59. Your Factory Is Wide Open: How to Lock Down Connected Machines Before It’s Too Late with Tory Bjorklundy

Justin Shelley (00:00)
Welcome everybody to episode 59 of Unhacked. Guys, we try to keep cybersecurity simple. Unfortunately, that sometimes feels like a losing battle, but here we are week after week talking to the business owners who already have enough on their plate. We're just going to add a couple more things. ⁓ I'm Justin Shelley, CEO of Phoenix IT Advisors and joined as always by my good friends, Brian and Mario Brian. Say hi.

Bryan Lachapelle (00:24)
Hey.

Hello?

Justin Shelley (00:27)
Mario, chime in, check in, say hi.

Mario Zaki (00:28)
How are you guys? I'm

Mario Zaki, CEO of Mastek IT, located in New Jersey, sunny today, surprisingly. We work with small and medium sized businesses, ⁓ keeping them safe from, ⁓ you know, Justin's Russian hackers, but also other hackers as well. ⁓ You know, and we specialize in keeping business owners ⁓ have the ability to sleep better.

Justin Shelley (00:56)
You like to take on the whole world at once. Brian, go ahead. Sorry.

Bryan Lachapelle (00:56)
I'm

Brian Lashpell, CEO of B4 Networks based out of Niagara Falls, Niagara area, Ontario, Canada. And we help business owners ⁓ get rid of the frustrations and headaches that come with dealing with technology.

Justin Shelley (01:11)
All right, guys, and this week we've got somebody who's been around the block a little bit. We ⁓ won't give away too much, but 37 years advising manufacturers. Tori, does that sound about right?

Tory Bjorklund (01:23)
Yeah, it's at least 37.

Justin Shelley (01:26)
at least that's

all we're admitting to.

Mario Zaki (01:29)
Justin,

I know you're gonna try to attempt to pronounce his last name, right?

Justin Shelley (01:33)
Bjorkland. I close? Yeah, you know how I knew I asked AI haha.

Tory Bjorklund (01:35)
Yeah, you got it, New Yorkland.

Mario Zaki (01:37)
Bye.

Tory Bjorklund (01:39)
Hahaha!

Justin Shelley (01:41)
Cause I didn't know. ⁓ Tori, tell us a little bit about yourself. Where are from? Where, where is at least where is the last name from?

Tory Bjorklund (01:48)
Yeah. So, well, actually the last name is from Sweden. My grandfather immigrated, well, his parents immigrated. He was three years old. Our family comes from the Dollarna region in Sweden. And I've never been, ⁓ but so I'm no, no born and bred in Arizona. I live in Minnesota. Now I've been here since 1985.

Justin Shelley (01:51)
⁓ cool.

Never been to Homeland, huh? All right, well.

Tell you what, when this episode gets a million downloads, we'll all take a trip over there to celebrate. How's that sound? All right, deal. I'll start tracking. ⁓ Tori, do you work primarily with manufacturing companies or what industries do you work in?

Tory Bjorklund (02:18)
Let's do it, let's do it.

Bryan Lachapelle (02:19)
you

Tory Bjorklund (02:27)
Yeah, primarily manufacturing and distribution. We do work in a lot of other industries and our process for transformation is industry agnostic. But when you start dealing with ⁓ process improvement, which we do a lot of, process design and that sort of thing, you obviously have to know the industry to be able to do that. we focus primarily in ⁓ manufacturing and distribution.

Justin Shelley (02:53)
and you're working on a book called Digital Transformation Guidebook. ⁓ Tell me a little bit about the book.

Tory Bjorklund (02:58)
Yeah,

it's directed to non-technical leadership of mid-market enterprise companies and basically what they need to do to make sure that their digital transformation initiatives succeed. And as you guys all probably know, you know, the

Everybody has different statistics, but the low end is 70 % failure. I recently read an article in IEEE magazine that claimed 95 % digital transformation failure. It all depends on how you define it. But mean, if you're in baseball, 300 batting average isn't too bad. But if you're spending millions of dollars on some form of technical implementation, 300 is a really bad batting average.

Justin Shelley (03:46)
And

what would the other one be 50? If you said 95 % fail, that's only a 50 batting average. okay, real quick while we're talking about definitions. So when you say digital transformation, what's a before and after picture of a digital transformation?

Tory Bjorklund (03:50)
95%. Yeah. you would have a, yeah, you'd have a five. ⁓ Yeah.

That's a really good question. So let's give a little definition of the words itself. I mean, as you think about basically what we're talking about is some form of transformative technology. so basically, does it change the way you do business? Does it change the way your customers experience your business or your vendors experience your business?

or the way that you operate internally, does it add something new to your business or do some form of significant change to your business? And basically, if the answer is yes, and it takes technology to accomplish that change, that's digital transformation.

Justin Shelley (04:39)
So a little automation on the factory line, something like that.

Mario Zaki (04:39)
So it was a bit.

Tory Bjorklund (04:41)
Automation, mean, yeah, automation on the factory line. could be, and we had a customer that their products were sold primarily in retail stores and they shipped to retail stores and they decided that they needed to get online. This is, of course, was several years ago, but they needed to begin to go not just B2B, but also business to consumer and sell directly online. put in, it's a whole new sales channel.

Justin Shelley (05:09)
Yeah.

Tory Bjorklund (05:10)
with their e-commerce, but it turns out that there's a lot of options when you start thinking about e-commerce, for example. In fact, you wouldn't even have to put in an e-commerce system. You could sell entirely through Amazon if you wanted to, but there's a lot of options there, and that was a transformative to their business, and they wanted to maintain the same revenue in their B2B, and then add 50 % again in their B2C.

operations. So that was definitely transformational to the company. You have to think about scaling and all the things like that to be able to produce that much, you know, another 50 % of goods and ship them.

Justin Shelley (05:43)
That's transformation.

No wonder all these things

fail. That's a, that's a huge undertaking. Mario, think I cut you off. you have something to say?

Mario Zaki (05:57)
Yeah, well, actually, I was going to say is that and he Tori answered my question right away is that as simple as like adding an e-commerce where they can start operating online. what now, Tori, another question that I have is this this I'm assuming this is mostly for manufacturers that companies that have been around for a while, old school type of companies, right? Because I'm assuming new, new, new players in town are probably already starting that way.

Tory Bjorklund (06:27)
Yeah, so well, if you're a startup, you know, we'd love to do business with you as well and help you get started, but you're not transforming anything, right? You're you're starting something. So, yeah, it's an existing company. We've got a client right now. They've been they've been operating basically in business for 40 years. They're we're working with they're just transitioning to their it's a family home company and their third generation now of the family is taking over the company and they're changing everything that does.

Those dang millennials, man, they they screw it all up. No, they're changing everything and they're embracing technology and yeah, they're absolutely transforming their company.

Justin Shelley (07:01)
I'm

Bryan Lachapelle (07:01)
haha

Justin Shelley (07:09)
Okay, right.

Bryan Lachapelle (07:09)
I'd imagine

you have to with AI and everything that's coming around now.

Tory Bjorklund (07:13)
Yeah,

Justin Shelley (07:14)
Okay, quick tangent.

Tory Bjorklund (07:14)
it's an imperative.

Justin Shelley (07:15)
This is completely off track, but I heard or read or something, or maybe I made it up. I don't know. I hallucinated this that the younger generation sees AI is something only old people use like Facebook. Have you guys heard this? Is there truth to that? I don't know because I asked one of my junior techs. I'm like, Hey, have you, have you brought AI into this? No. How often do you use AI? Honestly, not that much. I was like, what in the hell?

Tory Bjorklund (07:30)
What? No.

Bryan Lachapelle (07:30)
No, not at all.

Justin Shelley (07:42)
Guess it's old people technology. I don't know. I don't know. I was really confused and it kind of rocked my world.

Bryan Lachapelle (07:42)
Strange.

Mario Zaki (07:47)
What are they using? Just nothing? They're just sitting there doing nothing?

Justin Shelley (07:51)
I don't know. They use Instagram, I guess. I don't know. Or it's Snapchat. no, no, no. ⁓ What's that Chinese one? Yeah, exactly. What's that? TikTok. All right. All right. Enough of the banter. ⁓ Anyways, Tori, thank you for being here. 37 years working in this space, at least. That's what we're admitting to. You've got a book that's coming ⁓ sometime in Q1, right? So you've got the editors or...

Tory Bjorklund (07:51)
Hahaha!

Mario Zaki (07:59)
Deep fake.

Tory Bjorklund (08:01)
TikTok.

Justin Shelley (08:19)
working away, plugging that into AI to clean it up. I mean, they're working hard on it themselves. ⁓ Today we want to talk a little bit about, you know, we want to, we want to bring this, you, you work in transformation, but ⁓ we want to work on security. So here's the thing, especially with old technology, a lot of times security is an afterthought at best, if at all. And then, well, let's, let's be honest when we build new technology, it's still the same thing. We're working on outcomes. We're not necessarily thinking about how to keep the bad guys out.

Tory Bjorklund (08:23)
Ha ha ha.

Justin Shelley (08:48)
Russian hackers or otherwise. So tell me some stories in, your, in your world, what do you find that's like scary? What do you find that's dangerous? Just, just give me one example that we can kind of kick this thing off with.

Tory Bjorklund (09:00)
Yeah.

Well, let me, I'll break the rules already. Let me give you two little examples. One I'll tell on myself and one I'll tell on my customers. So let's start with my customers. ⁓ Typical, let's say an ERP implementation. They're working really hard to make sure it's all configured to do the things they want it to do. And they've got it all tested out and they're ready to go. And then like you say, security is an afterthought. And your statement of that triggered this.

Justin Shelley (09:06)
Okay.

Tory Bjorklund (09:29)
in me and what ends up happening is they start going through user acceptance testing and they get users configured with their, you know, all their roles and everything like that and nothing is working. Why not? Everything worked earlier. yeah. Well, we were running in, you know, sysadmin. And, and so what do they do? They go live with everybody having sysadmin rights and figure they can fix it later. ⁓ So, so that's

Justin Shelley (09:58)
Yeah, but when you

Bryan Lachapelle (09:58)
Yikes.

Justin Shelley (09:58)
try to

fix it later, it breaks it, so you just put it back.

Tory Bjorklund (10:00)
And

you can't even imagine how many times I have seen that happen and with significant implementations going on because they can't seem to get the role-based security correct in that system. The other thing I'll tell stories on myself a little bit is ⁓ I've been involved in manufacturing and the co-founder of a capital equipment manufacturing, industrial equipment manufacturing company. And we made...

primarily case packers, primary and secondary case packers, palletizers, those sorts of things. ⁓ And ⁓ we would ship our products into fairly large ⁓ companies and they needed support. And ⁓ inevitably there would be some group that would receive our machinery and say, we don't wanna deal with IT, they're just a bunch of a-holes and they won't let us do what we wanna do. So.

Justin Shelley (10:52)
Hey, hey, hey, that's

personal.

Mario Zaki (10:53)
That's true.

Tory Bjorklund (10:54)
we're going to

get our own phone line or our own BSL. And then eventually it turned out to they ⁓ working with the wireless companies and getting their own connections to the machines directly that we could just come in and bypass all their security, all their IT security, all their firewalls, everything. And we had direct connection to all the machinery ⁓ in the factory. ⁓

and with no controls over who's logging in. And it made for great support, right? Somebody would log a support ticket, somebody would get in touch with us, one of our technicians could just jump right on there, boom, they're right in. ⁓ And it didn't matter if, yeah, we just hired that technician a week ago and he's a hotshot programmer with the PLC or whatever. And so he's gonna be able to figure it out and everything, but.

Mario Zaki (11:32)
That sounds very convenient.

Tory Bjorklund (11:51)
⁓ We have no idea, you know what else he's going to be doing in there and then the and then on top of that You know you What's happening is is being done in production, right? There's there's there's no life cycle management where you make your changes you do your testing and you roll it out somebody's in there, know modifying the PLC code and and then think it's gonna fix it's gonna fix the problem and maybe it does and maybe it doesn't and then suddenly

They've got bigger problems, you know, so a lot of best practices that that used to be broken over the years I would say that today ⁓ a lot of that went away and I'm able to talk about this or not But it that was one of the benefits of Stuxnet ⁓ when when that when that came out people thought that their PLCs were safe and ⁓ and weren't on the network and they really were and and all of sudden you realize

They realized, holy cow, we gotta take this stuff a lot more seriously than we did previously.

Bryan Lachapelle (12:57)
Yeah, we see that a lot in greenhouses. They have a lot of third party tools, third party applications, third party components, and they're giving themselves access to that remotely with no thought or consideration to cybersecurity. So I'm curious, how did anybody get hacked or breached in that case where you were...

Mario Zaki (12:57)
you think.

Tory Bjorklund (13:19)
Not in

my knowledge. mean, the worst we did, I mean, we had some technicians that inadvertently took down systems that took a while to get back up and going again, but that's primarily because you're changing production code and ⁓ restarting it rather than going through an actual life cycle that you should probably do for best practices.

Bryan Lachapelle (13:41)
Yeah, well, how is your thinking around that change since then?

Mario Zaki (13:42)
not at all.

Tory Bjorklund (13:46)
Well, you really need to harden your operational networks, right? I mean, you just have to treat the industrial side of the world as important to protect as you do the back office. And ⁓ that's the biggest thing. And what that means is a little bit different. mean, for example, ⁓ with industrial, ⁓ with IoT and whatnot, you can...

you can actually have single direction routing and things like that. there's a lot of things you can do that can significantly harden your industrial network that you wouldn't necessarily do in an office environment, for example.

Mario Zaki (14:32)
Tori, what do you do when you go into one of those facilities where they have like a Windows XP machine that's running like a software that's from like 1991 that they said, can't shut this down, we can't do anything about it. I know I see that all the time. What do you usually do in those situations?

Tory Bjorklund (14:53)
Yeah.

Yeah. And I don't know what it is about manufacturers that you see. I don't see that in any other environments, you know, but, but yeah, you do see that quite a bit. And, so basically what we do, the first thing we do is we talk about, okay, this is not a technology issue. This is a risk management issue. So let's figure out what the risks are, what we're dealing with here. And, and I've literally had a situation just not that long ago where they,

⁓ had ⁓ software that would only work on a certain version of the Windows networking and the net Windows server. And so they had an old version of Windows server that they had to have running all the time and it was no longer being supported. They couldn't patch it and that sort of a thing. And we actually did help them come up with a plan to be able to keep running that, but to segment that in such a way.

that they didn't have access ⁓ from Outlook or something like that. mean, they used to use it for, people get on there and they're doing some operation and they check their email, things like that. ⁓ so, but you really focus on a risk mitigation at that point and say, ⁓ what is this doing for you? Is it truly necessary? Those are the first questions. Are there other options?

Justin Shelley (16:07)
Yikes.

That one, that's what I want. Like really nobody else in the world can build a competing product. And I'm genuinely asking that because I don't know.

Tory Bjorklund (16:21)
And then.

Right. Yeah.

Yeah. So my experience in seeing these, these are typically homegrown built systems and that's what they're running in. Sometimes they're like an HMI or something that they're running that, you know, the manufacturer for that piece of machinery has never, you know, no longer in existence. That machine is the only, you know, it's the only thing that's running that machine and those kinds of things. mean, that's, those are the kinds of things that you see.

Justin Shelley (16:36)
okay.

Tory Bjorklund (16:57)
Typically, it's not going to be any kind of generic functionality that, you know, it's not going to be part of your SCADA system or something.

Justin Shelley (17:04)
Well, here's, this

is a ⁓ pretty technical question that maybe our general audience isn't going to give a shit about. don't know, but could not, you know, these days, couldn't you take that code and throw it into AI reverse engineer it and build something more modern and more secure? mean, it seems like today we have a lot more options than we did 10, 20, 50 years ago when this code was originally built.

Tory Bjorklund (17:25)
You would think so.

You would think so. ⁓ There's a lot of risk to that. so the risk to return just might not be there. And so mitigating it, there are other options to mitigate that. mean, you can basically segment that sucker off in a way that it does its thing and it doesn't have to actually be ⁓ susceptible to some of the stuff.

Justin Shelley (17:33)
Yeah.

Okay.

Well,

yeah. And I guess these days we've got VMs and stuff. So back, you know, this takes me back to, days when I was pounding the pavement and I came into a locksmith shop and they wanted to hire us, but they had the, the machine that cut all of their master keys. know, you've got the masters and then all the, whatever. don't, I'm not a locksmith. This isn't my world. ⁓ but that, software that ran their system only worked on windows 95 and you can't buy, ⁓

I don't know. Is Windows 95 even going to run on a computer today? I don't know that it does. So this is what, like, I walked away. Yeah, like this one, I walked away from it. I'm just like, I don't know. You you guys are so small. You're not going to pay me what it's going to cost for me to support this system. I guess just hope and pray. I don't know. ⁓

Tory Bjorklund (18:22)
⁓ I doubt, I doubt it. You wouldn't have any drivers for, you wouldn't have drivers for, for any of the components on the motherboard. Yeah.

Mario Zaki (18:43)
But what

sometimes what we see is like they have a computer that's connected to like a big printer or like a plotter or something and they don't want to go get a new machine for you know call it $10,000 but that machine that computer needs to communicate with the other computers because it's acting as a print server so it's not easy to isolate that computer or plotter Excuse me from the rest of the network

Tory Bjorklund (19:11)
Right, right. Yeah, and so at that point, basically you've got very few options, but one of the things is to make sure that that computer isn't used for anything else. So it can be accessed on the network, ⁓ but it has to get whatever is going to access them has to get through everything else to get to it. What you don't want...

is somebody waiting for their print job and pulling up the browser and screwing around on Facebook or something on that computer. ⁓ So that's the thing is you want to make sure it's very single use and you segment it as much as you can. But like you say, I mean, if you're sending print jobs to it, it's got to be on the network. But you can do some risk mitigation there as well.

Bryan Lachapelle (19:42)
Yeah, exactly.

Justin Shelley (19:44)
Yeah.

No Tor browsers. that what you're saying? Don't put any Tor browsers on these old, well, and you can segment like maybe, ⁓ sudden at our VLAN or something, I guess. ⁓ so, okay. All right.

Tory Bjorklund (20:13)
Yeah. Yeah. Yep. You can certainly

do that, but it still makes, mean, you can't eliminate it as being accessible or else you're not going to be able to utilize it. Right. So if it's that type of a thing, but typically if in those cases, that's when I would say, you know, you probably don't need this, this hardware solution and this software solution. There's probably other solutions that are that. Yeah. It's a little bit expensive, but imagine what, you know, what kind of ⁓ risk you're taking here in dollars and cents as well.

Justin Shelley (20:23)
Right, yeah.

That's

exactly right. I'm working on a future episode and the lady was in charge of a company that got hit with a $10 million ransom. Now they negotiated down to $5 million. Great. I mean, we could have put in quite a bit of security and that's not even the tip of the iceberg of the real cost associated with a major breach. There are so many things that go wrong. Now, Tori, have you ever been involved in an

Mario Zaki (20:55)
And that's just real.

Bryan Lachapelle (20:58)
million here.

Tory Bjorklund (21:05)
Yeah, that's.

Justin Shelley (21:10)
major breach, major outage of any sort.

Tory Bjorklund (21:14)
⁓ No, I have not. I've never even had a virus on my own personal PC.

Justin Shelley (21:21)
What the hell do you do different than the rest of us?

Bryan Lachapelle (21:23)
Hahaha

Mario Zaki (21:23)
You're on the wrong

websites.

Justin Shelley (21:25)
Yeah,

right. Tori is squeaky clean. Yeah, like, listen, we got to kick you off. You're in the wrong group. We got the wrong guest on here. Guys, thank you for joining us on this week's episode. I'm just kidding, but, ⁓

Tory Bjorklund (21:27)
I avoid porn. ⁓

Bryan Lachapelle (21:33)
Hahaha

Mario Zaki (21:37)
Well, hold on,

he's set on his personal computer, so he must be using somebody else's computer.

Justin Shelley (21:41)
OK, there we go. There we go.

Tory Bjorklund (21:42)

Bryan Lachapelle (21:42)
Yeah, he's got two of them.

Tory Bjorklund (21:44)
So I have not been the one to get a virus even or something like that, but we have had viruses and relatively small contained ⁓ breaches within the various companies that I've been in. Nothing really serious, no ransomware scenarios or anything like that that I've been involved in.

Justin Shelley (22:11)
And maybe, okay. Okay. So tell me a little bit about that. Clients that have been involved, lessons learned, things that should have been done beforehand. ⁓ What was done afterwards? Let's, let's just talk a little bit about that.

Tory Bjorklund (22:11)
I've had clients that have been involved in those things. ⁓ Yeah.

Yeah,

so well, in one instance, it was actually relatively painless ⁓ because they had a really good ⁓ disaster recovery and continuity ⁓ solution. it was multimodal, if you will. They ⁓ actually had ⁓ local snapshots that they were

that they were taking periodically as well as their daily backups that they were doing. ⁓ They had a very clear understanding of what they could, ⁓ what their acceptable downtimes were and for what functions and things like that. They'd done a really good assessment of their business and they weren't a very large business, about a 50 million in revenue. So relatively small business, but they had a really good IT person.

and their director of IT and ⁓ she'd done a really good analysis and they decided, you know, their engineering, they needed, they couldn't survive for more than a few hours with that down. And so they had a ⁓ business continuity plan around their engineering. As far as the bean counting went, as far as their accounting and stuff like that, that was less important. ⁓ And so ⁓ the other thing that was really interesting,

⁓ was their actual ⁓ change management for the engineering change management process. That's really what saved their bacon. They could go back to one rev and that was through a system that was external. And so it wasn't compromised, even though their internal network was compromised, ⁓ they could go back. Worst case, in a lot of cases, they were actually able to take the snapshots and utilize those because they caught the

problem quickly as well. ⁓ It didn't sit out there for days and then appear ⁓ trying to, and it actually wasn't a ransom. They actually noticed it because it crashed one of their drives. So it was very ⁓ aggressive. ⁓ So they basically shut everything off.

Assess what was going on, determine where the problems were, figure it out, determine whether or not that it had been replicated and at what snapshots. They went back to that. The ones that were affected in the current snapshots, they had ⁓ engineers that had checked some stuff in. ⁓ They were able to get those from those repositories. And then there was a matter of two or three hours worth of engineering time that was wasted. That was about it. That's the most successful one that I've seen.

I have not been involved. have a friend that was a CFO at a company that was one of our clients previously, but we weren't involved at the time recently. And they did ⁓ have ransomware and they did end up paying some money, but they got it down quite a bit from what was originally asked. ⁓ But I don't have a lot of details on that.

share a lot with me. play hockey with him, but he told me a little bit about it. And actually, I mean, he basically didn't sleep for two days, you know, along with their IT group and whatnot.

Justin Shelley (25:51)
Yeah.

Bryan Lachapelle (25:54)
So I know a lot of ⁓ breaches typically happen with office administrative staff, especially in manufacturing. Would a segmented network in that case have prevented the issue, or at least prevented the factory side or the manufacturing side from being shut down?

Tory Bjorklund (26:12)
So on the ransomware one, I don't have enough details to know that, but I know that they are in a manufacturer. They're a pure distributor. And I suspect that the better segmentation would have helped a lot because they're very heavily dependent on their e-commerce system and then their back office system, then they lost both. there's no reason you shouldn't have those segmented.

firewalls and whatnot.

Bryan Lachapelle (26:41)
Right. For the purpose of our

audience, what does segmentation mean?

Tory Bjorklund (26:46)
So segmentation basically means that you have, even though they might be connected as a single network, you get those ⁓ segmented so that they're different ⁓ addressing mechanisms between the different networks. And then you have to go through routers that you can then apply certain ⁓ security parameters to that allows only certain traffic to get from across from one network to another network.

open up ports and things like that between them. And you can control then the traffic between these virtual networks, if you will, and network segments.

Justin Shelley (27:25)
Let me, let me, ⁓ so to illustrate that point, if, if I'm on a local segment and I'm a computer, I can just yell out the entire network and say, Hey, who's out there? What's your name and what are you doing? And every computer on the network will respond with an answer. Every question completely honestly, bad guys dream. Right? So when you segment you, you stop that broadcast to, know, it's only, it's only going to be a few computers that will respond.

Tory Bjorklund (27:39)
Right.

Exactly.

Justin Shelley (27:54)
So you take some of these other computers, whether they're, you know, dealing with high classified information, Cui in the world of CMC or, or whatever, ⁓ you stop those broadcasts from going from one network to the other. So that, that can be a huge way of, ⁓ preventing some of this stuff from spreading one, one network to the next.

Tory Bjorklund (28:13)
And one of the mechanisms

that they use for spreading is they sniff, right? go, it's looking for opportunities to spread. And so that segmentation can help stop that. And generally what we have people do is segment the functionality of the different areas of the business. so your ⁓ operational technology, the things that are in the factory, ⁓

Justin Shelley (28:18)
Yeah.

Tory Bjorklund (28:41)
That would be on one network, but then even within that, we use micro segmentation to have certain packaging lines or certain machines or whatever within their own micro segment within that OT network segment. And then you've got the people in the back office that are doing all the crazy things that risk stuff in your. ⁓

And I'd say that jokingly because you know machine operators do too and everything like that on their lunch break. They're trying to check their Facebook and everything. But you know there's all of this kind of ⁓ risky behavior going on in one area of your company. It doesn't have to spill over into the other area if you get some kind of virulent. ⁓

Bryan Lachapelle (29:26)
Yeah, one of the things that I found very, oh, sorry, go ahead, Justin.

Justin Shelley (29:27)
I want to go back to, go

ahead, Brian.

Bryan Lachapelle (29:30)
I was just going to say one of the things that we found very successful for preventing employees from compromising the network with, for example, personal devices or surfing Facebook is providing them with ⁓ employee only Wi-Fi that is only available to access the internet and not the internal network. So instead of them trying to sneak around, we're giving them the opportunity to connect to a legitimate network so they don't have the urge to use and try to bypass internal systems to connect to Facebook or whatever they're doing.

Justin Shelley (29:45)
you

Bryan Lachapelle (30:00)
So giving them that opportunity, giving them those options in a legit way to prevent them from compromising the rest of the network.

Tory Bjorklund (30:05)
Yeah.

Yeah. And that's a great thing. And, know, I'm old enough to remember when bandwidth was an issue, even on your network. And so, you know, when we had engineers that were running Spotify on their machines at this, you know, that would create, so we had to put in place, ⁓ you know, some policies around that. And then that's when we realized, you know what, let's just put in, you know, let's just put in a network for this. And it solves a lot of, you know, the bandwidth issues, but then

Justin Shelley (30:13)
yeah.

Bryan Lachapelle (30:17)
Yeah.

So,

Tory Bjorklund (30:35)
yeah, by the way, it also solves a lot of issues with security.

Bryan Lachapelle (30:39)
Correct.

Justin Shelley (30:40)
Spotify, mean you mean Pandora or Napster, right? Like back to the bandwidth days. ⁓

Tory Bjorklund (30:44)
Pandora, Yeah, Napster, yeah. We actually had a guy that had, that

Bryan Lachapelle (30:46)
Napster.

Tory Bjorklund (30:49)
was, I had a developer that we found was using his development machine, you know, cause Napster was peer to peer. And so you had no idea who was dumping what on that hard drive. ⁓ But so yeah, Napster, you know.

Justin Shelley (31:03)
Those were the days.

Mario Zaki (31:04)

We found somebody not too long ago was actually mining Bitcoin on his work computer.

Justin Shelley (31:13)
God, why not? Why not? Jesus. So I want to go back to Tori. You, you mentioned something that I've never seen in the wild. So everybody here, I think we're all out prospecting for new clients, right? We don't have to tell on ourselves with our existing clients, but let's just talk about when we're out interviewing new prospective clients who have not been under our care. Has anybody ever seen a

Tory Bjorklund (31:13)
Yeah.

Bryan Lachapelle (31:13)
We

found somebody doing that to a server.

Tory Bjorklund (31:17)
Yeah, well...

Justin Shelley (31:39)
plan, call it business continuity, call it incident response plan, whatever, where they've gone through to the level that Tori just described about which systems could be down for which amount of time before it caused a financial hardship that was going to be difficult to Brian, Mario, have you guys ever seen such a document? Ever.

Bryan Lachapelle (31:59)
When I visit

our clients or potential clients, we have never seen a document like that. And in fact, when we try to work with our existing clients to create such a document, we get a lot of pushback. Like we don't have time, we don't have the resources to do something like this. And it just seems to be the last thing on their mind. And unfortunately, it could save their bacon in the future.

Justin Shelley (32:09)
You can't get them in the room.

Yeah.

Mario, what about you?

Mario Zaki (32:22)
Yeah, they always say,

all the computers are critical. We can't have any of them.

Justin Shelley (32:27)
Right. Until they see the bill. Then all of a sudden, none of matter at all.

Bryan Lachapelle (32:28)
Yeah.

Mario Zaki (32:30)
Exactly.

Bryan Lachapelle (32:32)
That's right.

Tory Bjorklund (32:33)
Yeah, well.

Justin Shelley (32:34)
So I mean,

just, want to just tip my hat to that company, that individual, because like in all seriousness, I've never seen it. I've never seen it done to the level where when implemented, like it was there, it was legit. They followed it and it worked. That's phenomenal. And if, if guys, if we could all take one thing away, business owners who are listening, just take a few minutes to think through this and have a plan.

Good Lord, it's not even technical. Just figure out, look at your business. You tell me, I'm the guy trying to help you. You tell me, what is it that you need to stay up and what's it worth to you? I mean...

Tory Bjorklund (33:01)
Yes.

Yeah,

if you ask the questions, basically, ⁓ how much money do you lose per hour per functional area of your business? And that's the question that we always started with. And this company, they didn't segment their networks and things like that, but they did think about it from a functional area of the business. And they said, hey, we're an engineering company. They're a manufacturing company, but...

They're a custom built, so engineer to order company. So they consider themselves an engineering company and that's the heart and soul of the company. They can't lose that, that IP. ⁓

Bryan Lachapelle (33:52)
Yeah,

I did have one client actually now that it comes to mind. They didn't actually identify it from a ⁓ documentation point of view, but they used to call one of their factory lines the Cha-ching line and their rule was that line can never be down. And they didn't actually take, they had internal IT, they didn't actually take the steps to secure that particular line independently from the rest of the network, which would have been a great.

segmentation to do if it was their main line and if memory serves me right it was $100,000 an hour of lost productivity if they lost that line.

Tory Bjorklund (34:31)
In your prospecting, ⁓ what you really want to do is you want to get in good with the CFO because the CFO knows the burden rate for every department in the company. And so all you do is you just say, hey, these are your numbers, not mine. Here's the burden rate for this. And then say, OK, what you're saying is this is the cost for this area. And you say, so

Justin Shelley (34:44)
Yeah.

Tory Bjorklund (34:59)
X amount of dollars per hour that you lose. And a lot of times the cost, some areas it's broken down by square foot, sometimes it's by FTE. mean, you've got to figure out exactly what they're using it. But then say, okay, here's your cost for being down. And now statistically, here's your chances of having this type of an event. And the average time to recovery is X amount. on average, you lose, you

X amount of data, know, four days worth of work, whatever. So now do the calculation and then.

Mario Zaki (35:35)
but

it's never happened before.

Bryan Lachapelle (35:37)
Right, right.

Justin Shelley (35:38)
right. It's not going to happen now.

Tory Bjorklund (35:40)
This is why

Justin Shelley (35:41)
I've

Tory Bjorklund (35:41)
I...

Justin Shelley (35:41)
never been in the car crash. So why wear a seatbelt? ⁓ All right. So guys, I want to transition to data AI and data. Before I do that, is there anything that we've missed? Mario, you've been a little quiet, any, any thoughts, any questions on in just the world of securing manufacturing or really any industry? I mean, where, where, because this is just a common problem, older outdated equipment ⁓ kind of is a last, ⁓ maybe an afterthought.

Mario Zaki (36:08)
I mean, have to kind of have this like what we said, you have to have a conversation with your, IT people and they're gonna give you the recommendation. And I've done similar recommendation to some people where they have like a computer and they don't wanna sit there and spend the money on a $10,000 plotter or whatever, you know, and you know, they're,

compromise was, okay, we'll take it off the network. We'll just save whatever we need to on the on a USB and just bring it directly to the computer employee. I'm like, that works. Yeah, you can do that. You know, there's other ways to do it very similarly. But, you know, at the end of the day, you know, it's how much longer is it going to take your employees to do that? And, you know, sometimes you got to just spend the money, you know, $10,000 for a new machine or a new plotter or new whatever.

Even if it's 20,000, 50,000, it's gonna be a lot cheaper than some of these ransoms that we're talking about. Sometimes you gotta just bite the bullet.

Justin Shelley (37:13)
Yeah, we're hitting millions. mean...

Yeah. All right. Let's switch gears guys. Let's talk about data and AI and ⁓ Tori, I want you to introduce this topic when we kind of did our pre-interview meeting. ⁓ It was, it was something I hadn't considered, something I think is really fascinating. Go ahead.

Tory Bjorklund (37:37)
Well, so I had an experience recently where I work with a nonprofit. do some volunteer work. And they have different divisions, each of which have their own P &L. And then they roll those all up. ⁓ And if the roll-up doesn't match the sum of the parts, you got issues. And they were in the middle of an audit and asked me to help them with that. ⁓

And so I took all these individual 12 months worth of individual PNLs and ⁓ asked AI to evaluate them. And here's the ⁓ roll up, the consolidated, and what's missing. Why is this out of balance and whatnot? And I thought, it shouldn't be that hard to do. ⁓

I came away from that experience thinking AI is the smartest two-year-old I've ever seen. It's extremely intelligent. I know people, I've shared this before, and people go, well, what language model are you using? And stuff like that. it's like, the language really wasn't a problem. But number one, so these were all in Excel spreadsheets, right? So number one, ⁓ it really had a hard time determining the difference between a column in the spreadsheet

and a column and a table. And so that's one thing. The other thing is it had a hard time determining the difference between, I'm trying to remember the terms. had one was net revenue and one was net income. And well, to AI, there's a difference between revenue and income. And so you have to tell it, well, in this case, there isn't a difference between them. They're the same thing. And it wasn't like it couldn't get there, but

I had to keep working it over and over and over and over again. And then because I was using the, I wasn't using the pro version. I think I was using Gemini. I'm trying to remember. No, it was, it was a copilot. I was using what's just provided with whatever subscription we've got in the company. After certain, so many prompts in one session, I'd run out of prompts and I'd have to start a new session. Well, then I have to.

train it all over again. I'm copying and pasting all the things I had to give it for prompts into one big prompt to start over again. Anyway, what it made me realize was what to me looked like standardized data. I mean, it had the same 12 months. It had, you know, pretty much the same call ⁓ rows and call your rows, I mean, and stuff.

And it's totaled at the bottom. It should have been a simple thing to do. If I wanted to go through and add it up, I wouldn't have been asking any of those questions that it was tripping over. And it made me realize just why AI has so much trouble with non-standardized data. And people always go, it's the wrong language model and whatever, or you run it through AI. Well, I was running it through AI. It's just the work that I ended up having to go through.

Justin Shelley (40:45)
Yeah.

Tory Bjorklund (40:46)
to actually train it to be able to do this one relatively simple task was really quite amazing. And so the same thing is gonna happen with people, you know, put in IoT because it was a thing. And they've been collecting data now for, you know, eight years or whatever. And it's to a large degree rather meaningless. And then they expect AI to be able to help them do something with that. it can, but...

It's really surprising to people how much work it's going to take to train that tool to actually use the data they currently have. Or you go the other direction and you prepare that data for use so that you don't have to train the model to be able to use the data. Either way is going to be a long and arduous process.

Bryan Lachapelle (41:39)
Yeah, we hear about that a lot in the industry. Basically, they're saying garbage in, garbage out. You put garbage into the AI model, you'll get garbage out. But if you massage the data and you clean it up and you standardize it, then you have lot better chances in getting what you're looking for.

Justin Shelley (41:43)
Yeah.

Tory Bjorklund (41:54)
Right, exactly. particularly, you're plugging in multiple types of machinery within multiple factories or whatever, and they're aggregating all this data. And it's, to a large degree, rather useless in the format that it's coming in, because different vendors use different labels and whatnot for the data.

Justin Shelley (42:20)
Mario, what are your thoughts on the brilliant two-year-old that we call AI?

Mario Zaki (42:25)
I think that's spot on. You know, it's really you have to spoon feed it every little thing. But then, you know, you if you do that, the the information that comes out, it's actually pretty crazy. You know, but you have to you have to train yourself to know how to train your AI. That's that's the hardest part.

Justin Shelley (42:26)
You

I'm not.

You do.

Bryan Lachapelle (42:44)
Great.

Justin Shelley (42:45)
Sometimes I'm shocked at the, like there's so many brilliant things that can come out of AI. I'm shocked at some of the stupid, simple stuff it can't do. I mean, like figure out what day it is for God's sake. My, my AI cannot keep track of what day is it today. For example, it knows it's July 1st, but it thinks it's Monday. And you know, we're sitting here on a Tuesday recording this and it's like telling me, Hey, happy Monday. I'm like, you want to do one? It just, it,

Bryan Lachapelle (42:46)
Yeah.

Mario Zaki (42:58)
You

Bryan Lachapelle (43:12)
My favorite was

when we were at a conference, they asked the audience to search or to use AI to generate a random number and everybody's answer was exactly the same, 17. Yeah, just generate a random number between zero and 50 and everybody, yeah, everybody except for one person who used a different AI got 17 as the answer. Yeah, not very random.

Justin Shelley (43:20)
Really? Really?

Tory Bjorklund (43:22)
wow.

Not very random then, is it, by definition?

Justin Shelley (43:31)
I know I

want to do a live test guys go hit your keywords. I'm actually doing this. You guys talk I'm doing this.

Tory Bjorklund (43:37)
Bye.

My

wife and I were.

Mario Zaki (43:41)
Well, you need

to compare it to what everybody else is doing.

Justin Shelley (43:44)
I just see

it comes back at 17. 47, it's got a seven in it.

Tory Bjorklund (43:47)
Yep, generator,

Bryan Lachapelle (43:47)
Well, it'll probably all come back with the same

one.

Tory Bjorklund (43:49)
random number.

Bryan Lachapelle (43:51)
Chat GPT.

Justin Shelley (43:53)
Yep.

Go fast, fast, I didn't say that. I just said generate a random number. I got. ⁓

Bryan Lachapelle (43:55)
between 0 and 50.

Do random number between 0 and 50.

Tory Bjorklund (44:01)
I'll

do bozene between 0 and 50. I'm using Gemini here.

It's thinking really hard about it.

Bryan Lachapelle (44:09)
Mine's 27.

Tory Bjorklund (44:11)
Mine's eight.

Justin Shelley (44:13)
23 now see I don't know Brian this is working

Bryan Lachapelle (44:15)
Maybe

Mario Zaki (44:15)
37.

Bryan Lachapelle (44:16)
they've improved it. There

Justin Shelley (44:18)
30 say we all got different numbers. I will tell you that back

Bryan Lachapelle (44:19)
you go, they fixed it.

Justin Shelley (44:21)
from my my coding days, my computer science days, generating random numbers is not a thing. A computer cannot generate a truly random number, it has to take a seed, and then it has to throw a bunch of math at it.

Mario Zaki (44:30)
It's still like...

Yeah, it's still like...

Tory Bjorklund (44:33)
Okay,

Justin Shelley (44:34)
Yeah.

Tory Bjorklund (44:35)
yeah. My brother-in-law, he was a contractor and he was putting in tile that was, the instructions were to, because it was patterned tile. So to make sure to do it randomly because people want to make things line up and stuff. And he just didn't know how to do that. And finally he went and got a Yahtzee and got two dice out of the Yahtzee game and rolled the dice.

And he had set up rules so that he knew which pile to take out of based on what the dice rolled. And at times they'd go to the same number, you know? And he's like, he was really reluctant to put it in there, but that was part of being random. It turned out looking pretty good, he said, but if he'd have done it without the dice, he said you would have seen patterns all over.

Justin Shelley (45:07)
I love that.

love that.

yeah.

Yeah. That's brilliant.

Tory Bjorklund (45:22)
Yeah, my wife and I,

so she uses Apple with her phone and I use an Android phone. And so we're always comparing notes. And one of the things that was surprising to me was that Siri could not tell us what time zone we were in as we were traveling. partly we were checking because her phone wasn't updating. And I don't know what...

Justin Shelley (45:39)
Yeah.

Tory Bjorklund (45:46)
that the GPS showed her where she was on the road, but for some reason it wasn't updating the time when my time zone just changed. So then I'm like, well, I'm not sure which time zone, maybe I'm wrong, you know? So what time zone am I in? And Google told me what time zone I was in in Siri. ⁓ I don't even remember what it started talking about, how many time zones there were and all the options and it didn't even answer the question.

Bryan Lachapelle (46:11)
You

Justin Shelley (46:12)
Yeah, a really brilliant two year old. so

Mario Zaki (46:16)
No, yeah,

but Siri is just a, like, she's not even a, like, average brilliant, you know, two-year-old.

Justin Shelley (46:23)
let's, let's, let's

play. Let's do this because you know what, Mario, our most downloaded episode ever of all time. Do know what it is?

Mario Zaki (46:33)
It's the rant between Apple and Windows.

Justin Shelley (46:37)
Mac versus PC out ranks every episode by like double. It's ridiculous. Crazy. All right. So, so for ratings, let's talk about that for a minute. I'm just kidding. We're not going to, ⁓ okay, Tori. So, so how do you go about standardizing and we're going to kind of wrap up at this point, but how do you go about standardizing the data before you dump it into AI? How, how can we tame this beast a little

Tory Bjorklund (46:44)
Yeah.

Bryan Lachapelle (46:44)
too

funny.

Tory Bjorklund (46:48)
Okay.

Mario Zaki (46:50)
You

Tory Bjorklund (47:01)
Yeah, well, really probably your best bet is to come up with some sort of ⁓ canonical schema and use a data warehouse for doing that. So in other words, you take the raw data and then you use an operational data feed to bring that into some form of data lake, data warehouse of some sort, and have it transformed into a standardized schema. That's the most common way of doing that.

There are some systems and some vendors and stuff like that will allow you to configure. So if you're bringing things online, you can start with something with a standardized schema that you want to, know, canonical schema that you actually want to use. And you can configure all of your sensors and whatnot, your IoT devices ⁓ to provide data in the format that you want it in. And that'll get you closer, but...

Bottom line is you're going to end up needing to put it in a data warehouse, data lake, or some form of aggregated data collection system.

Justin Shelley (48:07)
And honestly, that sounds way more technical than it actually is. It's, not that big of a deal to do this. You set it up once and you're good versus taking all that disparate data from different systems and throwing it at AI. And you're just going to have non nonstop problems with.

Tory Bjorklund (48:10)
It's not that hard, Right. Exactly.

But see, companies, they want to come and bring in a solution and say, okay, look at my data, you know, and give me this wonderful information about my data and help me detect patterns and things like that of this historical data. And they just get pissed off about, okay, you're not going to be able to do that. Let's take all of these different sources and let's standardize on this. Let's go, you know, to a canonical schema and let's put it in, you know, and they're like, why do we have to do all that? AI should do all of that.

Well, we can use tools to help you get there, but you really need to get there.

Mario Zaki (48:59)
It sense.

Justin Shelley (49:01)
All right, guys, let's go ahead and wrap this up. Have we missed anything regarding security slash AI slash data? Brian, Mario, any final thoughts before we go to wrap up here?

Mario Zaki (49:13)
We didn't talk about compliance. ⁓

Justin Shelley (49:15)
let's talk about compliance. You know, that's my favorite subject.

Mario Zaki (49:17)
Yeah, yeah. So Tori, like with these companies that you can go into, I know you mentioned you're helping somebody with an audit before. What about compliance? Like how does that work when you when somebody needs to be compliant? You know, let's I mean, I'm just going to say CMMC, but they're using like a Windows XP computer to print blueprints or something like that. How does that usually work?

Tory Bjorklund (49:45)
Yeah, so usually I bring in guys like you because I'm a rule breaker. just compliance is not my thing.

Justin Shelley (49:52)
See, I was just gonna

say put it on the poem and just keep punting it down the line every time you do an assessment.

Tory Bjorklund (49:56)
But,

but yeah, you know, actually though, sometimes that really gives you a lot more ⁓ authority to work with. Because as a consultant, you guys know this, consultants have absolutely zero authority, right? And so the only thing you can get to happen is what you can convince the customer to do. ⁓ Well, if there's some weight behind it, because of compliance, now your job is just to show what's out of compliance.

Justin Shelley (50:17)
100%.

Tory Bjorklund (50:25)
and provide a means of bringing it back within compliance. So it's helpful in that way. ⁓ And I've not really been that involved in much from a compliance perspective to just truthfully. So I haven't had to fight that battle.

Mario Zaki (50:42)
Got it. Yeah. Trust me. It's not a battle you want to go into. It's a pain.

Tory Bjorklund (50:48)
We did put in a system in a pharmaceutical system that sorted pills. And that was pre Y2K. And you guys probably remember Y2K was a big deal. And we got brought in to fix that system. Because ⁓ if you wanted to print out a report of everything, the final date was.

Justin Shelley (50:48)
None of you guys are my friends anymore.

a bit.

Tory Bjorklund (51:13)
was 1231, 1999, you'd put in the field. That's what the developer put in there to mean forever, which of course wasn't forever. But anyway, we have a few tweaks like that. And there were some compliance issues that we had to fix, but they just told us what it was. we brought it back up into compliance, but I haven't really been involved in anything else other than

Justin Shelley (51:18)
Yeah.

Right.

I mean, you nailed it. It's, does lend authority where, otherwise we may not have it, you know, cause it's this industry on its own is completely unregulated. we can go out and say, Hey customer, need to spend this much money on, on this. here's why. And they can just look at us and say, And what do we say? Well, well, you really should, because I said, you know, and, when you can say, ⁓ listen, it's, it's a CIS eight vert, you know, on this,

Tory Bjorklund (51:46)
Yeah.

Justin Shelley (52:06)
whatever, when you, when you can cite the source of, you know, this is something that has been vetted by either industry or by peer or by government, at least it's something more than just my wild idea that I'm just trying to rob you blind and make more money.

Tory Bjorklund (52:22)
Well, you can always play the insurance card too, right? mean, if you're not compliant, your insurance might tell you that you screwed up. And if you're compliant, then your insurance, and even if you're not in a compliant industry where compliance is a thing, if you can say, hey, these are best practices and they're defined in these definitions and ⁓ in these standards, and if you're compliant with these standards, then, yeah.

Justin Shelley (52:25)
True. Yeah, they have theirs.

if they're defined and I'm, glad you said that, but

they are not defined. You know, you can hit Google and you can say, Hey, what are the best practices? And everybody's got a blog post out there saying what they are. But you ask any cybersecurity self-proclaimed cybersecurity expert who's out there selling this type of service MSPs, not, and I'm not talking like in, the compliance world, but just generalists, MSP generalists, ask them what best practices are. You'll get a hundred different answers. If you get an answer at all.

Tory Bjorklund (52:50)
Well...

Exactly.

Mario Zaki (53:15)
Well, Justin, can you get that from your RMM tool?

Justin Shelley (53:18)
Exactly. ⁓ So Tori, we've got kind of a running joke because I pulled this thing off of Reddit where an MSP business owner been in the industry for more than two decades, had a prospect ask him, what are these best practices that you're applying? So this guy just goes to Reddit and he's like, here's what happened. And I'm like, I don't even know. But when I got done laughing, I thought, guess I should probably figure out what they are. So I went to my RMM to find out now, Tori, do you know what an RMM is?

Mario Zaki (53:19)
You

Tory Bjorklund (53:46)
I don't know what an RMM is.

Justin Shelley (53:48)
Mario, what's an RMM?

Mario Zaki (53:50)
It's a remote management tool where, you know, IT people use to remote into another computer.

Tory Bjorklund (53:55)

Yeah.

Justin Shelley (53:56)
Yeah,

we remote in, we give it commands, we set up policy. It doesn't tell us what the standards are. I'll tell you that you tell it maybe, maybe kind of, ⁓ this guy was a nitwit and he's out selling this service. So that's, that's the problem, which is why I do rely heavily on, standards on published frameworks.

Tory Bjorklund (54:04)
Mm-hmm.

Yeah.

Yeah, and then every standard, if they've got any significant vendors involved in it, they've got a lot of exceptions and ways to get around them, right? But at least there is some framework there for what we can all agree on anyway.

Bryan Lachapelle (54:16)
We follow CIS.

Justin Shelley (54:24)
Right. It's something it's not the right,

right. It's not the ultimate answer. I'll, I will be honest and I might let's maybe wrap with this, but when you have somebody internal to the company who's as invested as that guy or gal that you mentioned who had that perfect plan. and it wasn't incident response. That was a business continuity, right? I believe is how they had it labeled. ⁓

Tory Bjorklund (54:48)
Business continuity,

Justin Shelley (54:51)
God damn, if you do that, you're so far ahead of the rest of the world. ⁓ my hats off to that all day long. So, ⁓ guys with that, let's go ahead and wrap this up. Tori, said victoriify.com is the website of your company. Is that correct?

Tory Bjorklund (55:08)
That's where

you can find me. Yep, absolutely. There'll be information about the book as it's coming out on that as well. I also have toribyorkeland.com. ⁓

Justin Shelley (55:20)
And that's B-J-O-R-K-L-U-N-D for those who don't know how to... Yep.

Mario Zaki (55:20)
Good luck. Good luck, when I remember. ⁓

Tory Bjorklund (55:22)
Yeah, B-J-O-R-K-L-U-N-D. And actually

I just, I've had that for years and I shut it down quite a while ago and I just fired it back up last night. hopefully all the DNS records have propagated throughout the world. So, but victoriofied.com is where you'll.

Justin Shelley (55:32)
nice.

All right, somebody fact

check Tori while we finish wrapping this up. ⁓ Okay, so victoriafied or toribjorkland.com. And it sounds like anybody that's doing like some major upgrades, major transformations within their company, especially factories, really need a guy like you fighting for them. So.

Tory Bjorklund (55:53)
Yeah, in

ERP systems, we do a lot of ton of ERP stuff and manufacturing execution systems as well.

Justin Shelley (55:58)
Okay. Yeah.

Yeah. And, and I just, I really recommend for everybody use specialists as much as you can. So, you know, MSPs, I'm, just going to kind of rat on us as an industry. do a lot of things and I would say we do a lot of things well, but when you really need something major, when you're talking about, ⁓ these transformations failing 70 % of the time or 95 % of the time, depending on how you measure it, man, bring in the big guns. ⁓

At a minimum by your book, right? And then self-improvement. I'm sure you can do it yourself. I'm sure you can. ⁓

Tory Bjorklund (56:31)
Yeah,

I should have named it digital transformation DIY digital transformation.

Justin Shelley (56:35)
Yeah. Yeah.

Or for dummies, do it, do it for dummy Siri. ⁓ Jesus Christ. Okay guys. ⁓ Check Tori out, hire him uses services and let's, let's get that, that batting average up just a little bit. Shall we? For the rest of you go to unhacked out live. That's where we have all of our episodes, our transcripts, our recordings, our social media links and all that stuff. And you can find profiles for all of us. ⁓ Also though, while you're listening on Spotify and stuff, Victoria Fide.

Mario Zaki (56:37)
Yeah

Tory Bjorklund (56:38)
Yeah, for dummies.

Bryan Lachapelle (56:40)
Hahaha

Justin Shelley (57:05)
com will be linked right there in the show notes. You can go while you're listening, hit the link and go, go to Tori's website. So, ⁓ that's what I've got guys. We're going to go ahead and wrap up for this week. Let's say our goodbyes Brian.

Bryan Lachapelle (57:19)
All right, well, as I usually say, ⁓ thank you for having me and start your cybersecurity journey today, improve a little bit every day, and let V4 Networks be your guide.

Justin Shelley (57:31)
Love it, Mario.

Mario Zaki (57:33)
Like I say, week in and week out, if you're a business owner and you're staying up at night, let us help you fix your situation so you can sleep better.

Justin Shelley (57:43)
All right, Tori final sign off.

Tory Bjorklund (57:45)
Hey, thanks so much guys for having me on your show here on your podcast and it was great meeting you and ⁓ I had a blast and let's make change positive.

Justin Shelley (57:56)
I love that. And thank you for being here, Tori, Brian, Mario, as always. ⁓ thanks guys. Really do appreciate it. I'm Justin Scheller. Remember listening, take action and keep your businesses on hacked. See you next week.

Creators and Guests

Bryan Lachapelle
Host
Bryan Lachapelle
Hi, I’m Bryan, and I’m the President of B4 Networks. I started working with technology since early childhood, and routinely took apart computers as early as age 13. I received my education in Computer Engineering Technology from Niagara College. Starting B4 Networks was always a dream for me, and this dream became true in 2004. I originally started B4 Networks to service the residential market but found that my true passion was in the commercial and industrial sectors where I could truly utilize my experience as a Network Administrator for a large Toronto based Marine Shipping company. My passion today is to ensure that each and every client receives top of the line services. My first love is for my wonderful family. I also enjoy the outdoors, camping, and helping others. I’m an active Canadian Forces Officer working with the 613 Fonthill Army Cadets as a member of their training staff.
Mario Zaki
Host
Mario Zaki
During my career, I have advised clients on effective – and cost-effective – approaches to developing infrastructure that fosters productivity and profitability. My work has provided me with a broad-based knowledge of business from the inside, with an expertise in areas that go beyond IT alone, ranging from strategic planning to cloud computing to workflow automation solutions.
59. Your Factory Is Wide Open: How to Lock Down Connected Machines Before It’s Too Late with Tory Bjorklundy
Broadcast by