Cybersecurity: Amplified And Intensified

2. The gatekeeper.

March 24, 2021 Shiva Maharaj/Eric Taylor
Cybersecurity: Amplified And Intensified
2. The gatekeeper.
Chapters
Cybersecurity: Amplified And Intensified
2. The gatekeeper.
Mar 24, 2021
Shiva Maharaj/Eric Taylor

Overlooked as an annoyance by most, MFA is often the last line of defense between you and an account takeover or breach, giving MFA the distinction of being your gatekeeper. 

Eric Taylor 
Twitter: barricadecyber
www.barricadecyber.com

Shiva Maharaj
Twitter: kontinuummsp
www.kontinuum.com 


BARRICADE CYBER
Barricade Cyber provides Ransomware Remediation Services, Incident Response and Penetration Testing.

KONTINUUM
Because you're entitled to support that's actually supportive.

Otter.ai
Otter.ai provides audio transcriptions services to help you get your message across.

FASTMAIL
Your data is for you, no one else. That includes your email, calendars, contacts, notes, and files!

Show Notes Transcript

Overlooked as an annoyance by most, MFA is often the last line of defense between you and an account takeover or breach, giving MFA the distinction of being your gatekeeper. 

Eric Taylor 
Twitter: barricadecyber
www.barricadecyber.com

Shiva Maharaj
Twitter: kontinuummsp
www.kontinuum.com 


BARRICADE CYBER
Barricade Cyber provides Ransomware Remediation Services, Incident Response and Penetration Testing.

KONTINUUM
Because you're entitled to support that's actually supportive.

Otter.ai
Otter.ai provides audio transcriptions services to help you get your message across.

FASTMAIL
Your data is for you, no one else. That includes your email, calendars, contacts, notes, and files!

Shiva Maharaj:

This is the cybersecurity amplified and intensified podcast. What's on the docket for today? Sir?

Eric Taylor:

I think what we were wanting to talk about was diving into what every company should be utilizing internally and or asking their partners if they're utilizing to make sure their business is more secure.

Shiva Maharaj:

I'm good with that. Did you want to kick it off?

Eric Taylor:

Sure. One of the stuff that we've been seeing over the past couple of weeks, you may see some insight on it. And one of the biggest things we always see with account takeovers, domain takeovers that are no longer or have never used to FA at all. Have you been seeing that on your side or on the consulting

Shiva Maharaj:

side? Not on the managed services side, but wherever there's pushback from the clientele to actually have multifactor? in play? Those are the ones that are usually the low hanging fruit for all these ransomware gangs? Because it all starts with a breach credential. Right?

Eric Taylor:

Exactly. And as more and more consultants, MSP is it vendors, just the internal IP themselves are, you know, looking at Microsoft and G Suite as a single source identity. I'm personally seeing a lot of people not leveraging two FA or MFA on these tenants at all. So it's really the that single point of entry, people are coming in being able to compromise that specific identity, and to be able to take over the entire network literally, just by that single point of identity, which is really, really shocking to me, because I'm going to build a big wall around my house. And I'm gonna leave a two way, two foot wide barrier hole here. So anybody who could find it just come on in so big deal. Now,

Shiva Maharaj:

do you think that's a lack of education on both the providers part, as well as the providers ability to explain that need to the client, because the way I see it is on the managed services side, at least, you know, the way you and I do it, they don't have a choice, come on board with us, there are maybe 15 or 16, different tasks that will occur within the first day, maybe two to take them to what we would call our security baseline, whereas many other providers, they want to upsell everything, it's like, hey, you're paying us nothing to come in. But maybe you should do this, and it's gonna cost you that and the customer, and rightfully so that's not what they were pitch, they're not going for the bait and switch, which in this case, may actually protect them.

Eric Taylor:

Well see, I see a lot of it we're coming up with you're saying they are going in and they're trying to upsell or mandate their clients be under a certain regulated regulatory body or, you know, policy or purse and or procedure, but they don't do it themselves. You know, they, they go in there. And it's like, okay, you're going to do all these things. And by the way, we're not holding ourselves to the same standards, you got to suffer with security, but we don't, we can't go through that we got too much crap in there. That thing, and it really is alarming to the point where I'm just like, why are you going to make all these recommendations to companies and, you know, say that you got to do to FA you got to do MFA, whatever the facet is, and you're not even doing it yourself, oh, cotton pot and kettle type of thing. So it really, really is kind of goofy. And the reason that Yo, I think we needed to take a moment. And I really do think this is gonna become a multi part thing, because I know we had a list of things that we want to go down and really talk about, you know, things that we really think company should do. But I don't think we have all day to sit here and just talk about this. But I do think we need to take a moment and really dive in and say not to all to essay is considered the same way. Wait, wait.

Shiva Maharaj:

Are you telling me that text message based MFA is not good? Is that what you're telling me?

Eric Taylor:

Exactly. We're all getting ready to go. Yeah, I mean, text message SMS, to FA is not a secure approach. I have literally gone to vendors of an MSP and brute force in with Google Authenticator. We've done it with Microsoft authenticator, not to say there's a problem with Microsoft or Google off, you know, it is a randomly generated code. It's how the developers implement that code into the program a lot of times so you know, they will come in and say, Oh, well, we are leveraging Google off or our T OTP. codes. Okay, but how far down that rabbit hole are you going? Are you saying two or three Phil's code enters in now your account was locked out for five minutes. So some jackwagon like me, who has now a username and password, I'm loading it up into one of my tools like burp suite or Python or whatever. And I'm just randomly generated code until I get in. I mean, come on. So I mean, there's there's always got to be that extra layer of you know, security that you're putting on to it and I think related to come up with a new name of instead of the layers of security being the layers of an onion, we come up with something different. I don't know. What do you think she'll

Shiva Maharaj:

definitely rename? It is good for me. Are you familiar with keeper security? The password manager?

Eric Taylor:

Yes, I keep going back and forth thinking about them versus LastPass. But

Shiva Maharaj:

go ahead with your question about six months ago, they redid their authority platform. And now it's username, MFA. And then if you succeed with that challenge, then you'll have the ability to put your password in, and you get locked out after three or five failed attempts for whatever you set that threshold to be, whether it's five minutes, up to two or three hours, what do you think about putting the MFA challenge in between the username and password?

Eric Taylor:

Now? Are they gonna walking you out on the MFA challenge? Or after you get past MFA and locking you out on a password? Either or whichever comes first? Okay. All right, listen, let's go, let's go down the rabbit hole. So this is a massive onus issue, I'll go for that. First, I can take a directory list attack with a bunch of email addresses, and I can start figuring out who your clientele is. Because you know, if the email address matches your database, Okay, I'm gonna get prompted for the OTP code,

Shiva Maharaj:

right? Do you really need to go that far down the rabbit hole? Or do you just go on LinkedIn or any social media platform where people willingly give up all their information?

Eric Taylor:

Well, we won't talk about that just yet. Okay. But, you know, there are plenty of it, folks. So that will really divulge what their entire stack is and what they're using, which please, if you're in it, please stop doing this.

Shiva Maharaj:

Stop telling everybody the tools you use. But anyway, does that mean we don't list all of our tools and partners on our website? So that

Eric Taylor:

yes, please stop that.

Shiva Maharaj:

You can just give everyone the vectors they need.

Eric Taylor:

Yeah, please stop. Listen, your partners. I mean, if I know you're using Sentinel one as one of your partners every month or two months, there is a hackathon literally, I mean, it's still virtual. But there's still hackathons about bypassing AV detection. So if you're listing that your partner was sitting on one, or silence or bitdefender, or whatever, and you're listing like your big, prominent customers that you're very happy about having, then I kind of know what your stack is, I know what the vector is to start reaching those possible clients. Please stop doing it. Anyway, we'll get back to keeper Yes, sir. Because you know, me, I'll go. What is the point of having the password really at this moment? So if I dictionary tack, and I say, Okay, here's a list of all the email addresses. Now, if you're able to put a account lockout on the T OTP code, what's the point of the password anymore really, in at that point, when you just want to do SSO and then challenge with the T OTP. Code,

Shiva Maharaj:

they do that too. Now, the way I have mine set up for all you onis people listening in, or SSO again, and the way I have my MFA setup, you can't save the session. So if you have to log in again, you are challenged. And that is my preference for MFA. I think there needs to be more MFA challenges in all the software we use as providers, I know they're massive user experience issues that you will incur. But I think it's a small price to pay for the added security,

Eric Taylor:

you're gonna do the flip side of the coin, if you have, if you have to TP goes into the put in granted, it's gonna be a pain if you go with something like a push notification system, which I think peeper has, and I know LastPass is not a Duo Security has. But if you go with a push notification system, I think a lot of people are going to get complacent about Yes, yes. Yeah, doesn't mean it to me just shouldn't be done. It's really going to, you know, circumvent the entire reason for having us. I'm really torn on that when you're

Shiva Maharaj:

dealing with duo. I mean, we both use it internally, we both roll it out to our clients, you can almost set up something similar to conditional access and trusted endpoints to make sure they can only log in and authenticate from those places. And believe it or not duo is actually pretty savvy to identify, if you just authenticated on one IP, and now you're halfway around the world, they will they won't even send the challenge. So if you're using duo, I think that should be in my opinion, I think duo should be the baseline for MFA across every workload or something similar to that, because they're a good idea when you are in a traditional workload, if you will, or a traditional office space. But you know, as you know, you and I have talked more and more offline, there's a ton of people who are going to be migrating or are still migrating and plan to maybe imporantly stay in this whole mobile workforce. So listening, every DHCP IP address from every end user without a static IP address can be an administrative nightmare, versus forcing everybody to get a business account in a static IP address. One of the ways you can mitigate that is if you're using Microsoft 365, get their business premium license, tack it on to the user and really begin to leverage Device Management tie that in with conditional access policies to bring duo MFA into the Azure AD space where you're not just using you're no longer using the Microsoft authenticator. You're layering duo on there. So now, feasibly, they'd have to compromise your Azure AD credentials as well as duo to get in somewhere. What do you think about that?

Eric Taylor:

I don't know. I'd have to really look into it more because on the surface, I'm a little complex Wyatt. So yeah, let's just say hypothetically, I was traveling like sometimes I do. And let's say I'm traveling abroad. In Italy, I'm in France, I'm in Australia, whatever, you know, I want to log in. Okay, I have conditional access thing turned on fleshes save for the state. But I have duo turned on as well. So if I'm able to authenticate against Azure, but not able to authenticate against Duo Duo to actually log in, they'll cause some problems, especially for some traveling and stuff like that, I guess a lot of foresight and a lot of planning, which isn't a bad thing. But I definitely think it's something that needs to be looked into a little bit more in case by case scenario.

Shiva Maharaj:

You know, the good thing about duo in that sense is that you can actually create incident response plans around that. And remember, an RP is not just for a ransomware attack, or something like that. An RP can be for something where an executive is traveling, and you need a plan to get them back online.

Eric Taylor:

Oh, come on. Now you're gonna hurt my feelings is not only for ransomware. Come on. Well, I know

Shiva Maharaj:

that's your thing. But they can probably be used here and there. Maybe? I'm sure there were I RPS long before there was ransomware.

Eric Taylor:

Oh, I'm sure I've got a question. A couple of personal you're referring to IRC, right? Yes, sir. No, I heard you right or not that correct?

Shiva Maharaj:

Yes.

Eric Taylor:

And then deal with like five or six different things for fire in the bus once here. In reference to the to FA Are you guys you're referring to referring really for, you know, very valuable app, you're talking about, you know, system administrators to it to a face, you're not talking about your average user to FA option. You're talking about an enterprise level, I have a authentic, oh, okay, go for it. So here you go. Everybody needs to have a, I was, you're saying this only on C level, or I literally have a physical conference, physical Center, where the owners were more concerned that I got into the desktop, other users that had passwords or passwords and salaries for the entire organization. And they were actually probably arguably more concerned that the salaries for everybody and an Excel spreadsheet was available on the network from this one user workstation that they like, didn't care about, you know, oh, I can take down your entire 365 tenants, you know, literally shut down your company from the outside, they were literally more worried about their salaries, it was crazy, everybody needs to have to FA you know, as much as I hate to say it, but I think even if you are in a Microsoft tenant, and you have a mobile workforce, and you're using f1 are the frontline workers, those guys need to be to FA two as well. We need to protect, protect the identity and all identities with inside of organization. And with that, when

Shiva Maharaj:

I am a firm believer that there's not a single resource in a company that is more valuable than another and especially in terms of MFA, you should offer the same level of protection that you would if you had company secrets, patents, intellectual property that you wanted to protect, that's the same thing because anyone and anything can be a vector, you get enough of those you, as Eric knows, you string them together, you can own an organization very quickly, Nacho, my question for you, how do you distinguish between what you would put that extra layer of MFA on and the average user, as you said,

Eric Taylor:

what you're talking about? That's what I was trying to allude to that you are 100 correct on an enterprise level? Because anything, you know, getting into an average user in an enterprise, you can work your way up and get get to where you want to go? Yes, you are right on that. Yes to FA for everybody that is agreeable the level of different say, you know, you got a system administrator, he's gonna have a UB key with him. Because obviously, you know, he has these things. But yes, I, like I said, I agree with you guys, I will say not to, you're sort of bringing into a very interesting discussion that we have talked into, while you haven't said as directly, I'm going to make that segue for you a little bit and take a little bit of liberty here. But you know, you have said, you're pretty much saying you're even on the home user, you need to protect the identity, you know, the identity is the email address. So by leveraging that, you got to make sure that that identity at all times has the most secure to FA MFA, whatever that email provider will allow you to have you to have that in place, because that is your central point of contact. But on one thing that you did say which I will disagree with you, you're saying that to FA MFA needs to be done on the enterprise level. And I think it's a lot more granular than that, it really depends. I believe, in my personal two cents. I know mia shivah was bounced back and forth about this a lot. And there's a lot to be said either way. So I'm not saying one way is right or wrong. But you know, a five you have five person quick lube place, I can see the owner, the manager being the only people that need to have a MFA, you say that same size company and slap them as a legal firm where the front desk person and the paralegal probably sees more information than that lawyer ever does. In any given day. Everybody needs to be an MFA to FA whatever the case is, you know, I really think it does go down to the business a little bit versus just everybody but you know, I'm kind of spraying a broad approach, but I do think it needs to be a lot more granular than just say you're an enterprise, you must do this. I'm more on shivah side of, you know, everybody needs to have it, but I do have some tolerance and caveats. like okay, this business really doesn't need that. All that, you know, but you know that's I can go back and forth all day on that one really play with my mind a lot on it with what we said about MFA. How do

Shiva Maharaj:

you guys see SSO and conditional access laying into playing in tandem with MFA? Do you think that's a necessity for the identity or something that's nice to have,

Eric Taylor:

you know, I'm really, really torn. And this really goes back to a lot of conversations we've had both here and office here is SSO is awesome, right? Because you really do have that identity that you're going to, but I am also a huge advocate of layers of separation, as well Take, for instance, your bank account, in no way shape or form, like I would hope you would never want SSO into your bank from your 365 or G Suite tenant, but you want to have some sort of two FA MFA on there. That's not text based, you know. So having that level of separation, I do think has a lot of merit to we SSO everything in my opinion, no. Would it be nice? Yeah. But again, I do think we have to have some level of separation.

Shiva Maharaj:

What do you think about the CFO, and that CFOs departments in a company having SSO access to their banking information, they fire someone, you and I both know, documentation, and most of these companies is poor at best, what's the likelihood that upon termination, they will forget to disconnect or disable certain accounts? Couldn't SSO help with something like that?

Eric Taylor:

Yeah, I believe so could help with that. But I do think that it goes back to some of the original discussion of having an incident response plan, you know, this is a termination is a incident? How are you going to respond to it? You know, Nacho made comments of a minute ago about having just a couple of incidents that he has to go through every year, I really hope it's more than a dozen. Because I mean, even in our world, we go through what's called atomic red teaming. And we're always coming up with new incidents, to apply it against and see how your business stands up to the proper grip. So yeah, I mean, any of these things need to have in our operating procedures, Incident Response Plan, whatever term you want to use, it needs to have that. And like I said, we can really go back and forth all day about, you know, if, for some reason, let's say hypothetically, we'll take you for an example or myself, let's say hypothetically, for some reason, something got goofed up, and our MFA or two FA got accidentally disabled whether our own scenario or something with our identity provider, 365, G Suite duo, whoever it is, there was a goof in the stars didn't align and someone was able to break in and now has access to everything because they as I sewed into you without to have the art MFA, you know, having total keys to the kingdom awesome with an identity, but it's also very dangerous.

Shiva Maharaj:

Oh, definitely agree. It's one shot, and he kills and that sense when you look at it that way, but at the same time, I think there's a tremendous amount of time that can be saved with having to disable one set of credentials across multiple workloads, especially if you're going through a breach, say employee number 35. Got breach and you can't narrow down the vector of attack. But you know, it's that user. And if you don't have SSO, how many systems is an enterprise going to have to disable to get to that? And that's where I think the SSO does help for the more privileged users. Maybe that's where you layer on a UB key as a backup for MFA authentication, whether it's on a local authentication or SSL, that would be a case by case scenario. I don't think we can generalize there. But I have a question for you, Nacho, what would you say? If I told you I have a 15 person plumbing company that has SSL duo MFA? And the identical protections I provide for a hedge fund?

Eric Taylor:

Yes, that's, that's fine, if you're able to provide it, and they are able to implement it on their budget, because your hedge funds obviously going to have a little higher budget, some might argue, like as far as making pretty good money, but, you know, so yes, it's very doable. But the only thing that I consider is when I when I do meet with my small clients, I just work within their budget, go ahead and implement stuff. But that doesn't mean that I can't provide them added security in reference to the back end to FA in additional what you and I know that we may will have problems with certain users who prefer not and it would be I mean, we're talking about, you know, CEO, and stuff like that we're talking about, you know, system administrators, but the people up there have a certain age that do not like to hassle with, to FA and that's where I try my best to make sure that whomever is in charge of making policies that enforces that. So not sure what what would you be or would you be able to mine that potentially, to start entertaining, it's like, Okay, if you are not willing to have two FA or MFA, whatever your standard is, then you have limited access. You know, we've actually had some pretty good success after being educated by never security firm, that was actually their idea. like okay, if you have a minimum password, eight characters, then you're required to re authenticate every six hours. However, if you're wanting to do a bit better password, and you're right, you're able to do two fa, or the aka natural MFA. And you're actually able to use passphrases. And maybe you you're able to work an entire day or two days. So by adopting, you know, I've kind of spitballing up top my head, I don't know exactly what it is, but it was spitballing. The whole idea of, you know, if you're not willing to implement security, your access to resources are restricted, you know, much like a VOD type of thing, you know, the higher your click security clearances, the more access to resources and information that you have, I think that may be a good alternative for a lot of the C level people who are, you know, really reluctant to do it, it could be, you know, just spitballing. Now, by saying this, this could actually be a good thing by actually implementing this, because now most of baby boomers are looking at retirement. And this may help them transition a lot of their roles off to some of the younger folks who are so opposed to all the security stuff and won't do adopted me, maybe I will help some of that transition. What do you two gentlemen think of that?

Shiva Maharaj:

I like it. I like any type of controlled access, but also the mindset, give them the SSO, give them the MFA. And now add that added layer of challenges for reauthentication. Because I don't think we as a country, we as an industry in the United States is ready for or equipped to deal with an A with a further increase in cyber attacks were to lays off there with everything. And it's not going to work in the long term.

Eric Taylor:

Yeah, I mean, just thinking of cyber attacks, I've got three potential ransomware leads just today, and one PCI compliance, possible breach.

Shiva Maharaj:

We've got a lead on today. So we there's no shortage of work out there in the security industry. And it's going to just get worse, because every two weeks, you see where there's a shortage of security folks, people don't want to get secure. My issue with people not wanting to get secure is that it providers are inherently afraid to tell people what security actually costs, because they're afraid they're not going to get the job. Most it providers aren't afraid to walk away from a potential contract. So they let the client run roughshod over them as much as they can.

Eric Taylor:

Hello, well, it's not people, not about people not wanting to be secure. It's about people not knowing what press are lying around. And they own the other other pockets at the moment. But they don't, they don't, they don't know that if they don't secure the systems. At this point, they will even lose more money. Okay, James, I'm pushed back on him, you know, here's trying to get a little ugly. How in the world does somebody at this day and age not know, you got to be more secure and asking these questions when you even have social media, Twitter, LinkedIn, Facebook, all these platforms that are constantly getting their accounts compromised and hacked, and they feed on not only their feed, or, you know, friends of friends feeds that, oh, hey, if I sent you a message, excuse me, I got hacked. There's no excuse at all. There's no excuse at all. It's totally right about that. And that's the problem. We're going people in those companies, they think that they need a lot of knowledge to acquire the systems. But that's not the point you come by people that do that for you. Because that's the worst I ever thought, yeah, being able to leverage a solution provider a security or not even security, but you know, a consulting firm,

Shiva Maharaj:

I think this goes back to the provider. If the provider is not posing the correct solution to the client, the client will always take the lowest cost option, they are not going to go spend more money when the expert is telling them they don't have to, am I wrong?

Eric Taylor:

No, no, no, you're totally right. Right spend more money than then you have to when someone you know if you're relying on your IT company, which is basically an advisor to to advise you on what to do, and the company is advising you based on cost? You're absolutely right, because you can only see you're not you're not a professional, you're just you're listening to what your ITT tech assuming that also considered sometimes a lot of these IP tech individuals or organizations may not have a cyber arm to them and may not understand the threat even if, because it's something like they don't understand. So they can't provide input on it unless they have a cyber component to their organization that can provide insight and allow the client to determine what they're willing to go ahead and invest in to protect them

Shiva Maharaj:

with the state of cybersecurity or lack thereof. On this side of the pond. At least in the US. I don't think you need a cybersecurity firm to tell you you should leverage controlled access MFA at a minimum baseline of security. I think cybersecurity in this day and age needs to transition to the sock same side of the house for offensive threat hunting and defense, I think the average IT person should be able to implement an IDP, they should be able to implement a solid MFA platform email protection and such like that. Because those, I think those are the basics of what are what's needed.

Eric Taylor:

Yeah. But can that average IP person explain why properly? Well, we

Shiva Maharaj:

need better people, the world needs ditch diggers to write. If they can't hack it properly, they got to move verticals. And well, that might be a bit harsh, but at the same time, you're leaving people exposed

Eric Taylor:

by why they won't give them the information, because they may not have a knowledge to provide the information or support it. And if they can, they'll go vertical, and they'll lose a client, or they'll lose that portion of the client for someone that actually has a cyber section in their department or in their company, you know, they can provide correct information, but the client would never know that that's the issue. Well, no, they just want more deeper than that not because we are my company is a cybersecurity firm. So we go into these things we're trying to figure out are a lot of IT folks, and msps are extremely, extremely cautious and threatened by us, because we are the unknown people that's going to come in and just destroy everything that they've been building, even though it may or may not be completely right and or wrong, you know, these folks are coming, they have this mindset that these security guys are gonna come in, and they're going to get me fired, they're going to do this are going to do that. And granted, I know a handful of cybersecurity firms that are out there that just don't care. They'll set the whole village on fire, they don't you got companies like mine, and some other ones that are out there that actually care, and they want to make things better. You know, you just got to have the right conversations with people and stop being afraid to have them. Maybe I went on for a little left track there. But you got to stop this mentality. You really do, folks, Erica, I'm coming to companies that have had issues, and they'll call me out of the blue. They're like, you know, we've heard about your blah, blah, blah, can you come in and check out what happened? Walk in? And yes, I tell them, Look, you don't need your IP or contract this, you know, take them out for this, you don't need this, you don't need that you don't need this, because they're getting sold a bill of goods, I get rid of, you know, I get rid of about 80 to 90% of the services for that IP company and tell them stuff like that, or even new, or, you know, you have just a bunch of stuff that they need. And I do form relationships with local IP support people because you know, just hits the fan, they're like, well, who's helping me call with an isolated area with fiber, next fiber person or individual that does cyber has any knowledge of it is 150 miles away every single direction. So yes, I maintain relationships with these companies to try to help them out with such issues. But sometimes, you know, I bumped into some that are trying to do stuff a little over, the company doesn't need that. And I just help them terminally you can reduce your cost by doing it. And yes, it hurts the tech company because it's reducing costs. And I really admit that I've done that. See, I mean, I'm gonna be a little blunt, you know me by now. But friggin stop doing that. You need to have a different conversation with the folks, you know, and this is exactly why the industry does not communicate at all and you are part of the problem. You're going literally in your own words saying you don't need this, you don't need this, you don't need this is all crap, blah, blah, blah, instead of taking. I'm warning you guys, I mean, you guys, I know I'm rough around the edges, and I'll call a horse a horse, I don't care. But when you're going into situations, you've got to be able to build a better rapport, you got to build, you know, you can't be the I'm going to come in here and whack everybody off. And like I said, you know, set the frickin village on fire, you've got to come it's like, Okay, I understand these guys are doing distance and if it isn't this, but there's a better way of doing it because of my experience. Let's talk about this, this, this and this and let me show you how this the better reason of doing because we aren't incident response firm. We have to have these conversations all the time. You can't go in and just bruise a bunch egos it didn't expect crap to get done. You've got to be more finesse. You got to have more of a patience you got to have more of an understanding you know, not everybody knows the crap that I know. And again, I'm no big freakin God when it comes to this stuff either. You know, I know a whole lot about very little you know, there are people that are doing memory forensics and they're doing just all kinds of stuff they just blow my freakin mind. I'm like, you guys are Gods you know what I mean? But so I'm not trying to say you know, I'm the end all be all a cybersecurity by any means. But you know, you've got to have a more brotherhood approach. And you're part of the problem nacelle, I'm sorry, but you are when you're going in and like I said, you're taking that mentality against people. You're not helping the overall cause you're hurting it please stop that.

Shiva Maharaj:

Haven't times have either one of you gone into a situation seen what the crime is being built for but those are services the client will never see because it's on the IT provider or in house it to use or leverage. Yep, yep all the time. And we can go and say, Well, if you're not using this as a user, you don't need it, that could very well be the thing that's keeping the ship together. So we need a more holistic approach and consultative approach to go in and say, Hey, you see you have this, how's it being used? You don't know? Let's find out. Okay, maybe we can do this better. Or maybe we can do it differently. as Eric was saying, I think that is really the way you have to be because it's a small world. And we only get better by making everyone else better.

Eric Taylor:

I agree. And Eric, thank you for being 100% honest, Hey, man, I picked my cat, there was a lovely breakfast. That's good. You're right. I mean, our job is to go ahead and try to be nice and have an acceptance of our skill set to the to the IT group and you are 100% right on that. And it's true. For most definitely you taking the time. And you're like I said, Really sitting back, you need to take a more Kumbaya moment, if you will just have these conversations with folks and instead of being all harsh or dangerous, I mean, I'm a Marine, it's frickin it's in my blood, right? It doesn't do anybody any good. You know, even let's just say hypothetically anybody on here as an MSP or an IT vendor, you get a new client. How many more times is that communicate that handoff and a transfer of knowledge 1000 times better by just going in and being pleasant versus going in and being you know, the world's on fire type of situation. Right. Thanks, everybody for coming. I

Shiva Maharaj:

really enjoyed it. Sorry. We can get everything covered that we want to but we'll try again on Wednesday. Thanks. Thanks again for joining us for the cybersecurity amplified and intensified podcast.