Back to Resources
HITT Series Videos

HITT- Today's Cybersecurity Trends- June 17, 2025

June 19, 2025

In today’s high intensity tech training, experts discussed the latest trends in cybersecurity, emphasizing the importance of AI and machine learning. Jason Stein from Telarus and specialists from ECI highlighted the need for a strategic approach to AI adoption, as many organizations are confused about available services. The session also covered the shift towards zero trust security models and the growing reliance on managed detection and response (MDR) solutions. ECI’s capabilities in cloud security and governance were showcased, along with the significance of integrating security across all platforms. The discussion concluded with a call for organizations to adopt comprehensive security measures to protect their digital assets.

Transcript is auto-generated.

Introduction to Today’s Training

It is time for today’s high intensity tech training. And as always, your comments and questions are welcome in the chat window for live Q and A. It’ll happen both during and after today’s presentation.

We are discussing cybersecurity trends today and the success stories that are found left and right. It’s going to give you direct insight into what’s actually working in today’s high risk environment. How about AI and machine learning integration and threat detection?

The expanding data privacy regulations?

What your clients are asking about. It’s all here today. We welcome back Telarus VP of cybersecurity, Jason Stein, along with a panel of experts from ECI, the leading cybersecurity provider for the first half of twenty twenty five. Jason and all, welcome back to the Tuesday call. How are you doing, buddy?

Welcoming the Panel of Experts

Thanks, Doug. I’m doing great. How are things?

Fantastic as always. We’re so glad to have you here. Still the hot topic of the year.

Yeah. I agree. You know, piling on to what you said earlier, artificial intelligence number one, Cybersecurity is a close second, and then securing artificial intelligence is, you know, one of those things that we need to continue to focus on. Super excited to have ECI here.

Justin, how come your headshot looks like a supermodel and the rest of us look like Beetlejuice got to us?

Because I’m too busy to go get professional ones taken.

So I had to have my thirteen year old daughter take that one for me.

Nice.

So, you know, I’m as Doug mentioned, ECI, new to our portfolio, just been in the portfolio for a little over six months and already closed enough revenue to be our top, supplier so far in the first half of two thousand twenty five. Very excited for all the momentum that we have going on with you. I love that what you’re doing both from security, AI, as well as cloud. And it’s really neat to see how quick you guys have, blasted into our organization and worked with our partners so well. So kudos and thank you.

Key Insights from the RSA Conference

Let’s jump into it. Chandler, why don’t you go to the next slide? Thank you. So here’s the three things that are really resonating the most.

You know, first, you heard Doug talk about AI. Artificial intelligence is everywhere. I just got back from the RSA conference with Trevor Burnside, and we really saw not only on the billboards everywhere in the airport, all around the city, going into the booths, everything said AI. And it was fascinating because, you know, not only is the market segment for AI, seven hundred and fifty seven billion dollar conversation according to Deloitte, but then you got, you know, the market segment for just AI securities, a thirty one billion dollar conversation this year.

AI is not new to cyber. You know, we’ve been doing it for quite some time. You know, eighty percent of organizations are looking to adopt artificial intelligence, but yet only twelve percent actually follow a framework, a road map, have an adoption plan. You know?

AI’s Role in Cybersecurity Conversations

So, Dylan, I know AI has been super valuable and important to you.

How much is AI coming up in every conversation?

And then how often are you seeing that when clients come to to ECI that they’re not prepared? They don’t have a strategy. They don’t have a framework. They don’t have this road map.

Yeah. It’s it’s happening a ton. Right? And I think it’s exactly what you said, Jason, where everybody is aware that it’s present and that it’s moving quickly and that there’s advancement being made day by day, but they’re not necessarily sure in how to leverage it, to improve their own business use cases. So I think, like, that’s where, as an organization, we’re really driving, that taught track of clients, to try to one, like, highlight the different use cases, for AI, within workflows and and different business processes that they’re utilizing for vertical.

Two, to really talk with them about the the stages of adoption within AI. I think it gets confusing with how many different services and resources are out there that are referring to AI. So really, like, understanding the difference between, you know, what is Copilot. Right? What is a Copilot agent?

What is, you know, like, a third party platform like Foundry or Bedrock or BlueWave, and and why are those different? And when do you leverage one versus the other, and what kind of investment should we make as a firm? So we’re we’re trying to kinda walk everybody through those conversations and, you know, give them a a good representation of where we think they should be.

Security Considerations for AI Adoption

A lot of things.

You know, some of the top security things that we need to think about when it comes to AI is exactly what you said. We need to protect those large language models. There’s a bunch of different ones out there, chat GPT, Copilot, you know, tend to to be two two of the top ones that people adopt.

You know, it’s interesting because we were just talking to a university and they said, you know, what we really struggle with is tenured professors who say, you can’t pro you can’t make me put any type of security measures on my laptop. It’s my laptop, and I’m tenured, so, you know, good luck with that. But then how do you protect the sensitive data that they’re, you know, allowing people to put onto their laptop and they’re sharing with these large language models, we need to worry about top things like data masking, you know, access controls, encryption, better monitoring and logging. You

know, we need to have better practices in place. You know, Jonathan, Dylan, are these top priorities that you’re seeing that are gotchas that people don’t just don’t think about? Because let’s face it. Within the organization, if these eighty percent of organizations are implementing and adopting AI, it’s typically driven by nontechnical people.

Is it not?

I mean, I think I think Sorry.

Go ahead, Dylan.

No. You got it. No.

I got it.

Just just, real quick. And and, Dylan, I think, you’ll have a little bit more insight here. But generally speaking, you know, I think the important thing for any organization is finding a way to make, something useful and meaningful accessible while sort of dissuading users from taking the path of, the path less monitored, if you will. So by providing users with a really good experience on a really good platform that can be, you know, carefully manicured to the experience of the the organization’s needs, That tends to draw people to, you know, a function that that is more secure while it provides an opportunity to dissuade and and even outright block or gatekeep other models, for example. And and we’ve built products, in this very light to be able to kinda support that philosophy.

Yeah. And what I’ll add on to that too, right, is, like, outside of just AI, really with data storage as a layer, what we’ve been preaching for, you know, the past few years and and definitely seeing a lot more in the market is really, like, DLP management, right, and data governance and classification, as a priority within organizations either from, like, a regulatory perspective, trade secrets, right, or, you know, like, PII and just ultimately wanting to instill confidence within your your your end users. So AI in that way is no different. Right?

Like, if you’re leveraging generative AI, you still want data labeling. You want correct data classification so that the LLM itself isn’t gonna feed an output to a user who shouldn’t have access to that data, but, you know, could be able to query it, right, or or ask a question against it. So it goes back to, like, identity and permissions and having those correct permissions and, you know, organizing it well through group based policies and role based access, permissions.

And then two, you know, making a a priority to label your data correctly, utilize a data governance solution, and make sure that’s incorporated at whatever layer, you’re interacting with with generative AI.

The Shift to Zero Trust Architecture

Fantastic. You know, one of the other top topics is, you know, when we start to think about Graham Scott and what he’s doing in the advanced networking space, you know, a lot of organizations are moving to, you know, adopt more, you know, SD WAN, and they’re really thinking about how, one, we need to put more security measures in place. Sixty percent of enterprises are actually looking to replace VPN with zero trust in two thousand twenty five. It’s a forty two billion dollar conversation.

You know, biggest reasons remote u workforce. We have a lot of compliance. We have more cloud adoption. We need to make sure that we’re enabling the partners, as well as clients to get to the data that they need to.

But, you know, Jonathan, Dylan, you know, when we think about z ZTNA and zero trust, you know, the the zero trust network access, the zero trust architecture, I know you guys have a different product name for it, Zero Networks. How does that come into play? How much are we seeing this adoption rate?

I I’d love to see more of it. I think that we’re we’re sort of in a in a post COVID lens where, you know, much of our our market presence was, you know, coming to an office five days a week, getting in front of a desktop, doing their job, leaving the office without, you know, a work device, maybe connecting to a Citrix or or something of that kind, to stream some apps for remote working on the options that they were at home, performing their daily tasks. But in a post COVID world where everybody’s sort of running around with a laptop, it it’s just not scalable to do traditional VPN in a sense.

Obviously, in the security community, this is going back some years, but the the Ronald Reagan, the trust but verify, has been invoked time and time again. And DTNA, I I would argue, is like a direct challenge to that concept.

So don’t trust but verify. Don’t trust anything, which is really the foundation of where where ZTNA tools come in.

I think in general, you know, people are are figuring out different ways to achieve, a zero trust model on, you know, an increasing market share in SaaS and IS.

So it’s not the sense that you need, you know, these full mesh networks any longer that are interconnecting different datasets in different places.

It’s really about kind of extending the the network access, or the the platform access to the identity, to the endpoint, just beyond, you know, having your credential that gets you access to a network layer.

Awesome. I agree completely.

And, you know, it Vinay’s point, it it is becoming more virtual, less physical.

You know? So EDR, MDR, XDR, we have all these acronyms, SOC, SIM. You know? We have, you know, ways to, one, protect anything with an IP address, other ways to look at logs.

It’s definitely a a big conversation this year. Most organizations are gonna have EDR. They have some type of antivirus, some type of endpoint detection response. What they don’t have is MDR.

And what’s interesting is the second bullet point, which says, last year, MDR, managed detection response, which is that human element, adding that security layer on top so that we see everything that gets through on anomalies, was a thirty percent adoption. And this year, it’s doubled. It’s a sixty percent adoption. So, you know, eighty percent of organizations this is what’s great about every to everybody on this call.

The Importance of Managed Detection Response

Eighty percent of organizations are gonna outsource at least one component of their cybersecurity. And most of the time, it’s this because they don’t have the resources. They only have one or two resources. They’re not security experts.

Let’s face it. Anything that gets through all your security threats is something new that no one’s ever seen before. So, Jonathan, how much are we seeing EDR, MDR, XDR, SOC SIM being a part of this conversation? People saying, hey.

We are not the expert. We don’t have those experts. We need your expertise. We need your resources to help us.

Yeah. Jason, you hit the nail on the head. It it really the the managed detection response is really about the people, and those people come at a cost. So for small and medium businesses that can’t really scale up their own security presence internally, you know, outsourcing is the name of the game.

In our business, we’re seeing incredibly high attach rates of our security products onto our MSP business, where it’s just incredibly complimentary as a service. And, you know, depending on what regulations you’re under, it could be sort of mandatory.

It’s something that I think is scalable and and necessary for really any industry, any size business, to be able to have the the twenty four seven three sixty five coverage.

You know, these are these are things and platforms that are outsourced for a reason. You know, that attack on a long weekend, or a holiday where it’s three in the morning and, you know, somebody is attempting to detonate ransomware on your network or, you know, drop a reverse shell or something of that nature.

You’re not staffing as a small or medium business that resource to be able to watch those signals.

And with these EDR, MDR, XDR products, it’s all about bringing in everything into that single pane of glass. We wanna get all data from all of the things from everywhere and make heads or tails of kinda what’s going on in the big picture.

So the people on top of it, absolutely essential. We see it everywhere.

It’s it’s it has continuity through everything that we do.

I love it. So, Justin, let’s pass it over to you. So if if you have questions, please throw them in the chat. We have a lot of really great content from ECI.

ECI’s Unique Offerings in Cybersecurity

So, you know, one, I wanted to turn this into a fireside chat where we could talk about, you know, what are you seeing, Justin? What’s resonating? What are what are clients asking for? What are some of the things that we’re having clients in our engineering resources come and rely on ECI for?

You know, we have a lot of things in the cloud that you guys are doing. You’re one of the the unicorns out there that can do cloud and security, you know, passwordless, database services, CMMC, you know, zero trust, which we’ve talked about, DLP, GRC. I mean, there’s just so many amazing things that I think you guys are doing. Justin, tell us a little bit about what are what are some of the biggest differentiators that that ECI does, and, you know, what does your stack look like?

Why are you winning so much?

It’s a lot of acronyms that you threw out there.

I know. You don’t usually.

Yeah. Thank you for that. We’re we’re doing pretty well, I would say, in, complex organizations. Right? So a lot of the time, TAs are coming to ECI looking for a little bit more maturity and scale over current vendors that the customers are working with. Whether that’s a mom and pop MSP that they grew up with, whether that’s somebody in the channel already who’s maybe not quite as global or doesn’t have end to end services.

You know, they’re leveraging our expertise with guys like Jonathan and Dylan who are sitting in on presales calls to help them map things out across the entire stack. So when you think of ECI, think of more of an end to end IT services firm. They’re looking to have economies of scale built in, right, cost considerations when you add multiple layers, of service to your business. But it typically starts with solving for a simple problem.

I’ve noticed a lot of people coming to us with generative AI questions, Copilot, ChatGPT.

I’ve noticed a lot of people coming to us because they hear what Jonathan built with our XDR platform is is exceptional. And a lot of conversations just start around that and building a a proposal around solutioning.

So it’s been really great in that capacity.

And, we’ve been so successful because I think, you know, I don’t do much talking.

The most of the talking is done by the Jonathans and the Dylans of the world.

So, it’s been a really great journey so far.

Awesome. So give us a little background on ECI.

Yeah. Absolutely. So we’re this is actually our thirtieth year in business. We’re founded in nineteen ninety five.

It’s about a thousand of us around the world, eighteen global offices. You can see the locations, very busy. Right? Over, thirty five thousand end users on the soft platform.

One thing I like to highlight is we are private equity owned, which if you sell into the higher end of the mid market or the lower enterprise, people like to know that we’re a very financially stable and strong company, fully auditable financials.

I think that that’s very valuable when it comes to RFPs and RFIs. They wanna know ECI is gonna be in business for many years to come. And again, I think just to really highlight the scale, right, having delivery centers all across the US as well as in EMEA, APAC, and, and, you know, EMEA and APAC specifically, really allows us to go after opportunities that not many other vendors within the Telarus channel can, compete with us on.

Introduction to Product Portfolio

That’s great. Chandler, let’s go to the next slide and dive into the product set. So this is your portfolio, a snippet of your portfolio. Tell us a little bit about some of these offerings, and I love to see that it goes across all the advanced solutions.

Yeah. So the reason we threw this slide together, right, it’s a little jumbled up from a wording perspective, is we want to give everybody a a true understanding of the scale of our business. So each one of these bullet points you see, whether that’s in the cloud or infrastructure, the cyber and compliance, the data and AI, or even the managed IT, we’re happy to schedule follow-up calls, which you can work with me to accomplish to do demos and deep dives into these particular solutions. But for the sake of time, we wanted everybody to get a feel of the comprehensiveness of our portfolio of services. So I’ll kick it over to Verkado to run through the cyber and compliance of our security services. When he’s done with that, we’ll kick it over to Dylan to run through what we consider to be digital services.

Focus on Security Integration

Thanks, Justin. Yeah. Generally speaking, as a business, our focus is to make sure that we’re weaving security through really everything that we do, taking what’s, like, typically known as a security through layers approach.

So while the managed XDR is our flagship offering with our twenty four seven three sixty five SOC, we do provide, managed EDR services.

We’re principally a, a reseller of SentinelOne, next gen firewalls, so your your Fortinet devices, your Palo Alto, devices, Cisco, Meraki, etcetera.

Microsegmentation, so we work with a couple of different vendors.

We very briefly touched on Xero networks, a moment ago, which is, going to be, ZTNA, but also host based firewall management, an often overlooked thing in my opinion, where, you know, folks are not necessarily fortifying the endpoints firewall, you know, making for challenges when, you know, the EDR doesn’t necessarily pick up that that reverse shell or something of that nature. Zero networks and host firewall management really come into play there with, not blocking stuff just coming inbound, but also going outbound.

So it’s a really, really great piece of kit.

You know, advanced email protection, we’re a big integrator of Proofpoint.

We play in the EOP space.

We’re also, a big integrator with Abnormal, which is a relatively, new AI driven, email security model.

On top of the the tools and the tech and the cool stuff that I could talk about endlessly, we also do have sort of the, the the governance and risk, the GRC program, which is going to be, you know, wide and comprehensive in and of itself.

We’re able to deliver vRAS, vulnerability management services, through that program as well as, you know, phishing and end user training, with tabletop exercises and, you know, simulated phishing campaigns.

Just going down the list here back into my space, we do offer, you know, dark web monitoring services for, employee identities specifically, you know, security assessments on particular I c IT assets. And all of this, I think, like, the last bullet here is, in the spirit of using a different scale that we’re not necessarily developing. So whether it’s, you know, CIS, or or NIST or something of the like, we’re always trying to drive to build our standards and best practices on, what conventional industry best practices tell us.

Digital Services and Application Development

Yep. And I and I’ll jump in and talk a little bit about, you know, digital services and what we’re doing. So the way to think about digital services is really it’s all custom application development and related infrastructure hosting needs for that application development that we’re doing. Right? So that can fall into really anywhere in the project life cycle, starting from requirement gathering, right, which we’ll typically do as part of presales unless it’s, like, really large, data, project or something like that, all the way to a managed service offering, right, where we can handle twenty four seven, response, SLAs, for remediation as well, and do ongoing development and build a product road map and collaborate with you to continue, to to build new features, and enhance the solution overall. So really everything in between.

For our main domains, that’s, you know, we’re typically working with data, whether that be data integrations, data engineering and data pipelines, generative AI, you know, which ultimately becomes the end product of a a data pipeline, and use cases around generative AI and incorporation in applications, custom web apps, custom mobile applications. We still see those, as well as, cloud infrastructure and cloud engineering, too. Right? Mostly in for complex use cases around containers and Kubernetes, you know, as well as, like, managed service offerings, and infrastructures code.

But, realistically, all those domains are are different areas that we help in.

And yeah.

I love it. So I wanted to expand on a couple things. So first, Jonathan, let’s talk about the cloud. You know, we’re seeing a lot of things being moved to the cloud.

Virtualization’s key. You know, we need to protect the data. We have so many people accessing the data. We have users.

We have employees. We have customers. We have all these tool sets, and we need to protect that data. So, you know, one of the things that’s fascinating is one, you’re you’re doing a lot of things for protecting that.

Cloud Security and Database Administration

But when you came to our engineering summit, we started talking about DBA. We don’t have a deep bench of suppliers that do database administration services, but then you guys also set up we take it a step further, and we wrap security around it. Let’s talk about as AI is being adopted and you’re putting it in the cloud, this goes for both Dylan and Jonathan. One, you know, how are we securing it?

And then what are you doing that’s so special from the DBA service to help protect that? Because I I think that that’s a unique and different conversation. Lot of customers struggle with adopting a cloud, struggle with how to protect it, then struggle with the database because their d they did database guy left, and then they need someone to help secure it better.

Yeah. So from, like, a, like, a tactical perspective, I think it’s a it’s a really interesting time to be, you know, managing a data warehouse or a data lake or or really however you’re you’re putting your data into a relational schema.

We have all of this this flurry of options, whether you’re using an AWS product or an Azure product, for example.

My team specifically has has leaned heavy into, Azure SQL, which is sort of like a headless offering, that uses some of the, intrinsic feature set in, in the Azure platform, to be able to allow me to control security parameters.

So I like to think of everything sort of in the lens of, like, who are you, where are you, what are you, how are you. So, like, who is the user that’s that’s in need of accessing, this dataset? What of the dataset they need to access? So can I can I reduce the scope down to just the as needed data?

How are you? Is my is my device compliant?

Is my, you know, EDR active, or has it been disabled?

Things of that nature connecting from my endpoint.

And then what are you like, what is my job function? What is my purpose to be accessing this data? So, you know, that that lens or those four pillars allow me to really kinda frame anything that I’m doing from a security perspective in in a defensive strategy.

So on the notion of of database administration or securing, you know, data structures, Moving, the lift and shift from on prem to cloud really opens up a lot of doors for, you know, some of those features that are just built into the platform.

I think that in terms of a cloud migration, there’s a lot to consider in terms of, you know, do you lift and shift? Do you do, you know, segmentation into some of these, as a service products?

And and once you’ve kinda decided what that, journey looks like for you, the the scope of of security does change meaningfully.

The more you shift to the microservice model and the as a service model, the more you can rely on, you know, some of the platform based security measures.

I love it. Thanks. You know, so I’m I’m watching in the chat. One, we’re talking about GRC governance risk compliance.

Governance, Risk, and Compliance (GRC) Discussion

You know, then I started thinking about DLP and and data discovery, which is DLP, data loss prevention, your data moving.

Data discovery, your data is sitting at rest. You know, we have lots of different ways that we need to protect organizations. I’m glad you you guys showcase compliance on here. Then we start to think about CMMC.

And only four percent of organizations that need to be CMMC are actually CMMC compliant. So there’s a big opportunity. What we’ve always tried to do from a security standpoint is show you stats, show you why it’s relevant, show you why you need to have those conversations, and then point out ways that will differentiate you on things that your clients are actually talking about. So, Justin, Dylan, Justin, and and Jonathan, let’s talk about GRC.

So first off, we we know the governance is super huge in AI. We need to make sure that we have frameworks and things in place because people aren’t following them. The risk is being driven down by the board more than ever, so there’s lots of opportunities to see that we need to put more risk measures in place and help get that information back to the board and senior leadership because they want to do that. We need to worry about data loss prevention. And, Justin, you talked about how that’s been a huge topic, identifying all that personable identifiable information, seeing it not only in motion, but also at rest for organization. And then let’s get into what are you guys doing for CMMC, and why is that so important? And do you have an initiative that you can utilize to help get people CMMC certified so that they will pass their on?

Ricardo, you want me to take this one?

Sure.

Yeah. Sure. So I think with, the governance risk compliance package, Jason, it’s all about creating the programmatic approach to these things. Right?

I see a lot of the comments in the chat, on specific topics. So you see things in there around auditing, you see things around, basically compliance related issues like you’re talking about CMMC. I think it’s more about building the program around it to make sure that when the time comes to file for compliance or some type of audit that will give you a CMMC certification, that you’re ready to do that. So ECI ourselves does not do CMMC certifications.

Right? Like, we can’t CMMC certify you. I think that’s been the road map, but, we’d have to have a deeper conversation with Chad Fullerton around that, the guy who runs that program. But as of now, it’s helping you prepare for CMMC.

We ourselves are CMMC level one and two, and we’re implementing those controls and and access to ensure that our customers, when they go to be certified, are, you know, hitting the mark.

But the program itself, the GRC program, is pretty ad hoc. It’s built out to the needs of the particular client, can do everything from build and maintain policies through responding to those audits, due diligence questionnaires, tabletop exercises. You know, it’s built to service the customer regardless of what their regulatory requirement, regulatory requirements are. Obviously, growing up in the financial services space like we did, we work with a lot of private equity firms, hedge funds. So we’re very, very astute at, SEC, FINRA, NYDFS, global ones like Dora and, you know, anything around GDPR, really, really good.

So yeah. I mean, that’s kind of like a a high level overview. Again, if if you wanna jump into any of the bullet points on this solutions overview page or perhaps take demos, reach out to me and we can put you with the subject matter experts there. I think it would be valuable for anybody interested in GRC to sit down with Chad.

He does a particularly great job at at running through the platform.

So we have a couple of minutes left, and I know Doug has some questions from the chat, and I appreciate all the, activity in the chat. You know, I wanted to showcase, you know, a couple things. One, you guys are one of the only providers in the portfolio doing passwordless identity and access management, which I think is absolutely amazing. Sixty percent of organizations are looking to adopt a passwordless style of identity and access management to make sure that employees aren’t putting the same passwords repetitively over and over again, which I I think is huge. You know, help desk, you guys want a massive deal that, you know, you wanna Justin showcase this real quick, and then I wanna let Doug get into some questions. You guys have won a quite a few pretty large deals, recently, and I think help desk support outsourcing and relying on ECI has been part of it.

Case Study: Large Client Engagement

Yeah. Absolutely. We’ll quickly go through this one. Bercato and Dylan were both a part of this deal as well. So just a very large record label.

The partner, the TA, is based in Atlanta. Obviously, with some of the folks on the call not being under NDA with ECI specifically, we can’t share specific names of customers or the agents, but the total contract value was just over seven million dollars. We were competing against some pretty reputable and named brands in the channel space, that you would definitely know. I think why they went with ECI ultimately is because of the scale of our business.

This customer needed on-site support in Berlin, in Australia, all across the US in four different places, two places in the UK, and we were able to staff those roles full time for them. That was a big component of it. They really liked our cyber offering. They Jonathan was, you know, doing cyber demos of our XDR platform and the SOAR piece, many, many times and still working with their cyber team today.

They really liked our abilities to do FinOps and multi cloud support, which is where Dylan and his team came into play. That was, you know, they have presences in Azure and AWS.

How do we better, make those communicate? How do we make sure that the licensing is all correct? They are eight hundred users. They grow, pretty frequently through m and a, making sure that they’re getting the best out of all their licensing costs and utilization in the cloud.

We offered them a semi dedicated support desk. They were very big on their end user experience, so they didn’t want to be part of a fully shared services model, but they didn’t want to have to pay for a fully dedicated model. So what we did there was we put them in a semi dedicated position, which is a smaller pod of sixteen engineers to provide twenty four seven three sixty five help desk who only work on two or three clients. This way there’s some continuity in the people that are supporting the end users at this firm, and there’s familiarity there. And then I’ll can you scroll down just a little?

I I have it blocked on the bottom. Oh, yeah. No.

I think that covered that covers everything. I mean, like, one more thing to touch on there is the enterprise, network and system services, which is particularly unique to ECI, I feel. That’s more of a a knock as a service. Right? It’s like a co managed environment where our internal IT teams and their internal IT teams get to use and see the same tools, and it’s pretty infrastructure agnostic. Right? Having grown through acquisition like they did, there was a lot of legacy tech debt that their old service provider wasn’t able to monitor or support, which we were able to do and start road mapping towards getting them to be very cutting edge in those technologies.

Thanks, Justin. Appreciate it. I’ve really enjoyed this conversation, Doug. I’m not sure if we have time for questions, but, you know, please keep questions coming in the chat, and both ECI and LevelBlue will continue to answer those.

Integration and Security Considerations

We are running a little bit short on time, but I did wanna make sure that we covered one or two things, quickly that summarize a few of the questions that we had.

A lot of comments, of course, about just integrations with various platforms.

I know there were some specific questions around CRM type platforms, Salesforce, and others.

Talk let’s first take a look at the importance of that type of integration and where the vulnerabilities exist and then how ECI solutions can address those.

I can take that. So in general, I’ll I’ll answer the question, but I’ll also just note that, you know, it is part of a sum. Right? So whether you’re whatever CRM you might be using, it’s going to be, useful and meaningful full, you know, data signal coming into a a bigger, more comprehensive, security lens. The the data coming from, your CRM, data coming from your databases, data coming from your cloud solutions, is all relevant in context within itself. So when we talk about a threat actor potentially attacking a CRM, you know, the things that are gonna be relevant really are the, the access methods, the exposure and RBAC policies around, you know, what are you giving your users access to. There’s a little bit of governance in hardening those those platforms, which we can certainly assist in in kind of guiding, in a positive direction.

Importance of Centralized Logging

You know, certainly gathering that data, for for logging and authentication and access into a single pane of glass is important.

It’s always beneficial, or we always recommend, you know, building a SAML integration with with your IDP, to be able to get those logs, through, like, a single stream.

And I just say in general, you know, again, I it it can’t be overstated that focusing on securing, like, one particular platform is is the tunnel vision that ends up making organizations overlook, you know, the bigger picture.

It’s it’s just that it it’s all valuable under context. Everything that we do, you know, looking at the entire digital footprint is is paramount to success.

Weaving Security into Client Relationships

Jonathan, you used a phrase earlier, weaving security through everything that we do at ECI, And that just really hit me as, that would be a brilliant way for our advisers to think about their relationship with their clients and how they present these types of solutions in all of the interactions that they have with their clients.

Yeah. It’s, it’s something that we need to think about in anything that we do because, you know, you’re only as strong as your weakest link. Right? So if you’re securing, you know, three of your five platform technologies, your area of exposure is focused in the two that you didn’t that you might have overlooked. So back to the analogy with, or back to the scenario with the CRM, if we’re so focused on, you know, securing or hardening the CRM and not so focused on, you know, identity and access management for, you know, Exchange online or Google Workspace or something like that. You know, we’re we’re suddenly, you know, getting too in the weeds with one thing and not the other.

Minimum Security Requirements for Technology

So it really has to be a minimum requirement for really any technology or tech debt that we end up taking on.