53. The One Thing That’s Tanking Your Business Value (And How to Fix It) with James DuBos
Justin Shelley (00:00)
Welcome everybody to episode 53 of Unhacked. Guys, we have a special guest here again this week. His name's Bryan! He hasn't been around much, but he's decided to join us this week. We're so excited to have him. ⁓ Listen, this is a show where we talk to business owners about how to sort through the ⁓ monumental amount of recommendations, places to put their money, time and attention to protect their business. ⁓ Like, seriously, if we did it all.
Bryan Lachapelle (00:08)
You
It's true.
Justin Shelley (00:30)
We all go broke in the process, but the problem is if we don't do it, we go broke in the process. So we're here to tell you what to do, what not to do. And we bring guests in from time to time today. I'm really excited because we've got somebody that doesn't just tell you how to spend your money. but he's going to help us all figure out how to make more money. So, Jim, we're going to do your intro here in a minute, but first of all, Mario and Bryan, ⁓ tell everybody who you are, what you do and who you do it for Mario. You're first.
Mario Zaki (00:58)
Well, first, I want to say thank you to Jim and Bryan for joining us today. ⁓ My name is Mario Zaki, CEO of Nasdaq IT, located in New Jersey, right outside of Manhattan. We ⁓ are managed service providers, servicing small to medium sized businesses. I've been in business about 21 years now, and ⁓ we specialize in helping business owners sleep better at night.
Justin Shelley (01:24)
All right, Bryan.
Bryan Lachapelle (01:26)
You miss a couple of podcasts and everybody makes fun of you. I'm Bryan Lashford with B4 Networks. We're based out of Niagara area in Ontario, Canada, and I help business owners remove their frustrations and anxiety and problems that come with dealing with technology. And we help them on the journey with cybersecurity and implementing cybersecurity practices.
James (Jim) DuBos (01:29)
You
Justin Shelley (01:47)
Excellent, and I'm Justin Shelley CEO of Phoenix IT advisors and I help my clients make money Protected from the Russian hackers and the other ones Mario ⁓ protected from the ⁓ Government who's gonna come and take it from you if you do things wrong and then finally ⁓ Keep those greedy attorneys out of your bank account because if you do things wrong, they're coming for you, too So that's what I do best for last. We are now going to do introduce Jim Dubose. Did I say your last name right Jim?
James (Jim) DuBos (02:15)
You did, you sure did.
Justin Shelley (02:16)
Excellent.
Excellent. Jim, thank you for being here. Really appreciate it.
James (Jim) DuBos (02:20)
Oh, it's a pleasure. I'm excited. I'm excited to join you guys.
Justin Shelley (02:23)
All right, well, I'm going to tell a little bit about you and you tell me if I got any of it wrong. ⁓ Full disclosure, I do use AI to generate some of these notes and preparation. No, I got a story though, because ⁓ they made up all kinds of shit about you that wasn't true this time. You owned a cybersecurity firm. ⁓ You had been in the cybersecurity industry for decades. ⁓
James (Jim) DuBos (02:27)
I'm looking forward to it. Go.
Bryan Lachapelle (02:37)
You
Justin Shelley (02:48)
Anyways, it was was it was some crazy stuff. But I don't think that's really what you do. Do you currently own a cybersecurity firm, Jim? You did. Okay, well, I questioned AI and you're like, what's we got a little wrong. I made that up. He didn't really own a firm and then went back and said it again. So I guess they were trying to tell me gently that you did. Because I'm focused on your current business, which is
James (Jim) DuBos (02:54)
Not anymore. Not anymore. I did.
Mario Zaki (03:03)
You
Justin Shelley (03:11)
You're a seasoned entrepreneur. You've been doing this for like 35 years, right? In the B2B and B2C sectors. ⁓ Those are two very different worlds. So I'm intrigued to learn more about that. And what you do is you help people launch, scale, and exit. Is that right? All right. Well, tell me a little bit about that.
James (Jim) DuBos (03:16)
Yep. Correct.
That is correct.
So I guess I'll start with just the 35 year part. 10 companies, seven successful exits through mergers and acquisitions. I think most of my companies have been B2B telecommunications, internet service providers, networking and infrastructure, cloud computing, managed security services, managed services, online education.
Justin Shelley (03:37)
Okay.
James (Jim) DuBos (04:03)
A lot of technology orientation to my business. the B2C journey was really in the broadband and internet service providing portion of my life. It was something, you know, B2C cured me from really ever really wanting to start a B2C company again. You know, I paid my $20 a month and damn it. want my services, you know,
Justin Shelley (04:20)
Amen
Bryan Lachapelle (04:23)
Yeah, I'd imagine.
Mario Zaki (04:29)
Are those the
Justin Shelley (04:30)
Yeah.
Mario Zaki (04:31)
three not so successful exits that you were referring to?
James (Jim) DuBos (04:33)
Yeah, no, it was,
Justin Shelley (04:33)
Ha
James (Jim) DuBos (04:34)
it was a successful exit, but it just taught me a lot about the different, I'm going to call it the value exchange between what a business customer expects versus what a consumer customer expects. And I shared with Justin in a previous conversation that what I learned about B2B is that they tend to make decisions, buying decisions for one of three reasons, to make money, to save money or to mitigate a risk. And so if you can't identify one of those three reasons in a transaction,
They're not going to spend money. so early on in my journey, I learned that I was probably better suited as an entrepreneur for B2B. know, fast forward to this moment, my last exit was in 2022. It was my largest company. were almost a $65 million annual revenue company. So was a nice size business. And I took a step back and said, you know, what was it? Cause it was also my most enjoyable business, you know, not
Justin Shelley (05:21)
Nice.
James (Jim) DuBos (05:31)
just from a monetary financial outcome, but just my most enjoyable. And so I took a step back and through the, I'm going say some self-reflection built this method. I call it the exit ready method because one of my own experiences is that as a business owner, are you working in the business or you're working on the business? And if you're working in the business, you just basically started a company so that you could have a job.
Where if you're working on the business, treating it as an asset that can materialize value for yourself at the end of your journey, whatever that's going to be, right? Whenever that is, what are the attributes that you need to pay attention to, to generate that value? and, ⁓ so that's what exit ready is all about is really just built this mindset around and a set of real concrete measurements that you can do as a business owner.
to say, where do I stand in this ability to transact and actually sell a company at the end of my journey? You know, and so that's what this is about. And so I built three, I'll call it customer journeys. One is a launch journey. One's a scale journey and one's an exit journey. And it really is just where you are as an entrepreneur and helping individuals first assess, you know, it's, it's crazy to me how
First time entrepreneurs will start companies not really understanding the financial model or not really clear on the, I'm going say the, you know, what problem are you solving? Right. And you know, how, you know, this, I'm going say sometimes unrealistic expectation of how people are going to spend money with you or not spend money with you. And so really trying to ask the right questions. ⁓
along those journeys so that entrepreneurs can really ⁓ make good decisions. Because I've been very fortunate. I've been blessed. I've been very fortunate to go through this experience. so my goal now is to give that to others and hopefully you guys can have that same experience.
Justin Shelley (07:38)
Do
you have a question? Are you by chance a Michael Gerber fan?
James (Jim) DuBos (07:42)
⁓ I'm not, I'm not, mean, you know, I, I'm, I'm a, I can't say that I know a lot about Michael Gerber. I, I'm a student of Vern Hornish who, you know, who wrote, who wrote scaling up his earlier book where the Rockefeller habits. And I've used, you know, some of Vern's methodologies and, and, and tools within my own businesses. And I'm a big fan of his. ⁓
Justin Shelley (07:43)
The emith. Okay.
Okay.
Bryan Lachapelle (07:55)
Scaling up.
James (Jim) DuBos (08:11)
You know, so I have, you like everybody, got a list of books and authors on the shelf that,
Justin Shelley (08:14)
yeah. Well, I want to
ask you a question because here you said something that I hear all the time. And I think I first heard it in the E-Myth, Michael Gerber. Maybe not, but I hear it all the time. And that is ⁓ you work on your business, not in your business. Okay. ⁓ I took that to heart early on as an entrepreneur to the point where I didn't really do much of the hands-on stuff and completely lost touch of my business.
⁓ so you can go too far with that. then Vern actually talks a lot about getting rid of everything else on your plate so that you can spend, I think he says 80 % of your time in the frontline working with your clients, right? Talk to me a little bit about that.
James (Jim) DuBos (08:52)
Yeah, I love, I love Burns.
I love one of his expressions, which is you make 80 % of the margin in your business from 20 % of the things you do, right? Which is a hundred percent truth, right? We all did things that don't necessarily generate real meaningful margin. But if you can focus and concentrate on the things that really drive value into your business, because your time is the most valuable asset that you have. And so what are you spending your time on? Right. And so that, that to me is a real, um,
Justin Shelley (08:58)
yeah, yeah, yep.
Yeah, for sure.
James (Jim) DuBos (09:21)
key component of all of this. think the other is owner dependence. so a lot of times entrepreneurs will be in a place where, I want to try to sell my business, but you don't really have delegated authority and processes and systems in place to where the business can operate without you. And so if the business is totally dependent upon you to sustain itself day in, day out, you don't have a transferable asset.
Justin Shelley (09:29)
Mm-hmm.
James (Jim) DuBos (09:50)
And so you have to have this mentality of delegation with accountability for execution and build those processes in the system, in the business so that you can transact at some future point. Cause a buyer is not buying you, he's buying your company. Right. And so he wants to know that it's going to be able to sustain itself after the owner exits.
Bryan Lachapelle (10:06)
Right.
Justin Shelley (10:12)
So in your current business, which I do feel like I need to go back to my, ⁓ I won't disclose the name of the AI tool that I use, that I berated this morning for being so stupid. What was the name of your cybersecurity firm?
James (Jim) DuBos (10:20)
The AI tool, yeah.
Mario Zaki (10:23)
Thank
James (Jim) DuBos (10:29)
So Transformix was the last company that ⁓ we had. it was, like I said, we were a large, we did integrations, we had an MSSP, we had an MSP component. ⁓ we, yeah, that was the most.
Justin Shelley (10:38)
Okay.
I don't feel quite as
bad because that was not the name of the company because it spit it out and I went I'm going through your profile. I'm like what the hell? ⁓
James (Jim) DuBos (10:44)
Okay, well now.
One of my earlier companies,
actually wrote a firewall, actually wrote a Windows firewall and sold it to Cisco. Yeah. Many, many, many years ago. Yeah. Yeah.
Justin Shelley (10:53)
Oh, Nice.
Well, so let's let's tie these two together. You right now you coach businesses, depending on where you're at in the journey, how to get started, make sure you've got a viable product or service, how to scale that, and then how to get the hell out and make make all your real money, right? You when we first talked, you said you had a product you were selling for less than $20. I went on your site and I couldn't find that anymore. Did you start giving it away?
James (Jim) DuBos (11:16)
Yeah. And so what,
so basically as you go into the site, depending upon the launch scale or exit, you know, journey that you're on, when you click in there, there's some free elements that you can get that are meaningful that have value. Okay. And then you can also go into the, to the site a little further. like a $19, you know, acquisition and then it's actually a mini course.
Justin Shelley (11:27)
Okay.
James (Jim) DuBos (11:40)
Where I will take you through, if you're launching as an example, it's a 90 day roadmap to launch properly. ⁓ if you're going into a scale journey and you're thinking about, you know, that I have another opportunity for you. So it's really, it's really to have a low cost entry for owners to start to wrap their head around. How do I start to think about this? Part of the scale journey is what I call an assessment. So when I did the exit ready method, I.
built this assessment that you could do, an owner can do themselves, right? You just have to be objective with yourself when you score. And you basically are able to generate a self score on the ready to scale elements. And it gives you a sense of where are you in the journey so that you're ready. You're, hopefully starting this transition to, Hey, I want to get to the point where I'm ready to exit. Right. If that's your goal and look, an exit could be an outright sale. could be an employee ownership.
You know, group that buys from you, or it could be a family legacy transition where you go, okay, I'm going to transition to the next generation. Any of those scenarios still require you to, you know, generate in an operating in a particular way.
Justin Shelley (12:52)
So as you're coaching people, business owners through this journey, how often, again, this is a cyber security podcast. How often does cyber security come up in, your day to day work with clients now?
James (Jim) DuBos (13:03)
Well,
I mean, the, I, when you start talking about the, I'm to call it the operating stack, right? The technology stack within a business, any business, when you go to transact, ⁓ a buyer is looking for a few things, right? Number one, they're not looking to buy a company that's shrinking. They're looking to buy a company that has growth. My dad, you know, had an expression, leave some meat on the bone, right? You want to know that I have an opportunity to grow within the business if I buy it. And so they're going to look at the tech stack specifically and say,
Are you using a tool set that can absorb the growth that you think the business can sustain? And as part of that process, depending upon your size, what are all the regulatory controls that you apply internally to yourself to make sure that you're being a good steward of the business as a whole? You know, in our particular case, we did a fair amount of government work. And so anytime you're doing government work and I mean, specifically state, local and education.
Some, lot of those times you, you start to see the source of funds is actually coming from a federal program. And as those funds come in, the federal government is going to start to ask questions. Right. And they're going to ask questions around cyber security. So depending upon the business and the nature of the business you're in having basic cyber hygiene is just a requirement.
Mario Zaki (14:26)
So Jim, putting some of this stuff together, can you give us some real world examples of some breaches that may have happened? You don't have to give us the company names.
James (Jim) DuBos (14:36)
So, you know, I,
you know, when the first dialogue that Justin and I had, we used an example where it was not my company, but it was, you know, the MGM example, right? When, MGM was hacked and basically it turned out that one of the sources of the, of the exposure was an IOT device. It was actually a, I think it was a fish tank thermometer. That was the, was the.
the, you know, the weak link that the bot was able to use and basically plant malware and began to penetrate the system. You know, in our own business, we had customers that would get, you know, they would click on a link, right? We can ask people not to clink on, you know, don't click on an email you don't recognize, but we, you know, it happened many times where people would click on a link and either get a piece of ransomware on a local device or.
on a potential portion of their system and you have to go through a remediation to remove those, you know, that, that, impact. would say that probably 90 % of the, I'll say affected systems came from one of two things, poor patching that systems within the environment. I'm going to say anything connected to the network.
Right. And so in a, cybersecurity, might hear asset management, right? You might hear this term when it's really just saying, do you know everything that's connected to your network? Because anything that's connected to the network has an attack surface. Okay. And so if you're not patching those things on a regular basis, you're just creating yourself opportunities for, you know, an impact. The second was what I, you know, was typically this fishing type behavior where people will
Bryan Lachapelle (16:11)
Great.
James (Jim) DuBos (16:30)
You know, it's an end user, not a nefarious action, just clicking on something that they shouldn't have clicked on, which actually contains a payload that lands in the system. then basically, you know, depending upon the, the access that the individual end user has takes advantage of that access and starts to spread throughout a system. ⁓ those were probably the two majority, you know, things that I see.
The third area would be what I would call a false payment where you basically had poor vendor management and the end user pays, I'm doing air quotes for those of you who are listening, pays the vendor, but the vendor changed their banking information or the destination of the payment. The end user, you know, didn't have. ⁓
Justin Shelley (17:14)
You
James (Jim) DuBos (17:27)
I'll say that the company didn't have good vendor management or controls in that area and basically paid, you know, paid a, ⁓ a false, a false entity. Right. And so basically funds exited the business. so, you know, by just having, like to call basic, a basic mentality around administrative and technical control. You can, you can really reduce.
the impact we used to tell our customers, you know, particularly the small business customers that, you know, if you just make it hard enough, they're going to go away because they're
Mario Zaki (18:03)
Yeah, what do we
say like 15 minutes we want to kind of keep them occupied for annoyed for 15 minutes and they'll usually pass go move on
James (Jim) DuBos (18:11)
Yeah. Yeah.
If you keep them occupied and just make it hard on them to feel like they're having to go through all these layers, eventually they're just going to stop, right? And they're going to go, they're going to go somewhere else.
Bryan Lachapelle (18:21)
Yep.
Mario Zaki (18:23)
Well, the problem is with AI now, they can leverage AI to do a lot of the heavy lifting form and a lot of the research for them. So their 15 minutes for an AI is a whole new world. An AI bot or something installed in there using AI can discover a lot of stuff without the human getting frustrated.
and moving on, you know.
James (Jim) DuBos (18:55)
Yeah, for sure. mean, I think, I think really what, you know, if you look at a lot AI is being leveraged for a lot of good in the world right now, and it's being leveraged for bad. And really what you're saying is it can execute things faster as a machine that we can't than a human being can. Right. And so the ability to attack, you know, at a higher volume, if you will, ⁓ for the, you know, I can have the same period of time, but a lot more attempts.
just because it's a machine, right?
Bryan Lachapelle (19:28)
All right. So speaking of ⁓ security controls, is there a set of security controls that you would say are, I mean, there's a lot of them. Would you say there's a group of them that are the most important? Like if we could only implement three, what would you say are the most important ones to put in place?
James (Jim) DuBos (19:45)
Well, I definitely
think that user training, you know, we've talked about this before, but I definitely think user training and awareness, we can never stop talking about it. And so you can't, it can't be a one and done type of a conversation with your employee community. So you need to have constant communications with your employees.
Justin Shelley (19:58)
Yeah.
James (Jim) DuBos (20:10)
If there's examples, right? If you have a tool in your system that is showing you examples of, you know, phishing attempts or whatever, use that as part of your education. Okay. I think, you know, there are a lot of tools out there that are very, I think phishing boxes one, there's some others that are out there that you can use to do like tests of your user community and see how they perform. Right. So there's lots of things that you guys as MSPs could use to help your communities to see, okay.
Is 60 % of my user community paying attention 50 %? You know, what, what is it? Right. But I think you have to, yeah. But, but you want to, you want to never stop. Okay. Because the, the threats are not going to stop. And so I definitely think user training is, an area I like to, to really focus on what I call this mindset of administrative and technical controls. And I think you have to have.
Bryan Lachapelle (20:46)
100.
Justin Shelley (20:48)
Thank
James (Jim) DuBos (21:08)
The first line of defense is just good password hygiene. Okay. So, you know, having complexity in your passwords, ⁓ I used to, to encourage my, my business customers to use tools and then there's lots of them that are out there, right? You can pick one. personally like keeper, but you can use any of them, but basically something that generates a complex password that is going.
Justin Shelley (21:13)
Yeah.
James (Jim) DuBos (21:37)
to be specific to an end user. And then you as the, you know, as the business owner enforce a change every 45, 60 days, right? And just enforce that turnover, okay, of, because I think by doing that, you kind of create an awareness in the end users that I have to have a unique password for the systems that I'm using in you know, in the environment. And I have to have a different password.
Mario Zaki (21:50)
you ⁓
James (Jim) DuBos (22:07)
every so often. Does that make sense? So I like that. You know, it's a basic thing and it's unique to each one of us, right? So Jim's are different from Bryan's are different from Mario's. It's unique, right? So you're creating a good password hygiene. And then the third thing I would tell you is just data protection, right? You need to be sure that you have a method that you feel comfortable with that you can recover.
Mario Zaki (22:09)
Mm-hmm.
James (Jim) DuBos (22:34)
Right. That you can recover, have some form of good data protection that you test, right. Periodically that you know, the backups are good that, you know, you can, you can trust that they're immutable. They're not going to be affected by some form of a virus. That's where I start, you know.
Bryan Lachapelle (22:53)
like it because based on our experience, at least my experience, the majority of the people we audit have no end user security awareness training. They use password ⁓ Excel files to store their passwords at best.
James (Jim) DuBos (23:05)
Woo!
Justin Shelley (23:06)
At best, at best, because a lot of times they're just
using the same damn password everywhere.
Bryan Lachapelle (23:10)
Yeah, and their backups aren't working and failing every day and nobody knows, or they don't have a backup.
Justin Shelley (23:14)
What backups? Don't worry. Don't worry.
James (Jim) DuBos (23:16)
Yeah.
Justin Shelley (23:17)
All right. All right. You guys taking care of that.
James (Jim) DuBos (23:19)
Yeah.
Bryan Lachapelle (23:19)
Yeah,
yeah.
Mario Zaki (23:20)
I, we actually
audited to somebody a few weeks ago and a couple of the passwords was like, welcome 2021, which means it's the same password for the last four years.
James (Jim) DuBos (23:24)
Thank
Justin Shelley (23:29)
⁓ she ⁓
Bryan Lachapelle (23:32)
Yeah. So I
James (Jim) DuBos (23:33)
Yes.
Bryan Lachapelle (23:34)
love that you brought up all three of those points because they're spot on 100%.
Justin Shelley (23:38)
Well, and say the security awareness training, this is my experience is not only do people not implement it, because that's number one, if it's available at all, it's forgotten about. ⁓ But the bigger problem we have is like, you've got to start at the top. You have to have a whole culture around it. You can't just make it available. I said one other time, I'm super proud of this. Like if you just send an email to somebody and tell them, ⁓ take this training.
That's called spam. you're, this is not an education program. You're just sending them shit, trying to get them to click on it. And that's all we all tell them not to do.
James (Jim) DuBos (24:10)
Yeah, you're,
you're asking them not to click and you're sending stuff to tell them to click.
Justin Shelley (24:13)
Exactly.
Mario Zaki (24:13)
Hehehehehe
Justin Shelley (24:14)
So you have to have a whole culture around this. can't just be training available. It has to be a company wide mindset culture. And I would argue a game. It has to be fun. It has to be, you know, competitive.
James (Jim) DuBos (24:18)
Yeah. Yeah.
Well,
I think it's, I think it's, ⁓ the way that we helped our customers think about this was more from a reputation standpoint. Okay. And talk to your employee communities about this is our company's reputation with our customers and suppliers. So each one of us has a responsibility in that journey, right? It doesn't matter who you are, what you do in the business. If.
Bryan Lachapelle (24:40)
Mm-hmm.
James (Jim) DuBos (24:56)
we get affected by a cyber event, it affects us both with our customers and our suppliers. And so there's an, you can create a level of severity, right. Or a level of care with the employee community by just helping them see, I get to participate in that. I get to participate in making sure that we stay safe, you know, in this, you know, in, in this way.
Bryan Lachapelle (25:23)
I love that you brought up the journey because that to me is one of the things that I talk to my clients all the time about and my prospects is that cybersecurity should be like a journey. You can't possibly implement everything all of the controls day one. And so we talk to them about, know, hey, we're going to go through this journey together and we're going to implement as many as we can throughout the course of the next 12 to 24 months with the most important ones being handled first and then working our way down to the least important, but they're all important. just, can't possibly take care of everything. Yeah.
James (Jim) DuBos (25:50)
Yeah, look, mean, I think you, I think you touched
something on Bryan. That's really important, which is, you know, about I'd say 50 % of the beginning controls that you want a small business to adopt or administrative. Which means they're just procedure, right? Their pilot, their policy and their procedure that everyone gets becomes aware, gets educated on, and then actually someone within the company holds the company accountable to those policies and actually executing the business.
Bryan Lachapelle (26:03)
Right. Yep.
James (Jim) DuBos (26:19)
So you can actually implement a fairly significant part of the cyber program just by being willing to implement and change policy and procedure. Just use the vendor payment process as an example. Right? I mean, that's an example of a policy to say, okay, well, I have to follow this in order to make sure I'm actually the paying the person who's supposed to get paid. Right. Yeah. Yeah. Yeah.
Bryan Lachapelle (26:32)
Mm-hmm.
Yeah, double authentication, verifying via voice, ⁓ confirming. Yeah. ⁓
Mario Zaki (26:46)
Yeah, and
then it goes with payroll too. Like I always tell my employees, if somebody sends you like, hey, I got a new direct deposit information that has to be done in person in your office. can't be done through email or anything besides in person. I don't feel out of form, you know, because that's the only way you're going to know if it's, if it's true.
Justin Shelley (27:09)
Well guys, ⁓ again, I love that today, cause we've been, we talk about cybersecurity every week. ⁓ But Jim, I love, I love bringing you in here because you have this in my mind, this perfect ⁓ merger of business growth because we've got to have something to protect in the first place. And I think that's easy. Most business owners know that that's their goal is to, is to get in there to make money, to scale, to grow. So I love that you're coaching them on that. And then ⁓ what is often forgotten.
James (Jim) DuBos (27:28)
For sure.
Bryan Lachapelle (27:29)
Right.
Justin Shelley (27:40)
is we have to protect that once we build it. There is a general mindset of it's not going to happen to me. What'd you say, Bryan? While we build it. Well, very, very true.
Bryan Lachapelle (27:44)
while we build it.
while we build it. Not after.
James (Jim) DuBos (27:49)
Yeah, look, mean,
look, I think, I think what it does is it demonstrates an operational maturity for a potential buyer. Okay. So really, so really what you're doing is that as you grow, right? I don't care if you're a million, 2 million, 4 million, 8 million, 16 million, whatever, right? Whatever size company you are as you grow, you should be looking at your company and saying, how am I operationally maturing? And.
Justin Shelley (27:59)
Yeah.
James (Jim) DuBos (28:18)
And because what that does is it lowers risk for a buyer. So when the buyer looks at you and says, okay, well, I'm going to transact. I'm going to make an investment and I'm going to procure this business. They're actually assessing risk. Okay. And so this is a component of lowering risk for the buyer. Well, it certainly can devalue.
Justin Shelley (28:24)
Yeah, for sure.
which should increase valuation, right? mean, cause that's
James (Jim) DuBos (28:48)
Right. You could have, you could be, you could be highly profitable when making no investment in this area of the business. And it's going to devalue the business because they're going to go, okay, I got to take some money that you have. Basically a way to think about it would be deferred maintenance. Right. You had, you've deferred making investments. So maybe you have aged, you know, technology. So life cycle is aged out and you got to make a big investment there or whatever. Well, that's going to devalue you. Right. It's going to lower the value in the business.
Justin Shelley (28:48)
Without it, yeah.
Mario Zaki (29:04)
Yeah.
Justin Shelley (29:15)
Yeah, for sure.
All right, guys. Well, I think we're going to go ahead and ⁓ wrap up this week. But, as always go to unhacked.live because so what we do, Jim is I've got on our, on a podcast website, there is a section where everybody that we bring in as a guest has their profile. I will build out a profile for you, ⁓ with your mate. No, I do this. I actually worked this one myself. It sucks. It's a pain in the ass. If I'm being honest, well, my, my AI straight up lies to me.
James (Jim) DuBos (29:37)
Are you gonna use AI or are you gonna actually? Okay.
Mario Zaki (29:43)
He doesn't believe his AI anyway, so... ⁓
Justin Shelley (29:49)
I keep hearing about hallucinations. No, honestly. And then somebody's like, yeah, hallucinations aren't really a thing anymore. It's getting so good that it doesn't happen. And then like, boom, you, you own some company that doesn't exist and, ⁓ whatever. ⁓ no. So I do, I pull from your, all your profiles and I put your social media links like LinkedIn. And, you, if you, think you have Facebook on there as well, your website, which I'm going to just go ahead and throw that plug out that, ⁓ right now is, ⁓ do boss.me. Correct.
James (Jim) DuBos (29:57)
No, it happens. yeah.
Great. Yeah.
Justin Shelley (30:18)
dubos.me.
James (Jim) DuBos (30:20)
Correct. Dubostep.me is the, is the website. And, ⁓ and we also, you know, Justin, like, you know, when we talked, what I did is I built a, ⁓ a simple, I call it cybersecurity program, you know, and, and sent that, know, to you guys that hopefully, you know, it has some value for your, you know, your listeners. ⁓ so that is you guys are traveling your journey to Bryan's point. This is a journey, you know, you don't have to adopt it all at once, but work with.
Justin Shelley (30:24)
pronounced wrong.
James (Jim) DuBos (30:49)
With people that you trust and start, start the process, right? Start the journey. And, so that's, that's a document that, you know, is available to, know, to your listeners.
Justin Shelley (30:54)
Yeah.
Really appreciate you putting that together. I'm actually going to, so I haven't done this, but I think I can throw it right into the show notes. So if you're listening on Spotify or Apple podcasts or whatever, you should be able to click and download it right there to make it easy. ⁓ if that doesn't work, I'm to edit this part out and then I'm going to just put it on our unhacked out live. It'll be a direct download on our website, but, yeah, I really appreciate you putting that together for us because I mean, it just, it is, it's, it's overwhelming. ⁓ whole purpose of this podcast is to give people.
a practical place to start and kind of run them through the process and, really build that mindset, the culture and everything else, just keep people thinking about it. So, again, yeah, thanks for the PDF. Thanks for being here and sharing your wisdom with us. Thank you for coaching the business community in both business growth, which we all need, and then protecting that because, ⁓
James (Jim) DuBos (31:47)
Yeah, look
at me. I appreciate being here, you know, a lot. And if there's any, any of your listeners, you know, that are in this, this mindset of thinking about, okay, I'm working in the business, not on the business. And they want to figure out how to change that. I'm happy to shoot me an email at entrepreneurship at Dubose.me and I'm happy to, ⁓ to help you.
Justin Shelley (32:07)
Yeah, as cheap as free, correct? And with some programs, and I mean, you know, I've looked at some of them, I'm probably gonna have to buy some of them as well, but ⁓ you're not super expensive, at least what you have as ⁓ your teaser. Maybe you get us hooked and you reel us in and it's millions of dollars, I don't know.
James (Jim) DuBos (32:09)
It's out there. It's out there for free.
Now as we, you know...
No, look, I mean,
when I built this, I made sure that I built it according to the, I want to say the opportunity to invest. Right. And so I see many times where people are asking for tens of thousands of dollars when you're at the beginning of your journey, which is not what you should be doing. You know, but when you're at the end of your journey.
Justin Shelley (32:44)
prices everybody out. Yeah.
James (Jim) DuBos (32:48)
You're, in a different place and you want to make the right investment to make sure that you maximize the dollars associated with your exit as you're planning. And you're also making good decisions when you're thinking about scaling or growing your business. so, ⁓ the, the, the costs are remarkably low. You know, when I do that, part of this is, you know, my own way to give back to the business community, just for my own, you know, good fortune and be able to help people in their.
in their business journeys. so it is much more affordable than you would think.
Justin Shelley (33:21)
Yep,
that was exactly my takeaway. ⁓ Bryan, Mario, any final thoughts, key takeaways? Bryan, you go first, and then Mario, and then we're going to go ahead and close this one up,
Bryan Lachapelle (33:31)
Yeah, guess from my perspective, it's pretty much the same thing I've been saying for a long time. ⁓ Cybersecurity is a journey and James or Jim here has given us a map on the three most important ones. And it sounds like it's echoing what we've talked about in the past. So it's nice to hear that we're not the only ones ⁓ talking about cybersecurity and the controls that need to be put in place.
So start your journey and remember it is a journey. There is never ever a destination involved in cybersecurity. You will never be done because the criminals will never stop and therefore we can never stop. That is all.
Justin Shelley (34:06)
Yep. All right, Mario,
what do you got for us?
Mario Zaki (34:09)
Yeah, I mean, echoing on what Bryan is saying, it is a journey, you know, but you have to get started. You know, it's doable and there's a lot of things that business owners can do themselves right now by themselves or no matter how big they are, they can do it, get it started. And as the company matures and evolves, you're gonna probably need some help and you're gonna have to...
put people in position that are dedicated to make sure that everything is done. But there's no better time to start but the present. start with the little things. You're not gonna get all the things done. Like Jim said, you're not gonna be able to do all 35 things right away. But start with a couple and start implementing.
Justin Shelley (35:00)
Absolutely. All right guys, Jim, Mario, Bryan, thank you so much for being here today. Really do appreciate that. And, ⁓ guys go to unhacked.live. You'll find all of our, our downloadable PDFs, our links to social media, to our guests, and of course, ⁓ previous episodes. So with that, we'll see you guys next week. Take care.
Mario Zaki (35:07)
Thank you for having us.
James (Jim) DuBos (35:08)
Thank
you.
Mario Zaki (35:22)
Bye guys.
Creators and Guests
