48. I Hate the Cybersecurity Industry with Dave Sobel of The Business of Tech Podcast
Welcome everybody to episode 48 of Unhacked. I am here today with my usual cohost Mario, and, of course, we've got a special guest. I'm gonna introduce him here in just a second. But, guys, like I say, every week, Unhacked is a bit of misnomer because pop quiz, Mario. Once you've been breached, can you in fact truly get unhacked?
Mario Zaki:False. You cannot get unhacked, Justin.
Justin Shelley:You're at a % correct. Good job on the test. Guys, the truth is 97% of the breaches that we talk about that we deal with, they're preventable. And all you gotta do is follow basic security measures, you know, and and we do. We dissect these things and that's what we find time after time after time.
Justin Shelley:But in the basics, you're largely going to be okay. There's that little gap, the 3%. We do have to have contingency plans, incident response plans, insurance and that sort of thing. But largely, this is a preventable process or a problem. What we do not want to do is try to fix it after the fact.
Justin Shelley:That's where we try to stay clear out of that. So, here we are. I am Justin Shelley, CEO of Phoenix IT Advisors. I prevent the Russian hackers, the government, and the greedy attorneys from taking your money. That's what I do.
Justin Shelley:I do business with clients in Texas, Utah, and Nevada. And again, as are always here with my good friend Mario. Mario, say hi, tell people what you do and who you do it for.
Mario Zaki:Mario Wozaki, CEO of Mastech IT located in New Jersey. And I do everything he just said except I do it on the East Coast. You know, we we help our clients. You know, we work with medium to small businesses in the Tri State area, you know, stay safe and sleep better at night.
Justin Shelley:Such a missed opportunity because I thought you're gonna say, I do everything he said, but better.
Mario Zaki:I would never do that to you, Justin.
Justin Shelley:Reminds me of a Broadway song or a Broadway show or whatever that we're not gonna go there because I don't I don't do that. I don't watch Broadway shows. That's silly. Who does that anyways? Today, guys could not be more excited to introduce our guest.
Justin Shelley:Dave Sobel has his own podcast that he's been doing for a hot minute and this one's called the business of tech. Dave, thank you for joining us.
Dave Sobel:Justin Mario, I'm so excited to chat with you guys today. We're gonna mix it up and have some good times.
Justin Shelley:It's always the hope. Listen, Dave, I I rely on you quite a bit. Your your podcast is full of industry industry trends. I can't talk though. I had that problem last week.
Justin Shelley:I don't know. I need to go speak as speech therapist. Statistics. And I'm not gonna lie, Dave. I I listen to your show while I'm working out on the treadmill in the morning by working out like be go easy guys.
Justin Shelley:I'm walking most of that. I do run a little bit, but my brain hurt because you're like rapid firing these statistics and it's number after number. And I'm like trying to take notes and sometimes I, I have to hit pause and I go grab my computer and I'm writing stuff down. But I love your show because I do come up with a lot of great new ideas for my own business. So with that, Dave, I'm going to read a little bio.
Justin Shelley:This is stuff that I'm not going to lie, I pulled right off your website. Here we go. Dave Sobel. I'm saying your last name, right? Yes.
Dave Sobel:You're right. You're spot on. Sobel.
Justin Shelley:I usually check that before we hit record. Dave's a leading expert in the delivery of technology services with broad experience in both technology and business. My two passions, not gonna lie. He owned and operated an IT solution provider and managed services provider for over a decade, both acquiring other organizations and then eventually being acquired himself. This firm was a winner of multiple awards, including Kaseya's that word cutting edge and ConnectWise's best new idea, as well as being a finalist in Microsoft's Worldwide Partner of the Year, holy hell, in the small business specialist category.
Justin Shelley:After his MSP experience, he worked for multiple vendors at companies like Level Platforms, GFI, LogicNow, SolarWinds. I bet that was an experience. Were you there for the big the big breach?
Dave Sobel:I left two weeks before they were released.
Justin Shelley:Lucky man. Lucky man.
Mario Zaki:So they didn't I'm sure they suspected you.
Dave Sobel:It had nothing to do with it. Oh,
Justin Shelley:we've got the guy right here.
Mario Zaki:Come and get him.
Justin Shelley:Jesus. Anyways, you you lead community event marketing product strategies, several M and A activities. So here's the thing, guys, when I when I introduce guests, I'm starting to develop a complex. I've heard it said, if you're the smartest person in the room, find enough different room. I don't have that problem here.
Justin Shelley:We just find better and smarter guests. So again, Dave, thank you for joining our show. Mario, do you have any questions or thoughts for Dave before we get into our topic?
Mario Zaki:Well, first I wanna say out of all the guests we've had, you definitely have like the best background, best lighting, like, you know, I I love it. I love it.
Dave Sobel:Thank you. I always say I would be bad as my job as a full time podcaster YouTuber if I looked and sounded bad.
Justin Shelley:Truth to that.
Dave Sobel:I do this for a living. You should look and sound good.
Justin Shelley:Well, real quick because you said it, Mario, we gotta know what's behind you. What is that is that an old Mac in on one side, or is it just an old CRT monitor? What do you got back there?
Dave Sobel:Oh, good eye. So on this side, that is an Apple two GS. Oh, that's an Apple. That was what was in my high school that I learned to program on. And this other side is a Commodore sixty four monitor, the original ten eighty four.
Dave Sobel:It's got the breadbox right behind me. The monitor is my original childhood monitor. Wow. Although the breadbox is the one I got as an adult. I have my original one twenty eight d that I grew up with.
Justin Shelley:Dating yourself. You're dating yourself.
Dave Sobel:I am. You can figure everything out just from just from those details.
Mario Zaki:So, Dave, tell us tell us about you. Tell us about the show, you know, the episodes. Tell us. What?
Dave Sobel:So I'm five years in on being a full time podcaster. As I had my run as an MSP, I had a run as a on the vendor side. And each evolution of my career has always been about, like, what can I do differently to learn more and immerse myself more in the world of managed services, IT services? And I tend to use IT services more because I view it broader than just thinking about it as managed services. And I looked around the space five years ago and I sort of said, you know, I don't think there's anybody who's doing a really interesting thing independently to bring insights and expertise literally to guys like you, like who run MSPs and IT services.
Dave Sobel:You need an independent analyst who works kind of for you as a voice to to to bring news and bring insight. There's so much stuff that you've gotta keep up with that I spend literally my whole days doing. It's digging through all the news, sorting through it, and trying to make a determination of what do you care about. And every day I ask the question, why do we care for the stories that I put together? So that I hope, as just you outlined there, like, you can listen for ten minutes a day and get, hey.
Dave Sobel:These are the things that an expert in this field thinks are important to me.
Justin Shelley:And that's always when I jump off the treadmill is when I hear that oh god. Now I'm gonna forget the question. Why does it matter or why is it important? I know the graphic. I know what it sounds like.
Justin Shelley:I'm like, oh, Greg. Grab the pin. Grab the pin. No. Good stuff.
Dave Sobel:Good stuff. And by the way, all of my stories are online. You go to businessof.tech. You don't even have to write it all down. You can listen and then go to your desk and get them all as written versions on the website.
Justin Shelley:It is true. But when the when the magic's flowing in this brain, like, I don't have time. I won't I won't remember what it was I wanted to go look for. So
Dave Sobel:Fair enough. Well, then then it is the highest compliment that you use in there. Someone takes notes from my podcast.
Justin Shelley:Yeah. Do. I do. Alright, Mario. Any other questions for Dave before we jump in here?
Mario Zaki:No. No. I love it. I love it. Well,
Justin Shelley:actually, do have one more. So I kinda mentioned before, what I love about doing my show, the the Unhacked podcast, our show, is that I learned this this process, I have gained more insights and learn more about my own industry and and doing this podcast than anything else I've ever done in my life. So I I absolutely love it. It shapes my business. It shapes my product delivery, my service to everything that I do.
Justin Shelley:It's some way I can track back to here. I didn't expect that. So I started doing this as a way to market. I thought I wanted to, you know, build trust, whatever people do business with those they know, like and trust. So I'm like, everybody's got to see my face.
Justin Shelley:They've got to know who I am. They got to trust me. They got to like me. I didn't expect to come out of this like having it shape my business the way it has. So Dave, in in your five years of doing the business of tech, what what would be like a surprise benefit that you've gained through that process?
Dave Sobel:It's a lot it's a lot of that. So it's kinda twofold for me. It's just I learned a ton. Right? And and my I have guests on weekend episodes.
Dave Sobel:So, like, during the week, it's news stories. I do a live show on Wednesdays to get, like, other journalists and analysts on, and we riff on topics. And on the weekend, I release an interview episode. And the interviews are always around like, I don't know anything about that. Right?
Dave Sobel:And just and I learn like, that's when I have somebody on it. I just ask all the questions of like, well, I wanna know more about how this thing works or what this thing does or what your strategy is. And so I learn a ton from that. The other piece about it is is that I I am enjoying in a way being a customer again. Like, I run a media company.
Dave Sobel:If you think about what my business is, I am an end customer in, like, the ultimate way. So I get to implement these technologies again in some really interesting ways, and I feel the pain of being a customer by having, like, I have a I have back end data, and I've gotta secure all this stuff, and I've gotta build workflows. And it's it's kinda nice to reground myself in being a customer again.
Justin Shelley:Oh, sorry. Go ahead, Mario. Then I'm gonna segue.
Mario Zaki:Now do you do you feel like you get influenced by, you know, vendors or, you know you know, per you know, somebody trying to promote their product or, you know, trying to get you push anything.
Dave Sobel:I have a pretty aggressive bullshit meter. And, like and and so and I also I lean really into transparency. Like, on my website is an ethics statement about, the way that I approach everything. I make sure that it's very clear who my sponsors are. Like, know exactly who the companies are that pay me.
Dave Sobel:I list them. I even list my small shareholders. Like what I don't still. So I hold some stocks still in Enable, and SolarWinds based on being an employee there. And I disclose that on my website that way.
Dave Sobel:And every time I mention them, I disclose that I'm a shareholder. And so from my perspective, it's it's okay to have biases. You just have to be super transparent about it. Mhmm. And so I want you to know, like, which vendors write me checks.
Dave Sobel:It's not a bad thing that they write me checks. You you just need to know which ones they are. Right? And that that way when I make an analysis and I provide something to you, you can judge that about the way that I think about the market based on the way that I make money. So I am super transparent about all that, and I think it works out really well.
Dave Sobel:Frankly, I hope the audience respects it, but I also know that the vendors who work with me really respect it too. The ones that embrace that know that, like, we're not buying coverage. We're literally just buying ad spots on Dave's show. He's gonna say whatever he wants.
Mario Zaki:Alright. Cool.
Justin Shelley:On that note, full disclosure and transparency, can you let us know when you will be acquired by Kaseya?
Dave Sobel:So whenever they bring a very, very large check. Right?
Justin Shelley:Like So you are open to negotiations.
Dave Sobel:Okay. Every every business owner, of course, should be. Like, I mean and I mean I mean, like, those from the the Silly's perspective and also from the, like No. Yeah. That's what you build a business to do.
Dave Sobel:Right? Either to run it and generate cash for you or to generate value for an exit. Both are okay. I never blame an entrepreneur, like, for selling the Kaseya. Right?
Dave Sobel:I never blame them. Now I will totally talk smack about strategy about an organization post acquisition. Right? And what they do with
Justin Shelley:that. Right.
Dave Sobel:But you know what? Entrepreneurs, go out and make your money. You gotta have an exit strategy for that. I totally will respect that.
Justin Shelley:That's the game. I mean, honestly, I've I've started kind of, again, shaping things. I look at this podcast as a way to help people build wealth and keep it, you know, and and that is the game. That's it. That's all we're here to try to do.
Justin Shelley:Mario, you try
Dave Sobel:to say something. Right? Yeah. And there's a guy I mean
Mario Zaki:Yeah. Sorry. Sorry. Go ahead, Dave. Go ahead.
Mario Zaki:No.
Dave Sobel:I was gonna say the rules are transparent. Right? Like, that's that's the game. And and so you kinda have to judge that stuff from two different perspectives. And I'm like, you like, I'm not a particular fan of Kaseya's acquisition strategy, but by the way, they're good at it.
Justin Shelley:Oh, they are. That's that's their one strength.
Dave Sobel:Yep. You know, respect. They they they they know what they're doing. They run a strategy. They wanna run it.
Dave Sobel:They execute well against it. I don't necessarily agree with it all the time, but that's what analysts do. And you, the consumers, get to choose what businesses you wanna engage with based on their strategies.
Justin Shelley:Right.
Mario Zaki:Yeah. And the problem is that we have with companies that get acquired by like this, like they've acquired a couple of companies that I've been working with for a while. And I'm all about, okay, you buy this product, good for you for selling, getting top dollar, but it's a great product because obviously somebody wanted to buy it. Don't freaking let it go down the toilet. You know, like that and that's that's the problem is sometimes we feel like the product has gone worse and the price has gone up and now you're locked into a longer term contract.
Mario Zaki:You know, if you're gonna buy it and improve it or buy it and grow it, you know, even more
Dave Sobel:Mhmm.
Mario Zaki:Then I'm all, you know, I'm all for it, you know, especially if it's something that I was with from a long time ago. You know, unfortunately, sometimes you you know, it's being they're acquiring these companies that were doing great. And then the support and the service and the product itself has gone down to shit, you know, you know
Dave Sobel:Exactly. And that's yeah. So we could we can go I I don't know where you guys wanna go. We can
Justin Shelley:go deep on I I opened a can of worms. Let's shut this down. Let's get back to because, yeah, we could we could go this this way all day long. Dave, as we were prepping for this episode, you said something that caught my attention, threw me off guard just a little bit, but intrigued me. You said, and I quote, I hate the cybersecurity industry.
Justin Shelley:Do you remember saying this?
Dave Sobel:Oh, totally. I I said this is so me. I do. I hate the cyber security industry. Like aggressively hate it.
Justin Shelley:Well, Me too.
Dave Sobel:Listen, I'm
Justin Shelley:I'm feeling personally attacked right now. So I'm gonna need a minute to never mind. Alright. So before we dive into your reasons, I I want Mario and and myself both to kinda talk about our perspective on this because listen, I've said before I didn't get into the cyber security industry on purpose, but here I am. You know, I got into this because, by the way, I started with an Apple two e, that's why the Apple really caught my attention.
Justin Shelley:And I loved circuit boards and modems and sound cards and what do they call it Apple basic? Was that what it was called? The
Dave Sobel:I think it was Apple basic. Good good call.
Justin Shelley:The first language that I learned to write code in. Loved it. Anyways, now I'm in a whole different world that I did not foresee. So I could talk about my own reasons why I hate this space. But I do actually love what I do day in and day out.
Justin Shelley:Now Mario, I want you to talk about what you've seen with your clients. If if you put yourself in their shoes, because again, our show and Dave, your show is to guys like us. Our show is to our actual end user client, which now you've become. So I guess our show is for you. It's all circular.
Justin Shelley:Yeah. Mario, what what do you hear on the streets of what people hate about our industry and any firsthand experience you've got with your own clients or prospects?
Mario Zaki:Yeah. I mean, for me, it's you know, I have some clients, you know, Justin, you know my story. I have some clients that have been with me for twenty years. And they were with me when I was working out of the house, working, you know, out of the car, you know, just, you know, everything would go either, you know, through my Nokia twenty one thirty that, you know, I'd get a phone call from and tell them, okay, I'll be right there. I'll be I'll see you there, you know, in forty five minutes, you know, and I'll go there just to like help them out with a printer or something like that.
Mario Zaki:And I was so excited when I discovered VNC Viewer that I can remote into their computers. And, you know, once I fixed everything, I would send them a bill and wait for the phone to ring again. And a lot of people, you know, to this day still like that model. And in our industry, we call it break fix. Right?
Mario Zaki:Something breaks, we fix it, we build them. The biggest transition from, you know, from being, you know, protective and, you know, prevent you from getting hacked is being proactive, you know. So you have to install like, you know, antivirus this and back up here and do all this stuff and it it becomes a monthly expense for these business owners where, you know, a couple years ago or when they first started with me, you know, we would install like AV, AVAS free antivirus and I'm dumb. You know, you're good. There is no charge, you know, whatever.
Mario Zaki:But now, you know, they're talking about hundreds, if not thousands of dollars per month. And that's why, you know, they, you know, they feel like IT is now just an expense. It's like, you know, your utility bill and your IT bill and your rent and stuff like that. Where before, it just like, okay, well, we know somebody when something happens and we need you know, we'll call Mario. He'll fix it and we move on with our day.
Mario Zaki:You know, now it's not like that, you know, and that's where I see, you know, a lot of people, even to this day, new, you know, customers that we talk to, they're like, oh, can I just pay you when something happens? Like, it doesn't really work that way anymore.
Justin Shelley:Alright. So I'm hearing you say we now sell insurance instead of a a tangible product. Exactly. Dave, if if you'll step into your time machine and and go back all the way back to the early two thousands when you were in the world of MSP, what was it like back then? Was it was it a similar what what did people hate about the industry when you were working at
Dave Sobel:Well, so a lot of the same thematic stuff is still true. Right? Now when I started, like, an Internet connection was new. Right? Like, you a lot of businesses were just putting those in.
Dave Sobel:We got a lot of servers on prem. Right? There was a and it was a lot of making the basics work. Hey. We can connect you to the Internet.
Dave Sobel:We can get your email working correctly. We can get you data sharing. Like, I remember lots of printer problems. Right? Like, the kinds of things that that, like, were very basic and fundamental.
Dave Sobel:And the worst things that happened from a security perspective were either, like, a user would delete something or some piece of hardware failed and we had to restore the data or, you know, the old days of, a virus or a worm where, like, you were just offline. Right?
Mario Zaki:Like, it
Dave Sobel:was a denial of service style attack where it knocked you out of commission, but, you know, then you were then you were back up again. And the the major change and I I don't wanna start my statement of the of this is like, look, criminals are the reason this is we have a problem.
Justin Shelley:Right.
Dave Sobel:And you've gotta start with a headline. And we talk about this in way too soft terms, you know, threat actors and, like, you know, like, like, in all this BS where it's like, let's call it out. Bunch of criminals have made their life bad. Right? Like, gangs of organized crime are are, like, ravaging businesses.
Justin Shelley:Yeah.
Dave Sobel:That's the headline. And I wanna acknowledge that before I start saying some things about the industry. Be like, hey. We're not spending nearly enough time fighting crime. Like like Right.
Dave Sobel:But by the way, I didn't get it and it's just like you guys, I didn't get into this space to fight crime. Right? Like, I got into this to, like, help people with their tech and do cool stuff and, like, help them grow their business or, you know, I I love the days of building websites, right, where we help them online. I I like, we build ecommerce platforms and we like enabled them to communicate in new ways. Like, that's why I got into tech.
Dave Sobel:And and so for me, like the first thing I have to say, like, and and I'm I wanna preface this with sort of three basic examples. The first is this is because of criminals. We have this problem because of criminals. We don't talk about that enough. And the second is is I have mad respect for security researchers and literally guys like you guys that are trying to help cut like, try just trying to keep customers, like, from going on fire.
Dave Sobel:Like, is
Justin Shelley:Yeah.
Dave Sobel:Is that this people don't become security researchers. Like, they come because they're they don't go into necessarily make mad cash. They go into, like, because they love the tech and they wanna solve things and they wanna fix problems. Like, these are really smart people that work on it. And guys like you guys are out there, like, trying to help customers do right.
Dave Sobel:And you're put in a position where you're kinda squeezed on both sides by criminals on one side and the cybersecurity industry on the other. Right? And so we'll get to that in just a second. My third statement is is I don't want any of my conversation to be an out for people to say you can't you don't have to do basic hydrate hygiene. Like, for the same reason that I think, you know, you need airbags in your car, you need a lock on your front door.
Dave Sobel:Like, come on people. Like, some of the stuff that I see around passwords and around the bit like, the basics of technology, like, I'm not gonna give anybody a pass on the basics. If you're gonna use these things, you do have to understand the basic functionality around them and use them correctly. So I I'm gonna wanna acknowledge, like, basic hygiene. Okay.
Dave Sobel:Now we've said all that stuff.
Justin Shelley:Here it comes.
Dave Sobel:Well, let's let's think about let's think about the model that we've we've created. What we've done is on one side, we have criminals. K? We can completely say bad actors, but at least they're honest about it. Right?
Dave Sobel:They are just out to take your money. Yep. On the other side, we have security vendors who sell products and sell technologies with zero embedded liability on their behalf. They take no risk. Mhmm.
Dave Sobel:I could give a security vendor infinite money. All of the money in the world. The giant Scrooge McDuck pile of money, I could wheel it up to them and say, give me everything. And the only thing I will get is, well, we've done a great job with risk management. We think we've reduced your chances if something happened.
Justin Shelley:Yeah. Yeah.
Dave Sobel:And it it's like, okay. They're not wrong. I totally get it. But essentially what they're doing is both sides of the equation are taking money from the customer. Yeah.
Dave Sobel:They just they'd start. They're just taking it with criminals saying what they're trying to do and the other side with no investment at all. And on top of that, we have security security create like, sorry, software vendors, like the people that just make software who also have no liability when something goes wrong. Right. Just none.
Dave Sobel:Any other industry, we would be having real conversations about defects. Let's talk about cars. If I roll a car out there with a massive defect and somebody get you know, there's there's damages around there, I'm writing checks.
Justin Shelley:Oh, yeah.
Dave Sobel:You know? You're in the pharmaceutical business. You do you launch something out there and it's flawed, I'm writing checks. Like, you know, but but in software, nobody ever writes check for customer damages.
Justin Shelley:Well you're bringing up a good point that I hadn't thought of. You talk about no skin in the game, so Mario and I in our world is vetting these vendors you're talking about and rolling them out and then supporting them. Now, we're the guys with skin in the game. When things are
Dave Sobel:bad
Justin Shelley:You're
Dave Sobel:one who's the rich.
Justin Shelley:Exactly. They're coming to us and saying WTF, you know, like you guys have the check. I can prove that I paid you. And and really what what do we get to do? Well, yeah.
Justin Shelley:But you know that vendor we we bought the stuff from, they're the ones that screwed it up. Our our clients don't care.
Dave Sobel:Right. Why do why are the vendors not required to offer risk sharing models, particularly when they're literally in the protection business? Right.
Justin Shelley:Yeah. I mean, I always
Dave Sobel:love it. There's a so I use I use a popular security product to protect my endpoint.
Justin Shelley:I will
Dave Sobel:not name the vendor because I don't. Right? And every single day when I boot up my machine, a big giant pop up says, you are safe. And I look at it and I wanna punch it in the monitor because because it says this, but it has made no promise to me at all. It says I am safe, but if something happens, I'm not getting a check from them.
Justin Shelley:No. Well, okay. So there is one of these unnamed vendors who Yes. Got my attention by claiming a million dollars of coverage if you should get breached. And then you look at the fine print and it's impossible.
Justin Shelley:So they're they're they're claiming to have skin in the game with a disclaimer that removes them completely from all risk.
Mario Zaki:Well, I mean, technically it's like that million dollar policy is a maximum of $1,000 per computer, and all these check marks have to be enabled and in place for them to be liable. You know? I don't know if they ever paid an a dollar
Dave Sobel:to be honest with the Peanuts character. Right. Right. Like, it's it's a like, it's a marketing gimmick. Right?
Dave Sobel:There's no actual skin in the game. If I you know, I can't take them to court and say your product was defective and you are responsible for this in the same way that I can do that for a lot of physical products. And I just wanna observe there is tons of VC money flowing into cybersecurity products. Yeah. Right?
Dave Sobel:Because they know they can extract money out of the service providers like you and end customer. Now by the way, see above, this does not let the customer off the hook from some responsibility for the current situation. I'm just observing that by the way, until customers and service providers start telling vendors, no. No. Like, I'm just not buying more garbage.
Dave Sobel:Especially when like we let's go into like sort of the second part of this is the why is the Internet that I get that I buy, why is the only version the gross one? So Yeah. Think about think about what gets wheeled up to my business. Right? You wheel up to me to connect me to the Internet with this giant pipe of gross, of everything, right, of the whole thing.
Dave Sobel:I don't have an option of anything else. Right? I just get from you this giant sludge pile, which is the entire raw Internet, the whole thing. Right? The North Koreans aren't blocked.
Dave Sobel:The Russians aren't blocked. All those VPN providers out there aren't blocked. Like, why is this stuff the only way I can buy this by default, the gross version? If the sewer if the water supply came up to me where it wasn't filtered and clean, I'd lose my s, right? If the electricity was unregulated and came in and I had to check my voltage continually to make sure it was level and put all that stuff on my point.
Dave Sobel:If the gasoline that I bought at the the station, I had to check it all the time continue like all of the other products, but the internet, I can only buy it in the raw sludge version.
Justin Shelley:Because Murica, because free speech.
Dave Sobel:Oh, by the way, not even that. But let's but hold on. Let's so I'm not calling for a government solution. I'm literally saying, commercially, why can't I call up my ISP and say, no. No.
Dave Sobel:No. No. No. That's your problem. I don't want all that stuff.
Dave Sobel:I just want the clean one. Like, check the checkbox by default it can be clean. And if you want all of it, totally cool. I'm not saying the government needs to get involved because by the way, that's messy and I don't think that's the solution. What I'm saying commercially is why can't I buy the version that's better?
Justin Shelley:At an ISP level. So I mean, we can put firewalls in, we can geo fence, we, you know, we can content filter, we can do a lot of what you're talking about. But they can do better. You're you're saying take it up a notch and and you know, from a provider level, from an ISP Right.
Dave Sobel:They can do they can do that for me. Yeah. Why why is why do I why particularly, let's think about this from a consumer and a small business perspective. Right? Like an enterprise may have a different but let's think about the tip you know, a typical small business as well, like 20 people.
Dave Sobel:Right? Like, sort of typical. Right? Why can't they just buy the version that's simplified? That, like, lets them get their business online and gets to the common stuff that they would need.
Dave Sobel:They don't need to talk to Russia or North Korea or Iran or, like, all like, or all of the VPN endpoints that are out there. Right? And by the way, not saying I'm making the problem perfect, but I do take away an awful lot of the pain.
Mario Zaki:Yeah. Because I I think I I think it's it's you're gonna eventually put somebody out of business. You know, those big firewall companies and stuff like that. They're like, no. Well, you know, why?
Mario Zaki:Don't do that. Don't do that. We, you know, we will
Justin Shelley:fake money. Just don't buy
Mario Zaki:our product.
Justin Shelley:Don't make
Dave Sobel:me mute you. So the but this is but you so you have exactly hit on the why I don't like the industry. Right? Because it's a bunch of people that are all trying to take money from the customer when we could solve this better. Let me let me make another observation of this.
Dave Sobel:Why are we still all using SMTP?
Justin Shelley:Oh, boy.
Dave Sobel:Like like, why? It's a forty, fifty year old unauthenticated technology to transfer mail? Like, why is that the baseline of it? If Microsoft and Google both decide to build secure email into the products that they sell us as basic email, the vast majority of problems go away. Right?
Dave Sobel:Yeah. We could authenticate them. By the way, you can have both in the same inbox. These are authenticated and these are not. Like, you literally could do it that simply.
Dave Sobel:And anybody tells me, oh, it's embedded all this technology. We got rid of AM in favor of FM. We got rid of STTV in favor of Let's
Justin Shelley:say AM and FM. I mean, I haven't listened to those in so long.
Dave Sobel:Well, we we moved technology because they get better. Mhmm. But heaven forbid, we get rid of the critical SMTP.
Justin Shelley:Okay. Well, let me push back a little bit. We kind of are doing that through Teams, Slack. There there is a little bit of a shift away from email at large. Not now I know you're talking about protocol.
Dave Sobel:And to be fair, and by the way, to be fair, Google literally as we're recording this earlier, announced that they're gonna start doing encrypted email as like part of the basics of their Google worksheet. So like they're building it, they're starting to. I'm just saying we have the we don't have this thinking of let's go back to basics and solve the part of the reason, I wouldn't say Teams or Slack or these things because they're not interoperable. Right? The point well, the point of email is is that it is the one true interoperable system.
Dave Sobel:And I think we need an interoperable system. But perhaps we take a moment to think about waking one that's also secure. Yeah. That also like is
Mario Zaki:I mean, I'll take it a step further. I think Microsoft, you know, can do can put something together. Now I don't want them to necessarily do this, but, you know, I think Microsoft can do something and say, you know what? You can't encrypt our stuff anymore. You know, if Microsoft comes out and says, that's it.
Mario Zaki:You know? There's this cannot be encrypted anymore. You know? That puts a lot of companies out of business. You know?
Dave Sobel:We'll give yeah. Again, give customers the option. We're let's put put our everything should be we've we've lost the script on being customer centric with the way that we approach this problem. Right? We have to solve these problems for the customers and fight the criminals.
Dave Sobel:Mhmm. That's the thing we're supposed to be on the mission to do, not put more money into cybersecurity companies' pockets.
Justin Shelley:I mean, what what I'm hearing you say is that we're just playing defense.
Dave Sobel:And Well, we are just playing defense.
Justin Shelley:Should start playing a little offense.
Dave Sobel:I would please. Yeah. Like, absolutely. Like, like, we need to start playing some offense here because it's never gonna get better
Justin Shelley:No.
Dave Sobel:If we don't if we are continually in a reactive mode. You've hit it exactly right. Like, I wanna look at this from the perspective of, again, let's make it better for the customers. And in some ways, we're just gonna have to make some big changes to make things better for them.
Justin Shelley:Yeah. I mean, honestly, so you're talking about technology and what I would love to see in kind of the same concept here is way better proactive prosecution globally of the criminals, the thugs that you were talking about before because this isn't just like insurance and I relate this a lot to insurance, but insurance generally speaking is against natural disasters. We're talking about fire, flood, earthquake, tornado. That's what insurance is supposed to be for, not thugs. I mean, is to an extent because we have, know, like somebody breaks into my house, but
Dave Sobel:But we do but we do things to to promote the public safety. Right? Right. Right.
Justin Shelley:And we prosecute those bastards, know, we we know how to go after them when we do.
Dave Sobel:I say this all the time. If the stuff that we did in cybersecurity was physical, people would be in up in arms. Right? Like, when the the US treasury was broken into Yeah. By foreign actors, and we're not all freaking out about this.
Dave Sobel:Like, you know, is, like and and you know there's and I could by the way pull tons of incidents like this where we don't have the same reaction that to something that's physical and part of it, I'm not saying this is all of it but I think part of it is is that we talk in such soft, wishy washy, dumb down militaristic threat actors and vulnerabilities and all of these terms that genericize it but also take the emotion out of it. And, you know, the reason I've said criminals so many times is to reinforce that this isn't, you know, this isn't just some generic, you know, thing out of it. These are humans doing bad things to us.
Justin Shelley:I'm taking notes. I told you.
Mario Zaki:This is, you know, like a long time ago, you used to have to, you know, run an antivirus and you just people would program something that would mess up your computer, you know, like, make you have, like, have a bad day. But it didn't really you know, was inconvenience. And there it was bragging rights for them. You know? It's like, I I spread to, you know, a thousand people and I corrupted, you know, a thousand windows computers or whatever, but that was it.
Mario Zaki:You wipe out your computer, you reinstall and you move on with your day. Now, they're wiping out elderly bank accounts. They're they're wiping out companies. They're literally putting thousands of people, you know, out of business, unemployed, like there's no recovering. And for them, it's like, all right, you know, I I hit my commission for the month, You know?
Mario Zaki:Right. Yeah.
Dave Sobel:You know, and and so, you know, what can we do about it? Let let's let so so some of it is is the we collectively, and I mean this in a sense of, like, the listener who's listening to it is the customer. And, also, the service providers that service them need to start collectively pushing back on the vendors too. No. I will not sign your contract that removes all liability from from, you know, no.
Dave Sobel:I just won't. Like that's, you're not, I'm not going to do that.
Justin Shelley:So okay, on that note, I just a quick example, I had a client come to me and they want to do a third party integration, they still have an on prem server and and this is in the medical field. So this is very very sensitive information. And it's like, Justin, jump on the server with this vendor, install the software and wash your hands and walk away. And and I'm like, hold up. Can we find out what data they're going to take?
Justin Shelley:Because they they have access to all of it. What data are they going to absorb into their system? What system are they using to absorb it? Where is that data going to live? Prove to me that you're protecting that data, you know, and I start asking some of these questions.
Justin Shelley:Actually, just started with where's your BAA business associate agreement that you have to have if you're dealing in in healthcare at all. And I get a deer in the headlight look. And then finally they scrounged around and they come up with this BAA that's a different company than the one I'm talking to. I'm like
Dave Sobel:what the
Justin Shelley:what who is this?
Dave Sobel:And now we've got to
Justin Shelley:start the process all over again. Let me back up and ask some more questions. And maybe this is what you're talking about, maybe not quite so much, but I do feel like one place where in our world as the MSPs where we're we are trying to protect our clients is we've got to start pushing back on the ones who are, who have access to the data. You're talking about the ones that can get in through this gross pipe that we call the internet. Right.
Justin Shelley:What about the ones we're inviting in? We're like opening the door, rolling out the red carpet. Here's the keys. Come in anytime you want. When I'm asleep, when I'm not paying attention, come on in.
Justin Shelley:Have a look around, take what you want, but just promise. Just be nice and promise you're not gonna do anything bad.
Mario Zaki:Right. And if something bad happens, what are you gonna do about it?
Dave Sobel:Oh, it's my fault. It's my fault. Right. So for for for you for service providers, like
Justin Shelley:like Yep.
Dave Sobel:Mario, like you and just like no. You just have to start saying that we're not gonna we're not gonna we're not gonna take these risks. By the way, we should also we'll tell our customers not to take these risks. Now if the customer choose to take a risk, you'll have to make a decision whether or not you wanna do that, but certainly make them sign something. Mhmm.
Dave Sobel:But let me also make the broader like a broad quick statement for all Americans listening to this. How many laws do you think protects your own data as a personal consumer? How many laws are out there to protect you? You want a number? Up with zero, you're right.
Justin Shelley:Okay.
Dave Sobel:K? Because there's no data we have no data privacy laws at all at federal level in The US. We have a smattering of of state ones, most of which don't have have any teeth.
Justin Shelley:Okay.
Dave Sobel:Like, come on, people. What are we doing? Like, unless we actually have some like, if you you you have to establish that there is data that you own, that is yours, that you have privacy rights to. Like, we have to establish that. And that is, you know, we're gonna flirt with politics for a moment here, but just from the perspective of, like, hey.
Dave Sobel:We're allowing this to happen broadly. We as citizens are allowing this to happen. And additionally then, we are also allowing all of this, you know, mechanism to have all this intricacies when we really should be pushing back on our leaders and saying, hey. We have cybercriminals that are stealing all of our money. Again, this was physical.
Dave Sobel:They were breaking into our physical businesses. We'd be freaking out.
Justin Shelley:Yeah. Mhmm.
Dave Sobel:Like, we collectively need to do something about this, and that will require changes to our system to make that happen. And if you wanna make your money go further from a technology perspective and customer, this is the actual place that you can make a big difference.
Justin Shelley:So we need better laws. We need to push back on vendors. What else can we do?
Mario Zaki:Yeah. I mean, I have a I have, you know, to to kinda add on to what you you said, Dave, like, I have somebody that, you know, a new customer that we acquired, got a few months ago. And prior to us, they were phished. You know, they got an email, you know, saying, you know, they work with somebody and they're, you know, here's the new, you know, ACH information or whatever. And they wired them like, I think it was like $40,000.
Mario Zaki:And the guy the owner was obviously flipping out, and he ended up calling, like, the police, calling, like, the FBI, and calling all these people. And guess what? They ended up telling them, dude, this happens every day, all day. There is nothing we can do about it. Like, your hard work, your hard earned money is gone.
Mario Zaki:It's it's your fault. They actually tried to blame that it's his fault.
Dave Sobel:Victim blaming is a huge problem in this space.
Justin Shelley:It is.
Dave Sobel:Right? No. Criminals stole their stuff. They're not a victim. Criminals stole their stuff.
Dave Sobel:And that's the correct answer. Yep. The correct answer is crim now we should have a conversation, by the way, law enforcement. If you are unable to do something about violations of the law of theft, that's a different conversation. But we turn around and blame the victim?
Dave Sobel:No. I don't think that's acceptable.
Justin Shelley:I absolutely agree. I don't know if you were members of the technology marketing toolkit, I'll give them a little shout out, but they have a marketing campaign called stupid or irresponsible. And that's the message is, you know, when you get breached, when you get attacked, when you get robbed, are they gonna call you stupid or just irresponsible? You know, all other crime that we deal with victims of crime get sympathy, they get support, they get help, they get love, but not in cybercrime. Here we get called stupid, we get called irresponsible, we're told all the things that we did wrong to make this happen to us.
Justin Shelley:And quite frankly it's horseshit, but it is also the world we live in unfortunately. So Sure. So So
Dave Sobel:This is what this is what I like practical advice. You do need to invest. I'm gonna acknowledge again. I think there's there's some basic cyber hygiene that is important to do. And again, if you're going to use technology, I do think you have responsibility for understanding basics of how it works.
Dave Sobel:Right? We don't let you get in behind the wheel of a car without taking a lesson on driving it. Like, I think you need to under like, I think there are some there are basics of this that you need to understand. We probably ought to we probably ought to codify what those basics are. But additionally, we also make the vendors that are building these tools responsible.
Dave Sobel:If the operating systems that we run on are insecure and they are allowing criminals to break in and steal things, there is responsibility of those vendors that have that have provided that technology for the defect.
Justin Shelley:Right.
Dave Sobel:Like, for the defect, it is defective. It shipped incorrectly, and we should hold them responsible for that. Right? And I think collectively, we need to be pushing back more on that. I I love need to you know?
Dave Sobel:And we need to and we need to say that message to law enforcement. We need to say that to our regulators. We need to say that to to the system like, no, you know, you can do all of the things right. Okay. Now we have a conversation of like, wait a second, you know, and vendor who supplied me the gross internet, perhaps you could also be part of this too.
Dave Sobel:Like, why are you allowing all of these people on there? I want to buy a version that is better. Yeah. Yeah. Sell that to me.
Dave Sobel:And by the way, take the money from the other bits, from the other portions of the industry. Start turning on your own cybersecurity industry.
Justin Shelley:I mean, that's kind of a mic drop right there, Dave. Guys, we're gonna go move to wrap this one up. Great conversation. What I like to do at the end of these shows, Dave, is just kinda we're gonna go around the room and we're gonna if if if this was it, if this is all anybody listened to and remember we are talking to the consumer, to the end user, to the business owners. If there was one key takeaway that you could offer them, what would it be?
Justin Shelley:And Dave, I'm not gonna put you on the spot yet. I always hit Mario first, give you a minute to collect your thoughts, and then I'll wrap it up and and we'll call it a day. So, Mario, what are your thoughts? Key takeaway.
Mario Zaki:I mean, key takeaway is you you still have to be responsible with what you have, you know, and what you're using. You you have to, you know, do basic stuff like Dave is talking about, you know, not password one with an exclamation mark and, you know Oh. You can't bitch every time your MSP tells you you have to enable two FA. You still have to, you know, be responsible. But at the same time, you know, you need to speak up and and and make sure that whoever has access to your shit.
Mario Zaki:You know is responsible and is gonna take responsibility and prove to you that they're responsible and- and- you know and then you make it in the decision at that point. You know but you know, just because you vetted somebody doesn't mean they're off the hook. You know? They they have to take responsibility as well if something happens.
Justin Shelley:Yep. I love it. Dave, final thoughts.
Dave Sobel:So for me actually, and particularly for cut for end customers, you do not value your data enough. And I think this is the number well, like, for for any if I sit with any business owner, what is if I took away your database that ran your business, now what? If I just stole it from you, broken your business, ran away with it. Right?
Justin Shelley:Like Yeah.
Dave Sobel:Why are you not protecting the crown jewels better? Like, you should seriously invest in protecting that. In fact, if you do a really good job of doing that, all of the other stuff is just downtime. Right? Because if I have all your data, I can put your business back together.
Dave Sobel:Might take me a day or two. Right? You guys are great at what you do. It would take you some time, but if you had the data, you could do it. Right?
Dave Sobel:It's just time. So protect the crown jewels. Have a really good backup and disaster recovery plan that you understand where your data is, how it's protected, where you've protected it, like have those locked and loaded so that if you make a mistake, then it's just downtime. And downtime sucks. I'm not saying it doesn't.
Dave Sobel:But you wanna be able to tell the criminals, f off. I'm not giving you a penny. I would rather be down for a day than give you a penny because then you you take away their incentive to keep doing this.
Justin Shelley:Absolutely. I I'll give it I'll give mine and I honestly I've got a few, I don't know. Like I said at the beginning, I I learned so much. I I shape my business when every time I record one of these podcasts. My takeaway today was personal.
Justin Shelley:And, you know, in in the world of cyber security, we have to scare people because otherwise they won't take action at all. And then you'll hear people say, don't use bud, fear uncertainty and doubt. Well, I'm sorry, but we have to. And we've all like, we study this, we learn it, we understand a little bit about psychology of the way the human brain works. And I think as an industry, we've done a decent job of scaring people.
Justin Shelley:I know the script. I can stand in front of somebody and I can just build the fear, can see it in their face, and then I can watch it drain out as I explain the solution. But I will say as an industry, one of the things that we do fall short on is that second part of that. We have to build the fear, we have to get people to act, and then I think we need to do a much better job of demonstrating prevention, demonstrating response plans, demonstrating the fact that we actually can protect our systems. That that's kind of my takeaway is that I can do a better job there.
Justin Shelley:And because I did, I had a client that I was talking to this morning and, you know, the same one I was mentioning this third party integration that we we are gonna vet them well and we are going to make them prove their compliance before we move forward. And in the conversation, one of the things she said is she just like, this stuff terrifies me. I have nightmares about this. And and I think it kinda gets over hyped where we talk about what keeps you up at night. I hear it so much that I it doesn't even resonate anymore until she said it.
Justin Shelley:I'm like, A, good. She's concerned. We're on top of this. We're doing what we're supposed to do. B, goddamn it Justin.
Justin Shelley:I can do better at making her understand we're taking the right steps. We have a plan and, you know, to the best of our human ability we're protected. Long takeaway but that that's kind of what I and then finally Dave one thing I got from you is kind of summarizing this whole thing is we need to ask more questions. We just we're kind of stuck in a rut in this industry. We do the same thing day in and day out, and we just keep building more layers and causing more problems and fixing those problems and duct taping that shit together, add a little bailing wire and then spit on it.
Justin Shelley:And we think we're good. And it's like, let's just back up and ask a few questions if we couldn't maybe do a better job all the way around.
Dave Sobel:Definitely need to do that. And one of one of the things I wanted The Us as a tech industry is we were promised flying cars, right?
Justin Shelley:Like we were promised.
Dave Sobel:Yeah. We were promised, but we were promised technology that would work. I wanna hold our vendors responsible for delivering on that promise, right, and actually making the stuff work correctly.
Justin Shelley:Yeah.
Dave Sobel:That's what their job is supposed to be. And we're supposed like, you know, no. You're not gonna get more from me until the stuff you sell me works.
Justin Shelley:And and, yeah, works correctly and protects you. You know, that's they can deliver that at functions, but we're kinda struggling on the deliverability of protection.
Mario Zaki:And and work together. Like, look at what happened, like, you know, a couple months ago with the the CrowdStrike and Microsoft, you know, pointing the fingers at each other.
Justin Shelley:Mhmm.
Mario Zaki:You know, all of a sudden flights have to, you know, be landed and, like, the entire country just came to a halt because of a recent update. You know? I didn't
Dave Sobel:think I'd be rooting for Delta Airlines, but I am on their loss.
Justin Shelley:I know. I know. And that's where it lives now with the attorneys. Anyway.
Mario Zaki:Yeah. What a surprise.
Justin Shelley:Guys, great conversation today, Dave. Thank you. Thank you. Thank you for being here. Brilliant insights.
Justin Shelley:I love your show. Guys, anybody interested, if you're not already, crawl out from under your rock and then go to businessof.tech. Did I say that right?
Dave Sobel:You did. Okay. One of those unique URLs. Businessof.tech.
Justin Shelley:It's not the businessof, just businessof.tech. Great content on his website, great podcast, nice little bite sized pieces that'll keep you in the know in the world of technology, which, as we all know, is always changing. Otherwise, go to unhacked.live. That's where you'll find episodes that Mario and I bring you week after week and links to all of our guests, all of their information, and our never ending offer for a free assessment. If you don't know where you're at, find out, get a plan together, and then Jesus, just have a good night's sleep.
Justin Shelley:That's a wrap, guys. Brian oh, Brian's not here, but I'm so used to saying Brian. Mario, thanks for being here as always. And Dave, again, thank you, guys. Say goodbye, and we're gonna wrap.
Mario Zaki:Dave, this was awesome. Thank you very much.
Dave Sobel:Oh, thanks for having me, guys. This was great fun.
Justin Shelley:Take care, guys. We'll see you.
Creators and Guests
