86. Your Business Has No Plan for When It Gets Hacked — Here's How to Fix That
Justin Shelley (00:15)
Welcome everybody to episode 86 of Unhacked. Guys, I think I ratted on myself last week. I have to do it again. I still have not changed the spelling error in our intro. God damn it. You know, maybe we should just change the word. It's what everybody else is doing these days. The English language has gotten so corrupt. We just abbreviate, we spell what we want, we say what we want. Fuck it. That's how you spell sentence now. That's today's episode. Okay. I looked at it as a...
Bryan Lachapelle (00:32)
Yeah.
Mario Zaki (00:39)
You
Bryan Lachapelle (00:39)
Beautiful.
I'm on board. Yeah.
Justin Shelley (00:44)
as it played actually, I'm still like, are you sure that's wrong? I really don't know. English was not my strong point in our public school system. You'll be shocked to know that I love computer class and I love physics and chemistry. I hated chemistry. Anyways, I don't know why I'm talking about that. This is unhacked. You like chemistry? Okay, well,
Mario Zaki (01:04)
I liked chemistry. I did.
I hated biology though.
Justin Shelley (01:12)
I, yeah, Brian, I guess we're going here. What was your favorite and least favorite subject at school?
Bryan Lachapelle (01:19)
⁓ My favorite was computer class and my least favorite was probably English. Or French. ⁓
Justin Shelley (01:25)
Yeah, see, it is interesting how the brain works.
yeah, because you're Canadian. ⁓ It was always frankly, I've, I don't hire developers anymore. ⁓ We're gonna talk about that. But it used to be something that I would always talk about if you want a an in house web developer. And this is back in the day when humans did it. ⁓ You had to get either you had to get to it was very rare to find one person who could
Bryan Lachapelle (01:32)
And I'm also Fringlish, so you know, there's that.
Justin Shelley (01:55)
build the user interface and make it look good. And somebody who could engineer the behind the scenes, what happened. Those are two very different brains. and yeah, I mean, like pretty much you get an IT guy, a there somewhere on the spectrum. ⁓ and B they did not do well in English and history and stuff like that. Social studies, ⁓ gross. ⁓ all right. So now that we've, yeah. All right. I used to love my
Mario Zaki (01:59)
Mm-hmm.
Bryan Lachapelle (02:17)
Nope.
Mario Zaki (02:18)
Yeah. Or human interaction.
Justin Shelley (02:24)
My former office, it had four concrete walls. They weren't really concrete, but that's what I said about them. No windows. There was one door and it was usually locked. And I would have a sign outside saying, don't come in unless the fire, the place is on fire. And I would get so much done. ⁓ Anyways, now circumstances are a little bit different. So I have to find different ways of being productive. And that's not what we're talking about today. Today is episode
This is and we're skipping introductions because listening audience if you don't know who we are by now, I don't know what to tell you ⁓ We'll remedy that by the end I have a couple of huge announcements coming that I'm really excited about stay till the end because I'm not gonna tell you now in hopes that you'll listen to the entire episode guys Today's episode 12 in our mini series of the cybersecurity basics. It's episode 86 overall and we are gonna talk about the most exciting entertaining subject, especially for guys wired like us policies and
incident response plans, procedures, culture, all that kind of stuff. Tell me you're not excited right now.
Mario Zaki (03:26)
I'm real excited.
Bryan Lachapelle (03:26)
⁓
Justin Shelley (03:28)
I can tell.
Bryan Lachapelle (03:29)
I'm gonna be honest and say I've been yawning for the past little bit. It's funny because these are the things I hire for.
Justin Shelley (03:31)
Alright, so I'm sitting
Right.
And I've been sitting around ⁓ for a week now, knowing, dreading this upcoming episode and thinking, not that I actually, I do enjoy this. I went to flight school, God, we're on tangent day. There's no script today. We're just winging it. I went to flight school. I was going to be an airline pilot. I flew ⁓ emergency. God. I can't even say air ambulance. There we go. ⁓ Fixed wing air ambulance pilot. I get, I got that far, but I never got to the airlines anyways in flight school.
one of the things we had to do is get very good at the regulations. And I mean, we're talking a book of a thousand pages. It was, and we would do, we would have, ⁓ we'd kind of call it the Bible and we'd call it Bible ⁓ bashing or whatever we'd debate over these regulations. I loved that. I actually loved that. I think in a different life, if I could get through all the schooling, I might be an attorney. ⁓ So this is a subject I actually do enjoy, but I could not for the life of me figure out how to make a podcast about it that wouldn't keep
Like just all of our listeners just click off, off, off, off, off. We've been, our numbers have been going up. I'm super excited about that. And I'm like, how do we not destroy the momentum if we're to talk about policies and procedures? Guys, you have any thoughts immediately off the top of your head?
Bryan Lachapelle (04:50)
⁓ okay, so have the policies and procedures end of episode. No.
Justin Shelley (04:54)
Pretty much, pretty much.
Mario Zaki (04:55)
Yeah
Justin Shelley (04:59)
so we, we are going to talk today about a little bit about what they are, how to get them, what to do with them once you have them. ⁓ but we're going to keep that pretty short and then we're going to dig into some, like I said, I've got some announcements coming and we're going to talk about that. number one pop quiz, what policies and procedures are the most important? If you just had to pick your top three.
and you can only do one at a time because there's three of us, Brian go, what's your top policy or procedure that you think you and, your clients should have in place if you had nothing else.
Bryan Lachapelle (05:33)
If we're talking about today, it would be the first and foremost today, in my opinion, would be an AI policy. Having some rules and regulations in your organizations to tell people what they can and can't do with AI, what AI is they're allowed to use, what AI is they're not allowed to use to prevent people from going rogue and using public AIs that they're not paying for and exposing all sorts of stuff to the world that they're not supposed to.
Uh, and the second one would be an acceptable use policy. Uh, that's pretty straightforward. Um, and then the last would be probably not an actual, sorry, not an actual policy for your end users, but a policy that you yourself follow on what are the things you're going to be taking care of within your business, right? Like from, a technology perspective, uh, because the reality is, all the tools we put in place, those don't stop breaches behavior does. So what behaviors are we going to, um,
require of either our IT department or our IT companies to make sure that our businesses stay safe.
Justin Shelley (06:36)
All right. And since Brian, ⁓ answered for all of us, ⁓ Mario, you have anything left since Brian took the all three of them? I know I said one each, there's three of us. That's why was nobody. Our listening audience doesn't, couldn't see how bad I was rolling my eyes. just like, ⁓ hoping that they could hear it over the microphone.
Bryan Lachapelle (06:43)
You said three.
Mario Zaki (06:43)
⁓
Bryan Lachapelle (06:47)
⁓
Mario Zaki (06:52)
You
Bryan Lachapelle (06:53)
Alright, AI. AI was mine. That's it. Just AI.
Mario Zaki (06:57)
I mean, the only other thing that he didn't mention is probably an incident response plan in case, you know, something does go wrong. have ⁓ an idea, you know, you know, we've talked about it a million times on, the show, but in the event something bad does happen, you want to have a ruler guide of how to steer through it because you're going to be panicking. You're not going to know what's going on. The whole place around you is going to be on fire.
You need to be able to break out this plan. right, this is step one, this is step two, step three.
Bryan Lachapelle (07:31)
Yeah, and more importantly, not if something happens, it's a matter of when, right? When something happens, because even if it's just a scare, you're going to have one. Who's responsible for communication? Who's responsible for who's the incident commander? Who's going to be responsible for actually like informing the rest of the organization what's going on? Who's going to be the client liaison? And there's tons of different roles that have to be handled. And you want to know that in advance so you're not waiting till the last minute.
Justin Shelley (07:56)
All right. So I'm going to only add, well, first of all, I was trying to Google it fast enough and I wanted the number like what, how many policies and procedures do we really need to cover? But the problem is there's so many different frameworks. And then even within those, like you can have one policy that meets three or four different controls. But there's a lot of them. There's more than three is what I was going to say. Templates alone, I think, you know, it's dozens.
just for.
Mario Zaki (08:26)
Well,
I'm in the process of building a policies platform for all our clients where they can easily go in there and I have a bunch of templates. They could easily deploy it right to their their tenant. And I think templates wise, I think we have like 160, you know, on there. Not everybody's going to use all of them, but they're there and you can build your own. And now with AI, you really can just say,
Justin Shelley (08:44)
Yeah.
Bryan Lachapelle (08:52)
See you
Mario Zaki (08:55)
build me a policy on MFA. It will build you a policy. It will build you whatever you need, really. whatever it is, it's just a map of what you want the company to look ⁓ like, rules and regulations for either your employees or if something triggers the event, what are the rules and regulations that you want to follow? That's it.
Justin Shelley (09:21)
Okay. ⁓ and I've got a couple of questions. One's kind of obvious. Why do we need these? ⁓ but the second one is great. Let's say we buy into the fact that we need them. We go through the effort to build them. You've got a hundred plus templates. it's, it's really not that hard to build a policy. Then what we've got a hundred of them. Let's just say you've got three policies, which is where we started. How hard is it?
Bryan Lachapelle (09:22)
That's it.
Following, following the policy. ⁓
Justin Shelley (09:50)
to actually educate on, hold accountability to, and build a culture around these policies. What are your thoughts there?
Mario Zaki (09:58)
Well, that's going to have to start from the owner down. You know, the owner really needs to, you know, when you're hiring or when you've implemented it, you need to sit down with, you know, your leads and all your employees and say, starting this day, we're going to be going through this and everybody needs to, you know, read it, understand it, ask some questions, you know, and sometimes some policies need to be adjusted. You know, sometimes, you know,
Justin Shelley (10:01)
Correct.
Mario Zaki (10:27)
when you're putting it together or when you're reading it, it makes sense, but some employees may read it and say, hey, this says this, but we haven't really been doing this. Can we maybe do something else or whatever? Like if there's a work from home policy or whatever, it needs to be collaborated and checked on regularly.
Justin Shelley (10:52)
Yeah. Brian, you got thoughts on this?
Bryan Lachapelle (10:56)
The only thing I wanted to maybe add is that
people are difficult ⁓ and we can put in all the protections in place, but really culture and accountability will fill the gaps that our software solutions can't. And so that's ultimately what policies are. They are the gaps. are the areas where we can't protect using tools and or software. And so if you don't train your people on it, if you don't introduce them to policy, if you don't enforce the policies, then they mean nothing. ⁓
things will fall through the cracks. And they typically do. That's usually where, sorry, where breaches occur is in between, right? Where people were supposed to be the ones that intervened or people were supposed to do something or not do something. That's where usually our breaches happen.
Justin Shelley (11:51)
So like I said, I don't want to sit here and rattle off a list of all of them because there are so many. ⁓ I want to talk briefly about the, the buy-in getting, getting people to actually do something with these, because the biggest problem that I see with policies and procedures is that they're created maybe at best actually usually not, but let's say they are, they are thrown in an employee handbook of some sort, or in a big folder so that when you bring somebody on a new hire,
Bryan Lachapelle (12:17)
Mm-hmm.
Justin Shelley (12:21)
You hand them this stack of probably hundreds of pages and you say, read this sign off that you agree. ⁓ and then you can start training. Right? So you've got an employee under duress who has to, if he wants a paycheck, read and sign this stuff. And then that goes in a file and has never talked about again, unless maybe they did something wrong. At which point they pull it out and say, look, you did it wrong and you signed off on it. ⁓ let's talk about the problems here.
or the solutions, like how do we do it better than that? Like practical advice, how do we do it better than that?
Bryan Lachapelle (12:54)
Okay, well, I got a couple. Yeah.
Okay, so one, policy that nobody could read is not a very good policy at all. It has to be written in plain language. If it requires a lawyer to interpret your policy, ⁓ it's not gonna work. Policy needs to reflect what actually happens, not the idea scenario, right? ⁓ So, I've seen many, policies written and they're like 50 pages long and you're like,
Justin Shelley (13:06)
Yeah.
Bryan Lachapelle (13:22)
like all that to say have a good password, right? A password policy should be less than less than one page. That's it. It really ought to be that simple, right? If your policies are starting to get to the point where you need a book to put them in, re rejig. It's if people aren't reading them and people can't remember. A really good test is if if your people, if the average employee in your company can explain the policy in plain language, you've succeeded.
Mario Zaki (13:24)
Hahaha
Yeah. You're making me think with the policies portal that we're building, maybe we should have an audio option where they can listen to it or even watch a video on it.
Bryan Lachapelle (14:02)
a
translate button that says summarize this policy in one sentence.
Justin Shelley (14:06)
Okay. So I was actually
going to bring up not that exactly, but what you're saying, if it sounds like an attorney wrote it, it's not effective. I would argue that you can have the policy written that way, as long as you educate properly on what it actually means and how, how we enforce it, how we practice it. ⁓ one of the things, so, I am big on culture. talk about it all the time. And one of the ways that I've established culture in my company is in our weekly meetings. ⁓ we have five core values and I would quiz my employees on that.
all the time. ⁓ It would be okay. What are our five core values? Number one, Joe, go. Number two, John, what is it? And they would have to recite them number one. So I knew that they knew what our company core values are. And then the question is, where have you seen that in action this week? It can be yourself. It can be another employee, but tell me where you've seen this company core value being lived. And so this was not a negative. It was absolutely, you know,
everybody calling each other out in a positive way. and you talk about building the right culture. That's the best way I've ever, ⁓ employed to educate and to motivate people because there was no monetary reward. There's no gift card. You know, it was just, Hey, I saw John today, ⁓ treat a customer well, like they were one of our own family, you know, and here's the situation, you know, and that feels good. It feels good to say it. It feels good to be.
Ratted on in that case, ⁓ night and day difference on company culture. Now, the next step is bringing some of this other stuff into it. If we want really to, you know, let's talk about an acceptable use policy, you know, where do we see a threat? Where do we see somebody handling it properly? You know, you can, you can bring this into your company meetings because the one thing I will say, Mario, you're like, we need an audio option. Sure. A video option.
sure if you're going to do that and make them short, make them fun, make them entertaining. But even then people don't want to sit down and watch training videos. It's really hard to get them to do that. So I would add to that have them, but then have a way to actually engage in real life face to face or zoom or whatever we're doing these days to educate on and build a culture around it, a true culture around it. You guys have thoughts on that?
Mario Zaki (16:27)
No, I completely agree and I think it's very smart.
Justin Shelley (16:32)
Brian, you used to do something similar, right? You'd have your little video clips. Do you still do stuff like that?
Bryan Lachapelle (16:38)
We occasionally do. haven't done them in a while. ⁓ It's something that we have to do because we went through a cycle of doing a bunch of different clips on different topics and then we've kind of ran out of topics and we got to bring up, we got to get some new ones. So ⁓ definitely something I want to bring back. one, what we kind of do something similar to what you just described ⁓ during our morning huddles, we hand out the Goat of the Day for the previous day. Whoever ⁓ Goat for us stands for a light to create full time who
improve themselves, become their own greatest of all time. And so we're calling out the positive aspects of what people have done throughout the previous day. And we even have, you know, the little goat that we hand out that we 3D printed. But going back to policies, I think there are three things that every policy should have that a lot of people forget about. And that is a policy. We already covered the first one, clarity, but the other two are often forgotten.
One is that there has to be an owner. Somebody has to own that policy. And that person could be the one that's doing what Justin described, which is bringing it to the meetings and just making it fun. And the same person doesn't have to own all the policies, right? ⁓ And two, or the third piece is a review date, because every policy should be reviewed on a regular basis. ⁓ I remember, and I'm going to rat on myself here, ⁓ when AI first started coming out, we created an internal AI policy. And in fact, you just said, don't use it, because we've...
sure what was going on, right? It was like, ⁓ we haven't had time to review. So just don't use it. It was never reviewed. And so that policy is technically still standing, but everybody uses AI at the company. Because we've issued AI accounts for people to use that you're allowed to use this AI. So our policy has to be amended to be like you're allowed to use it when we've given out the accounts and hear that, you know, where you can how you can use it. So our review date is important.
Justin Shelley (18:31)
Yeah, that is one of the biggest
burdens of these policies is that they do have to be updated on a regular basis.
Bryan Lachapelle (18:37)
Yeah,
Mario Zaki (18:37)
Yeah.
Bryan Lachapelle (18:38)
so clarity, ownership, and review date.
Justin Shelley (18:40)
Yeah. Because we all don't have enough to do. We got to add this, this onto our plates. Good times. ⁓ You're welcome listening audience. All right. So any other, and I am going to wrap this up as far as you're like, we're going to change subjects, change directions here, unless you guys have anything else you want to say on ⁓ policies, incident response, maturity planning.
Bryan Lachapelle (18:47)
Yeah.
Mario Zaki (19:04)
No, I-
Bryan Lachapelle (19:04)
Well, have we touched
on incident response? Because I think that was one of the topics we did want to cover more in depth,
Justin Shelley (19:10)
Yeah, go ahead. What do you got? And no, we didn't like we talk about it all the time. And we've given the example of the hotel that was so good at it and the other hotel that was terrible at it. ⁓ But yeah, yeah, what do you got?
Bryan Lachapelle (19:17)
Yeah!
Well, I there's a lot of things that we touched on it briefly having an incident response plan. So we're not panicking, right? The first 20 minutes of an incident is often going to be the term determination of what the outcome looks like. ⁓ But an incident response plan, it's not for IT only, it's for the entire business. Like everybody has to take part of it. Operations, finance, HR, leadership, right? Most people don't realize that the incident response plan has that. But more importantly,
an incident response plan should have a tabletop exercise done every once in a while to say like, hey, let's pretend we've actually been in an incident and let's go through it. Let's role play this and see what happens, right? To actually practice it and see what it looks like in real, like in, you know, not a real world scenario, but like a practice case scenario. So those would be a couple of things that would add into the incident response plan. So we don't run around, you know, panic when it does happen, cause it will, and you don't want to be stuck.
Justin Shelley (20:17)
Well, and a lot of, a lot
of people think that an incident response plan is how we're getting technology back operational. And so that falls on the IT department. I don't need to worry about it. An incident response plan really should talk about how you're going to run your business until you get back to full operation. You should have a plan for everything that you do. How do you do it without technology? Or how do you notify people that you're not going to be able to do it? If you really can't, know, then there still needs to be a system to notify your customers. What, what limitations there are and yeah.
Bryan Lachapelle (20:29)
Mm-hmm. Right.
Mario Zaki (20:46)
Yeah, and it's easier to think about it when everything is operational and things are working than when a disaster does happen. Well, how are we going to let all our customers know? If you've already thought about it when you are in the right state of mind, it's much easier. I always use this example when sitting with Prospect. What I do is ⁓ think about it, especially with the guys.
Justin Shelley (20:52)
and you're not panicking.
Mario Zaki (21:14)
Nothing is worse than that feeling when reaching in like your back pocket and you can't find your wallet. You know, in the event that you lose your wallet, you need to sit there and remember what's in there that you have to contact, which credit card, what's the number, what's the phone number, you know, what do you have in there that you need to replace, ⁓ your driver's license. Well, it's easier when you have everything there. You, you write down your driver's license information, your credit card and what number you need to call.
So that way in that panic when you can't find your wallet, you know, you could always say, okay, I have a list of everything that was in there. This is what I need to do to cancel, you know, because you're, you know, you're panicking, you're going to forget. And even when you realize I did forget it in the coffee shop or whatever, and you can't find it, it's gone. You know, you're still trying to figure out what you need to do next. But if you have that planned out first, or when you still have it, it's easy peasy.
Justin Shelley (22:12)
Yeah, that's, that's bringing up a, a sore, like some little PTSD on my part. I lost not only my wallet, but my phone along with it at the same time while I was out of town, thousand miles from home. ⁓ we won't talk about the story behind this Brian, ⁓ not one of my better moments, but I found myself with nothing, absolutely nothing. couldn't even call an Uber. ⁓
Bryan Lachapelle (22:14)
Can't disagree there.
I remember that. I don't know what you're talking about, Justin.
Mario Zaki (22:32)
You
Justin Shelley (22:42)
I don't know that I have a plan for that. I have a plan to not get back in that situation. A prevention plan. Anyways, you got a little personal there. Okay, anything else guys that you want to talk about with these policies ⁓ before we transition?
Mario Zaki (22:55)
Sorry, sorry.
I wonder if there's any listeners left.
Justin Shelley (23:07)
They've all gone. I told them at the beginning, they had to stay till the end because there's good stuff coming. And this is going to be my transition. So I asked you guys about your two, you know, if you had to pick one, Brian, you gave us three, Mario, you came in and you, you add a little to it. And I just realized I didn't even say mine. And I do have a favorite policy that I want to talk about. And that is called, it comes from, think it's episode 27 with Joseph Rumsman poem, plan of action and milestones. Now, if, because
We talk about you guys, just, we're wrapping up 12 episodes. We're looking at, mean, not, I'm not each episode an hour. So somewhere short of probably 10 hours of us talking about the basics. We're not even into advanced stuff right now. Just, just the basics. It's a lot. And so if, if, you know, as a business owner, I look at all this stuff and say, okay, I'm getting compliant. I'm getting secure. I'm locking it all down and I'm doing it today. I'm doing it this week. I'm doing it this month. Fuck. If I'm doing it this year.
Bryan Lachapelle (24:05)
Mm-mm.
Justin Shelley (24:07)
I still am going to be overwhelmed. So you have to have a system for identifying what you have and what you don't have the goalpost and try to keep the goalpost from moving, but it probably will. ⁓ And then you review that on a regular basis. You you've got your, your gaps, your goals and how you're going to get there. Plan of action with milestones. That to me is the most important document to have. If you have nothing else, write it down. I don't have anything. And here's my plan to get there.
That's what I would say. Go ahead, Brian.
Bryan Lachapelle (24:38)
If your poem
though, like your plan of action of what you're going to be implementing upcoming protects you from people who from legal, you know, not necessarily legal implications, but like from from somebody saying you were completely ⁓ incompetent and didn't do anything to you know what they were they were moving towards a goal. And because it's such a big goal, you can't be done overnight. It will take time.
Part of that plan should also include continuous improvement, right? Once you're done the plan, you start it back over again and you're just constantly run through it over and over. Not obviously, that's not all you're doing, but you know, there is a time cycle where you're going, okay, we've already looked at everything we had. We've identified everything. Well, you know, six months down the road, a year down the road, what you had is no longer what you have. So you got to revise it, revise it, revise it. So this is a living breathing document. That's a living, like all of this is living and breathing.
Justin Shelley (25:36)
Yeah. Yeah. And you know, if, done, I want to say if done right, I don't know that there's a right way or a wrong way necessarily, because anything is better than nothing. And there is no such thing as perfect, but I would say that to do this in a way that is tangible and it's actionable. I like to have a score. I like to have, okay, we're our, our target is a hundred. If we're just going by a hundred percent, you know, percentage then, and we're 20 % there. All right. That ain't great.
But it's something and like, let's get to 30 % by next month. And here's how we're going to do that. ⁓
Mario Zaki (26:09)
So are you saying
you need to get like 1 % better every day?
Justin Shelley (26:11)
% better every day, then you can have this in 100 days.
Mario Zaki (26:15)
Yeah ⁓
Bryan Lachapelle (26:15)
Yeah, it's like a journey or something, right?
Justin Shelley (26:17)
Something like that.
All right. So guys, here is my big announcement. ⁓ as I was contemplating how to, I, ⁓ I do, but I don't know which button it is. Wait, drum roll drum roll. I got it.
Mario Zaki (26:24)
You don't have a drums,
Justin Shelley (26:36)
We're going to make a free portal that will help you as a business owner, track this stuff. And you can use this to implement it yourself. If you want to, we'll have resources. We'll have how to documents. We'll have, you know, check boxes. And, you know, if you just want to use it to check in on the guy, you're writing a check to the company, you're writing a check to you can use that. ⁓ and if you're an MSP or if you're an IT department or whatever, you can use it. So I'm going to, and Brian kind of called me out on this, before we started.
recording. No, I do not have it live today. I will have something up and running by this time next week. And it will be very basic. We will start very, very, very simple. But I'm going to build this out in to where it can be some version of a community where we're all helping each other. There's resources there. And and we are going to have a poem as part of this where you can go through and kind of check off the stuff that you have in place. And it will grade you and it will give you a plan of what you need to do. So
That is the big announcement, you know, because here's the thing I'm watching and I like to brag about it. I'm mostly joking, teasing, but they're, yeah, I've got a little bit of an ego going on here. ⁓ I love that our numbers are going up. I love that our subscribers are going up. No, we're not like Joe Rogan yet. Yet we're coming. We're coming for you, Joe. ⁓ But our numbers are going up exponentially. When you look at the download graphs, when you look at subscribers on the various platforms, cause we have a lot of them out there.
⁓ we're, picking up momentum and I'm thrilled about that. And while yes, I do want to get clients out of this podcast, I can tell you that there is no monetary compensation to this to date. ⁓ which is fine other than, know, we all build trust and credibility by doing this. but I really do want to take it to a level where we are providing a free valuable resource to the community. There will be no cost to this. Yes, you will have to give up some information because you'll have to log in if you're going to track your, your stuff, you know, like your, your company score.
⁓ no, we will never sell your information. No, we will not market to you, but, ⁓ that, that is my commitment is to build a resource where we can, ⁓ start truly giving something back to the community beyond just looking at our gorgeous faces and listening to our amazing voices. That's the goal. ⁓
Mario Zaki (28:48)
But
we will take on sponsors if there's anybody out there that wants to take on some sponsors or wants to take us on.
Justin Shelley (28:52)
There we go. Maybe, maybe, maybe,
maybe we start doing some sponsorships. Kaseya, you guys interested in buying us? God, I shouldn't have said that. That'll never happen. That is why my one promise, we will get so big that they will want us and we will not, we will not sell to Kaseya. Now they're going to assume me because I said that. Brian, do you have any thoughts on this other than I shouldn't have announced it until it was done.
Bryan Lachapelle (29:16)
⁓ my only thought is if you're not going to, if you're not going to hop onto these free resources and, and, and take advantage of the fact that we're going to basically be giving you a plan, ⁓ then stop listening today because what's the point? No, don't stop listening. Go download the plan. ⁓ Go download the plan. We're giving you the, we're literally going to be giving you the step-by-step process on how to make this all happen. So.
Justin Shelley (29:32)
How dare you? What are you? What are you saying? I'm cutting that shit out. That's not making it to the air.
Mario Zaki (29:34)
Edit edit this
Justin Shelley (29:43)
Yeah. And,
and it is genuinely there. There's two purposes for this. Number one is if you truly want to do some of this in-house, we're going to show you how to do it right and give you the tools to do it right. I don't advise it, but if that's where you're at, at least do something, but more importantly, and this comes because I've said this over and over, you guys agree. You've heard the same story. When you go talk to a prospect or, or
Bryan Lachapelle (29:47)
Do it.
Justin Shelley (30:11)
random business owner and you ask them what they're doing for cybersecurity, how their security posture is. We almost always get the same response. My IT guys got that covered. We're fine. We're good. I got a company for that, whatever. Press them for information and they don't have any. And so this is that information. This is where you can go in and you can score your IT department, your MSP, your in-house, whatever you can score and you can find out if you are getting what you pay for.
So you can hold accountability. You can do it yourself. And then of course, you know, if you, you do want to hire one of the three of us, sure, we're here and yes, we would like to, help you out and get paid for it. ⁓ but that is not the primary purpose of this. So that's, that's the big announcement. And like I said, Brian, ⁓ I will have something that people can log into by the time we record next week. Now it might just be a login to go to a blank screen. I don't know, but I will at least have.
a live dashboard that they can log into with maybe some fake numbers. I don't know. We'll figure that out. This will be a work in progress. We'll develop it as we go. We'll talk about it. We'll give you updates. And that brings me to my second big announcement is for the next at least 12 weeks, we did a 12 week segment on security basics, which aren't very basic. Now we're going to do a 12 minute segment on AI. All right. Because we skipped introductions today, but I usually start mine with
Bryan Lachapelle (31:32)
Woop woop.
Justin Shelley (31:35)
You know, we like to help people use technology to make money and then protect that money from the bad guys. Now we don't really talk about how to make money. So for the next 12 weeks, we are going to dig into how we can use technology, AI and otherwise to help make money, to become more streamlined, to become more profitable. That's, that's the next 12 weeks. You guys have any thoughts on that?
Mario Zaki (31:59)
It's about time. I mean, it's already taken the wall. The world.
Bryan Lachapelle (32:00)
I'm so excited about this part. Yeah. Yeah.
Justin Shelley (32:04)
And
Brian, I have to tell you again, because as we're getting started, you're like, damn it, haven't I haven't set up my ⁓ because we're all doing a little vibe coding, right? This is using AI to develop ⁓ stuff. And Brian's been dabbling, but he hasn't got it set up yet. I'm like, that's cool, Brian, you can just be our B five and after case or before you told me before is copyrighted. your B five and before and after B five and after B whatever. ⁓ So
Bryan Lachapelle (32:12)
Yep. Yep.
Yep, BFOR is copyrighted.
Yeah.
Mario Zaki (32:30)
it's copyrighted it's called it's copyrighting
in in canada you know in the u.s.
Bryan Lachapelle (32:34)
Nah, I'm just razzin'.
Justin Shelley (32:35)
good point. We just won't air
this in Canada. ⁓ Anyways, so yeah, we're gonna Brian will use you as a guinea pig. Mario is like the leader on this one, which is funny because I thought I was the leader at first and then Mario caught wind of this and he just like launched and left me in the dust. So I've got to up my game, but I will be developing this platform that I'm talking about with AI and talking about the lessons learned along the way. We will be talking about security. That is a major component of
you know, properly using AI. And I think it's ⁓ a great subject to introduce or to deep dive on here on Unhack. So those are the two announcements guys. ⁓ I think I've beat this dead horse long enough. We're going to go ahead and move to wrap up it, but go around the room and we're going to just do final thoughts, closing arguments, key takeaways, anything that you want to add, anything that we missed. This is your time to say it.
And then we're going to say goodbye and wrap up. then next week we'll be live with a platform that you can log into and maybe see nothing. Brian, what are your final thoughts?
Bryan Lachapelle (33:41)
Well, my final thoughts are this. for the last, I don't know how long we've been doing this podcast for a year and a half. I've been talking about letting us help you on your journey to become ⁓ more secure and help you in your business and your journey on your, your, with your business and implementing technology. This portal that we're planning on deploying is that, is that journey basically mapped out for you. And so I'm pretty excited about it. ⁓
You know, when Justin mentioned it, was something I was a little hesitant at first because announcing something we don't yet have is a little nerve wracking. But at the same time, it's something that we've all been doing so much of. the platform really itself is the small part. The content that's going to be in it is going to be the major part. We already have all the content.
Mario Zaki (34:31)
Exactly. mean, between the three of us, have, ⁓ you know, three quarters of a century worth of knowledge that we're going to be able to put into this system. You know, obviously not everything is going to be up in day one. But if you listen to our new upcoming mini-series, you know, we'll teach you how to do things a lot faster, you know, using AI. you know, I'm pretty sure this portal will also be put together using AI.
just like everything else is now. And when you have the blueprints already done for you and you pretty much have to go in there and just enter some details or customize it, make it your own, it makes it a lot better because the hardest thing is really getting started no matter what it is. Exercising, dieting, starting up a company. I mean, I don't know about the first two, but starting up a company,
Justin Shelley (35:00)
Of of course, yeah.
Ha
Mario Zaki (35:30)
⁓ you know, whatever it is that that first part is really the hardest and we're gonna take care of that for you guys, you know, we're gonna put you right there at the end of the mile marker and all you have to do is log in and you know, just take what you want.
Bryan Lachapelle (35:32)
I'm sorry.
Justin Shelley (35:50)
All right. So yeah, I'm going to kind of echo what's already been said this, this to me, um, maybe I'm overly excited. I don't know. I have been agonizing. I will say this. I have been agonizing over a way to deliver more than we've done so far on the podcast. Um, I love that we can educate people. The audience grows. I love when I go to, to conventions or something and somebody will come up to me and say, Hey, I see your podcast. I'm like, ah, great. I'm famous. You know, it's like,
Mario Zaki (36:18)
You
Justin Shelley (36:19)
for the, ⁓ the four people that, that know us and watch, I, I've met all four of them. It's great. ⁓ so, I mean, I, and all I'm really saying is that I know there's a need. I know that, you know, people listen for a reason and it's not because we're like, so goddamn entertaining. ⁓ I don't know, maybe that's part of it, but, but I've, I've just thought like we've kind of plateaued on what we can deliver through this.
Bryan Lachapelle (36:23)
Hahaha!
Mario Zaki (36:27)
You
Bryan Lachapelle (36:39)
Speak for yourself.
Justin Shelley (36:49)
current strategy. And I know we needed something more and I didn't know what it was. went and I registered a ⁓ Gmail address, unhacked at gmail.com. Or I don't even know if that's right. Cause I've never used it. ⁓ we had it, we've got a couple of Facebook pages out there. There's a Facebook page for unhacked. I don't really use that. kind of abandoned it. ⁓ I dunno, I've, I've just been dabbling with this and trying to figure it out. And so I am happy to have this. There's so much that I want to do with this. There's a whole segment we haven't even touched yet. I promise. I don't know if you guys remember back.
Jocelyn, I don't remember her last name and I hope I got our first name right. we had an episode on protecting the elderly, you know, and I want to do a segment and have resources in the dashboard about, about the elderly. That is our highest downloaded episode, by the way. That is the one that drew the most attention over anything we've talked about. And so that there's a need there and resources that are needed. And I made a promise on the air that I was going to do something. ⁓ but you know, ratting on myself since it's been the theme this, this week.
I didn't know what to do. You know, I'm like, I'm to do something and it's going to be great. I just don't know what it is. So ⁓ I am very passionate and excited about this. And I do promise to make it something that ⁓ will be very, very valuable, very useful to the community. That is my commitment and to make good on some promises that I've made in the past that haven't yet delivered on. So ⁓ I cannot thank you, Brian and Mario enough for, being a part of this. I did the one episode by myself just to see if I could do a podcast by myself. A yes, I can ⁓ be, it isn't great.
Um, I need you guys here. So I really appreciate it. None of us are getting paid for this. So thank you sincerely with all my heart, you guys, for, for being here and giving your time, um, and, and audience community, we are here because I'm not getting emotional. just, I just, I swear I'm not. Um, but we do care. And you know, we, we really do want to deliver value to, know, whether you're a client of ours or not, we all have things we give to our client to pay us.
Mario Zaki (38:33)
It's tearing up, man.
Bryan Lachapelle (38:34)
Hahaha!
Justin Shelley (38:46)
This is what we're giving away to people who do not pay us. So, ⁓ Brian, thank you. Go ahead and give us your goodbye. Mario, thank you as well. When Brian's done with his long winded goodbye, go ahead and give us yours. And we're going to wrap up and we're going to be done. And we will be back next week with the beginning of a new era. Brian.
Bryan Lachapelle (39:03)
I'll keep it short and sweet. name is Brian Lashko with P4 Networks. Let us help you on your journey to becoming 1 % better.
Justin Shelley (39:09)
Mario.
Mario Zaki (39:10)
I'm Mario Zaki, CEO of Mastek IT and we have been specializing in helping people have peace of mind and we want to help you guys be able to sleep better knowing that your company will be there tomorrow.
Justin Shelley (39:26)
Excellent. And I am Justin Shelley, CEO of Phoenix IT Advisors. Remember, listen in, take action, log into the new portal, and keep your businesses unhacked. All right, guys, see you next week.
Mario Zaki (39:36)
unhacked
Bryan Lachapelle (39:36)
Unhacked.
Cheers.
Creators and Guests
