UnHacked

Welcome everybody to episode 36 of unhacked. Guys, it is the beginning of January 2025. We, this is our first recording of 2025. Now I don't know if it's laziness. I don't know if it's opportunity, but we have, we've kind of been quiet for a few weeks.

I think our last episode we recorded in November. Is that right? We've been on the air since then. It's been a minute. It's been a minute.

So, here we are. We're back better than ever, and we're kicking this year off with a commitment to bring on more guests. And, god, I could not be more excited to have and I'll I'll know I'll slaughter your name even though I practice. Yevgeniy Karam. Is it Karam Karam?

So say your last name for me. Evgeniy Kharam. Kharam. Okay. I was close.

I was close. I tried. Alright, guys. We are going to talk about well, first of all, a little introduction to unhacked. It's a deliberate misnomer because, you know, 97%, most the vast majority of breaches can be prevented if you put basic security measures in place, follow the the the oh my god.

I was gonna say platforms. Frameworks. There we go. All the frameworks, whether it's, CIS, NIST, HIPAA, PCI. And and I'm I'm bringing all these acronyms up on purpose right now because we're gonna talk about a doctor I read today.

We, I read on Reddit. This doctor just, like, blowing a gasket because he had so many things he had to do in the world of cybersecurity. And he was basically saying I'm not gonna not do it, but good luck selling me on this stuff. So, I I wanna break down that just kind of mindset of, you know, there there we have to find this balance, and that really is the essence of our podcast is finding the balance between every goddamn thing we're supposed to do as business owners and and narrowing that down to what really matters. Where do we really spend our time?

Where do we really spend our money so that we can outsmart the likes of Boris Grishchenko, the arch nemesis of James Bond? That's what we're here to talk about. I am Justin Shelley, CEO of Phoenix IT Advisors. I work with businesses in the Dallas Metro. We do some work in Utah.

We do some work in Nevada, kind of all over the place at the moment. And I am here with my good friends and regular cohosts, Mario and Brian. Brian, why don't you start first? And then, Mario, tell us who you are, what you do, and who you do it for. Excellent.

Yep. Bryan Lachapelle with b four Networks, based out of Niagara Region, Ontario, Canada. And we help small businesses remove all the headaches and frustrations that come with dealing with technology.

Excellent. Mario?

Mario is the chief CEO of MASDET IT. We're located in North Jersey, right right outside of, New York City. I've been in business for 20 years now, focusing on, you know, construction, engineering, architects. You know, anybody that has computers, you know, will help them. We focus more on midsized companies offering, white glove, IT services.

Alright. And, guys, you anybody who's listened to

this podcast knows that Mario and Brian and I

have been friends for years. We've been doing this podcast for almost a year now coming up on it. But today today, we have our special guest, Yevgeny. And I've gotta tell you a little bit about him first and why why he caught my eye and why we're here today. So this is really kinda, lame, and I'm gonna drop some names, but, Evgeny and I are both really good friends with Robert Herjavec.

If you don't know who Robert Herjavec is, he's the, one of the stars of Shark Tank. He was on Dancing with the Stars. The guy can dance. Who knew? He races cars, does all kinds of stuff.

Right? But, and I I'm if you can't tell, I'm really lying about the fact that I'm friends with this guy. But I did one time meet him. Actually, I met him three times. One time I met him at his office up in Canada, and there is a chance that Evgeny and I have actually met because, Evgeny, you worked there, 10 years ago.

Correct?

No. I was there 2 and a half years ago, but I worked there for a long time. Yes. I was there 10 years ago.

You were there when I was there? Yes.

Right?

Yes.

I mean,

we met or not.

I don't know. Years. Yeah.

Yeah. Okay. So, Jeff Ginni, tell me a little bit. I you know, the notes I've got, you're, number 1, you climbed the ladder there at the Herjavec Group. You're a father of 4.

You have this wild ski slash snowboarding party that I'm gonna miss unfortunately this year that I really hope you'll do again so I can come to or something like it. You're a board member, I believe, or an adviser, and I might have wrote that down wrong. For the Canadian cybersecurity network, I want you to talk a little bit about that because I don't really know what that is. You've got a media cyber consulting service. You have 2 podcasts.

You wrote a book. I mean, you've done a few things. Right? So with with that, tell me what, what would you like people to know about you and and why it is that you're so, like, amazing?

You I might hire you as my PR agent. You know? It seems so. You're doing such a good job for myself.

Thank you. Thank you. So I'm a second We'll discuss fees later.

Yep. Sounds good. You know, I have a couple of shawarma beers. We can talk about this part, you know.

Okay.

So I'm a second time immigrant. I've been in Canada for almost 20 years. I did start my career in the Israeli Navy. And while majority of the people start their IT or cyber career in IT, I kind of started my cyber career doing QA for firewalls. So it was quite very interesting because I spent 2 years in Checkpoint.

If nobody if people don't know, Checkpoint is one of the still biggest firewall companies in the world that exists for a long, long time. So when I moved to Canada, under my impression, I I was thinking that everybody know how to debug the firewall. So I'll come to a customer, we'll open a console, and we go to Karen and they're like, what the hell are you doing? In 2 months, I realized how wrong I am. And it was okay.

Because it was a big differentials in a very, very fast way. And then time, I could establish myself as a very technical person that know how to fix stuff. Later on, took me some time, but move up to other become a team lead, group manager, and VP as well. And what I realized that it's quite important is doesn't matter how smart you are. If you cannot particular your ideas in the language, and Justin, as you mentioned, we hear not to just throw acronyms in the language that the other person understand.

And this could be business language. This could be simple language. This could be whatever language as a person understand. And because English wasn't my first language, it was actually my third language and the second time immigrant, It took a while to figure out the best way to connect to people. And I think this is one of the most important part that people missing right now.

I learned even more when I started the podcast because now you have video, you have audio. You know, it's gonna stay there forever, and you're not gonna watch this. So you better know what you're doing and how you communicate there as well. And all these small pieces, this was make us a better human being, a better professional. So it's like Brian, Mario, Justin, you're saying you guys help small businesses.

But if you come, they're all like, Oh, I can do TCP IP. I know so many frameworks. And I understand SSL people, like, what are you talking about? I don't know what you want from me. I have 5 laptops, 10 people, and I need to understand how to just do my work.

Right.

So you need to go to understand their pain point, understand how to take this pain away. And guess what? It doesn't matter if it's a 5 people shop, or it's a 50,000 people shop. They have the same pains. Depends who you're talking to.

If you're talking to a CISO VP, SVP, they don't care about nuts and bolts. Same as the guy as a dentist. They care about business.

Yep.

They care about how we stay profitable, how we stay online. So the problem that the doctor has with 5 people and the seesaw is 50,000 people, same problem. Yes. Anyway, it's a bit of different thing.

Right. Right. And and I'm glad you mentioned that because, I mean, I've I've gotta go back. So I I've I've got this Reddit quote that I'm gonna read in here just a second. But this really was driven home to me, god, almost probably about the time you and I allegedly met up in Canada.

I I met with a doctor, small office, and we were talking about cybersecurity. We were talking about HIPAA compliance. And and this guy looked me square in the eyes. He's like, I don't care. He's like, I'm too small.

They're not coming after me. Like, well, that may or may not be true. But clearly, I was not speaking his language, right, to your point. I I was speaking my language. I knew it was important.

I knew why it was important. And I I either failed to communicate it or maybe he legitimately wasn't interested, which, you know, some of us are bigger risk takers than others. Right? But so that that is what we're gonna talk about today. And and I'd not again, one of the other things that kinda caught my attention, Jovginny, on, you know, when I was reading about your background and and what you do is that ability to communicate, technical stuff to nontechnical people.

And I think that is probably one of our greatest challenges in this industry. We speak different languages. So, again, today, we're gonna talk about a disgruntled doctor, his real and understandable problems, and then perhaps this bigger problem of mindset. And we've talked about mindset before. We're gonna dive into it again today.

And then as always, we're gonna wrap this thing up with a formula to protect our businesses. So, let me just go ahead and read this. I'm gonna read this entire quote, and then we're gonna take some bullet points, and we're just gonna break this down. And and quick background, this was not on a technical thread where I read this. It was actually on, I think, small business or entrepreneur or something like that, and this kid had just gone out and taken a cybersecurity course or whatever, fancied himself, the latest greatest cybersecurity expert, which is another problem with our industry.

You can do that. And he did, and he gets on there, and he's like, hey, guys. I've got this new skill. How do I sell it? And and here's what this doctor said.

He says, I have a small medical office. You come to me, and all I'm gonna hear is that there's another problem I now have to deal with. If you do that, you need to come with some really good data to prove I need to deal with this problem right now. Not 3,264,512 businesses got hacked. I don't give a damn about them.

You need to have actual my business issues. Why all the systems I'm already paying for, HIPAA and PCI compliance or whatever the damn acronym was that my credit card processing company needed me to do aren't good enough and a reasonable price I can pay to make it happen. Also, for the most part, it has to be hands off for me, and I'm not paying for subscription. This better be fixed, have a good life solution, or something damn close to it. When you talk to me, you have to keep in mind, I just spent 6 hours seeing patients, 1 hour finding out what the hell my billing people are doing that were getting denied claims, 3 hours fighting with insurance companies or sitting on hold with them, 2 hours talking my clinicians through complex cases that they need to deal with, 4 hours doing all the other back office stuff, and I have 2 to 3 hours of work to do before I can go home and go to sleep.

Now I did a little bit of math, and he might be working some really long days there. I don't have the time or energy for you and your problems you're bringing me. Doesn't mean I won't do it, but it's gonna be a hell of a hard sell. Alright. Now aside from the fact that I slaughtered the reading of this poor guy's comments, I wish I could have heard him say this out loud because I think the emotion would have been much better.

Let's get into this and let's talk about how do we help somebody like this, and and I want you guys' take on it because here's here's my take. I think, a, these are legitimate concerns, and, b, they're going to sink him. Thoughts?

Can I start?

Yeah.

Please. So definitely the guy is frustrated. Definitely, there is no way to show him the benefit of his out, let him take the all the, you know, the pressure out. What I think people don't understand in this case is that they're no longer working in the dark. They're no longer working without computers.

There's a billing system done on computers. His freaking x-ray is done on a computer. His schedule done on a computer. Probably majority of the staff are connected in his office. So if this doctor will listen and I'll up with, okay, give me, like, 5 minutes to explain what's happening, and then tell me if it makes sense or not.

Because in the end of the day, you mentioned that you want to work, you just want to work. So what if you actually doesn't work? What if you schedule system doesn't work right now? Will this impact your ability to make money? And from there, if you stop and think about that, then there's opportunity to explain, okay, this is why we need to simple or like the simplest protection or the basic protection can have for your devices, hygiene for your laptops, understanding what's connected, what do you have, or even what do you have on your system, who is using your Wi Fi to make sure we can do your work.

This is this is how I will approach this to understand his pain, understand how he he makes money, and what will prevent him to make money.

No. That's that's actually a really good point. You've got enough problems. You've got enough work on your plate. The last thing we need to do is make it worse.

Right? Complicate it because stuff is not working right. Okay. Mario, Brian, thoughts?

I mean, to me, when I when I read this the first time and when you read it again, it seems to me like he's getting multiple people coming up and trying to sell him something.

Right.

You know? And he he's sick of it, and he doesn't understand why he needs to do this. You know, sometimes when we're, you know, meeting with prospects and stuff and stuff like that, what we do and what you guys I'm, you know, we we actually offer it all the time is a network assessment. We could come in there and show them what is wrong and what we can do to fix it. And I don't know if this guy ever let somebody do this or if anybody ever offered to do something like this.

Sometimes, you know, with somebody like this and he's saying he's, like, show me what the problem is with my business. You know? And he needs somebody to come in there and say, well, you know what? Your server is running server 2012. You know?

This is why it's a problem. This is, you know, your your front computer has administrative privileges. This is why a problem, you know, it could be a problem. I think he needs somebody to to to to show him the problems and not just you know, you you you need to sell on the problem, not just sell a solution.

Interrupt. But it's working. Why do I care it's 2012? It's working. It worked for last 10 years.

It never went down. Maybe one time when there was a power down. Why do I care?

Because when it does go down or when there is a problem, you may not be able to come back from it. You know, it's that's what we sell is we sell, you know, it it so when it doesn't happen and in case it does happen, you can recover. You know? It yes. To some people, that makes sense.

To some people, it's like, well, you know, I'll deal with it when it happens.

You think it is like you need to pinpoint the crown jewels back to impacting the business. Like, proactively the same as people. If it's a dentist, for example, profits dentist, people proactively come to you and tell you, we're not just doing blood tests when we want to we're unable to die. It's because we've been doing blood tests every year, every 2 years, because we don't proactively understand and not get to this point. So, actually, it's a very interesting point because we can come back to doctors and what they do and how they treat patients to say we're doing the same as you mentioned.

We'll do an assessment periodically.

Yeah. No. Exactly. And even with a dentist, you can say, well, why am I gonna come to you every 6 months for for cleaning and and this and that? Why can't I just come to you when I'm having pain?

That's exactly, a a very good point. That that that's it's a different industry, but very similar, proactiveness. Yeah.

That's the approach I try to use. I always try to bring it back to whatever it is that their business does. So in this particular case, they're they're a medical practice. Right? I'm sure depending on the type of medical practice, maybe it could be a dentist.

I I don't know. It says a medical practice. So, let's assume it's just a regular Jeep, general practitioner. You know, I would say, you know, if you were talking to a patient who is having, you know, health issues and you knew that they were related to perhaps being overweight or perhaps not having enough exercise, you would let them know, like, hey. Listen.

You probably should have a regular exercise regime. You should eat better. Right? You need to do these things on a regular basis in order to make sure you don't have problems down the road. You could ignore them, and you might have no problems for years, and all of a sudden, you end up with some sort of disease that you can't get rid of.

But you could have done that proactively. You could have prevented it from happening in the first place. It's kind of the same when it comes to IT. There's a lot of things that have to be done on a regular proactive preventative basis to make sure that you don't end up in a problem that you can't extract yourself from. And that's the approach I usually take when I'm talking to somebody who doesn't necessarily, understand the tech side.

But bringing it back from another angle, I also say, like, listen, Initially, there might be a lot of work to do, but once we get into a regular regime, it's going to be very minimal, and it's going to be relatively reasonable for us to to be able to do this on a on a cost basis. And my job as an IT provider isn't just securing you, it's also looking for ways that we can make you more efficient and be better, able to work in your medical practice, in a way that saves you time. So if I'm doing my job correctly, by the time that we're done working or not done working together, by the time that you've worked with me for, let's say, half a year, you're finding efficiencies in your business that I'm paying for myself and on top of taking care of the security thing. So we're finding ways of making sure that you're able to get your, appointments out faster or your your patients, paid faster, whatever it looks like. You know, the different businesses have different things that we can do for them that will improve their operations.

That's what I'm looking for as well to offset our cost.

Yeah.

So one of the things I picked up on here is there is a language barrier. Right? When he's like, HIPAA and PCI or whatever it was my credit card processing company told me I had to do, why why isn't it good enough? So clearly, there's there's a lack of understanding. And and, Jeff Gennady, that goes back to your you know, what we talked about before is this, you know, communicating our world into the language of somebody else who just doesn't understand.

And and clearly, this guy is frustrated. He does not understand why he's writing another check, why why he is spending more time. He you know, because this is gonna involve guys, let's just talk about how how we do our sales cycle. Right? How many meetings, how much time is involved with a business owner when they decide that they want or need to make a change to their IT world.

Like, it isn't just click a button and sign up, and you're good to go. We're talking about hours. We've got discovery. We've got, technical audits. We've got planning sessions.

It it is a significant time commitment. And, you know, and I don't remember who said it, but it it seems like this guy has been called upon multiple times with multiple sales pitches of everybody telling him, I can go in, I can find a problem, and now you have to fix it and pay me to do it. Right? So what what can we do? And I'm I'm kind of this is a little bit of introspection for me, but how can we make this world easier?

Because, I mean, like, this is great information for us where where they may not understand our world. We now have the reason I grabbed this thing off of Reddit is because now I have a window into the life of my client. They're frustrated. They're overworked, probably underpaid for the for what they're doing. How do we simplify this process?

How do we change it? How do we make it more beneficial to them? Do you guys have any thoughts on that one? It's hard.

It's hard because, yeah, we're not fully there. We're still duct taping cybersecurity, we're still duct taping IT, not even cybersecurity, we're duct taping IT. Right. What's the point for me to sell you a fancy antivirus WAF protection when your servers, as Mario mentioned, are long, long, long need to be need need to be refreshed. So we need to first understand.

And, unfortunately, people only understand when it's happened to them, not even happened to somebody else. Right. So awareness, yes. If it's a small, medium business, unfortunately, I think it has to come from the top. So it's the same as people in accounting, people in with doctors, they have their own conferences where they need to go to get the CP cut.

That's what they would call them for the doctors. And they explained them about HR hiring, and about different things they need to do. And while we're doing fire alarms testing every month, every quarter, nobody complained about them. It's a necessary evil. So you have to come from there.

And I think it also have to come from the patients. Like, the most important part that I think people need to understand is you're my doctor. You have my records. You know my information that if it goes to the bad guys, probably has them. I just don't know about it.

They can eventually find a way to get to me. So why do I need to hack Robert Herjavec, for example, okay, if I can just find his records in a doctor, and get it through there, for example, and this is what the doctor need to understand. We're talking about privacy, we're talking about data that I supposed to protect legally, because HIPAA tells them you have to protect it legally.

Yeah.

Yeah. Yeah. I mean, one thing too, in, you know, we've through Robin's community, we've heard them say several times an undisturbed prospect will never buy. You know? So if if he doesn't see that there's an issue, it makes it a lot harder.

You know? Like, we we've sat with prospects all the time, and they're complaining. They either got hacked, they lost money, or their IT person doesn't, you know, pick up the phone or doesn't call them or doesn't do anything. It's for for us, we have to kinda show them what is you know, before it happens, what you know, this is stuff. And it's hard because, you know, you can sit with 5 different IT people, and you're gonna get 5 different, stacks, security stacks, 5 different prices way all over the place.

You know? There's no regulation. You know, you know, we've said it before. There's no standard. Alright.

You need this. You need this. You need this. But you can argue with somebody else and say, oh, no. You don't need that.

You can just use this. You know? So that that's the problem. It it's for them, it's frustrating because they don't know, you know, a standard. Like, they don't know if it's you know, it's not like buying a car.

Well, you know you're gonna get 4 wheels. You're gonna get an engine. You're gonna get, you know, you know, if you're looking at the exact exact same models and you're going to different dealerships, you're getting the exact same vehicle. You know, the price is going to be close, maybe different. But the problem is with the IT industry is, you know, you can go to somebody and they're charging $40 a month, you know, for a user or and then you can go to the next person, they're charging $300 per user.

So that's the problem. That's the frustration is that we don't have, like, a standardized, and we've talked about it before, like, a standardized practice or regulation that, you know, everybody needs to follow.

One thing I do love, though, is that we're moving towards a model where we do have that with the the CIS standards, for example, where where we we have these frameworks and whether it's CIS and, you know, we're going to use some of these acronyms, but you've got, especially where today we're talking about a doctor's office, but they in particular are dealing with HIPAA and they're dealing with PCI compliance. Those 2 do have a lot of overlap. So one thing we could do to help this particular doctor or business owners in general is to show them where all of the things that they are required to do, can largely be handled in in one fell swoop if done properly. Would you guys agree with that?

Yeah. I mean, yes and and no. I don't I think this is the biggest problem that we're facing in this industry is that a lot of IT providers coming in and going, here's all the 100 things you need to do in order to become compliant or be secure, when really we should be going in and saying, hey, listen. I understand that this is complex and this is overwhelming. Why don't we treat this as a journey?

Why don't we treat this as something that is not ever going to be finished because it's not something that can be finished. We're going to just implement a few things here today and a little bit more tomorrow and a little bit more the day after. And every month, we're gonna come back or every quarter, we're gonna come back with a couple of little extra things that we can do to improve bit by bit. And if we treat it as a journey, you're never gonna be finished because cybersecurity doesn't change it doesn't doesn't stay static. Criminals aren't saying, they put a firewall up.

Damn it. I'm gonna stop. I gotta find a new career. Born again. Yeah.

They're they're gonna find another way, and and and it's gonna bypass things that we've put in place. And so cybersecurity isn't static. It's always gonna change. And if we treat dealing with a client and say, listen. Yeah.

You want a one and done, but that's just not possible. But let's work on this together over time in little increments versus this big giant project that's gonna take, you know, 15, 20, 30 days, and it's gonna cost you a super fortune. Right? That's my that's my take on it.

Seeing the other part, people understand and be very, very slowly. What does the doctor says? Take it away from me. I don't wanna deal with this. Right.

Basically, he wants a managed service provider. He wants an MSP or an MSP to help him. Somebody that will take it the problems away. He probably paying support or insurance for his water cooler.

Yeah. For whatever it is he he has there.

He doesn't really go and fix it himself. If something happens with his water cooler, he calls someone somebody comes and replaces the water cooler. Not a difference in this case as well. This would probably help happen with others. His medical machines that he has, whatever the devices he has there, somebody coming and replacing them.

So this is the mentality you need to understand. Okay. Let's understand the scope. The problem is when somebody call him every month with a different problem, with a different price. They don't know what is the fair price to pay to do this.

He mentioned he doesn't want subscription. Bullshit. Sorry. He pays subscription for Microsoft, for Google Yeah. Or for his cable, for his phone.

You think they're gonna be different, why? Then it's been you can you buy a magic wand, but this magic wand, you're gonna need new batteries in 6 months. So he doesn't have subscription. People will come and sell him new magic wand. It'll cost the same or cost twice.

So until people don't understand this part or will not wanna open up and they're frustrated, and it will need to happen. Yes. Part of our industries that we all going with gun blazing and say, oh my god. Oh my god. Hackers come to come to to hack you.

They don't understand what does it mean. Well, they need to understand there's there's a basic information they need to do, passwords, patching, hardware that's up to date.

No. But you're right. It it is. And the thing is, honestly, we're we live in a world of subscriptions. I mean, even I read, an article, a few months ago that even car dealership now are starting to do the or they wanna start doing subscriptions for, like, heated seats.

You heated seats, and I believe with BMW, is No thanks. They wanted to start doing heated seats as a subscription. You pay, you know, a couple $100 a year and you activate your heated seats. I mean, Tesla right now. Tesla, I believe, does a lot of subscription stuff.

Yeah. It's also still driving related. Yeah. Like, the thing the autopilot, I can understand why my autopilot is subscription because I need data. It doesn't really change, doesn't adjust to the way I see it.

I prefer a subscription if somebody can just take my car, bring me a new car and do a service. And if I have a issue with the car, just give me a new car and let me continue making money. Yes. Definite, definitely, definitely wants this as part of my leasing.

Yeah.

Yeah. I'm a big fan of, and especially when talking with doctors, it would probably, go a long ways. I'm a big fan of an ounce of prevention is worth a pound of cure. Right? And so what this particular doctor sounds he's looking for is a cure when what he really needs is an ounce of prevention.

Right? Like, he's looking for somebody to come in and just be able to swoop in and fix everything when really he just needs somebody to come in and help on an ongoing basis to make sure that he doesn't have to fix anything to begin with.

So Dustin mentioned about what's the actually, Brian, you mentioned about what's the minimum. So what's the minimum things doctors or small businesses need to have without going nuts? Like, what's the 8 to 20 year olds?

If I had to say what the the the major things that a a doctor would have to have in place, it'd probably be a handful of things. One, obviously, just having endpoint security, some basic updates and maintenance to the applications to make sure that they are always being protected against the latest security flaws found in the software that they're using. Those two things will go a long way. And then lastly, from my perspective from in doctor's offices, I find a lot of doctors have unprotected computers in rooms where patients are alone. And so just securing the actual desktop in a locked cabinet so that patients can't just plug a USB key into a computer and and then gain access, or in in inject any kind of malware.

So locking that computer up.

I'll I'll piggyback on yours. Asset management, so inventory. Yeah. At least basic understanding what is the devices you should have in your this could be computer. This could be medical devices, connected devices.

This could be software that I need to know. And also related to mid of IT maintenance, like, if I have a software, I have a computer, what's my maintenance? How what do I need to replace it? When do I need to pay for the subscription or the renewal for whatever it is? And, also, as you mentioned, if I have computers unprotected, I may have network ports also unprotected in in the rooms as well.

So this is all the basic stuff. Definitely some basic password hygiene to understand how we save passwords, not just on sticky notes. Do we can we have a way to have some kind of password management?

And, you know, one thing I wanna add to that too is, employee education. You know, you you know, you always have to have your employees kinda have, like, some sort of education, what to do, what not to do. I mean, I was at a, doctor's office a few weeks ago with, my daughter. And the it wasn't the nurse. It was just like a technician, that, you know, was helping her.

It was at an eye doctor's office. And she said, okay, we just put some drops in your ear. We'll be back in 20 minutes. And she left, walked out, left the computer completely unlocked, you know, different records and stuff like that was open. And, you know, I'm I'm just sitting there and looking.

I'm like, you know, I've been to doctor's offices where, a, the computer automatically locks after, you know, a minute or 2. Or, b, the employee that themselves, when they're getting ready to walk away. They're they're hitting, you know, a couple quick keys, like Windows key l locks the computer. But they left us, you know, in the room for 20 minutes with the computer unlocked. You know, I could've I, obviously, I didn't, but I could've easily went through and checked stuff like that.

And I actually was sitting pretty close, and I just kinda peeked over just, you know, for the sake of peeking. And I saw, like, oh, yeah. They have an antivirus. They have this. So it looks like there's an RMM installed on there.

You know, they they already had everything down there. But if I was somebody that, you know, wanted to do something malicious, I coulda easily done it.

Yeah.

Give back on this. This is an this is very cool topic. So we have to go RMM. Okay. For people that don't know what's RMM, it's basically a remote way to help you with your device to simplify the idea.

And there was unfortunately a recent hack with a company, forgot the name of the company, through the vendor. The vendor had malicious malicious software and they were able to get to the company through the vendor. We're not gonna name names with the vendors. But my question here, what kind of questions an SMB need to ask the provider to make sure is it gonna bring more problems to the environment because the provider is not kind of securing themselves well. Because if I can hack your system somehow and get to the RMM, I now have access to all the information.

And I think we need to explain to businesses what kind of questions they wanna ask the providers before they sign a check with them to understand they're actually gonna do good job for them and they themselves have a good hygiene as well.

I actually thought, like, was it too many pet podcasts ago? We actually had a guest with us that was actually another MSP that didn't have that happened to them. You know? So we we what was it? Like, 2 episodes, guys?

It was last it was last month. Yeah.

Yeah. And I have actually lost a prospect that I actually sat with. And one of their guys is, like, listen. They come with their own problems. You know, they they can you know, we're worried about us getting hacked.

They have a higher chance of getting hacked. Right? You know? But that is a good point that what are some things that they can do to be protected by working with an MSP?

I'll ask what is their processes. Show me your processes internally. What do you do? How do you train new employees? How do you give them access to my environment?

How do you what do you do with my data?

Yeah. I mean, with us, you know, we we take and and it is it's not a thing's foolproof. You know, we we will obviously have we we won't set up anybody unless the 2 FA is set up on. We have IP, whitelisting. So only, you know, we only people in our office can access our RMM tools.

Like, even if you're working from home or something like that, you have to have a VPN connection into our system, you know, work off a system in here. You know, obviously, have 2 factor authentication for VPN, 2 factor authentication for software and the computers. So, I mean, there are and it it happens. And there believe it or not, there are some prospects that actually do ask those questions.

I think so, Gevgenie, there was a a a lover at it, by the way. But there was in in the MSP subreddit, there was an MSP owner who had been in the industry for, I think he said, 20 years, and a client had asked him, it's not exactly what you're asking, but basically, what are your best practices that you hold me to? You know, what it it's not your process, which is what you said, but what's your framework is more what what the question was posed. And the owner of this MSP gets on the red, and he's like, I don't know. I don't know what my my, standards are.

I don't what are these best practices we always talk about? Let's discuss. You know, and it just further illustrates, like, if we don't understand it ourselves, how in the hell does the owner of a business know how to vet us? How do how do they know that we know what we're doing and that we're doing the right things when it's when it's so highly unregulated? You know, for me personally, that still comes back to standards, and it can be CIS or NIST or or or whatever.

But it can also just be if I can print off and show you these are the standards we hold ourselves to, and these are the standards we're gonna hold you to, and these are the standards we're gonna hold all of our clients to, that at least shows some level of confidence in in the service that they're selling. Does that kind of answer your question, or or is there still a better way to approach what you're asking?

I think it's the answer to the question. I think it's also some examples to explain to customers what what people do. And it's more to be basically give them trust and explain to them that, by the way, we're eating our own dog food as well. We're not just reaching your

Yeah.

Ideas. We're doing the same because it's important for us to make sure your data is secure, our data is secure. Yeah.

100%. And this is I've I've said before, I will continue to say the number one reason that I insist on doing these podcasts is so that I stay sharp, so that I stay up on, you know, what what's the latest and greatest? What's the next thing we have to do? What's the biggest threat today? What's the biggest threat going to be tomorrow?

You mean, on that note, guys, we've talked about AI a lot. You know, we haven't talked about is quantum computing. That's the next thing on the horizon that's gonna break all the encryption out there. So I'm like, Jesus, this is not something one thing that I heard Robert Herjavec say when I was up there, and this was when Internet of Things was just kind of on the horizon. And he was up there.

I'm I'm kinda scared because I'm like, goddamn it. There's one more thing that we have to pay attention to, and he's got this big old grin on his face. He's like, there's no end to this. This just gets the problem. These are my words, not his, but basically, this problem of cybersecurity just keeps getting worse and worse and worse, which means more business for me.

I I I heard that and it kinda tweaked me a little bit. It's true, but it's also, terrifying and and is problematic for our clients. But this is the game we're playing. Right?

Let's think about that, and we'll maybe be a bit geeky right now. Yeah. We invent stuff because it's cool and convenient.

Yes.

If you look on internet protocols, a bit geeky, not very geeky, but SMTP, the email protocol, there is nothing secure in the protocol by definition.

Right.

And it's been around for a very, very long time. Probably about 30 years right now, maybe 40 years. I don't remember. We resigned started to put security on top of the protocol. Browsing, HTTP, same.

Nobody was thinking about security. DNS, same. And many, many, many, even the basic protocols to connect to equipment, like Telnet, for example, by definition, wasn't secure at all. And all was plain text, plain text for people that are listening is basically, if I can capture the data somehow, I can understand and see all your passwords if we don't use it anymore. And this is happening with majority of the cases.

We come up with AI, and then very, very quickly, we we figure out what's the issues and the and the problems that you can do with AI. So we don't really think about security first, when we're doing conventions.

Right?

We're thinking about how great it is, how it's making our life easier. And then we figure out that somebody else can use it for malicious ideas. And now we try to figure out how to secure it. I think there's definitely more awareness right now with new things, but it's still the case. People gonna invent something cool and then figure out how to secure it.

It's an afterthought a lot of times. Kinda reminds me of the rush to work from home. Right? Everybody sent their employees home, and they're like, oh, shit. How do we secure this mess?

A lot of breaches happened.

I mean, is there a reason why we need to have, you know, your your refrigerator and your toaster to be, you know, out on the open Internet? You know? It's cool. I I want a smart toaster or there's a smart oven that I I'm looking to buy because I wanna be able to cook something from when I'm home, but it keeps you rollable. You know?

You don't know what's what's sitting there, what what's on their back end connecting to theirs that gives them a, you know, red carpet right into your to your, to your home or your office.

Yeah. Alright, guys. Before we dive too much into geek speak and we're we're coming up on, we need to wrap this up anyways because, our famous guest has other places to be today. I I wanted Jeff Ghini, if you would, one of the things like like we've I I've already said, the the fear of overcoming public speaking is one of the things that caught my attention in your profile. Tell me a little can is that something that you can just give us, like, a 5 minute synopsis of?

Definitely. Okay. Definitely.

And I think it's cool. So before we go to fear, you mentioned 5 minutes. One of the other issues in the industry is that people cannot communicate and cannot have their idea in a very small chunks. So can you explain what your business done in 2 minutes? Can you explain my my problem in 2 minutes?

Don't tell me stories about the grandpa and what he did 5 years ago and how we got here. Can you just be concise and to the point? So we'll try. Okay?

Okay.

So public speaking, it's actually the second fear after death. Correct. If you don't know, local statistics, not mine. Now what's the problem? In many cases, the problem is there's anxiety that I'm saying something.

People think I'm stupid. People think I'm not intelligence. I will forget what I need to say. Many, many, many different things that if everybody will reflect on themselves, I don't need to explain, they will understand. Now, what's an interesting part?

What's the difference between fear and excitement? If you think about that. Fear, I don't know the outcome. Excitement, I know the outcome. Roller coaster.

We scared and we excited at the same time. We know we're probably not gonna die, but we're still scared. But it's such a it's just so close to each other. If everybody for people to have kids, first time you wanna tell the kid to go on a slide. They're afraid, afraid, afraid, afraid, the moment they go, that's it.

They're gonna go there like 8 hours, no stop. Now they understand the outcome. Why I'm talking about that. Because when you approach to public speaking, you have a fear, but in the same time, you're probably a bit of excited. And if you can translate kind of mind model that you can change the fear to excitement, it's gonna be much, much different.

And, Dustin, you mentioned this before, and I know Mario Brownie probably as well. When you talk to one person, it's 1, 2, 3. The more people you're talking to, the bigger is the stake, the more fear you have, or the more excited you are. Think about this as one pillar. Why?

Because you may be so scared. It's not enough just to tell you. I also need to help you to kind of at least bring the fear down, to calm yourself, to be able to sing. Why it's important? Because if you're very, very, very scared, it's mean you focus is focusing on the on the on the fear.

So let's say we can have couple of focus points in the same time. You can focus on the audience. You can focus on new slides. You can focus on your delivering the information. You wanna focus, are you doing and and and and and you're very monotony.

You're not gonna change anything, and you pitch, and you tone, and everybody gonna die because you're so boring, or you're actually talking more animated. So if you're part of your speech going to the theater from that part of focus, you're taking away all the CPU cycles to watch everything else.

Okay.

What can we do? Thinking about that. When you scare, when you have some kind of anxiety, usually, you heartbeat going higher

Yep.

Because you're there. What if I can mechanically lower your heartbeat rate and almost force you to relax? Example, breathing. Breathing associate with my heartbeat. Usually people breathe from 12 to 15 breaths per minute.

When they scared and exhausted or exhausted, or maybe like running, it's going to 20, 30, even more per minute in some cases. What if we do something simple called box breathing?

Mhmm.

Come from Navy SEALs, come from yogis as well. Basically, the idea is I'm inhale for x amount of seconds. Let's say it's 5. Hold for 5. Exhale for 5.

Hold for 5. And repeat the cycle. My breath cycle right now is 20 seconds. Basically, I move from 12:15 per minute to 3 per minute. Guess what's gonna happen with you?

If you do box breathing for 2, 3, 4 minutes before you're going on stage or before you need to jump on a customer very important meeting, you are afraid will drop by 15, by 10, by 20. This is not me. This is science. You can try it yourself. It's worked like a freaking charm.

I'm trying it right now.

Don't try it right now. You you wanna be by yourself. Okay?

Pass out.

Yeah. You can see my face getting red.

No. No. But you don't have to be half 5. You can do 3. Yeah.

3. 3. 3. You know, this it's still 333. It's it's still gonna be 12.

It's still gonna be, like, 5, 6 per minute. It's still much lower. What happens, you're gonna move your anxiety and your fear down. You're gonna help you to translate this fear and to excitement and actually focus on the other things.

I love that.

So this is one of the frameworks.

One of the things

you can work with yourself. Guess what? The more you do box again, the one both brings just 1. There's another one called 1 to 2. Inhale for 2, exhale for 4, inhale for 3, exhale for exhale for 6.

Same idea. You can do it while you're walking while you're driving. Please don't close your eyes while you're driving definitely. And you can, like I used to go to the washroom, so you can sit in the washroom, just do it like 2, 3 minutes before I present. The more you do it enough in your life, almost every day, maybe when you're doing something, you can mentally bring this idea to your mind.

Even while you present for a second, you almost remember the sensation. Same as you remember maybe the smell of perfume or roses or something that care that cures you. It will almost create like an anchor to bring you back to be more relaxed and be more in the zone. To add to this, let's put a cream on top.

Okay.

Guess what? People tell you, oh, you should really not use filler words. Like it's not very good, but you cannot not use filler words because we use filler words to buy us time to think about what to say. If you pay attention, when you relax and you're talking about something you know, you're gonna have less filler words. When you are more scared, more things on on the go, you're gonna have more filler words.

So by being more relaxed, you actually helping with the filler words. And the best idea is to replace filler words with pauses. Silence. That's right. I'm Evgeny.

I can't do blah, blah, blah. But if I allocating a part of my CPU that now I took away from fear to watch filler words, I can now do the the part as well.

Yeah. Yeah. That people are very uncomfortable with silence, especially when they're the ones doing the speaking. And so

Was it 5 minutes? I I

wasn't there was no stopwatch. Alright, guys. Well, thank you for sharing that, Jeff Gennie. I I love okay. So this is mostly cybersecurity, but we also I I like to end these with just some general advice, business tips, how to be better people, better humans, better, business owners or whatever.

So, you know, we're we're moving into now I'm noticing all my filler words, by the way. We're moving into a world where we all pretty much have to become public figures if we you know, in in business, we've talked a lot today about how do we get, you know, transfer to our clients or our prospects, that we're going to take care of them, that we're going to provide them the things that, you know, that they're writing the check for. But in the end, they don't know our language and we don't know theirs. That is a fact. And people do business with those that they know, like, and trust.

And so if you really want to increase your business, you've got to be liked, you've got to be known, you've got to be trusted. And, you know, so that's why I kinda wanted to talk about this. We all have this built in fear of public speaking, and yet it is becoming a version of survival in the business world. So thank you for that. I appreciate it.

Guys, we're gonna go ahead and wrap up. We will give, I'll go around the room, give everybody, we'll we're gonna call it 42 seconds. I will be running a clock to summarize your key takeaways, your final thoughts, final, introduction, how to contact you if you want, and then we're gonna close this up and be back next week. And I'm gonna pick on you, Mario, to go first, then Brian, then Jevgenie, and then I'll wrap it up. Go ahead, Mario.

I mean, my biggest takeaway is to pretty much set up the prospects, but set up the the person you're speaking to with more information, you know, like, make them understand why, you know, your solution is not necessarily better, but why they need it. You know? You have to educate. And the best way to sell something is to educate somebody. You know, that's why a lot of people love social media, like TikTok and Instagram and stuff like that.

You know, I'm one of those people too. You know? Like, I've worked with vendors that I've seen online. It's just educating, you know. If somebody's educated, you wanna work with somebody that knows that they need your service, that they know what is it that they need, what is it they have, and what is it they don't have, you know.

So sometimes you gotta just, you know, educate somebody, and then one day, you know, they'll they'll come and and talk to you and have an intelligent conversation with what you you you do and what you work, you know, sell.

Alright. Brian?

So my biggest takeaway is, okay, twofold. 1, as we're talking to business owners here, I'll I'll speak to directly to our our our business colleagues, and that is, if you are dealing with an IT provider who is not communicating with you in a way that talks about outcomes and business impact, and they're just talking about, you know, cybersecurity and, all the things you need to do to your network, and they're talking tech, bring it back to what are the impacts? How is this going to impact me? What what what kind of results could I see out of this? Or what what will what will it prevent?

If I'm talking to, other IT providers, then stop talking about technology and start talking about the actual impact it has on the consumer or the businesses' systems in the sense of like what is the business impact versus what is the technical impact, right? If we don't do this change for this server, what is the impact? What could happen? So that's the conversation that I think we all need to start having is what is the what is the impact that's gonna have on your business versus, all these technical things we have to do.

Okay. Sounds good. Jovgini.

I'm gonna continue the idea of communication with people. I think we need to learn and explain to people that people all learn and consume information differently. Yeah. And this is part of your role as a business owner to communicate with the people in the ways they understand, in the language they understand. And if it's a visual, if it's an audio, if it's kinesthetic way they understand, ask them.

And how do you ask them? You actually ask them to guide you. So don't be afraid to ask customers to guide you. What's the better way to explain your ideas? And also don't be afraid to guide the customer as well, Mr.

Customers can guide you. Let me give him 2, 3 minutes. I'll explain how it's working. And where we go and we can go in a different way. So this is one part that is definitely definitely important.

2nd part, feel free to connect me on LinkedIn, Evgeny Karam, as you see here, if you're watching the video, if no, Evgeny kharam. Please go to soft skills. Tech if you wanna check the book about soft skills at technical sales. A lot of the ideas I discussed today come from the book or into the book and definitely as much, much more. There's also blogs there and audio book just came out in December as well.

Perfect. Devgini, by the way, well, mostly for for the audience. I will have your information linked both on our podcast website, unhacked dot live, and then I I put a page up for each episode on my own business website, and I will link your information there as well. So listening audience, if you'd like to get ahold of Jayv Ginnie, just go to unhacked dot live, pull up this episode, and, his contact information will be listed there. Thank you.

Thank you. Thank you, Jeff Guinee, for being here. Brian, Mario, always a pleasure. And, you know, I'm gonna sign off with a very simplified framework that I like to use for you know, if if I'm a business owner and by the way, my takeaway here is introspection. It is why I'm here.

It's why I do the podcast because it does teach me how to be a business better business owner and business leader. And if I put myself in the shoes of a prospect, I have no goddamn idea what you guys are talking about. Here are 3 things I wanna know. Are you protecting my people? Are you protecting my data?

And are you protecting my technology? And if you can simplify it in those terms, then I'm gonna understand that at least we're on the right path. Nothing's a 100%, so we're gonna wrap that up with good policies and procedures and a solid cybersecurity insurance plan. That's the way I would frame this. Guys, again, thank you for being here.

We will see you all next week. Take care.

Bye.

You?