BizTech Next Level BizTech Podcast

46. Why shouldn't I run a Security Operations Center on my own? With Guest Jeff Hathcote

December 7, 2022

Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube

Tune in as we speak with Jeff Hathcote, Telarus Solution Architect for Security, and one of the most advanced security architects around. He talks about Security Operations and how, as a customer, why you should NOT try to build one on your own. Jeff has 20+ years of real-world practice building, managing, and designing under his belt, along with the foremost security certifications in the channel!

Transcript of episode can be found below.

Josh Lupresto (00:01):
Welcome to the podcast that is designed to fuel your success in selling technology solutions. I’m your host, Josh Lupresto, SVP of Sales Engineering at Telarus. And this is Next Level BizTech. Hey everybody, welcome back. I’m your host, Josh Lupresto. Today I am joined with the world’s most interesting man, Jeff Hathcote, Telarus Security architect. Jeff, welcome back to the show, my friend.

Jeff Hathcote (00:31):
Thank you, sir. Glad to be here.

Josh Lupresto (00:34):
Today we’re talking about security. We’re talking about a security operations center, a SOC, and making a bold claim as to why it’s a really bad idea to run one on my own. Before we get to that, I want to talk a little bit about, for anybody that didn’t tune in to season one, your background, how did you get here? Give us a quick, uh, quick summary on that and then we’ll get started.

Jeff Hathcote (00:59):
I, I was the kid, Josh, there was the geek back before there were such things as geeks. Uh, I actually had an old Radio Shack, TRS 80 Model three, if you’re, you’re still too young to remember those.

Josh Lupresto (01:13):
What’s Radio Shack?

Jeff Hathcote (01:15):
Yeah, exactly. That was a, that was a very cool computer and I even had a dot matrix printer attached to it, so I got very interested in that. Uh, just kinda learned on my own, learned how to, you know, write things in basic, actually did a little, uh, little machine code as well. And it just, it was fascinating to me. And this was about the time that the original, uh, war Games movie came out. So I saw that and I went, oh, yeah, that’s what I wanna do. Uh, never, never ne never went that direction. Uh, but in college, uh, I was always interested in this new technology that was coming around. The only curriculum that my particular university had was called Mathematical computing, which did not interest me in the lease, even though I did take some programming classes. Uh, I just tinkered. I was a tinkerer. I would take things apart, put them back together, figure out how they worked. Uh, and that led me to, you know, this just career of exploration. I worked in law enforcement. I actually worked in the prison system. I worked my way through college in the Louisiana State Department of Corrections, uh, which allowed me to enhance my technical skills. Cause I ran the commissary where inmates bought things.

Josh Lupresto (02:33):
This is gonna be a whole podcast, but go ahead. Yeah,

Jeff Hathcote (02:37):
They bought their cigarettes and their ice cream and things of that nature. But I was one of the few organizations that had a, at a computer. And I found out quickly that I was attached to the entire, uh, department of Public for the state of Louisiana, which allowed to and print driving things of that nature. And I found some I some holes and I was able to report those up and, you know, we’d get them fixed. And that just got me interested in the security aspect. Moved on, went to the, went to work for the federal government in the same capacity with Federal Bureau Prisons, and was actually one of the first, or the, the charter member really, of the group that built at the time was called Computer Services, which is now obviously it, but I was part of that initial group that built the policies and procedures and created a division within a, within a government bureau.

Jeff Hathcote (03:33):
Uh, security was always a big part of that right there. Was it, I was an application developer, software guy. I was a network engineer, but the security piece was always what interested me. When I left government service a few years ago, I just jumped right back into the security aspects of it. I’ve been an IT director. I’ve been, you know, I’ve, I’ve run large organizations, small organizations, uh, in the security realm and the IT realm, you know, multiple industries. But security has always been a strong, strong part of what I do. I just, it interests me, uh, because I don’t like bad guys and I don’t view these cyber criminals any different than the guy that robs the bank or jacks your car or breaks into your house. There’s the same mindset, the criminals, and maybe it’s just been ingrained in me since that early part of my career where I, I, I just have a protective nature and I like to help people protect themselves against these bad guys.

Jeff Hathcote (04:35):
So, um, passion evolved. Uh, I got, I got a phone from, from Telarus once upon a time, and it sounded like an awesome opportunity to be able to share my experience. And whenever I say experience, it’s not, cause I’m the smartest guy in the room. I’ve always said, you’ve heard this, Josh, if I’m, I’m the smartest guy in the room, I’m in the wrong room, right? Uh, but it gives me the opportunity to share my passion and to collaborate with folks that are facing a lot of the same problems that I’ve faced in the past, and use the benefit of the mistakes that I’ve made and the lessons that I’ve learned to keep them from making those same mistakes. Uh, being able to keep up with technology in the, in the realm of cybersecurity. What these bad guys are doing, how they’re doing it, what our countermeasures are, uh, what the new tech that the good guys are coming out with to affect what the bad guys are. And, you know, it’s, I think it helps that I spent so much time around the criminal aspect of the population that it allows me to think like a bad guy. And if you can think like a bad guy, you can, you can, you can stop them. So in a roundabout way, that’s how I wound up on this podcast. I was in prison, now I’m here. So, but

Josh Lupresto (05:49):
Hey, let the record show. While we did go to college at different times, I did go to Radio Shack to buy resistors in college to finish

Jeff Hathcote (05:56):
Radio Shack was the, you know, everybody else was hanging out. Well, everybody was hanging out at the cool places and Jeff was at Radio Shack talking to the guy going, Hey, you getting any new breadboards I can look at?

Josh Lupresto (06:06):
Yes. Spread boards. All right. Uh, that’s good. And, and, and look, I think that’s what’s great too, that, that, to prop you up for a second, I think you’ve done a great job with the partners really saying, Hey, I’ve been here before. I’ve done this. I know what to expect. Pull me into this. Put me in. I don’t really care. Uh, if this customer is brand new to security or if they’re enterprise expert level security, we can help. Cuz you’ve seen a lot of things. So I think that’s, that’s been awesome. Uh, okay. So I want you to, you know, let’s recap of, you know, you were on a number of months ago. We talked about, you know, some slightly different topics, but I want you to give me and, and give the listeners, uh, a really bad example of, of something that you’ve seen. We see a lot of things of what customers do, some that, that they do that are the right thing. Some that we go, eh, I don’t know if I’d do that, but maybe just kick us off with any bad things that you’ve seen recently be as we, as we kind of start this off,

Jeff Hathcote (07:05):
Bad, bad things in terms of attacks or just the way someone approaches their Cybersecurity.

Josh Lupresto (07:10):
Yeah. The way that, that, that somebody’s thought, you know what? I need to go do this. I’m gonna go do this thing.

Jeff Hathcote (07:16):
Yeah. I, I, I see it a lot, right? And it’s not limited to very small customers. It’s lim, you know, it’s, it’s the big enterprises. It’s the small ones. And I think it’s just a case of there’s a lot of apathy right there, because security is not the sexiest thing in the world, right? Uh, security does not make you money. Security is not something that you market, right? That’s not your widget that you’re trying to sell. Uh, and so a lot of customers know that they have a problem, right? They, they, they realize that they’ve got an issue. Uh, it could be a new, uh, or it doesn’t have to be new, but a CIO or a CSO that comes into an organization that inherits a, an organization, an infrastructure where they’re just not sure what’s out there, but they know there’s probably, there’s probably bad stuff.

Jeff Hathcote (08:06):
There’s probably a bad actor, uh, sitting somewhere in their infrastructure. Uh, but a lot of times they get paralyzed and then they have to rely on the team that they’ve inherited as well to tell them what needs to be done. And a lot of times there’s some pet projects that pop out. Cause it’s geeks, and I’m a geek, so I can say that word. I own it. Um, there’s a lot of cool toys that we could get that we weren’t able to get before. The old boss said no, maybe the new boss say yes. And so they’re very focused on product, product, product, new, new software, new tools, uh, and that causes the, the, the new leader to just kinda be paralyzed. And, and you’re getting all this noise from various places and you gotta stop and say, I gotta discover, discover where I am.

Jeff Hathcote (08:56):
Right? And I’ve had so many people tell me that I know we’ve got problems, um, but I’m just not comfortable in this role yet to go to my boss, to go to the CFO or go to the board and ask for money to do this because I’m, I’m new to the role. I had that conversation with someone yesterday that was just, I, I know we’ve gotta do something. I don’t think now’s the time. I think we’re gonna wait probably until first quarter before we really look at it. Well, that’s what the bad, that’s what counting. You’re just, you’re just gonna maintain a status quo and even worth a status quo that you know is not good. You have no, you have no ability to, to identify. You have no iden no, no way to, to protect the things because you know what they are. Obviously you can’t detect and respond and recover because you have no idea what’s going on. And you notice I use those five functions of a framework, right? And those are gonna, those are gonna follow me everywhere I go, every conversation I have with you’s gonna, I those things. So in a roundabout way, it’s just, it’s just, it’s not necessarily apathy, but it’s like paralysis. My gosh, I’ve got so much going on. I where to start. I don’t. So I’m do nothing.

Josh Lupresto (10:15):
I, I think that’s what we’ve realized. To your point, we’ve realized that we get pulled into these situations and we don’t wanna be pushy, right? We don’t wanna be that pushy salesperson. But what, what I’m finding, and I think what we’re all getting more confident in with security is we have to drill or double down and let them, no, you don’t wanna do that. Like, yes, I would love it if you buy some things, that’s great. I’m not that, that, that’s gonna happen no matter what. But if you don’t do anything, you have to realize the repercussions of not doing something right. So yeah. Great, great point.

Jeff Hathcote (10:46):
Well, look, look, look back, you know, at the situation with Uber that happened a few years ago and they were, there was a compromise. The CISO tried to hide that and look what happened to him. Yeah. Went to jail, right? So it’s, it’s not just protecting the reputation of, of you and your team and maybe your company. There’s some personal ramifications that can come into play if you don’t accept that you need to do something and then do something with it. So,

Josh Lupresto (11:18):
All right, so let’s talk SOC. Security Operations center. So we’ve talked about a lot of tools. We’ve talked about, you know, there’s a lot of layers. We’ve talked about framework. But let’s re break down, uh, educate everybody on really, what, what does a SOC, what does it solve? What does it encompass?

Jeff Hathcote (11:39):
So I, and again, and I love it cause I’m starting to have this conversation more and more. I, I, I typically have it at least once a day, but now it’s become more and more cause people are starting to realize that we don’t have the resources. There’s not an organization out there. You, you’re a Fortune 50 or you’re a a three-man shop. We don’t have the resources to staff for specifically security to watch for security events that are in our environment. Those types of events are compromised accounts. You’ve got a guy that logs into his computer at eight o’clock in the morning from the home office in Omaha, and then two minutes later, that same account logs in from somewhere in Thailand, right? Um, if you don’t have somebody watching that, you’re not gonna know that it happened. And then the, the account from Thailand starts traversing your network and wreaking havoc in your infrastructure.

Jeff Hathcote (12:40):
Um, a lot of, a lot of folks will tell me that, well, we have things in place, we have tools, and they’ll alert us. Well, alert fatigue is real and the bad guys typically don’t, and I think you heard me say this before, they’re not gonna operate Monday through Friday, eight five. They’re not gonna wait until you get to your office to start doing things. It’s gonna be the two in the morning on a, you know, Saturday or Sunday morning, uh, where your phone on the charger or whatever. So with that, we really need to have s a team, not just a person or not just an electronic device like a phone or, or whatever, watching that infrastructure. 24 hours a day, seven days a week, all year long. Weekends and holidays, fluided. Um, and that is something that if you try to build on your own, and I’m not telling you not to do it.

Jeff Hathcote (13:41):
If you wanna do it, you knock yourself out and then call me in about six months and I’ll help you unwind it and get a real solution. Not being snarky, just that’s the way its, cause I’ve tried to do it before as well. But you have to figure if you wanna build a round the clock security operations center in order to get qualified and trained people that can, that can understand what a security event is, can, can understand what a log, how to read a log, how to implement a, a security incident and events manager solution, log aggregator, understand what various alerts and alarms mean within various systems. You’re gonna pay about a hundred grand on an average. It’s gonna be some places it’ll be more some’s gonna a hundred thousand dollars per person and you’ve gotta at least 12 of them to man around the clock.

Jeff Hathcote (14:36):
And that’s just your labor cost. Your technology on the other hand, is gonna cost anywhere from 300 grand to over a million. So that’s the, the software, that’s the hardware as well. That’s the implementation. And it’s gonna take anywhere from six to 18 months to implement these things. The problem that we have is we might be able to find those people and we may have that capital budget to buy that equipment. We may be able to buy that software, but guess what? There’s that, there’s that constant, you know, I always use Moore’s Law as an example. Uh, security changes so rapidly and there’s gonna be something new. There’s gonna be another, another, uh, uh, point solution if you will, that that needs to be put in place. So you’re gonna constantly be spending more and more money. You’re gonna be constantly having to not only update your infrastructure, but you gotta update your SOCk.

Jeff Hathcote (15:34):
You’ve gotta update your people. You’ve got people that get sick. You’ve got people that wanna go on vacation. You got, the biggest problem is you got people to quit, right? Uh, there’s, there’s so many jobs out there right now that you can take a young, uh, security analyst, uh, that knows what they’re doing, that has a bit of experience that maybe has a cert or two, put them in that chair and they, they start working and they get that real world experience. Somebody’s gonna come. And then guess what, you’re back into that HR model where you’re constantly, constantly just go to, just go to Indeed or one of those job boards and just do a search for security analysts or security professional cyber security specifically. And you’ll get page after page after page and a of those posts. I just did that yesterday. I’m for a new job, but to prepare. It’s

Josh Lupresto (16:26):
Good. Thanks. Clearing that. Good, good.

Jeff Hathcote (16:30):
Uh, you’ll just, and a lot of those postings have been up for 60, 90 days because they can’t fill em.

Josh Lupresto (16:39):
Well, and, and, and we talked about this, there’s how many job openings right now that require that, that they say they want you to have the big security cert, the cissp How many are you seeing?

Jeff Hathcote (16:51):
Uh, there, I, I’m trying to remember this off the top of my head. So it may not be completely accurate, but there’s like 90, 90,000 people in the United States with the, uh, certified information system security professionals, CS s P certification, which is kind of the gold standard in this world. Uh, 90,000 folks have that certification in the United States. And the glass count I think was back in, you know, it was probably about six, eight months ago, there were 109, 10,000 jobs posted that required the CSS P certification before they would even talk to you, much less hire you. Yeah. So that’s a gap, right? Uh, same thing with all these other certifications and you know, we are a certification heavy industry. And I, I think where I think the best thing about a certification, and I have certifications, I have a, I have a strong belief that they are, they’re useful, they’re good.

Jeff Hathcote (17:53):
I would never say anything bad about cert just cause I’m, I’m a cert certified guy too. But that real world experience is key as well, right? Just because you have a certification doesn’t mean you can do the job. I used to teach back in the old days with Microsoft, I used to teach the Microsoft Certified Systems Engineer, uh, curriculum, and it was, it was amazing how many people could pass those tests based on the book, but they’d never had any real world, uh, experience. I would come in, I was also a Microsoft certified trainer. I would come into the classroom and throw the book away and bring a real world scenarios, probably something that I was facing in my job. Yeah. And I would help have the class help me s help me solve it. So I like to see the real world experience. I like to see, you know, the, the, the textbook, the certifications, the understanding of those things as well. Uh, but if you’re trying to do this on your own, it’s is horribly difficult to, to start it. But what’s even worse is trying to maintain it. The money is going to be a constant. Um, it is just a constant thing. You’re going to have to continually go to your money people and say, I need another check. I need another, we’ve gotta upgrade.

Josh Lupresto (19:09):
And thats, yeah. And, and to, to bring this, to bring this home, this point, uh, we’re not at a spot economically right now. We’re going to the well for non-revenue producing needs. You’re not seeing that in the tech sector, right? It’s not the time right now. So companies to this point, let’s leverage the, the vendors that have achieved economy of scale, that have the stable expertise, that have the certifications, and to your point, the real world experience. So, absolutely. Right. Bring us some really good

Jeff Hathcote (19:40):
Points. Well, and we, and we have a lot of folks within our portfolio, as you know, that have, um, they have a pipeline to educational facilities. So they’re working with colleges, universities that have cybersecurity programs that are allowing them to be interns. So they’re getting their, their book learning, if you will, the, the formal education. But they’re also getting the real world by serving as interns when they graduate. Uh, a great many of ’em are going to work for these organizations in their SOCks, working up from tier one to tier three to, you know, SOC leads and managers and so forth and, and traversing through the cybersecurity world. And there are so many different avenues you can take in that cybersecurity world. You know, there’s policies and procedures and frameworks and all, and then there’s the technical aspect of penetration testers, you know, that sort of thing.

Josh Lupresto (20:35):
So I wanna skip to, you know, I I, we’ve talked about what Telarus does, right? What, what we do with our resources, what, what you’re out there doing, being very tactical and strategic, but, but tactically in these deals, helping partners doing discoveries, helping the customer figure out what the real problem is and where they really need to spend their time versus where they think they need to spend their time. Uh, I, I thought it was interesting yesterday, I did a webinar yesterday with Microsoft and some of their security engineering team and, you know, it was about stats, about where we’re at and, and sad stats about where we’re at with the state of some of the adoption of the security technology. And I thought it, it, it’s interesting, they have a good glimpse on it where from a Microsoft perspective, roughly 25 to 30% of their users, anybody using Microsoft Tools, office 365 has adopted mfa. And I thought that was fascinating to me, to go right now after one of the easiest things that is out there to adopt. And now they’re, they’re, they’re setting that, but also shifting towards the new tool sets, the Microsoft enter these things that are really getting to the root of it is identity, right? Identity and trust and governance. And I think that’s important. But you know, you, you and I were talking before this go, going back to the basics mfa, right? Multi simple multifactor, why, why are we at 25% adoption?

Jeff Hathcote (22:03):
I, I, I’ve got my theories right? And this is not based in anything scientific, I don’t think, but just again, real world experience and, and, and real world implementation of multifactor authentication, mobile device management, anything where you’re affecting a user experience, there is a, I think it’s a, it’s a fear that it has that, well, I’m going to make you respond to a push message or an SMS message or a phone call in order for you to log in and do your job, right? Uh, and the argument back from the field, or from, you know, from the user community is you’re making it hard for me to do my job. You’re getting in the, in the way of productivity. And so a lot of folks are are backing up saying, yeah, I’m sorry. I’ll, I’ll turn that off for you. And a lot of times it starts with we’re just gonna implement multifactor authentication across the board.

Jeff Hathcote (23:05):
Everybody has to use it, and then they start getting that pushback and they onsie twosie it. And so now, well, you’re the COO of the organization and you’re the boss, so I don’t want you to have to do it. So I’m gonna turn it off for you. Well, then the next C-suite meeting, the cfo, the CEO and cio say the same things, right? Before you know it, you’ve got this mix of, some people have to have it, some people don’t. Um, my argument has always been, and if you don’t have someone looking out for you at the C-suite or the board to, but my response has, security is not a, uh, a hindrance to productivity security is going to help productivity, right? It may be a little painful at first, but implementation of something like multifactor authentication, it’s not necessarily something you have to do all at once.

Jeff Hathcote (24:03):
Phase it in, phase it in. Get people in departments that will be your champion. Let them understand the value of multifactor authentication. And multifactor authentication is not the end. Be all security. Just because you have it implemented doesn’t mean you’re never going get, it’s, it’s kinda like leaving your porch light on at your house. That’s not gonna stop someone from breaking in, but it’s probably gonna make them pause and look at the other house that doesn’t have the porch light on. Right? So I I, I think it’s a fear. Back to your original question, I think it’s just we don’t like people barking at us because we’re making their lives a little harder.

Josh Lupresto (24:45):
Yeah. Yeah. Procrastination is great. Some people are really good at it. So let’s encourage people to get MFA and also tonight, make sure your porch lights are on. Great point. Yep.

Jeff Hathcote (24:55):
. Yeah. You gotta tie the two again.

Josh Lupresto (24:58):
Yes, yes, absolutely. Uh, I have mine automated on a cycle, so I’m lazy.

Jeff Hathcote (25:03):
I have cameras and porch lights, so you know, it’s, I have I what you call a zero trust house,

Josh Lupresto (25:09):
So Yeah. Yeah. I know you won’t let me in to come over. I’m like, no. Uh, okay. So we talked about what Del Telarus is doing, you know, any other trends you wanna call out real quick of, you know, things that you’re seeing? I mean, we talked about this is about why I shouldn’t run a security op center. We’re seeing customers trying to do it on their own or, or just freeze and paralysis. Any other trends that you need to call out that have changed in the last six months?

Jeff Hathcote (25:34):
Yeah, you know, and it’s, it’s, it’s probably been less than that, unless six to three months I would have the conversation with organizations that you really need that, that full view of your infrastructure, you know, all the time with trained people that can respond, can detect and respond to those anomalies. Uh, and a lot of those conversations really didn’t go anywhere. Cause of, eh, I don’t think we need that. We’re not big enough. We’re not, uh, you know, we’re not a target or we don’t have the money now. It’s, it’s amazing to me because customers are going to the, to our partners, right? Who have that relationship with the customer asking for it. We need a security operation center and we don’t know where to start. That to me, is a great, great trend. And I think the, the rationale behind that is some of the news articles that we see, so and so got com so and so got compromised and so just spent, you know, 8 million, you know, on a, a ransom of that nature.

Jeff Hathcote (26:38):
And one of the nice things that I see, at least from perspective is we’re seeing more and more boards that are being required to have security minded or security professionals sitting on those boards. So it’s raising the awareness of how important this is. And we’re no longer an eight to five world, right? Especially with, with work from home. You know, back in the day we’d get on the train or get in our car, drive to the office, log in at eight, boy, it gets to be five o’clock. We shut everything down and, and move on with work from home and work from anywhere really. We’re 24 hours a day. How many times have you and I been on two o’clock in the morning, right? Mm-hmm. , uh, I, I, I support our partners from Australia, the whole US Canada, all the way to the uk. So I’m spanning multiple time zones. The bad guys are also working every, every time zone. So we’ve got to have somebody that’s looking at it, and I tell you, the first attack that is stopped, uh, detected and recovered from pays for itself. And it’s amazing how many people, their eyes really open wide. And when we start quoting what it’s going cost for somebody to watch some qualified people to watch their, I think that’s the layman’s term.

Jeff Hathcote (28:03):
It’s a lot l it’s a lot more, uh, fiscally responsible than a lot of people think. They think it’s gonna cost millions and millions of dollars and that’s why they wanna do it themselves. But whenever it, when the rubber meets the road, it’s like, that’s about the cost of a full time employee per year.

Josh Lupresto (28:20):
Yeah.

Jeff Hathcote (28:21):
And it’s, it’s, it’s kind of a no brainer, really. Yeah. So,

Josh Lupresto (28:25):
You know, good point. I wanna call out one other trend too. You know, we looked at what was happening three to six months ago and we’re, we’re helping the partners figure out how to crack into these deals with customers, with some of questions that we give them. Now, it seems like, to your point with what you’ve talked about, the security staffing, the great resignation, all of these things that have transpired in the last 12 plus months. The, the other piece of this that we’ve seen come out is before we were teaching people, it’s important to talk to your customers about a SOCk, about sim and log management. Now it seems like we’re seeing, hey, I bought Splunk, or I bought QRadar, or I bought, you know, whatever, but I don’t have the people to manage it anymore, or I’m not comfortable that it’s being managed appropriately. So we’re a definite trend that I want partners to pay attention to. And you, you feel free to comment on this, that, uh, if, if the company is a little more mature and has purchased some of those tools, what are the tools that they have? You know, what, what are the questions that you should ask, right? Is it effectiveness and the tools? How do we draw those opportunities out if that’s what we’re helping partners with?

Jeff Hathcote (29:28):
Yeah. And that’s, I mean, that’s a, that’s a conversation that happens a lot as well. And I’ve never seen an organization, I could be wrong, but I’ve never been a part of or worked with an organization that had Splunk that didn’t have an entire department wrapped around it, right? It’s kinda like saying, well, you know, we have, we have finance and HR issues, so we’re just gonna go buy PeopleSoft and let PeopleSoft take it. You know, that you can’t run PeopleSoft with, you know, a half person. And it’s the same thing with a lot of these really, really good tools. And one of the things that Telarus does, I think very well with our, with our portfolio of providers is you may be that person that came from a organization that had Splunk, you like Splunk, you understand how it works. So you wanna implement it in your new role, in your new organization, but you don’t have the time patient patients or energy to either sprain people on it, hire people on it, whatever.

Jeff Hathcote (30:27):
Cuz you’re gonna have these, these, these big holes. We can provide people that will manage that for you, that will provide the SOC that will manage the Splunks and the qras and whatever else there is out there. If you have nothing, we have people that will provide a sim, a log aggregator, get telemetry from your firewalls, from your active directory, from your endpoints, actively manage it for you. So it’s not a case of your team or you if you’re the only person that has a security focus, responding to every alert, every alarm that comes along. Because most people, when they try to implement on their own, they turn everything on, right? That’s just the way it’s, we check every box if we wanna know about, well guess what, when you log in successfully to a Windows computer, I think it creates about 15 or or more alerts.

Jeff Hathcote (31:23):
Yeah, Josh Lupresto logged in successfully. Joshua Lupresto access this successfully. Do I care that Josh Lupresto did that? No, not really. So I wanna be able to, to, to get down to the nuts and bolts of that, of that software and kind of filter those things out. And I only wanna know what’s real, what’s an alarm versus all this alert and the alert fatigue won’t set in, but I’ve got a whole team of people that are 24 7 that are watching this for me. So I can actually go to a baseball game. I can actually go out to dinner with my wife and not have to, you know, keep grabbing my phone. So,

Josh Lupresto (32:02):
Good, good point. Yeah. To your point, you know, give me things like conditional access. Don’t tell me when Josh logs in, but get the tool set and configured right. And know the tool enough. Maybe you bought it, but maybe you don’t know it. How to do conditional access of, I don’t care when Jeff logs in, but I care when Jeff logs in after hours in a different city. Or if Jeff logs in somewhere that isn’t this, and then help me manage it and, and help

Jeff Hathcote (32:26):
Or from a foreign device, right? I he’s never used

Josh Lupresto (32:29):
That. He’s not trusted. Exactly. We talk about trust a lot. Good point. So, uh, I, I wanna maybe wrap us up with a five minutes or less roleplay scenario. I wanna be the customer. I want to tell you what I’m going through and I want you to kind of give me some ad advice. Uh, I realize five minutes is much shorter than our traditional discovery call, but the idea is I will be a customer that is going through things and it is a snapshot in time of where we’re at. So you, you tell me kind of what your recommendation and maybe help me understand that. And if anybody understands, this is a little bit of a glimpse into what we do in a discovery conversation. So, Hey Jeff, listen, uh, I appreciate you helping me out with our environment. Uh, I was told you’re kind of the security guy and you’ve got some expertise that I’m excited to hear about.

Josh Lupresto (33:17):
You know, listen, we’ve, you know, we’ve got some financial records, we’ve got some data, we’ve got an Azure environment, um, you know, we’ve made some investment into Palos. Um, we, we we’re, we’re getting ready to get MFA turned on and, and some of those things. But I guess the hard part I’m figuring out is I’m not sure where we should be spending our time next. Um, I know we need to do some things. I know there are some vulnerabilities, but I’ve gotta figure out, do I have the right budget? Where should I be spending my time? And I’m just kind of curious from your perspective with what you’re seeing out there, is that the right thing? Do I focus on mfa? Where do I go from here?

Jeff Hathcote (33:53):
Let me, lemme stop you real quick and just kind of back up a minute, right? Uh, understand first of all that security cybersecurity is not a product, right? It’s not, it’s not something you buy as a package. Here’s security. Um, think of, let’s, let’s put it into an analogy that, that pretty much anybody can understand. Let’s say you’re gonna build a house or a building a shed, whatever. You go to the hardware store, you go to the lumber yard and you look and you say, I know I need some windows, so I’m gonna buy some windows. I need a door. Uh, I need three doors and I need a bunch of shingles and I need some lumber and four or five bags of concrete. Cause I’m pretty sure I’m gonna require concrete in this build. Well, you have all this stuff in the back of a big trailer and it’s delivered to your property and it’s dumped on the yard.

Jeff Hathcote (34:50):
Okay? There’s your security. What are you gonna do with it? What do you start with? You start with the shingles. Cuz you’re building a new, you’re building a new building. You start with the shingles, you just start with the windows. Probably not, right? The first thing you need to do is have a foundation, right? So understand what that foundation’s gonna look like. Are you gonna have a basement? Is it just gonna be a slab? Yet? You have to figure that. How big is it going to be? Is it gonna be rectangular? Is it gonna be square? Is it, don’t know, right? So that foundation is the key piece. And, and just take this analogy into cybersecurity. You have to have a framework. A framework is going to allow you to make those decisions in a timely way. It’s gonna help you with your budgeting, it’s going to help you have the conversation with your organization because this affects the organization.

Jeff Hathcote (35:47):
It’s not just an IT thing, right? So I always talk about, uh, the particular framework that comes out of the National Institute of Standards and Technologies missed, right? Uh, but that is the first thing that I’m gonna recommend to you, Josh, is that let’s talk about a framework. Let’s pick a framework for you. And they’re all gonna have the essential five main functions, right? We want to identify what those assets are. You already mentioned three of them, right? You’ve got stuff in Azure, we’ve got some financials, we’ve got this, okay, let’s identify what they are, where they are, who has access to them, so forth and so on, right? So that’s gonna be one of the, one of the pillars. And then we want to protect those assets. So we want to provide training to users. We wanna put some basic, uh, protections in place, right?

Jeff Hathcote (36:41):
You’re buying Palo Altos great. Um, that’s a certain level. Um, encryption is going to be another way to protect those things of that nature. So we have identified it and we’re protecting it, and then we’re gonna move down the road, down the down the road a little bit. And we want to be able to detect when there’s an anomaly within your infrastructure. Something’s just not right. Well, in order to know that something’s not right, you have to know what right is first, right? So that’s part of this journey, right? We know what normal is. So I’ll use h and r Block as an example, right? H and r Block does taxes, but you only see the h and r block offices opened a few months out of the year, right? So probably May through December, they’re nothing, right? But January, February, March starts kicking in.

Jeff Hathcote (37:35):
Boy, they’re, so, they know that their activity is gonna peak, so that’s normal for them. If you’ve got a standard, you know what your data looks like, you know what your network activity looks like throughout the year, but suddenly it goes crazy and you’re getting, you know, all kinds of weird stuff. Are you gonna be able to identify that? Are you gonna be able to, to detect it? Right? Well, once you do, when it, once it is detected, how do you respond to it? What do you do? Uh, well, unless you can detect it, you’re not gonna do anything and then recover from it, right? So those are the five functions of a framework, multiple frameworks out there, NIST, CIS18, I mean, just there, there’s, there’s tons of ’em. Depending upon your industry, we’ll recommend the direction to go. And we’ve got multiple folks that can help you get on the path to the implementation of that framework.

Jeff Hathcote (38:32):
But don’t go out and just start buying things. Mm-hmm. , right? Because as you start working through your cybersecurity journey to build cyber resilience, understanding that you’re going to be compromised, how do you respond to it? How do you recover from it? How quickly can you do all these things? As you go through your journey on cyber cybersecurity journey, you may not need those things, or you may need them at a future point where you need something else. Not that. So you’re spending money up front that you may not need to overhear until you have a plant, right? So now when you’re building your house, you know, the first thing you have to do is build the foundation. Next thing you wanna do is you wanna put up your walls, right? So you’re gonna need concrete first lumber second. The last thing you’re probably going to need is the asphalt shingles for the roof, the paint for the interior and the trim, right? So it’s just back up it out and then implement it. And it doesn’t have to be a long drawn out process. Sometimes people say, wow, that’s gonna take me five years to do that. No, no, no, no, no. We can do that, you know, fairly quickly, uh, but with thought and the execution is gonna be the key to your success. Good. Make sense?

Josh Lupresto (39:53):
I love it. Uh, good. I hope that helps everybody. I, I love the role play. I think that gives a, that’s a real situation, that’s a real conversation that we regularly have. Uh, and then really once we started off like that, we just decide where we’re gonna go deeper, who else we gotta pull into the conversation, what the subsequent, you know, how the budget aligns, all that good stuff. So, great stuff. Well, Jeff, that wraps us up today, man. I appreciate you coming back on. We might have you back a third time.

Jeff Hathcote (40:19):
Well, I don’t know. You have to check with my agent. So,

Josh Lupresto (40:22):
. All right, everybody, uh, that, that wraps us up for this week. Uh, appreciate you coming on, buddy. Uh, this is talking about SOC talking about why you shouldn’t set it up on your own. And if you learn anything from today, make sure that you turn your lights on tonight. So we keep the bad guys away.

Jeff Hathcote (40:38):
You gotta have your, you gotta have your porch light on.

Josh Lupresto (40:40):
That wraps us up. I’m your host, Josh Lupresto, SVP of Sales Engineering, at Telarus. And this is Next Level BizTech.