, it's not you have, it's in your best interest. You can't have cyber insurance unless you have some of those cyber security in place, controls in place. They will not insure you.

CCJ (24:53.112)
Right.

CCJ (24:57.56)
controls. Yeah, I mean, it's true because not only will it reduce your risk of ever having a claim and ever having to go through the reputational damage and the financial damage and the loss of production, et cetera, et from a breach if it's a bad one, but it'll lower your, it'll A, allow you to get the insurance, right? But B, lower your, lower your premiums.

Ron Sharon (25:22.606)
100 percent,

CCJ (25:24.638)
It's it's industry. mean, it's cyber security such an interesting, interesting industry because it touches almost every aspect of society. Right. Like it touches legal regulatory insurance like every, you know, every aspect is is is touched by cyber security. The more I learn about it and I'm constantly learning in it. But the more I learn about it, the more wide it is. It's just

Ron Sharon (25:35.159)
understand.

CCJ (25:54.08)
It's relevant everywhere. And then you, you call it quits for the day and you turn on the news and they're talking about a big breach and you're like, God, I can't get away from it. Right. It's, it's absolutely everywhere.

Ron Sharon (26:05.366)
Yep. And you find sometimes to be those big beaches are because of the most simple, simple things, right? A VPN username that has been forgotten and nobody used for like, like a year, an air conditioning technician plugs in.

CCJ (26:11.634)
my.

CCJ (26:15.215)
Yeah.

CCJ (26:18.72)
And everybody, everybody's so tired of hearing about a phishing email. They're like, I don't want to hear about it. I know, I know, I know. And yet they don't.

Ron Sharon (26:27.118)
Well, yeah, that's the small. the Phishing happens every day. Every day somebody gets fished like a hundred thousand, 200,000, 500,000. It never gets to the news because it never gets to the news. It's not like major company, major breaches, but it happens every day, every day, a company or an individual for, for, um, some sort of a scam, a scam.

CCJ (26:30.986)
Every day. Yeah.

CCJ (26:40.824)
Right.

CCJ (26:45.454)
And they've really gotten good. They've really gotten good. I've seen some of them lately in the last month or two where I am like, that is a good one. Like it is relevant. It is a vendor that they're used to. Like it is so good. There's no the old red flags of like poor grammar or things like that. Those are all gone. Yeah.

Ron Sharon (26:53.566)
yeah, so with AI today?

Ron Sharon (27:11.062)
Yeah, no, these are all gone. Open like chat GPT today. You can write a letter. It looks official from Chase bank saying something and it looks really normal. And you know, they, buy, they buy domain names. And one of the, one of the major issues is companies, technology companies are not very fast in mitigating these issues. For instance, you know, one of my previous companies, I reported a domain name that

CCJ (27:16.049)
yeah.

Yep.

Ron Sharon (27:41.454)
was close, but they had a different letter and they used it as, yeah, the transposed looking, it looks the same. And I had to look for the abuse, the abuse email for the domain registrar. And I send them an email and I've never heard back. And, you know, it took them like a while to take it off the air. And the same thing, by the way, with phone, like the smishing today, right? Like I'm getting probably 20, 30 in a week.

CCJ (27:44.472)
Right, they transposed like an I in an L or something like that.

CCJ (28:06.488)
Mm-hmm.

CCJ (28:12.229)
yeah, I get them all. I get him every single day. So does my wife. So do my friends. Yeah.

Ron Sharon (28:12.294)
at this point, like from outside of the country, know, you use PS, you have a package, hello, Ron, and they get your information. Like my information is out there and my finishes out there not because of my fault. I got like, I have T-Mobile, sadly, and my information got hacked like four times already. every.

CCJ (28:28.566)
Yes.

I know, me too. Yeah, it's just, that's the way it is. Right.

Ron Sharon (28:33.792)
And I'm like, okay, they got my phone number, they got my email and they got my LinkedIn profile. And people need to, partially people need to realize what they're putting on their social media and who can see it. Because it's open source intelligence, right? These people don't act in void anymore. These are not 12 year olds somewhere sitting down. They downloaded some sort of a toolkit, right, to hack you. These are...

CCJ (28:40.92)
Mm-hmm.

Ron Sharon (29:03.342)
criminal enterprises that are sitting around researching you and collecting intelligence on you specifically or on your company specifically and then targeting you.

CCJ (29:15.992)
Yep.

Ron Sharon (29:17.346)
That's what they do and they target you and they know and they know what companies you use, for instance, because you posted, don't know where I'm working with XYZ company and they have that now.

CCJ (29:28.074)
or it can be found, I mean, or it's part of a data packet and a data set that's sold by data brokers, right? Which really doesn't seem very regulated as an industry at all.

Ron Sharon (29:35.608)
Yep, could be.

Ron Sharon (29:40.374)
It's not like, yeah, I know my data is being sold and resold every time I get an uptake in emails and text messages. So I know there's somebody bought the list because all of a sudden I'm getting X amount of emails and text messages.

CCJ (29:46.488)
Right, yep.

CCJ (29:55.618)
Yep. Yeah, and they can know a lot about it.

Ron Sharon (29:57.548)
And it's phone calls and text messages and the phone company, there's no law that requires the phone companies to do anything about it so they don't do anything about it.

CCJ (30:07.47)
Right. So what are you seeing? Yeah, since we last spoke, obviously, AI, generative AI has become democratized and very popular. Now, every product on the planet has AI in it. Like everybody's just like, if it connects to electricity, they're saying they have AI, which is just ridiculous. That's just salesmanship, salespersonship. But

Ron Sharon (30:09.398)
And people get scammed on a daily basis,

Ron Sharon (30:26.316)
Yeah, it has AI.

CCJ (30:36.314)
What have you seen in terms of how AI has been leveraged by cyber criminals? mean, everybody was afraid it seemed right in the beginning that, it's just going to, it's going to be exponentially worse. and I've seen some things, but I, but I, but I really haven't seen as much as I think we've, we've thought of, cause it almost just seems like an arm arms race because clearly the defenders are using AI as well.

Ron Sharon (31:04.728)
So I like to call AI the new zero trust. It's the new marketing keyboard, Like every, it's the new zero trust, right? Like the 2020 till 2024 was zero trust and now it's AI. That's the new marketing keyword. So everything is plus AI today. how did, so it's an interesting thing, the capabilities of AI and I've been dabbling a lot about with it in the last couple of months, people don't realize how

CCJ (31:07.692)
Yeah, it's the new buzzword.

Mm-hmm.

CCJ (31:20.094)
Mm-hmm. Yes.

Ron Sharon (31:35.33)
dangerous it is. So there's a program. Like you said, I pay, I can pay $24 a month for this program. It could replicate anyone's voice. I can play or play something and it will replicate someone's voice. and then I can set it up on a way where I can type and it responds with that, with that voice and I can connect, can connect it to my phone and I can call you and say, you know what?

Hey dad, as an example, hey dad, I'm stuck in jail, I need bail money. And it's your son's or daughter's voice. It sounds exactly the same.

CCJ (32:07.202)
Hmm?

Yes.

Right. Yeah, you're talking about like AI deepfakes. And I mean, to me, that's just it's and they've gotten so good. Like they're really they understand the intonation in your speech, the cadence of your speech, and then the video capabilities have gotten very good. Yeah.

Ron Sharon (32:18.87)
I like deep fakes, AI, you know.

Ron Sharon (32:25.312)
And they're cutting so good even in video today. They're so good

Ron Sharon (32:35.362)
the videos capabilities and the text capabilities so you can generate a lot of content text today. You can, like I said, you can write a comprehensive chase kind of a letter that looks really official telling you that company X changed their accounting number. And you can have a phone number on the top and that 800 number goes into some sort of a, again, a voice generator.

CCJ (32:56.653)
Amazing.

Ron Sharon (33:03.138)
right, because you don't know where these people are from. So it could sound like an American guy from Texas just saying, yeah, we changed our account number. You need to send your checks now, all your wire transfers to this one, to this account number. Not a problem. You can, you know.

CCJ (33:19.822)
And to defend against that, it's really not a cybersecurity cure. It's not a platform or a specialist. It's really about having policies in place, right?

Ron Sharon (33:30.286)
So I talked about this with a friend of mine today. it's policies, procedures, and it's also governance. There is no governance on this now. And my friend, he equated it to like the first atomic bomb. Nobody knows how the atomic bomb looks like before it went off. And nobody had any kind of governance about atomic weapons before the first one went off. So there's probably going to be some sort of an event.

that will require governance to be put in place when it comes to AI. What event it's gonna be, we don't know. But right now it's literally the wild wide West. And not only that, industry today is moving towards automating almost everything, including code, right? So a lot of engineers are getting let go because there's new AI now to create.

All you need is give it a prompt to ABC and the AI writes the code. What happens if somebody gets into that AI that writes the code and inserts a malicious code in there and nobody, yeah, pose in the code and nobody knows? Is it technically possible? Of course it is. Did someone already do it? We don't know. Because we blindly trust the AI, right? And we've been warned, like with OpenAI, ChachiPT, it's like,

CCJ (34:36.526)
Poisons it, right? Poisons the data.

CCJ (34:48.654)
But I don't know.

Ron Sharon (34:56.076)
We've been told it hallucinates, it invents things. It doesn't say, don't know something. It builds an entire story because it thinks it knows it.

CCJ (34:59.213)
Right.

CCJ (35:07.64)
Right.

Ron Sharon (35:09.454)
So what happens if that happens in a code? What happens, God forbid, in a code for something important like airplanes, right? What are we gonna do? Like is it secure? Is it going through another, some sort of a code check? they're using AI to do the code check on the AI.

CCJ (35:16.204)
Right. It's absolutely true. Absolutely true.

CCJ (35:29.068)
Amazing, amazing. Yeah, I mean.

Ron Sharon (35:30.328)
So there's a lot of things with AI that are good, a lot of things that are not so good, and a lot of things that we still need to figure out because it's an arm race, right? Right now it's an arm race. Everybody moving forward as fast as they can.

CCJ (35:42.626)
Yeah. Well, I mean, we were so used to using search engines and doing a query and then getting a lot of blue hyperlinks and then having to go and look at all of them. And then you formulate the answer yourself and then you write it, right? And AI just gives you the answer. It might have links that if you ask for it, right?

Ron Sharon (35:44.366)
Cough

Ron Sharon (36:05.87)
it, it, yeah. AI gives you the answer. We don't know if it gives you the right answer. Cause right now, for instance, chat GPT has the capabilities to go online and search for things. And then it gives you an answer that looks real. But what have, what happens if the website is searched are not correct? It's getting its information from somewhere. Right. So for instance, if you ask church chat GPT, who's wrong Sharon, they're going to put that I'm an author because I wrote an article, one article and it found it.

CCJ (36:09.76)
We don't know if it's accurate or not, right?

CCJ (36:15.384)
Mm-hmm.

CCJ (36:22.466)
Well, right, that's exactly right. Yeah.

CCJ (36:37.026)
That's crazy.

Ron Sharon (36:37.144)
So just because I wrote one article and it found it doesn't mean that I'm an author. But that's what ChatGPT thinks because it went online and it found one article I wrote.

CCJ (36:42.572)
Right.

CCJ (36:49.41)
That's amazing. Yeah, I mean, people have always Googled themselves. Now the question is, have you chat GPT'd yourself? Right. Amazing. mean, well, and in terms of social engineering, too, I've seen it used in, I know you have as well, in social engineering, meaning someone will receive a phishing email and they may have paid attention and maybe they're not going to act on it.

Ron Sharon (36:56.952)
Have you chat GPT'd yourself?

CCJ (37:17.486)
then I can change the wiring instructions or I can do the release the sensitive information. But then it's followed up with a with a team's video call or a zoom call. Right. And you get on that call and the person sounds just like somebody that you know, and they look just like somebody that you know, and you can ask them the questions and get get all of your answers to.

anything that you would have concerns about and then you would go ahead and release the sensitive information or change the wiring and circuits or whatever the social engineering tactic is. Yeah.

Ron Sharon (37:50.382)
Yep. it makes that 100%. And it's just going to get more and more prevalent because, for instance, NVIDIA is coming out with their own mini server that's going to be an AI server. So a lot of people can just take it and do whatever they want with it, like program it for whatever they see fit by it. What kind of control? Yeah, so.

CCJ (38:09.016)
That's going to be dangerous if that falls in the wrong hands. And you know it will. Yeah. Right.

Ron Sharon (38:15.014)
of course it will. If you have money, you're buying it. Even if you're like, for instance, an embargo country, you have someone here buy it and then they ship it. It's not a problem. It's not big an issue to get things.

CCJ (38:23.5)
Well, yeah, yeah, exactly.

CCJ (38:29.774)
What I'm always fascinated to because people don't understand. was talking to somebody who is one of the non-technical leader, but it was for a healthcare organization. And they were, I was explaining, I was doing some security awareness for them and they were explaining, you know, listen, son, we're just not, we're just not that concerned about this cyber crime thing. We're, we're an hour away from Wichita, Kansas. Like we're, we're, we're over here. We're like, we're physically safe.

So we don't see the threat. And I didn't know how to respond other than to say, then just don't go online. Because when you get online, you're entering their world. Like you're entering the world where they have no borders. Right. And a lot of them live in parts of the world where so long as they don't go after their own government, they're going to be fine taking from you and bankrupting you and harming you.

Ron Sharon (39:08.771)
Yeah.

CCJ (39:29.506)
Like there's no remorse, it's just business to them. Yeah.

Ron Sharon (39:34.752)
It's just business. Yep. it's, you know, like I said, it's so the thing that I think that's a disconnect for people that are not in the industry is they think about hackers as some guy sitting in their parents' basement with a hoodie on, right? That's how they depict it in movies. That's some kid cracking code and yeah, all day long, if these green screens with the metrics thing going on on their screen and this is us to them and then says, mom, give me my pizza pockets or whatever. That's not, that's not how it is.

CCJ (39:48.642)
Yeah, that's right. Some kid cracking like drinking Red Bull, cracking code all day. Right. That's Hollywood. Right. That's Hollywood. Yes.

CCJ (40:02.654)
Yes, it's exactly the image that everybody has.

Ron Sharon (40:05.386)
Right? That's exactly the image that, you know, the media is portraying. And even if you know, you know, if you ask, if you ask the image generators to portray a hacker, that's exactly what you're getting. Like a guy in a hood somewhere, sitting alone in a room, but that's not, that's not the case for the law for a long time. And it's not new. These are major criminal enterprises sitting in office buildings with structures of, know, they have a CEO, they have a CFO and they have workers.

and they have all these, they have customer service departments, they have, these are businesses from top to bottom in countries like you said, that local governments do not go after them. These are businesses that their entire.

CCJ (40:34.414)
They have customer service departments. have, yeah.

CCJ (40:40.974)
Mm-hmm.

Ron Sharon (40:50.872)
goal is to steal your data or your money. And they're not like a lonely kid sitting in a basement somewhere. It's a complete organization, multiple people. It's a business. It's business.

CCJ (41:07.47)
Yep. Unbelievable. let's, as we're wrapping up, let's identify what are some of the best practices? What are some of the things that you always kind of will tell a business? You know, maybe your top three, not all of them, because we could, I mean, everybody could just list, laundry list the 25 things somebody should do, but time and money are realistic restrictions for a lot of small mid-sized businesses. But

If they can only do a few things, or at least they're going to do a few things now, and they're going to eventually evolve, I always think of it as like a maturity scale, right? When you think of one of those Gartner scales, and as they mature and as they invest and over time, right? They can start to do and start to head in the right direction. What are some of the top things that come to mind?

Ron Sharon (41:57.87)
Well, the first one I would always, I always say if they don't have any professional person that deals with the specifics of cybersecurity is to get one. Doesn't have to be a full time, like fractional CSO, VC, so whatever works for it, or just some professional that comes by once a week to give them his opinion on how they need to proceed.

CCJ (42:24.494)
That's really important. That's really important. And you're one of the first people that have actually started with the virtual CSO. And I think that's really important because technology to me is a river that flows through every aspect of an organization. So as they're wanting, because they're focused on growth, they're focused on growing their organization, making more widgets, selling, billing more hours, whatever it is, right? And as they continue to do that, technology is going to be involved there.

and they're going to be looking at new applications, new systems, new platforms, and having that person there to kind of say, don't do it that way. Do it this way because it'll be safer. It's not going to even cost you anything, but configure it this way so that way you can continue to grow without an eruption. That's really good advice.

Ron Sharon (43:13.996)
Let me give you, let me give you another analogy and why I say to get some professional like a professional person first. I, you know, probably some people go right into, you know, the platforms that you need to get a firewall. need to get a, a, a policy or you need to get a, antivirus, which is all true. But here's the thing. If you give Michelangelo a hammer and a chisel, you get, Dave, the statue of David, right? If you give me a hammer and a chisel.

All you get is some broken rocks. Cause I have no art, like I can't even draw a straight line. So everything that we give out, like all the platforms, the post procedures are tools. Tools need to be used by a professional. Right? So get the professional first and the professional will build you some sort of a vault of tools or recommendation of tools. And you can talk to a professional and say, we have,

CCJ (43:45.614)
There you go.

CCJ (43:50.253)
Right.

CCJ (43:56.632)
Right.

Ron Sharon (44:13.666)
this amount of money to spend. do, yeah, we have, exactly. And there's a lot of ways to do it. And this is what we have. Now, if a, you know, a CMMC organization, one doesn't have any money to pay for the tools, then we have a problem. And that's per, and that professional can says, you have to buy some real tools because you know, when the government auditors are going to come in, they don't want your open source, anything.

CCJ (44:15.992)
Right. And there's a lot of open source ways to start. There's a lot of ways to begin.

Ron Sharon (44:43.864)
to be in this environment, right? Because open source is a big no-no in some environments. So that's how you have to get the professional person first. Then they can get you the right tools and they can chisel Michelangelo at the end of the day. You don't want your CFO or your CEO or the chief engineer, which is no, he is a very good chief engineer, but they're not, but he's not a cybersecurity professional to do.

the cybersecurity things because that's not what they do. It might sound close, know, engineering, cybersecurity, okay, let's give them this role, but they're not a professional in that. So get a professional number for number one thing to do. Get a professional that gives you the right tools and the right advices of how to use everything to protect your organization.

CCJ (45:16.29)
Right. Right.

CCJ (45:22.795)
Excellent point.

CCJ (45:33.72)
That's excellent. That's excellent, excellent advice. Well, when you think about the tools and you think about security operations centers and the threat hunting, we hear those buzzwords. Business leaders will hear those buzzwords. And I always go into your analogy of building the house, right? I always think of it and tell me if I'm off, but like the the IT group, right? They're good because they're going to build the kitchen.

Right. But if once they do that, right, and they're keeping it humming along, they're changing the lights, they're patching, they're doing things that that that are maintaining that building correctly. But if the dishwasher starts to leak and it's damaging the walls behind it, no one's going to see it. It's going to be going on for months and months. The security people are looking for those anomalies. They're looking for.

things that might be broken behind the walls, behind the drywall that's not visible to the regular people. And then they're going to stop it because getting back to our original point, not all breaches are created equal. And so if you can catch it early, that's kind of the role of that security operations team. Does that seem to make sense?

Ron Sharon (46:49.804)
Yeah. It's, it's catching it early before something happens or catch it early right after something happens and then prevent it from getting anywhere. So if some bad actor gained access, but then you cut off their access before they can touch any data.

CCJ (46:55.373)
Right.

CCJ (47:07.032)
That's fine. It's a it's a breach without consequence. Right. Like.

Ron Sharon (47:08.152)
That's fine, right? It's a breach. It's like, okay, a breach. Because if that's the case, you don't have to report it, right? But the sooner somebody touched it exactly, it reports to government. have like, I think now in SEC, you have like 48 hours to report to the clients and the SEC, something like four days, I think. I think you're right. I think it's four days, which is not a very long time.

CCJ (47:17.73)
Right. Right. You don't have to go tell all of your customers that. Right.

CCJ (47:28.716)
Yeah, four days or something like that. Yeah. Which is not long at all. No.

Ron Sharon (47:37.742)
But if nobody touched the data, that's the best thing that that's the best consequences. But if somebody did touch the data, you know, something, somebody touched the data and you close it and they only touched like one or two things. And then they got real, their access got revoked right away. Again, it's better than somebody in being in your environment for two months and not like two, 20 minutes.

CCJ (47:41.859)
Right.

CCJ (47:57.484)
Right. Well, and we see some reports. yeah. And you see some reports, you know, like Health and Human Services has that wall of shame almost for health care organizations and a lot of industries are going to that. And then you can look and you can say, you know, first access was here and then they learned of the access here. And you're like, that's eight months later. That's six months later. Like, holy cow. if they had

Ron Sharon (48:20.344)
That's, yeah.

CCJ (48:25.228)
Like the ability to find them earlier, wouldn't have been that bad.

Ron Sharon (48:30.158)
Yep. And that's why one of the reason that, you know, one of many reasons that a sock is important to certain organization, not all organization will benefit from it. Um, but to a lot of, uh, medium sized and large size or enterprise size organization, that's an important thing, you know, to have somebody that always 24 seven looking what's going on on the environment. if there's a 500 gigs of data transfer outside of the environment in

CCJ (48:36.621)
Right.

Ron Sharon (49:00.01)
Monday, Tuesday, know, Wednesday, Thursday and Friday. It's like, hey, something is off. I've never seen this before. Maybe it's worth checking.

CCJ (49:10.392)
Yep, that's exactly right. Well, Ron, thank you so much. I really appreciate it. It was a fantastic conversation. Absolutely. So people can find you on LinkedIn and they can locate you. You put out a lot of content, a lot of mentoring, a lot of great content. So thank you for everything you do, my friend, and we will talk soon. Thanks so much.

Ron Sharon (49:18.801)
it's always a pleasure.

Ron Sharon (49:24.013)
LinkedIn.

Ron Sharon (49:33.485)
Thank you.

Ron Sharon (49:37.678)
Thank you very much.

People on this episode

David Mauro

Host

Cyber Crime Junkies