UnHacked - Cybersecurity Made Simple for Small Businesses

Justin Shelley (00:00)
Welcome everybody to episode 56 of Unhacked. We are cybersecurity made simple for small businesses. I'm Justin Shelley, joined as always by Brian LaChapelle and Mario Zacchi. We are here to help business owners navigate the chaos and the craziness of cyber threats come out stronger, smarter and more secure. Today, we are joined by a special guest, Brett Gallant.

Mario Zaki (00:13)
What's up?

Justin Shelley (00:26)
founder of adaptive office solutions. And today we're going to be breaking down what business leaders often miss and how they rely too heavily on their it guy. ⁓ we've never heard that story before, have we? ⁓ we're going to learn how to really protect your, your business, but I would say honestly, we're going to tell you how to know if you are truly protected. So, with that, I am Justin Shelley.

Brett Gallant (00:39)
Now.

Justin Shelley (00:52)
I am CEO of Phoenix IT Advisors and we help businesses build their wealth and then protect that wealth from Russian hackers, from, know Mario, all the hackers, but I like to pick on the Russians, from government fines and penalties. And finally, if you do get breached, we're going to protect you from class action lawsuits because that's the latest on this show of the price is right. ⁓ Guys, Brian, Mario, tell everybody who you are, what you do and who you do it for. Mario, you go first.

Mario Zaki (01:19)
Yep, Mario Zaki, CEO of Mastek IT, located in New Jersey, right outside of New York. We work with small to medium sized businesses to help them stay protected and specializing in helping CEOs sleep better at night.

Justin Shelley (01:33)
Beautiful, Brad.

Bryan Lachapelle (01:35)
Brian Lashpot with B4 Networks based in beautiful Niagara, Ontario, Canada. We help business owners remove the headaches and frustration that comes with dealing with all things technology.

Justin Shelley (01:45)
Awesome, and finally, Brett, Brett, you so much for being here today.

Brett Gallant (01:50)
Such a pleasure to be here and thank you. Thank you for having the opportunity to speak with the four of you. ⁓

Justin Shelley (01:56)
And you know,

our millions and millions of listeners. ⁓ So quick introduction, Brett, you are a 25 year veteran in the IT and cyberspace. ⁓ Listen, I don't want to brag, but we're kind of neck and neck for who's older here, I think. You founded Adaptive Office Solutions. I want you to talk a little bit about that here in a second. And I believe you've also written a book, Cyber Attack Prevention. Tell me just a tiny bit about both of those.

Brett Gallant (02:13)
Thank you.

So the company, it's my passion, been actively involved supporting small medium businesses since 2010. I have a background in corporate IT for construction fabrication. We are helping people protect what matters most. And what matters most is our information and the privilege and honor to be able to serve our clients and take care of our people.

The book, really some real life stories, gut wrenching stories that if you ever want to cure for insomnia, there's the book.

Justin Shelley (03:04)
Okay.

I actually haven't saw him. I might take you up on that offer. I'll get back to you on true or false.

Brett Gallant (03:11)
Highly recommended.

Mario Zaki (03:13)
Hey Justin,

I can help you sleep better at night.

Brett Gallant (03:16)
Hehehehehe

Justin Shelley (03:17)
I've

heard you say that before, but I mean, we talk week after week. I still can't sleep, Mario. I don't know what you're doing wrong. wait, I'm not your client. Maybe that's the problem.

Brett Gallant (03:23)
going this off.

Bryan Lachapelle (03:25)
Yeah.

Mario Zaki (03:26)
Yeah, you haven't

paid me enough.

Justin Shelley (03:27)
Yeah.

All right, guys, let's go ahead and jump right in here. Brett, you are here because you have some pretty cool stories. And by cool, I mean the stuff that keeps us awake, the stuff that scares us into not sleeping. ⁓ Tell me a little bit about one, the one that really caught my attention was TeamViewer versus a manufacturing firm. What have we got?

Brett Gallant (03:49)
yes, I reference this story all the time and I always anonymize the story a bit to protect the victim. The manufacturing ⁓ organization in my province, unfortunately, had a devastating ⁓ incident. We received a phone call from the electrician, the supervisor saying, my production line is down, Brett. I can't do anything. It's shut down.

And there's all these pages coming out on my printers saying you have 72 hours to pay.

Justin Shelley (04:26)
That's new. I don't know that I've seen the printer be the communication device in a ransomware attack. Brian Mario, have you seen that? That's pretty cool. ⁓ Tell me more.

Bryan Lachapelle (04:31)
Yeah, I haven't seen that either. Not once. Nope.

Brett Gallant (04:34)
No, Lever.

Mario Zaki (04:34)
No.

Brett Gallant (04:39)
So they had loads of paper and no production. so crippling, crippled their infrastructure that they couldn't, they couldn't do the manufacturing line was shut down completely. They didn't know what to do. They didn't even know what happened until we rolled the technician. sent the technician to look at it. And we actually looked at the server.

And we've seen that the drive, the computer, the server, Windows 11 Pro machine, encrypt it with the ransomware demand. And specifically what happened after we investigated that, we found out that ⁓ the malicious actors got in through TeamViewer. The TeamViewer ⁓ was managed by a reputable organization that serves many manufacturers in that industry.

but they forgot to batten down the hatches. TeamViewer wide open, not managed. It allowed the threat actors to take advantage of that network that wasn't secure, that had no cyber. And it cost this organization one week of downtime on the production. Realistically, it was three days. Now, the good news about this was that the...

Bryan Lachapelle (05:54)
Yikes.

Brett Gallant (06:03)
Vendor support had the foresight to have images saved on the computer in a USB inside the case, which was novel. I never seen that. So we didn't want to take any chances. We put a new hard drive in and reloaded the systems.

Bryan Lachapelle (06:22)
Did they by chance have their own internal IT provider or was it an external team that was taking care of them at the time before the breach?

Brett Gallant (06:27)
We

were just doing one portion of that organization and we were trying to get in to do more work for them. And when they found this out, we had a closer relationship with them. So we did the cleanup, the remediation. And immediately after that, we put our elements of cyber on. We put a security operations center, ⁓ MDR, we secured as much as we could.

Most people don't know this, but I know a lot of your listeners are likely aware of this and you gentlemen are. When a cyber attack happens, that's not the last time we hear from the threat actors. These people came back three days later and they started going after the accounting system.

Justin Shelley (07:11)
you

Brett Gallant (07:20)
Thousands of hits trying to hit the server. We weren't aware of that environment yet. And because of the fact that we had a security operations center, we had the visibility to see what was going on and where it was coming from. We were able to shut it down. But they would have tried relentlessly until they would have gotten in and ransomed and took the financial data, which was arguably, well, a lot more sensitive than production data. ⁓

What really saved the organization initially in the first part is, I'm sure your listeners have heard this, when your buddy or ad hoc IT does just break fix and not really look at the big picture and do the things that are recommended. Sadly, well, fortunately, because they didn't have a really good IT strategy, that's actually what saved them initially for the first day.

the first two days, because there was no network segmentation. It was really bizarre. said, because your network is so bad, it actually saved you. It gave you the 48 hours to allow us to put the cyber tools in place to save you from the bigger attack.

Bryan Lachapelle (08:37)
Do you know how long they were in there before they pulled the trigger and encrypted the data? Like were they in there for many weeks before or did they just get in and start doing the damage right away?

Brett Gallant (08:48)
It was instantaneous from our investigation. And as we know, and I have other stories, but we know sometimes they're in there for months. And I have an example of a story later that I want to share with you where the threat actors were in for at least 60 days.

Bryan Lachapelle (08:59)
Yeah.

Yeah, that's what we're seeing too. We're seeing a lot of threat actors now. They're getting in and they're not making themselves known right away. And they're peeking around, poking around, figuring out how you run your operations, figuring out the most important damage, figuring out how much insurance coverage you have, who's your insurance provider, right? And they're really who your vendors are. Yeah. And then sometimes they're using you as a stepping stone to go after your vendors versus attacking you directly. So, yeah.

Justin Shelley (09:24)
Yeah.

Brett Gallant (09:27)
Who your vendors are, who do you speak to, how do you contact? Yep.

Mario Zaki (09:30)
with AI.

Brett Gallant (09:36)
Exactly.

Mario Zaki (09:36)
Yeah, with AI,

it's actually making it easier for them too. They're able to analyze everything about the company. Sometimes they'll know more about the company than the owner does.

Brett Gallant (09:48)
and the example I have, they actually contacted one of their suppliers and updated contact information 45 days before, changed the email address for the keyboard of directors and registered a new voiceover IP in the same province in our part of the country, in the same city. That's how far they went.

Justin Shelley (09:48)
Yeah.

Wow.

Now, is this the same? This is a different story or is this the same manufacturing? Okay. Okay. I want speaking of this manufacturing company though, you said they had nothing in place, no cyber protection at all in place.

Brett Gallant (10:17)
A different story, a different story, yeah.

Wide open. And that went so far that this is why you need to talk to your vendors, and vet it, your vendors, the people that are supporting your organization, and say, what do you have in place for the products that you're doing? And what are you doing in your organization to protect your cyber? I deal with not only manufacturing, but pharmacies. And you need to ask in the pharmacy world, you have to say to the vendors, hey,

What do you have on my PacMed, my dispensary device to manage that cyber risk? Because if they're remoting in, you're not really vetting and checking what they're doing. You have a huge hole into your network. And that's what happened with this manufacturing with unsecured TeamViewer. The kingdom to the doors were wide open.

Justin Shelley (11:09)
yeah.

Bryan Lachapelle (11:18)
Yep, and it goes a couple steps beyond that too. It's not just a computer that maybe a manufacturer has, or sorry, ⁓ a vendor has in your premises, but with manufacturing, there's all sorts of PLCs and there's all sorts of internet of things, right? Technology that's plugged into the network. Those are also attack vectors that should be mitigated and protected.

Justin Shelley (11:18)
Tell me.

Brett Gallant (11:33)
Yes.

Justin Shelley (11:39)
What, Brett, what was the mindset? really curious when you have nothing in place, I assume they know they had nothing in place. Was it just like a ⁓ straight up head in the sand? Like what was going on within the organization that that wasn't being addressed at all.

Brett Gallant (11:39)
Exactly.

So we all know the risk and the questions that come up sometimes in this, in the case of this organization, it was, don't have, I don't want to spend that much money. I don't want to invest. But the other thing, equally more devastating, too busy to deal with it. That's what it was. I, when this happened, I said, folks, we need to sit down.

and take action and I need 30 minutes minimum to get started of your time.

This is a non-negotiable.

Mario Zaki (12:35)
Right.

Bryan Lachapelle (12:37)
Right.

Mario Zaki (12:38)
Now, without really getting too detailed, can you tell us how much it ended up costing them to recover?

Brett Gallant (12:47)
They were very lucky. It was...

only 6,000, which was very lucky. how much, the bigger question, Mario, is how much did it cost them to not be in production for that like the time?

Justin Shelley (13:09)
That,

exactly.

Bryan Lachapelle (13:09)
Right.

Brett Gallant (13:11)
I

Bryan Lachapelle (13:11)
Yep.

Brett Gallant (13:12)
would say, guesstimate, $300,000. And to this day, they're still tweaking to get the system back purring to the way it was. So there's been all kinds of lost productivity because it didn't have up to the minute tweaks of how that production line should run. Backups.

Bryan Lachapelle (13:32)
Right.

Was there any reputational damage? Did other people know that this happened?

Brett Gallant (13:39)
No, no, and that's where they were very lucky. Now if this was health care or something that needed to be reported, yeah, yeah.

Mario Zaki (13:48)
have to. ⁓

Justin Shelley (13:50)
Well, and

some manufacturing fall under regulatory. I mean, I don't know Canadian law, but down here, you know, if you're dealing with the department of defense or your, really any, any government entity, you fall under regulatory, ⁓

Bryan Lachapelle (13:50)
Hmm.

Brett Gallant (14:03)
Yeah, if this was seafood processing or dealing with defense, they would have had, they would have been mandated to report. They didn't in this case.

Justin Shelley (14:10)
Yeah. And

then that can turn into lawsuits and that, you know, just, just a nightmare.

Brett Gallant (14:14)
Yeah.

Bryan Lachapelle (14:15)
Yeah.

Brett Gallant (14:17)
Yeah.

Bryan Lachapelle (14:17)
So if there was one thing that they could have done, just one thing they could have put in place before the attack, would there have been one thing they could have done that would have prevented it?

Brett Gallant (14:27)
Yeah, Mr. Vendor, secure your team viewer.

Bryan Lachapelle (14:29)
What is that?

Justin Shelley (14:33)
Yeah.

Bryan Lachapelle (14:35)
Yeah, so just being aware of the fact that they had a TeamViewer account or ⁓ a vendor had a way to remote in and mitigating that risk.

Brett Gallant (14:42)
On the unattended access, wide open,

they took advantage of a vulnerability. And the other thing on top of that, equally important is they were able to move laterally so that RDP, remote desktop for your listeners, RDP was open so they could move from machine to machine. So it was wide open, it was open season.

Bryan Lachapelle (15:03)
Oof, yikes.

Yeah.

Justin Shelley (15:07)
And was the machine that had TeamViewer, was it logged in as an admin?

Mario Zaki (15:08)
Yeah.

Brett Gallant (15:13)
Absolutely. ⁓ Restrictive like removing mid credentials, least restricted, you know, least access, all of that. So we changed that obviously, after the fact that the vendor doesn't like it. But I feel better about the organization that they have better posture. I'm under I I'm the belief that

Justin Shelley (15:14)
God. So that's another one right there.

Bryan Lachapelle (15:18)
Yeah.

Justin Shelley (15:29)
Yeah.

Brett Gallant (15:41)
even with the best protection is still possible that somebody can get in.

Bryan Lachapelle (15:47)
I'm of the opinion that if a vendor needs access to a machine at our clients, they can call us and we'll give them access.

Justin Shelley (15:54)
Yeah, right. Mario,

you had something?

Mario Zaki (15:57)
We, yeah, we, mean, I hate team viewer. have scripts on all our machines that if team viewer, well, first of all, it won't get installed because we have things to prevent it. But if it is, we have scripts to automatically remove it because it's, it's a pain in the ass software because they're the only software that I know of with the exception of maybe any desk is that you never need to authenticate, you know, like, you know, lock me in and stuff like that. You never have to actually go to a website.

put in your username, password, 2FA, then you click on the computer. just lets you connect from any computer, any device, without actually having to authenticate anywhere. And the number, the ID that is there never changes. the passwords that they put in by default is a bunch of BS. It's all lowercase. It's usually like six characters, three numbers and three letters, all lowercase.

Brett Gallant (16:56)
Well, what the worst part is, gentlemen, the vendor is known to have the same password. So if you breach one of their clients and you get the team viewer for another one of their facilities, you can just call up. And here's the reality of the way some of these attacks are happening. What could have happened, the threat actor may have called up.

Justin Shelley (17:10)
wow.

Brett Gallant (17:21)
Hey, this is XYZ Company. I am just calling. I'm trying to get onto the computer to fix something for your electrician. Could you read me the nine digit number of the TeamViewer? Boom, they're in.

Justin Shelley (17:28)
⁓ Yep.

Bryan Lachapelle (17:33)
Yeah.

Justin Shelley (17:34)
Brett. So you work with a fair number of manufacturing companies, correct?

Brett Gallant (17:35)
Train your team.

a fair number in that type of industry and we do a few seafood plants as well.

Justin Shelley (17:47)
How common

is this kind of ⁓ like a team viewer, some sort of a remote access through a vendor? How common is this in that industry?

Brett Gallant (17:57)
in that particular industry for that particular vendor and similar, ⁓ quite common. ⁓ That's the only one that I know that is using TeamViewer. Others are using other technologies that I would argue are more secure than that platform.

Justin Shelley (18:07)
Right.

I mean, it sounds a lot like the, this has old news by now, but the, target breach going way back. think it was an HVAC vendor that, that left something open. Does that sound familiar guys? Anybody was a home Depot. Okay. You're right. It was home Depot. Do you, do you remember the details of that one, Mario?

Mario Zaki (18:26)
Home Depot. Home Depot.

⁓ It ⁓ was the HVAC system for Home Depot. ⁓ I believe ⁓ it had a vulnerability just like that and they were able to get in through the HVAC system and then they were able to piggyback onto the main network and then they were able to, I think, get into the credit card machines and stuff like that. But I also, I do remember, and this was probably three years ago,

Justin Shelley (18:54)
Yeah.

Mario Zaki (19:02)
with TeamViewer, it was a water treatment plant in Florida that got breached and they were lucky because they got right at the very end, the hackers tried to actually alter the chemicals inside the water treatment and they were trying to poison the entire city or town and

Brett Gallant (19:10)
I'm of this one.

The operator is there. Yeah. Yeah.

Justin Shelley (19:30)
wow.

Mario Zaki (19:31)
at the very last minute it was actually caught and they realized that it was caused by Team Viewer. But Brett, you may know more information on it than I do.

Brett Gallant (19:39)
I reference that story

all the time. We serve municipalities and indigenous communities, and often these organizations have a wastewater treatment plant. And every time we've gone in to work with them, previous IT has forgotten to look at the most critical piece of their infrastructure. And they say, well, why would we want to look at the water treatment? Well, let me tell you what happened in Florida and how they got lucky.

Do you want to be, if you're casual in your IT and how you're managing the risk for your organization, you become a casualty.

Justin Shelley (20:17)
It's a crazy world. The vendor access is a, it's a tricky one because it's important for them to be able to support their product. Right. That that's a given. I, I've referenced this a few times in the past. have a vendor, well, a client's vendor wanted full access to their server. And I got in the middle of it and stopped it to do some due diligence. And when I started pressing them for, you know, what's, what's your cybersecurity plan, you know, just in general and, know, with some details.

Brett Gallant (20:18)
when we're dealing with people's lives.

Justin Shelley (20:47)
⁓ they're like, yeah, no problem. We'll give all that to you. Once you sign the NDA, okay to install the software now, like where's your NDA, NDA motherfucker. ⁓ and, and then they're like, ⁓ we'll get back to you. Ghosted me. Haven't heard back from them since. And this was like, six weeks ago, I think. So when I started pushing for, know, what their security plan was, they have nothing, nothing that they can give me whatsoever. It's crazy.

Bryan Lachapelle (21:05)
Yikes.

Justin Shelley (21:13)
But we just blindly end up by we, I just mean the community, the business community at large. We just need to get a job done. And that probably is one of the biggest problems that we face is in trying to get a job done, ⁓ knowing how important the outcome is. Sometimes we forget to look at the details.

Bryan Lachapelle (21:13)
Yeah. Yeah.

Yeah, we've gone a couple steps further with some of our greenhouse clients because they're in the same boat. They have a lot of vendors who put in devices on site that they need a remote access to. So not only do we ⁓ get in the middle and only give them access when they request it, we also, in most cases, where it's possible, isolate that unit in its own separate VLAN or virtual network, basically, for those who aren't familiar with that.

Brett Gallant (21:33)
So true.

Bryan Lachapelle (21:59)
essentially isolating that computer that it can't access the rest of the network even if they did want to. So we give them access, they can only access that one box and anything it's directly attached to they can't then use that to move through the network.

Justin Shelley (22:03)
Right.

Crazy world out there guys. ⁓ let's, let's talk about, and so Brett, mentioned a minute ago, something about believing that your it guys got you covered or whatever else. ⁓ and I don't think Brian Mario, you've never heard this before, right? Where, companies are just, okay, let's, let's dive into this because this is, kind of what your book's about, right?

Mario Zaki (22:31)
Now tell me more about it. ⁓

Brett Gallant (22:32)
Yeah.

Yeah, I really believe the importance that you can't prescribe without diagnosing. And a lot of times, unfortunately, we still live in a world where even corporate IT and other people in our industry like us that know that cyber, we need to be cybersecurity first. They still think that antivirus

and removing admin credentials is enough. Or that it will never happen to me, I'm too small to be hacked. You might think you're too small to make the news, but you're not too small to get hacked. And that's the truth. And I've seen so many different people in different corporate government, ⁓ even in healthcare and corporate government, where they think, okay,

Justin Shelley (23:22)
Right.

Brett Gallant (23:39)
If I just do this one area and just upgrade this area, I'm going to be okay. But if you look in my part of the country, we can see in the last two years, the healthcare industry in Newfoundland, the province of Newfoundland, the entire hospital network was down. And then recently in Nova Scotia, in the province of Nova Scotia,

Nova Scotia Power had a cybersecurity incident and they also, a power company had social insurance numbers. Now, getting back to the techie side, it's all up to us, all right, to the people listening to really have that conversation with whoever is your vendor and just say, hey, I want to know.

what have you put in place for cybersecurity? And if they say antivirus and backup, and then if they don't start mentioning two factor authentication, security operations center and EDR, then you need to start looking elsewhere, unfortunately.

Is it going to cost a little bit more to manage your cyber risk? Yes, but how much is it going to cost if you don't do anything?

Justin Shelley (25:04)
I mean, you just illustrated that, right? And if you Google it, the average cost of a ransomware attack right now is about 5 million. And well, and it.

Brett Gallant (25:13)
Folks, yeah,

yeah, I fired a client because of this, so.

Justin Shelley (25:17)
I want to just real quick talk about that because you first said $300,000. Well, first you said $6,000. Then it's like, correct. Well, that's, that's my point. Like how do we define this? Because sure, it costs $6,000 to get back up and running. Well, what was the cost in lost production? Now we're up at $300,000. And then you mentioned they're still tweaking things, trying to get back to where they were. If you could really quantify that entire theme, you're probably in the millions.

Mario Zaki (25:26)
That was his cost. Yeah.

Justin Shelley (25:46)
Correct?

Brett Gallant (25:48)
Exactly. And I don't even know if they lost a client because they didn't meet production schedules.

Justin Shelley (25:55)
Right.

Bryan Lachapelle (25:56)
And they got lucky that it didn't get out. Because if I was a criminal, I would have reached out to every one of their vendors and said, or I would have threatened to reach out to all of the vendors and said, either you pay me, or I release it to your vendors and let them know you've been breached. Right? And then.

Justin Shelley (25:58)
Absolutely.

Brett Gallant (26:11)
Yep, yep, 100%.

Justin Shelley (26:14)
So Brett, what other stories? You mentioned that you had another story you wanted to talk about, another ⁓ case study example, whatever we're going to call it. What else you got?

Brett Gallant (26:21)
Yeah. So I was in the in the gym working out in middle of the day, I've given myself permission that it's okay to, to, to put me first. I got, I received an email from a longtime client. Can you call me? I need help. And you can just feel it. And I phoned them and said, I think, I think I'm

I think I may have lost a couple hundred thousand dollars.

Bryan Lachapelle (26:53)
boy.

Brett Gallant (26:54)
And I would just finished working out. I said, hang on, just wait. And we'll call this lady Mary, okay? Mary's her name today. Mary, I'll be right there. I drove because I cared. And it was just three minutes away. I figured it'd be just easier to see. Got there and I found out that the day before Mary was speaking with somebody who she believed to be the bank and

they were saying, hey, I have the owner on the phone, his name is Bob. ⁓ And we've been talking about this deal, this deal had all the bank had all the relevant information, recent deals that they had just talked about that very same day in an email.

The bank said, all I need to do is to help Bob to transfer the funds. I just need your key fob so I can authenticate it for Bob. She gave away the fob.

$200,000 wired. Gone.

Justin Shelley (27:58)
Not

able to recover any of it, I take it.

Brett Gallant (28:02)
And then they did another one right after that, which the total was 400,000. They were able to get 160,000 back out of the 400,000.

Justin Shelley (28:13)
So 340 if my math on the spot math is correct. Holy.

Brett Gallant (28:17)
Exactly. And so when I talked to them and the owner, I talked to Bob, I said, what are you going to do? I actually even had a grant where we could have paid for a cybersecurity risk assessment.

They said, well, what is that going to do for me? We already know we have a problem. I said, yes, but at least we'll know where to start fixing it. They decided not to do anything.

Justin Shelley (28:41)
Yeah.

Say that again slower, what?

Brett Gallant (28:47)
Nothing at all.

They decided not to do anything.

Justin Shelley (28:53)
my God. Okay, tell me a little bit. You said you had a grant. What do you mean by that?

Brett Gallant (28:56)
So.

⁓ Folks, if you hear anything from me, look to your government and see if there's any funding to fund some of these ideas. In my province right now, there's a grant through the CBDC, cybersecurity grant, and you can access funding to help an organization with their cybersecurity posture or AI. They didn't even want to take advantage of that, which was a no-brainer.

Justin Shelley (29:25)
Why? Why?

Brett Gallant (29:28)
I don't know, I can't explain it. But I respect their decision. And I said, hey, I really appreciate working with you. I can no longer serve you. Bon chance, nos amazami. And I said, if you ever have an issue, if you just want to workshop something, the door is always open. I'm happy to talk to you if your new vendor needs something.

Justin Shelley (29:33)
I don't.

Yeah.

Bryan Lachapelle (29:44)
You

Brett Gallant (29:58)
Guess what happened a month, like three weeks ago.

Justin Shelley (30:00)
I can't

imagine. ⁓

Bryan Lachapelle (30:01)
They got hacked

again. ⁓

Brett Gallant (30:05)
Guess who came back?

Mario Zaki (30:05)
Please

do tell. ⁓

Brett Gallant (30:08)
And the new vendor, local gentleman, was calling and asked if I had the password for the router, which I don't. It was managed by a third party vendor.

What they, so two things happened. He wanted them to shut down their computers because they were actively under attack. They refused.

Okay, so I felt bad for the people that were having the attack. I do.

Justin Shelley (30:37)
Yeah, yeah.

Brett Gallant (30:41)
So he finally did get them to shut down, his security solution, OK, his security solution was to reload the machine and install Kepersky.

Justin Shelley (30:52)
Naturally.

Of course. Of course.

Mario Zaki (30:53)
⁓ no.

Brett Gallant (30:56)
Okay, Russian software that's not even allowed in the United States is still being sold in Canada. But here's the thing.

When we have an issue, a cybersecurity issue, we know a lot of the times they're not just coming in the computer. We have to check and see, did we batten down the hatches in the email? Did we check if they're still in the Microsoft tenant or the Google Workspace tenant?

Justin Shelley (31:22)
Right.

Brett Gallant (31:24)
Have we put MDR, EDR, security operation center in place? Have we looked at our policies on how we handle transferring of money?

None of that was done. was, just going to wipe and install Kopersky. We're okay again.

Justin Shelley (31:43)
Lord.

Bryan Lachapelle (31:43)
Hahaha.

Brett Gallant (31:45)
I feel bad for that organization. I do. I love the people. I respect them. And they're great. They've taken their business far. But I think the sad thing is they're not going to learn until it happens the third time.

Justin Shelley (32:05)
That's crazy. You know, I'm, comfortable telling people that they don't, nobody takes cybersecurity seriously until they've had a breach, until they've lost money. I don't tell them that it usually takes three times. So that's, that's new. I'll start, I'll, I'll update my, my pitch. ⁓

Brett Gallant (32:21)
Or my father said you can't teach a Heinz Pickle nothing.

Bryan Lachapelle (32:21)
Yeah.

Mario Zaki (32:25)
You

Justin Shelley (32:26)
So Brett, I want to talk a little bit about, think you've got a three phase framework. I want to get into that, but before we transition, ⁓ Mario and then Brian, do you guys have any kind of questions or thoughts on this latest story?

Mario Zaki (32:44)
I'm still- I still can't believe about the whole printer thing from the very beginning.

Justin Shelley (32:49)
Michael's stuck on printers. Listen, that's a good point because like that's one of the biggest problems in IT is making printers work at all. And that was their vector of choice. They're going to go and fix the printers.

Brett Gallant (32:50)
Yep.

Hey, and

one of them, one of the printers was a laser jet for a Mario. I knew you would appreciate that. Yeah. Yeah. Yeah.

Justin Shelley (33:07)
wow.

Mario Zaki (33:09)
⁓ I haven't seen one of those in But those things, those things don't break. They don't die. Yeah.

Justin Shelley (33:11)
They never die. They never die. Okay.

Bryan Lachapelle (33:12)
They don't die. No, they don't. No.

Justin Shelley (33:15)
Brian, did you have anything else on this one?

Bryan Lachapelle (33:18)
Just that I'm actually not 100 % shocked that they didn't want to do anything. I've run into a similar situation where it wasn't securely related. It was backup related where somebody lost all of their data. We were able to magically get it all back and then they still refused to put a backup system in place. And I effectively at that point, ⁓ it was a dentist. I took my own business out of there and went to a different dentist, ⁓ which is ironic. ⁓

Justin Shelley (33:22)
Really?

yeah.

Bryan Lachapelle (33:47)
If your passwords are still teeth, you probably should change that too, because it seems dentists love that as a password for some reason. Yeah.

Justin Shelley (33:54)
Seriously? my god. ⁓ my god.

All right. So with that, Brad, let's talk about your three-phase framework.

Brett Gallant (34:07)
you'll have to remind me what the.

Justin Shelley (34:11)
Did I make that up? Okay,

I might've made that part up. ⁓ The risk audit gap closure resilience testing, is that yours or did I just like, listen, full disclosure guys, I use AI to prep these things and AI was pretty sure that that's how you do business. Okay. Listen, I'm gonna have to upgrade mine.

Mario Zaki (34:15)
Yeah

Brett Gallant (34:15)
Yeah.

Sorry, I

That's exactly what we do.

Mario Zaki (34:31)
What kind of cheap AI are you using, Justin?

Brett Gallant (34:35)
I should have been prepared. So

what we do is, ⁓ like I alluded to earlier, we really believe in the model you can't prescribe without diagnosing. often what we do before we actively engage, and sometimes we just do this to help ⁓ existing companies just audit their IT, we will do an audit of the

health, their cybersecurity health, right from their ⁓ Microsoft environment to their servers, to their desktops, seeing where the gaps are, where their ⁓ technology is. And what we're starting to do now is we're actually ⁓ including another offering to say, hey, what's your AI strategy? Because there's AI leakage. ⁓ People don't even realize they have an AI strategy.

It's being used of willy-nilly while Wild West, but there's no controls. So we look at that and we assess the cyber risk. And then we have a real frank and honest discussion with the owners management and say, here are the gaps we found. This is what we recommend. And then we ask them what decision they want to make on how to go forward. But we give them some actionable items.

that they can take tangibly to manage their cyber risk. And if they choose to partner with us, we'll help them manage it.

Justin Shelley (36:15)
Do you have like a standardized audit that when you run them through that? Okay. Jimmy, if you don't mind, and I don't, we don't want to get into a lot of these details because when we do, we kind of give the bad guys a recipe. ⁓ but if you were just to take like, let's say the top three things that you check, the most important things that you check in one of these assessments, what do do?

Brett Gallant (36:20)
Yep, yep, yep.

Well, number one for me, I want to know if they're monitoring their SAS, if they're monitoring their Office 365 environment, if somebody's coming in. 80%, 90 % of organizations are not. Do they have two-factor authentication in place? Is their software up to date and is it managed? And for me, most critical on top of that is, do you have a backup? Test it.

Justin Shelley (36:41)
Okay.

Brett Gallant (37:05)
Is it offsite? I'm also checking the vendors, because that's a key one that we've seen. That computer that's sitting aside for that manufacturer that connects into supports to your production line, what do they have in place? And is the network segmented? Are there VLANs in place? Those are the top.

Justin Shelley (37:29)
Let's ⁓ guys, let's talk about AI for a second because this honestly is all anybody really wants to talk about these days. ⁓ Brett, you mentioned that you throw this into your assessment, your consulting. Mario, Brian, what are your guys' thoughts? How are you addressing this with your clients, your prospects and internally?

Brett Gallant (37:45)
Cool.

Mario Zaki (37:50)
Brian, wanna go first?

Bryan Lachapelle (37:51)
Sure, yep, okay.

So when it comes to AI, there's still a lot of, I don't wanna say unknowns, but if you're, first if you're implementing Co-Pilot, then there's an entire checklist of things that you have to do prior to turning on Co-Pilot in your 365 tenant. But more importantly, it's, everybody is investing in AI right now and a lot of folks are allowing their teams

Brett Gallant (38:15)
Thank

Bryan Lachapelle (38:18)
their staff to sign up for accounts on various AIs without having a framework in place as to what can be uploaded or sent to the AI and whether or not it should be sent to the AI. So for example, if you sign up for ChatGPT and you decide you want to upload your entire ⁓ contents of your intellectual property so you can have it double check spelling, that's probably not the best use of that tool, right? And that's just a

probably a terrible example, but if you're going to have AI being used in your business, you have to have a policy in place as to what can, first of all, an investigation in every AI you're gonna use to understand what they're gonna use the data for and how it's used, and do they store your data and do they use it to train the data set? And secondly, what information is authorized to send to each of those AIs, and then have a way of being able to audit that and verifying that people aren't utilizing it in a way that is,

Brett Gallant (39:07)
Yeah.

Bryan Lachapelle (39:18)
against the policies that you create. That would be my initial approach.

Justin Shelley (39:22)
mean, yeah,

that's pretty thorough. Mario, you have any thoughts on that?

Mario Zaki (39:27)
Yeah, maybe I shouldn't have had him go first because he pretty much covered everything ⁓ But you know pretty much you know what I tell them is like you got to understand what you put into the system is gonna be out there It's gonna use it, you know for other people no matter it may not be full You know the full word for word, but now that's out there So if it's if it's something that you don't want it outside of your building, then don't put it in there

Justin Shelley (39:29)
Hahaha

Bryan Lachapelle (39:31)
I'm sorry.

Mario Zaki (39:56)
no matter what system you're using, if you're getting for free, paying for it, unless it's done correctly. And most people do not know how to do it correctly, set it up correctly. ⁓ Keep the important stuff out of it. You can use it because people are going to use it anyway. Make sure that they're using it with company accounts and stuff like that and everything is monitored.

Brett Gallant (40:22)
Yep.

Justin Shelley (40:23)
Brett, you kind of already touched on it, but do have any final thoughts or things to add there?

Brett Gallant (40:29)
I like to teach them by example as well and give and I'm looking at spinning up another offering AI strategist what AI when leveraged properly can be a powerful tool as an extension of your brain as a thought partner and most people are just using it to write email but when you start using it with the idea that it's an extension of your brain and ⁓

I've gone as far as using it as an AI. I've spun up a board of directors. I'm leveraging it in ways that are incredible. I even spun up an AI advisory board. I'm passionate about scouting. I have Baden Powell and Barley Mowen on my AI advisory board for scouting. So it's incredible when we can inspire because we're all leaders in our communities.

Justin Shelley (41:04)
Mm-hmm.

Brett Gallant (41:28)
when we inspire people to think about propelling and leveraging this new technology, it can do amazing things when used safely.

Justin Shelley (41:37)
I love that because I

have done a similar thing recently. ⁓ I have a leadership team that's built in AI that I consult with because I can do it in the middle of the night. You know, I don't have to wake somebody up. It's great. ⁓ Yeah, no, I agree. think as much as we need to be ⁓ being, you know, pounding the drum of security protection, ⁓ we also need to evangelize the absolute. ⁓

Brett Gallant (41:52)
There you

Justin Shelley (42:06)
the huge resource that this is. there's so much that we can do with it. And if nothing else, like just do something, just start. But the best advice I was given early on was just keep, you know, chat GPT or whatever, just keep it open all the time on your computer when you're working and just throw things at it just kind of see what happens. ⁓ obviously with some safeguards in place and you know, you can contact any of us and we can teach you how to set even just the basic chat GPT up so that it doesn't steal your information. ⁓

but there are much more secure platforms and ways we can go about that. That's probably a.

Mario Zaki (42:40)
I love actually talking to my AI. You ever talk to? I love to.

Justin Shelley (42:41)
I don't know, I don't like that.

Brett Gallant (42:44)
I It's my French tutor, French

second language tutor. I parle français avec Louis.

Justin Shelley (42:48)
⁓ that's that's do you guys know? OK, do you know that LLM

were initially created for language translation? That's the beginning of this thing.

At least some, that's what I, that's what I saw on a video on YouTube. ⁓ I have not fact-checked that it might be a hallucination. don't know. ⁓ okay guys, unless there's anything else on AI, Brad, kind of want to wrap this up. We're, getting towards the end here. ⁓ the, you know, there's, there's a few things about you that kind of caught my attention and why I wanted to talk to you today, but one of them was this, ⁓ business transformation that was closely tied to a personal transformation. Do you mind telling that story?

Bryan Lachapelle (43:02)
I did not know that.

Mario Zaki (43:02)
I didn't

know that.

Brett Gallant (43:03)
Yeah.

Yeah, have you ever had one question that changes your life? I did. I I did for me in October 2023, I was speaking to my business coach, Dave. I said, Dave, I don't have any time. I just don't have time to get to the gym. And he said, Brett, you mean to tell me you own your own business and you don't have time to get to the gym? And that's when I changed everything. I decided, and I speak to lot of business owners,

Justin Shelley (43:32)
Am I about to?

Bryan Lachapelle (43:35)
Hmm.

Brett Gallant (43:59)
We prioritize because I'm a people pleaser, I'm recovering people pleaser. I put everybody else first, but we forget to put the oxygen mask on ourselves. And so what I've learned is to put the oxygen mask on me. I've become an expert at being okay with giving myself an hour, an hour and half every day. And I've released 130 pounds since then.

Justin Shelley (44:02)
You

Bryan Lachapelle (44:28)
Wow, good job.

Brett Gallant (44:28)
I've lost it.

And I say release because when you lose something, you find it. When you release it, you release it forever. And it's changed my life. I'm much more present for my family. I show up. I'm setting an example. I know that I've inspired people beyond this, that I've inspired people in the community that we're in. And I have had people that said to me, hey, Brett, because of you, I've started.

Justin Shelley (44:33)
love that.

Bryan Lachapelle (44:36)
Yep.

Brett Gallant (44:59)
And I've spoke with one gentleman that's in our industry. he was struggling. We were at an event. He was on his computer. said, but you've got to be OK with just putting yourself first. And every industry, every business owner I talk to, we forget to put our own oxygen mask on. And for me, other people have inspired me before. And I just like telling the story.

Bryan Lachapelle (45:21)
Yep.

Brett Gallant (45:28)
because I think everybody can connect with that. And if you don't have an hour, what I started with at first, 20 minutes in the morning, or even 10, and then 20 minutes later, you can do a lot of damage with three 20-minute sessions a day. I'm proof of it. Yeah.

Bryan Lachapelle (45:40)
Yep.

Justin Shelley (45:43)
Yeah, absolutely. Yeah.

Bryan Lachapelle (45:46)
Yeah, I

have a similar story and what it was that got me going was somebody looked at me and said, know, everybody talks about how they would take a bullet for their family. Right? Who here wouldn't wouldn't give up their life for their family, right? Would you get healthy for them?

Brett Gallant (45:58)
Yeah.

Justin Shelley (46:02)
⁓

Mario Zaki (46:02)
course.

Brett Gallant (46:05)
Yeah, yeah.

Bryan Lachapelle (46:06)
Right? Because

you come up a totally different person when you're a healthy person. You'll live longer, you'll be more present, you'll be more in the moment, and you'll be able to keep up with them. And I was like, damn. So similar to you, I lost 80, Brett.

Justin Shelley (46:08)
It's true.

Brett Gallant (46:18)
Yeah, Brian, good for you. I would avoid taking my children for a walk up the park because I'd be out of breath. Or asking for seatbelt extenders on the plane.

Justin Shelley (46:32)
Mario, did you have something you wanted to interject there?

Brett Gallant (46:34)
I know that. Yeah.

Mario Zaki (46:37)
Talking about gym stuff, this is not my story. have nothing to contribute to this. Even though I have, I've been watching, because I'm diabetic, so I've been eating healthier. I think within the last year, I've lost about 45 pounds. I still have ways to go. The ways to go isn't to the gym, but I've a new bike, I'm riding with my...

Justin Shelley (46:38)
fair enough. Fair enough.

Brett Gallant (46:41)
Yeah.

Mario Zaki (47:06)
son and daughter. it's, I ⁓ do, you know, agree. ⁓ But it is, it's definitely, that's a good point, Brian, you know, would you get healthier for them and I'm trying.

Brett Gallant (47:18)
you

Justin Shelley (47:19)
I

got a long, long story. I'm going to just give the very, very short version, but, Brett, I, uh, I wore this shirt today. Um, and now, first of all, when my step kids see this, they're like, cap, do you guys, do you guys know that slang word? I just learned it recently. I didn't, I'm not with the times. That means lie. Um, so this is a program they, uh, advocate moving, walking, running, whatever, 2025 miles in the year 2025. Um,

Brett Gallant (47:24)
I'm that down.

Bryan Lachapelle (47:38)
Yep, absolutely.

Mario Zaki (47:38)
Mm.

Justin Shelley (47:50)
I'm not going to hit that target this year. I will say that, but I am kind of in the middle of a very long attempt at a transformation. I used to run marathons. A lot of bad shit happened in my life and it took me out. And I mean all the way out and I'm coming back from that. And in that process, I've gotten back to running and the difference you talk about the difference that it makes in showing up and being present and in business. And I want you to come back to that.

because I know you've got more of a story there. Just the ability to function is night and day. When I get up, I get up at 445 and I go out and I run or I do whatever my chat GPT coach tells me to do. Yes, I have an AI coach, which is phenomenal, by the way, a nutritionist, the whole show. I love it. Anyways, I would go from, and this might be a little bit too much information.

Brett Gallant (48:35)
Yeah.

Justin Shelley (48:45)
But I would just go from getting up and sitting on social media and scrolling for hours when I should be working and just trying to avoid every emotion, every fear, every, you know, thing that I was ⁓ dealing with, ⁓ to getting up, running for and run. I'll put that in quotes cause it's, it's, a walk, run at best, but that, that movement, just getting back into that has completely transformed.

the energy, the mental awareness, the mindset. So, you know, I've seen some of your posts on LinkedIn. I love them. I've liked them. I haven't really commented much on there, but I absolutely love that part of your story. So tell me how that tied into, you made that transformation. You lost 125 pounds, Jesus Christ. What did that do for your business?

Brett Gallant (49:25)
Yeah.

Yeah, but.

So that was a total transformation. I became a visionary leader. I used to be the bottleneck of my business. So I believe in the mindset, which I learned from scouting. You train them, trust them, let them lead. Empower your team. Instead of being the bottleneck, you coach your team and allow them to make the decisions. So 80 % done by someone else is 100 % off. Awesome, I believe. Instead of me.

clutching to doing everything is that I go to the, used to have that mindset, how am I going to get this done? Now it's who's going to do it on my behalf and my team. And because of that, I've transitioned my business financially from being worried about making payroll, we're doing fairly well compared to where we used to be. I was at 18,000 MRR to over 120,000 now.

Bryan Lachapelle (50:15)
Great.

Justin Shelley (50:35)
How long did that take you, if you don't mind me asking?

Brett Gallant (50:36)
a month.

that was going on in middle of my personal transformation. So that took three years to do that.

Justin Shelley (50:46)
which is still

pretty huge.

Brett Gallant (50:50)
Yeah, I had another aha moment and I'm calling it courage. It happened on Friday. Sometimes we don't put on the gas because fear of change. And so what I decided is I'm fully embracing this new version of me in not only in my personal, but my professional transformation. And we're going all in baby. I got a 90 day sprint plan and I'm calling it courage.

Because sometimes we don't have that courage to actually step in to doing what we know we need to be doing. And I called myself out on it. So, yeah.

Mario Zaki (51:33)
That's awesome.

Justin Shelley (51:34)
Well, I appreciate you

sharing that. know that's a, it's personal. I, I love personal stories, you know, uh, business is sometimes kind of cold and calloused. Um, but I love it when we can all just be human with each other. thank you. Uh, I appreciate that. Yeah, absolutely. Absolutely. So guys, we're going to go ahead and wrap this up. We, uh, kind of have a, a habit of going around the room and talking about our key takeaways. And, and, know, if there was just one thing that we want our listening audience to do this week.

Brett Gallant (51:48)
We're here to help each other. That's the biggest thing. That's what we're here for.

Justin Shelley (52:04)
What would that be? Or if they only listened to this one sentence, what would you want them to know? I'm going to start Mario. If you're ready, we'll start with you. Then we'll go to Brian and then Brett.

Mario Zaki (52:17)
Yeah, mean, it's really today is stuff that we've been talking about, you know, for weeks and months, you know, years now, it's you got to do something. You got to start somewhere. You can't go from, you know, expect to go from zero to 100 or do it when you really have to after a breach, you know, like get started to something consult a, you know, a professional and

You know, know, something like Brett said, can literally, you know, go from nothing to costing you, you know, over $300,000 and still linger with you for weeks and months later on because you didn't want to spend the money before. You know, in almost every case that we've ever discussed, it ends up costing you

10 times if not 100 times more than what you would have spent along the way in a controlled environment. You know, don't do it when you're panicking and you have no choice. Get started. Do it now.

Justin Shelley (53:26)
Brian,

what do you got for us?

Bryan Lachapelle (53:30)
All right, I'm gonna deviate a little bit from my standard start your journey. And I'm going to say ⁓ just one of the most impactful things that in this conversation that we had was ⁓ change yourself and change your business, right? First, start concentrating on yourself, which is, it sounds like Brett did almost like same type of journey as I have and ⁓ start concentrating on, a lot of people talk about how

Justin Shelley (53:31)
⁓

Bryan Lachapelle (54:00)
They don't have time. I don't have time. don't have time. And the reality is you have the same amount of time everybody else does. We all have the same amount of time. The problem is you're not using, most people aren't using their time efficiently and wisely. And they're so exhausted and or unable to focus that a lot of the time they spend working on their business is wasteful. And when you start concentrating on yourself and making sure that you're in a healthy place and you're much better physically healthy, you're able to think a lot clearer.

Brett Gallant (54:07)
Thank

Bryan Lachapelle (54:29)
and have a lot more clarity and be able to accomplish a lot more in the same amount of time. So I would say focus on that. It has nothing to do with cybersecurity, but focus on yourself and get yourself better. And then find your who to initiate the how. Get somebody in your organization who will take, if it's not you as a leader, and it should be you as a leader, but delegate to someone who you can trust the cybersecurity aspect and get started. ⁓

and just start implementing one thing at a time. And with that clarity and that extra time that you're going to have, because I know you're going to have extra time if you start focusing on yourself and your health, then you're going to be able to accomplish a lot more and cybersecurity can become a focus of your business.

Justin Shelley (55:06)
Perfect. All right,

Brett, you're up.

Brett Gallant (55:10)
So I was reflecting on this earlier today. was practicing a presentation I'm going to do. And I said this, and I'm going to share this one with you. I owned a business that owned me before, but now I truly own it. And I want to pick up on what Mario said, because I wrote it down when you said it. I'm to say it in a different way. For your listeners, I want you to go from zero to hero.

Justin Shelley (55:24)
Yeah.

Brett Gallant (55:40)
I want you to be the hero in your own story and that you decide today, whatever it may be, because we talked about a number of great things, whether it be that you become the hero for the cybersecurity in your organization or you become the hero as a dad or the mother, that you do something for your own well-being to be more present or to do something to serve. I'd like you to be consider all that and be the hero. Be the hero.

for yourself, for your business, or for your organization.

Justin Shelley (56:11)
of that.

⁓ Damn, I should have went first. I don't know how to follow all this. I have to go back to something I heard David Goggin say. I've read his books, I've followed him a little bit on social media. ⁓ But he talked about following the path of most resistance. So as humans, we are actually wired to avoid pain, to look for efficiencies to find the easiest way to do something.

Brett Gallant (56:19)
Yeah

Justin Shelley (56:40)
And the problem that that causes with myself, I'm sure I'm not the only one, maybe, ⁓ is that if something is hard for me, if something is scary to me, I will avoid it. And, that was me on social media scrolling for hours, trying to avoid what I knew I needed to do. ⁓ and, and what I had to do in my, my, ⁓ called action, I guess, for this week is to look for those things that you're avoiding, look for those pain points, look for those blind spots, whether that's in cybersecurity, please do that. Or in your personal life also do that. ⁓

But look for that thing that you're avoiding and hit it head on and get started, ⁓ fix these problems because the pain of avoiding them is actually stronger than the pain of resolving them, or at least that's what I've found. So that's my take away for this week, guys, absolute pleasure today. Listening audience, visit our website, unhacked.live. That's where you're to find show notes. You're going to find links to our amazing guests like Brett. will Brett will.

We'll throw a link on there to your company website, to your book. ⁓

Brett Gallant (57:46)
Instagram.

So connect with me, DM with me on Instagram, LinkedIn. And if you DM me 15 ways, I'll send you a document 15 ways that you can help your business with cybersecurity. So 15 ways.

Justin Shelley (57:48)
Instagram, okay.

Beautiful. Okay. 15 ways guys. ⁓

all those links will be available on our website. And also I've started putting some of the links right in the show notes on Spotify or Apple. You can get to a lot of them just right there. So, ⁓ check us out and guys, ⁓ back to the audience. If you guys have issues, problems, stories that you would like us to talk about to answer, or you want to come on the show, jump on our website and let us know. And maybe we'll bring you on and you can tell your story. So guys with that.

That is it for this week's episode of Unhacked. Let's say our goodbyes, Brian.

Bryan Lachapelle (58:35)
Start your journey in cybersecurity and I'll see you on the road.

Justin Shelley (58:37)
Mario.

Mario Zaki (58:41)
If you guys are staying up at night worried about your business, let us help you out.

Justin Shelley (58:44)
All right, Brett,

what's your sign off?

Love it. And I am Justin. Remember to listen in, take action, and keep your business unhacked. See you guys next week.

Brett Gallant (58:49)
Be the hero in your story.

Mario Zaki (58:58)
Bye, guys.