Cybersecurity: Amplified And Intensified

Episode 12 - Taking action with Vince Crisler.

May 19, 2021 Shiva Maharaj/Eric Taylor/Vince Crisler
Cybersecurity: Amplified And Intensified
Episode 12 - Taking action with Vince Crisler.
Chapters
Cybersecurity: Amplified And Intensified
Episode 12 - Taking action with Vince Crisler.
May 19, 2021
Shiva Maharaj/Eric Taylor/Vince Crisler

Vince Crisler has more than 20 years of IT and cyber security leadership within the Department of Defense, federal civilian government, and private sector. He is the CEO and Founder of Dark Cubed, a cyber security product company focused on innovative solutions for small and midsize companies. He is on the IT Security Executive Council for CompTIA, the Executive Committee for the CompTIA ISAO, and a member of Embry-Riddle Aeronautical University's Worldwide Industry Advisory Board.

Prior to founding Dark Cubed, Co-Founded Fortalice Solutions, an innovative cyber security consulting company that supported Fortune 500 and Government Agencies.  Crisler previously supported the Department of Homeland Security (DHS) and Sandia National Laboratories in the development of cyber security protection programs to defend the networks of Federal Departments and Agencies, as well as those belonging to critical infrastructure and key resources (CI/KR) owners and operators. Crisler was the primary author for the five-year technical vision for the National Cybersecurity Protection System, a $3B cyber security program within DHS.  He was also a co-author of the DHS Enhanced Cyber Services (ECS) Program, establishing a critical cyber security information-sharing program, which was formally announced in Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity.  

Crisler also served as the CISO for the White House's Executive Office of the President and was responsible for the creation of the first ever cyber security operations center to protect White House networks.  

Prior to the White House, Crisler served in the United States Air Force in organizations to include the White House Communications Agency, the National Military Command Center in the Pentagon, and Ramstein Air Base in Germany.  Crisler earned a Bachelor of Science in Computer and Information Science from the Ohio State University and a Master of Science in Management from Embry Riddle Aeronautical University.  He currently lives in the Washington D.C. area.

Vince Crisler | LinkedIn 
Dark Cubed™ Cybersecurity Solution 

Eric Taylor | LinkedIn 
Twitter: barricadecyber 
barricade cyber solutions - YouTube
www.barricadecyber.com 

Shiva Maharaj | LinkedIn 
Twitter: kontinuummsp 
www.kontinuum.com   


BARRICADE CYBER
Ransomware Remediation Services, Incident Response and Penetration Testing.

KONTINUUM
IT support that's actually supportive.

FASTMAIL
Your data is for you, no one else. That includes your email, calendars, contacts, notes, and files!

Show Notes Transcript

Vince Crisler has more than 20 years of IT and cyber security leadership within the Department of Defense, federal civilian government, and private sector. He is the CEO and Founder of Dark Cubed, a cyber security product company focused on innovative solutions for small and midsize companies. He is on the IT Security Executive Council for CompTIA, the Executive Committee for the CompTIA ISAO, and a member of Embry-Riddle Aeronautical University's Worldwide Industry Advisory Board.

Prior to founding Dark Cubed, Co-Founded Fortalice Solutions, an innovative cyber security consulting company that supported Fortune 500 and Government Agencies.  Crisler previously supported the Department of Homeland Security (DHS) and Sandia National Laboratories in the development of cyber security protection programs to defend the networks of Federal Departments and Agencies, as well as those belonging to critical infrastructure and key resources (CI/KR) owners and operators. Crisler was the primary author for the five-year technical vision for the National Cybersecurity Protection System, a $3B cyber security program within DHS.  He was also a co-author of the DHS Enhanced Cyber Services (ECS) Program, establishing a critical cyber security information-sharing program, which was formally announced in Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity.  

Crisler also served as the CISO for the White House's Executive Office of the President and was responsible for the creation of the first ever cyber security operations center to protect White House networks.  

Prior to the White House, Crisler served in the United States Air Force in organizations to include the White House Communications Agency, the National Military Command Center in the Pentagon, and Ramstein Air Base in Germany.  Crisler earned a Bachelor of Science in Computer and Information Science from the Ohio State University and a Master of Science in Management from Embry Riddle Aeronautical University.  He currently lives in the Washington D.C. area.

Vince Crisler | LinkedIn 
Dark Cubed™ Cybersecurity Solution 

Eric Taylor | LinkedIn 
Twitter: barricadecyber 
barricade cyber solutions - YouTube
www.barricadecyber.com 

Shiva Maharaj | LinkedIn 
Twitter: kontinuummsp 
www.kontinuum.com   


BARRICADE CYBER
Ransomware Remediation Services, Incident Response and Penetration Testing.

KONTINUUM
IT support that's actually supportive.

FASTMAIL
Your data is for you, no one else. That includes your email, calendars, contacts, notes, and files!

Shiva Maharaj:

This is the cybersecurity amplified and intensified podcast. Today we have the honor of having Vince Crisler of dark humor with us events. How's it going, guys?

Unknown:

How are you? Good? Thanks, buddy.

Vince Crisler:

Okay, living the dream.

Shiva Maharaj:

So you want to start off by just giving us a little background on yourself and dark cube?

Vince Crisler:

Yeah, I'm Vince Crisler. I'm the founder and CEO of a cybersecurity company called dark cubed. We're taking on this mission and mantle of helping protect small and medium businesses. You know, most most of the approaches to cybersecurity tend to be top down. It's saying, you know, what's working for a JPMorgan or a bank of america? And how do we dumb that down for everybody else? And that ends up with like, Gartner Magic Quadrant and Forrester Research and all these products and services, which never works for small and midsize companies. And so our approach is to say, Look, why don't we start from the bottom up. And if I had to design a system from scratch that would protect SMB, it would look a little bit like a bunch of other solutions, but not like any of them. My background. You know, I've been in cybersecurity and it since before I could drive was an officer, communications officer in the United States Air Force, spent some time in the Pentagon spent some time at a group called the White House communications agency where I was on the road with President Bush, which was a pretty cool job. While there, I got sent to the White House to be the Cisco for the unclassified networks at the White House, which was, it was actually really cool time back 2007 2008. And we'll talk about this later in the podcast, I'm sure but kind of the origin of national efforts around cyber security with a comprehensive National Cybersecurity initiative, I built the first ever 24 by seven by 365 Security Operations Center there at the White House, and then went on to spend about five and a half years supporting the Department of Homeland Security in their Einstein program, and CPS, which is, you know, a massive cybersecurity protection system. And while there, I got the idea to start dark, cubed and took the leap into entrepreneurship. Very cool. Welcome,

Eric Taylor:

Eric. So I am also i, our cybersecurity firm, now, down here, taking care of a physical pen test that we got to take care of. And so we're, we'll talk shop, I'm sure, a lot throughout this thing, but where do you see from your side of the fence? In your world? What do you see, like where most of the failures are starting to come in from

Vince Crisler:

I think we're in a massive, heavily funded market with lots of companies, lots of startup and incredible amounts of money being spent on marketing an incredible amount of money on the sidelines from investors, and I think most people are missing the point. And the point is, most companies have any don't really have much security at all right? I mean, you know, from pentesting, like, it's not a matter of if you're going to get in, it's just you know, how quick it's gonna take. And it's just, you know, we're, we're at such a such a bad state. And I think the national dialogue is around frameworks and compliance and all of these technologies, when there are some basics that just aren't being handled. So I think that's the biggest challenge for me is like, the basics aren't being handled. And it's not because small and midsize companies don't want to, it's because they can't, like they can't afford it, they don't have the people, the technologies don't align to their mission. So that's the number one thing for me.

Eric Taylor:

So my side when you're bright, so this a little bit. I see a lot of times, you know, we'll go through and, you know, we'll break in whether, you know, virtually or physically or whatever the case is. And then we make, you know, do the time do the report, we submit it and they're like, Okay, thanks. See you next time. Wait, what? Your, are we gonna fix any of these things? I mean, like, nah. Like, you know, it's like, we, you know, me and shivah joke joke about us a lot that, you know, a lot of times that pin testing and stuff like that is more of a formality checkbox for them than an actual mission statement to actually fix things. Right. So 100%, you know, and it's really sad, because then I'm on the other side of the fence, because, you know, I, you know, truth be told you about 85% of my work right now is IR for ransomware. Um, and then that's when they're like, Oh, you know, nobody ever told us this. And I'm like, really? Nobody. I mean, come on.

Vince Crisler:

Yeah. 100%, I think, you know, most of the time when when you go down market and even up market, but when people are doing pen tests, it's because somebody told them they had to, and they just want to check the box, right? And they say up, here's the paper, we did it. And that's part of the reason is because it's just, it's so hard to really, you know, if you look at these, like, these are the top 10 security controls you should do. And if you're not doing them, you're wrong. maintain an accurate asset inventory of all your hardware and software. Okay, take a 250 person company. And really, how easy is that? Right? It sounds easy on the surface, but it's really complicated and hard and overwhelming. Versus look, make sure you have endpoints managed. Make sure your users aren't admins on their endpoints, and everything else like is great. But if your users are admins on their endpoints, you're done. Right? Like it's, that's it?

Shiva Maharaj:

How do you feel about self attestation when it comes to compliance and security, as opposed to having a body come in audit, you look at everything and then give you the stamp of approval,

Vince Crisler:

hence the root of the discussion with CMMC and 801 71. Exactly. Well, self attestation does not work, I think we've proven that it's very easy to say, Hey, I think this works. And if somebody comes back and question you, you say, Well, this is, this is how I made the decision. So it's really a question of judgment, versus a compliance body coming in. I like the concept. I'm a supporter of the concept of CMMC. I think how it's getting implemented is really tough. Because what it ends up being what I'm seeing happening is the big guys are just pushing requirements down on the small guys. Right? What should happen, and this is probably a controversial statement is the large defense contractors in the DOD that have the resources and have the team's need to take responsibility for the security of their supply chains, not push that responsibility down at small guys who can't do it?

Eric Taylor:

Because we're seeing a lot of aware, you know, the small guys, you know, that may only see one or two pieces of document, you know, a quarter are required to go through all this stuff. And like, Oh, well, our vendors, they're all under, we're okay, we're okay. We don't have to worry about all these guys are doing it. And Yep, no, that's not the way this works, guys. Yep.

Shiva Maharaj:

So tell us about darke cubed? What can it do for us and our clients and just the country in the world? Hopefully.

Vince Crisler:

Yeah, as we think about security, you know, we're, we're pretty plain spoken, we don't play a lot of games, we say what we do, you know, one of the key things to help protect an organization, and it's not the only thing you should do by far is to get visibility into what's coming in and out of your network. And I know, you know, over the next five to 10 years, kind of this idea of the network is evolving and changing. But we still have networks, we still have places where our users at aggregate. And if you have visibility to what's coming in and out of that network, you can pick up on things like ransomware, and emotet, and all these other bad things that are happening a lot sooner. And so you know, if you look in the market today, and you said, what would it take to properly instrument mine network to get log data to get reporting and visibility into it to integrate threat intelligence to get some automation and orchestration, that is an overwhelming, expensive, hard thing to do. Right? There are a ton of free tools out there, if you have an engineering team, you can prop up and potentially figure it out. But it's but it takes a lot of time and energy. And we've taken that entire process and boiled it down into something that can be deployed in less than five minutes with no hardware or software. We do that by saying what's the best way to get visibility into what's coming in and out of your network? Well, you probably already have something that has visibility into that, and that's called your firewall. Now, granted, that firewall is probably not configured correctly. But but it's at least seeing it right. And so we can take we can consume a data feed from your firewall, NetFlow syslog, in our SAS infrastructure, you so you just ship that data off to us. And we have the the algorithms and processing infrastructure to kind of pull out the metadata from that. So what are your phone records? Basically, we're source destination port protocol, data volume, we're then automating a bunch of threat intelligence integration and predictive analytics to say what's good, what's bad, what's unknown? And how confident are we in those assessments, and then allow the customers with a click of a button to say, look, anything that's known to be bad that you're really confident I want to automatically block. And so the question is, how do you block it? Well, again, you have something in place already today that that can block stuff. And that's called your firewall. And most firewalls have the ability to subscribe to a remote blacklist, that functionality is relatively useless in the general market, because, you know, let's take a Palo Alto that can block 20,000, or 50,000 entries, which 20,000 or 50,000, you're going to block, it's a hard choice, we take that, instead of saying, I'm going to shove a bunch of stuff into the firewall that I don't know if you're going to see and we turn it into a game of Go Fish where I say, I've got 300 million things I'm watching, if you see any of them, I'll tell you, you should block it. And then we constantly update and maintain that block list. So you're blocking the threats that are targeting you that can be up and running in five, you know, five minutes. And you know, we have a very affordable price point we sell exclusively through the managed service provider channel. So we partner with managed service providers to help make them better or managed security service providers to make them better at supporting their customers.

Shiva Maharaj:

Are there any firewall brands that you guys prefer to work with?

Vince Crisler:

There are some that are trickier than others, you know, Palo's are really easy. Sonic walls are really easy and popular. We have a custom integration we've designed from the Meraki's and Meraki's are out there everywhere. They tend to be really underpowered devices. And their cloud, they have their cloud platform, they don't do remote blockless. So we had to write a custom integration to integrate into their API. But that means we can deploy pretty quick. So we have one customer that's pushing out, you know, 150 plus Meraki firewalls through through our integration.

Shiva Maharaj:

And what about what are you guys doing with Fortinet and Sophos?

Vince Crisler:

So we support those as well.

Shiva Maharaj:

I know Eric's got a question there about zero trust and zero knowledge with your platform.

Eric Taylor:

Yes, I mean, when you're actually going down the whole platform are actually integrating with you and you're actually seeing all of our metadata where you're essentially seeing in our entire syslog data that's going over to you you know, how are we supposed To know who has access to it, or what analysts are accessing that particular data, because, you know, a lot of this stuff we keep finding are transmitting passwords in plain text, things of that nature. There's a lot of stuff that could be on a improperly configured network, or just because poorly coded line of business applications, you're able to see a metric f ton of data.

Vince Crisler:

Yeah. And that's, that's the really nice thing about our approach rather than taking an approach where you're going to a logging provider. So there are a lot of folks that will do logging for you, right? And you're sending them everything and they're aggregating all those logs are approaches, we're taking that stream of data. And the first thing we do with that stream of data is we parse out the metadata and throw everything else away, right. So we're not storing any of the content of those communications. In fact, the firewalls don't send us the content of those communications. As you know, in general, it's more the source destination port protocol, packet, vault, you know, packet length, those sorts of things. So we're not, we typically don't see the content. And even if somebody were to ship us the content, we throw it away before we even process it now.

Eric Taylor:

So what verification just to be, you know, the typical a-hole I mean, what, what verification does a company have, that you are stripping everything out, and you're only looking at metadata, I mean, we've seen time and time again, where, you know, companies will say, Oh, we only have access to this, and three, six months, or a year later, they get breached. And like, Oh, they really kept all of that data,

Vince Crisler:

right. And that's where, you know, we're happy to kind of open the kimono and show you how our system works, right? Where the data stores the data tables that are storing, like, we just don't have, you don't have slots to store that information. So you can't store it,

Shiva Maharaj:

you know, one of the biggest shortfalls I've seen in a lot of vendors in your space and adjacency, or space is as a provider, or even as an end customer, we typically do not get any insight into how your systems and people interact with our data. And as I'm sure you know, if you go SOC two, type two, you need to provide that audit log to us. And I'd be hard pressed to find anyone that does that right now, quite honestly.

Vince Crisler:

Yeah. And it's, it's expensive to go through those sorts of processes, and most customers don't care. So it's a it's a tough business discussion, right? It's like, do we spend a lot of money on this certification process that most people that the broad market doesn't care about? Or do we invest that money into product features,

Shiva Maharaj:

I'm less, I'm less interested in the certification, and more interested in just having in your portal in your GUI, being able to click on a tab or a link that shows me an audit log of what you guys are doing with my data and how your company is interfacing with it? Because, you know, I have to deal with insider threats at my clients in my own company, hopefully not God willing, and potentially, in your company and the, you know, dozen or so other vendors I may use?

Vince Crisler:

Right? Yeah. And I think, again, that reinforces our approach in the market of, you know, simplicity makes all the difference. There there are, there are two pieces to what we're doing. You know, one is when you're just storing the metadata, you know, we can do we, we have a patent that was granted in August, around anonymization of data. So one of the things we're doing is we are at when you look at a traditional SIEM tool, right, the ability to aggregate data across customers and do cross customer analytics is a challenge, right? Because people do not want their data commingled, one of the things we're doing that is unique is we're taking everybody's data, we're taking that summary data that I mentioned earlier, we're associating it with an anonymous ID, and then we're putting it into one data set, right and that data set, then lets us look for trends and patterns in the way we're using that data. You know, a great example is we're tapped into the API for alienvault. TX, right. And you have a lot of analysts out there that are publishing threats with IOC s in them, that can be very helpful. You know, as soon as any of these major reports get published, those IOC s that are in alienvault t x, we're consuming them, we're protecting our customer, the challenge is you can't control the analysts that publish data. So an analyst could say, look, this malware threat is using 8888 is command and control. That's Google's DNS, it would be a false positive, it would screw up everybody if we automated the consumption of that. So how do you consume that in a no human in the loop machine driven way, and protect your customer base. And the way we do that is with that aggregated data I mentioned so we can consume that data. And then we can use our customer data as a noise filter. And we can say, what percentage of our customers have seen this? How many times what's the standard deviation from the norm, and that can adjust our confidence factor. So we can say, Look, 80% of our customers have seen this 33 million times. Either the entire Internet's been hacked, and everybody's screwed and everything's on fire, or this is way too noisy to consider as valid, and we're gonna drop it to the floor. And so there are there are really valuable ways when you think about automation. And you'll notice I'm being very careful about not using machine learning and AI because I hate those freakin terms of snake oil, snake oil used in this market. But, you know, you can automate when you have the right data, you can automate decision making in really cool ways. And that's that's what we're focused on. How do we deliver protection to the masses? And how do we use that data to do it? And you know, to anybody that has concerns about how we use the data, we're hoping to have open to having a deep dive with those folks and showing you exactly the data and how we use it and how we consume it. No transparency is the key.

Shiva Maharaj:

are you guys doing anything with DNS over HTTPS?

Vince Crisler:

Nope. From a roadmap perspective, what we're likely working on, and we have, we've had discussions with it with a company that we were going to be partnering with, is taking a partnership approach to DNS, right, taking a partnership approach to endpoint versus trying to develop it ourselves. And I see

Eric Taylor:

a lot of just a push back. I mean, what's the timeline on that? Because, you know, until Darkside, was, you know, I mean, let's not beat around, they weren't taken down by no damn government entity, we've got three cases right now that they're very much in the fucking mix right now. They are just going silent on their name and shame site, they're still collecting, you know, so the claim that there have been seized as bullshit, but, you know, net Walker before they went down maze when they were still around. Um, Conti does i Darkseid does it even though, d pends on the operator, because D rkside is a rasp platform. But y u know, whether it's SFTP or, y u know, SSL DNS, you know, t at's typically their de facto, b cause most firewalls are not c nfigured to monitor any SSL t affic and right, if you're not p tentially grabbing that m tadata or anything like that y urselves, how are you going to b able to potentially alert s meone from a cybersecurity t reat like that?

Vince Crisler:

Yeah, it's a great, you know, in the cybersecurity world, we end up in this challenge of like, you build a better mouse, I'll build a better mousetrap. And there's still this fundamental thing that has to happen in the internet, which means a packet has to go from one host to another. So whether you have DNS on top of it, there's still IP communications happening on the back end. So if you look at fireeyes report on the colonial pipeline hack, let's just say for something out in the news, and everybody knows about, you know, that their report has a couple of domains listed in a couple of IPS list, right? So how do you take those IPS and for your average, smaller mid sized companies say, if that IP shows up on my network, I want to be protected against it. Right. That's, that's kind of a it's a simple thing. But it's a hard thing to do. Because of our automation. We're saying like, I don't care what domain name they use, if that IP is communicated to in the next couple of weeks, it's bad, and we're going to block it. Right? all stuck.

Shiva Maharaj:

Okay.

Vince Crisler:

So the concept here is not you know, if you want to be on the cutting edge of detecting new threats, detecting sophisticated threats, breakout your pocket book and be prepared to spend, that's not the problem we're trying to solve. The problem we're trying to solve is, most of the things target. Most of the reason these ransomware attacks happen is because somebody left RDP exposed, or some credential gets compromised, and it's a known host that's communicating in, and they're just not stopping it. Right. So how do you you've got, you've got somebody brute forcing an RDP host, that brute forcing isn't prevented, it's coming from an IP that's been known to be bad for a year, but they don't have a SIEM, they don't have anything else, you know, we can stop that. We're not stopping ransomware, but we're stopping the stupid part.

Eric Taylor:

And that really brings up a great point, because, you know, there's been times times again, where we will be on a pen test or whatever. And now we'll start hammering stuff, right, you know, doing dictionary attacks, you know, the 1 million passwords, whatever. Um, and it sets off no freaking alerts on the blue pane. And I'm like, really, I'm at like 1000 logins right now. And nobody's calling me or shutting down. Nobody's running around with our hair on fire.

Shiva Maharaj:

Tell them the truth. Eric, you did it on the Manage SOC I was using against me. And they never picked it up.

Eric Taylor:

Man. Yeah, I mean, that. Like, normally when we're on these calls, you know, we're, you know, talking, you're normally in a Zoom Room or whatever, and I get bored. You know, I was actually showing the hotel staff here. The one of my great one of my greatest tools is, you know, I want to score I got ADHD, but one of my favorite tools is this because most of the time that little halfmoon plunger is not fully pushed out. And I have written just about any frickin room that you want. Yep. You know, it's just crazy. But anyway, I digress. But yeah, the the lack of logging, the lack of notification on some of the simplest damn things is incredible. Yeah, I'm like, how did you not notice this? Like there's one thing to run a Mimi cats are not a Mimi cats, but meta sploit to pop an RDP from a 2008 rT server,

Vince Crisler:

right?

Eric Taylor:

You know, that's a pretty quick attack to pop into a server, but dictionary attacks are easily able to be detected. So would you say Darkside cube, I keep seeing the

Shiva Maharaj:

dark cube not dark side. I don't think he wants that association.

Vince Crisler:

I wish I had two or $4 million of Bitcoin in my account or $5 million a Bitcoin

Shiva Maharaj:

90 it was 90 million in Bitcoin over the last Last year, not year, sorry, this year alone from 99 different payouts, just just a little bit of money.

Eric Taylor:

So dark cubed, yep is more of a, would you say more of an advanced detection module versus a prevention module,

Vince Crisler:

I'd say it's both, you know, the ability to say I can take a firewall and not care how well it's configured, get visibility into everything that's happening on the network and black block the stuff that's known to be bad or likely to be bad. And the ability to do that in five to 10 minutes to get the to get that visibility. And information is something that doesn't exist in this forum in the market, you know, we have customers that are using it, as a part of their traditional security stack, we have customers that are using it an IR, you know, one of our customers is basically every IR they go to they deploy dark cube first, right? And because that at least gets them visibility to what's coming in out of that firewall, what endpoints are communicating, and to get some advanced information, because you know, as well as I do, the number of IR events that you go to, and you're like, Okay, let me see your logs and like, we don't have

Shiva Maharaj:

them, what logs don't exist, they're a fairy tale. with dark cube, I'm assuming with everyone going back into the office, you would probably be one of the better options in there with old with firewalls that probably have not been updated in the last year, and tons of endpoints coming back in with God knows what on them.

Vince Crisler:

Yeah, we think so when we think, you know, look, I, you know, being saying exactly what you do is good and bad, right? Like, we're not saving the world, we're not the silver bullet. But you know, if there's one thing you're going to do to improve the security of an organization, you know, and we don't talk about our price publicly, because of our channel, we want to protect our channel partners. But it's an incredibly affordable price point, and take it to the level for a managed service provider, and MSSP to come in and deliver security at that price point. You know, it's just a really good value, and it lets them then say, you know, something bad happening on this network? Is it being attacked or not? is there is there something going on? So I need to raise visibility and get more spending, it's a lot easier to convince a customer to spend, when you can say, look, all of your internal infrastructure is getting brute forced all day every day? Because you haven't any any role on your firewall, right? Like, those discussions are a heck of a lot easier when you get data. One of the things I like

Shiva Maharaj:

that you mentioned is that you are somewhat anonymizing the data. And it's not commingled. Whereas every single managed SOC Sim, Kool Aid, whatever in the channel, all your data is sitting next everyone else's data, and it's a logical separation with a customer tag if that. So they get breached everything. That's the real look under the kimono.

Vince Crisler:

I wouldn't say that our data is not commingled, because, you know, I want again, transparency is key here. But what I say what we're keeping is that summary metadata, so what could an attacker do, if they know the IPS, you've been communicating with the number of times and the amount of data that you've been sent to like, that's not there's not a lot of value in that data, right? It's like, it's like your phone record, there is value there, you can do a lot of really good stuff with it. So what we're not doing is we're not storing all the raw logs and all of your sensitive data in a way that if if that data were to be accessed, it would cause harm, right. And so I say like, we lower the risk by encrypting the data by reducing the kind of the fidelity of the data. So we are only keeping the metadata data we need to process and then by obfuscating it with some anonymization, so when you're to circle

Eric Taylor:

back to the IR, where you, you have partner several that are using you for IR, how many times you find that the the firewall has such poor logging history because of improper configuration that you're not really able to help on the IR side.

Vince Crisler:

So we provide value, as soon as we're deployed, we don't provide historical value, right? So we can't come in and say, let me I can show you what's happened in the last six months. But what we can do is you can say, I don't trust anything going on in this environment. So I'm going to get an anchor point of trust with dark cube to get some visibility into what's happening. So I can at least start to establish a source of truth. I mean, a lot of the you know, some of these things are, you know, when it was back when EMOTET and make us seem like a SIEM, it's kind of still around got taken down, for the most part, right. But back when it was really active, we had a company that was just getting hammered with it. And every these hosts, were nailing their Active Directory server with false passwords. So all their users were getting locked out. And they had to write scripts to like automatically unlock accounts, and they were fighting this horrible battle. And they didn't know which endpoints were doing what which endpoints were communicating, we got dark cube deployed, and instantly you're able to see, okay, these are the hosts that are causing the big problems. These are the endpoints, we get these blocked and you're able to start remediation. So again, you know, it didn't solve the problem but it got to get you the visibility you need to start taking steps towards solving it.

Eric Taylor:

And let's just be honest, I mean, even if it was more like a dadgum troll on a bridge, right I mean, yeah, you know, it dropped its payload and then sold access to any Tom Dick and Harry that was the highest bidder back right. So I mean, the the threat landscape of emotet was fucking massive.

Vince Crisler:

Yeah. Amen. Yeah,

Shiva Maharaj:

how old is dark cubed?

Vince Crisler:

We've been around about seven years, you know, I had started a services company at the same time, and we can incubate a dark cube out of that services company exited that services company about two and a half years ago. So no plan

Eric Taylor:

B and MSP MSP built for msps. Labels are hard.

Vince Crisler:

But I would say we enable msps and mssps to deliver better security at a lower cost.

Shiva Maharaj:

Eric and I just have this running joke that most msps come up with an idea try to sell it to their peers. And security is completely lacking. Functionality may be great, but it just bleeds information like no other.

Vince Crisler:

Yeah, I agree.

Eric Taylor:

So the other thing that kind of segues way in, I mean, she was gonna start shutting me up here in a minute, I'm sure. But um, because like I said, I'll keep going on and on. But, you know, I guess how are what are you able to disclose about funding? Because, you know, when you start looking at companies like Kaseya, and datto, and connectwise, I go around and buy up everybody? I mean, I have a heart on our I hate to say, I Same here. Yeah, there. You know, we full disclosure, we were using a company called rocket cyber for a lot of our collections. Uh huh. And, you know, talk to the owner, things seemed great, right? I mean, we knew he had growing pains, but I was like, You know what, I mean, he's a cool guy, he gets it. I don't mind supporting him through the hard times, while he's trying to grow. He's got growing pains. And then he goes dark on us. And, you know, three or four weeks later, we find out he's been free to talking about selling the Kaseya for over a damn year

Shiva Maharaj:

and sold to Kaseya. And the day they announced it, the day it got leaked, actually, because they didn't announce we Eric and I both cancelled our accounts, as did many others. So I guess Eric's question is really, do you plan on selling to Kaseya? Right now? Because if you do, God help us,

Vince Crisler:

No, in fact, the hard discussions we've been having lately, I mean, we've been getting a lot of traction, we've been getting a lot of visibility in the market, there are typically like three hard questions that people are asking. They're not hard questions, but they're things that people are passionate about, you know, one is, are you going to sell out to one of these, like Kaseya, or solar winds that just rolling stuff up? And basically, you know, ruining the product? As a part of it? I would say? And, you know, that's not our strategy. To the question. There are, there are so many private equity firms right now sniffing around to make this mythical magical cyber roll up. And the whole idea behind this mythical magical cyber roll up is, you know, buy a platform company and MSP that has a bunch of a bunch of customers and buy a bunch of other products, roll it up and resell it, cut a bunch of costs. Again, that's not good for the market either. And then the final thing is, you know, are you going to outsource the data to an overseas SOC? Are you going to have overseas folks managing or are you going to lose track of our data? So on the first two, you know, with respect to funding, we've done a couple of rounds. Today, they've all been really relatively small rounds, we're gearing up to do another series, we're going to call it like a series A to what the in the in the third or fourth quarter of this year. we're gearing up to do that right now. And our goal is to raise money to scale ourselves not to sell out, right. The second piece is a good part of our business that you probably haven't heard about. The DOD is actually working with us. There's a whole group within the Department of Defense called the defense industrial base. These are all the supply chain folks. You know, CMMC applies to these folks. There's a group within the DOD called the defense cybercrime center, DC three, and beneath DC three, there's a group called the DOD cyber information sharing environment, abbreviated dice, DCI se and they have the dib CS program somebody's frickin acronyms, right? alphabet soup. Yeah, the dead cyber security program, which is like, if you look at 801 71, and you're required to report a breach, you got to report to these folks. So these are the people and they were just comments on the Hill about the the dip CS program and the dice program and information sharing all that as background, we have a program with them called they're calling dice, three DCI SC three for dark cubed, right, dark three. And they're funding the deployment of dark cubed on dibh company networks. And this is this is all happening in a separate Gov cloud deployment. That's only used for them. We're anonymizing and aggregating that data so that DOD can actually threat hunt and monitor these dead company networks, but they don't know which, which, which networks they're looking at. So now, when they get breach information, they can actually look in real time and say, you know, what are we seeing across the dib with respect to these indicators? And what are new indicators that are popping up? And then we're also automatically sharing the indicators from the DOD back to those companies where, you know, as a part of our threat scoring system, so if DOD says this is a bad indicator, and it's not publicly known, the people in that program get protected from it. So it's a really freakin cool program. But it means because that's a core part of our business, we have to be very careful about, you know, outsourcing data, overseas data, Overseas Development, those sorts of things. So that lineage that heritage for us, I think should give folks confidence.

Eric Taylor:

Now, how much of that information before you start answering the other questions, but how much of that information is being able to be shared with your other partners? And when you're saying what I'd say, like, how much like you see, you know, some funky going on with a DOD or DOD contract or whatever, you know, and they say, Okay, now this is really not good, then, you know, everybody kind of looks at it real quick, you know, is that information able to be shared through your other partners to start locking them out from potential threats as well,

Vince Crisler:

today, we're not doing that to get access to some of that, that government information, you have to sign a contract agreement, you have to

Eric Taylor:

send that over.

Shiva Maharaj:

I'll take that threat, Intel,

Vince Crisler:

folks have to sign in and be a part of that program. Part of where we're headed with this next growth round is investing in more analytics capabilities, right now, you know, 99% of our capabilities, machine driven and automated, which lets us keep everything affordable. But there's so much value in our data in terms of trends and patterns that we can do more to help our customers with. So that's a key part of our roadmap is how do we get better lessons learned out of this data and help provide feedback to folks and help continue to carry this flag forward of you know, really making a difference in security, downmarket

Eric Taylor:

Would you be interested in the next year or so unless it's already something in the works, but you know, for msps, or whatever that are using a Perch or a sumo logic or whatever, a gray log server, you know, being able to potentially procure some of that, you know, that data set coming over from you guys coupled with alien OTS and things of that nature?

Vince Crisler:

Yeah, I think partnerships and information sharing are key we're seeing, you know, I think a great trend that I've seen over the last couple of years is up market, there's a lot of good information sharing happening, there's a lot of people sharing information really fast. And so we've seen when breaches have happened over the last couple of years, you know, people are all over it sharing data and information. Now, how do you make that usable down market? And how do you automate that is still the challenge. So partnerships are key. And I will say, we, we are on a partner with the comp Tia ISO. So I don't know if you've been tracking that

Eric Taylor:

Yep Im a member of that Yeah.

Vince Crisler:

Perfect. So I'm on the Executive Council for the county ISIL. And a core part of you know, the way dark cube is partnering with the Comptia Isao was how do we start to automate the information sharing that we can do into the ICL? So you know, it's gonna take us a couple quarters to get there. But to be able to do things like, Hey, here's a list of i o C's, which of these are actually being seen actively in the wild and which aren't, which then lets you prioritize response against them.

Shiva Maharaj:

One of the cool things that Eric and I both use Sumo logic for log aggregation. And one of the cool things is it pretty much comes with crowd strikes, threat Intel built in. So you can take all of your logs and compare it and flag it against anything coming in from CrowdStrike. Which would be pretty cool if we could do something like that. with dark. Yeah. I like that. And then secondary a business line item for you guys. Exactly.

Eric Taylor:

Yeah. Because I mean, companies like myself, and I'm sure maybe shivah some other folks, we would actually buy into some of that burden, too. Because, you know, the, like you mentioned before, you know, alienvault OTS as a great thing. And I'm a member of that, right? So I mean, I subscribed to those feeds, but it is a noisy son of a bitch, you're like, Alright, Is this real? You know, and it's, it's, I understand you, it's community driven. You know, it's like GitHub, right? So you got the GitHub of the threat Intel but you've got to you got to parse through it you got to make sure am I about to drop some code in my my development application that may or may not open up a back door right. So you know it you know, always being able to find a trusted source for threat Intel is so freakin hard. And there's a lot of bad thread Intel that you'll buy into. I mean, there's so much of it. I'm like, this is just crap. garbage. Right? So

Shiva Maharaj:

have you guys looked into anything from recorded future as far as their threat intelligence?

Vince Crisler:

We have not. You know, again, as a small focus team, you focus your energy where we're where you can make the most traction and that's been on the usability of the platform. we've rolled out new notifications, enhancements and new reporting enhancements lately. We do have a partnership with grey noise and if you if you know Andrew over grey noise know the company, I don't know the people. Yes, Andrew Morris, great guy, great team that he's built. You know, they basically have a global grid of sensors that are listening for bulk scanning activity, and then classifying as as malicious or burn. or unknown. And so you know, as soon as zero days are released, they're seeing people scan for him. And so we actually have that integrated into our scoring algorithm. So anything that they see is bad, we automatically score is bad and block. And so for us, it's less about how do I enrich threat intelligence in terms of actors and capabilities, as it is, you know, our scoring, which I didn't mention earlier, our scoring is one through nine, I hate the scoring systems that are one through 100. Because it's like, what's the difference between 84 and 87? And our scoring is basically a three by three grid, it says, Is it low threat? Is it medium or neutral? Or is it high threat? And do we have a low level of confidence, a medium level of competence or a high level of competence? So something that's a nine is high level threat, high level competence, block and move on? Right? Something that's a seven, high level threat, low level of competence. It may be a web server that has 150 websites and one's bad, right. And so it lets you decide kind of where your threat posture since

Eric Taylor:

I like that mentality?

Shiva Maharaj:

I know a lot. What are your thoughts on the recent executive order? And how does it affect our cube if at all? Or how is dark cube poised to leverage it?

Vince Crisler:

I'm not sure it'll affect us. I think, you know, it shows a focus by the administration on doing something in cyber security. I mentioned in my intro, you know, I was at the White House back in Oh, seven, back when the comprehensive National Cybersecurity initiative happened. And if you know Cincy like there were a bunch of initiatives in there. One was supply chain, you know, one was intrusion prevention, intrusion detection. So, on one hand, it doesn't feel like we've made much progress in the last 20 years. I look at the executive order. And there's a lot of stuff in there that I'm, you know, I appreciate the administration taking steps to do things. The fact that it takes an executive order to get the federal government to focus on endpoint detections is boggling, right? Like, it's just like, some of these things are just, they're just non sequiturs. For me. Some of the things I like, you know, the federal government's infrastructure needs to be modernized, we need to think about a new approach to cloud, we need to think about a new approach to architecture. We've got a lot of fiefdoms in the federal government. And a lot of people trying to protect their infrastructure. It's, it's a controversial topic, it's hard. I've been an advocate for a long time of saying, you know, the federal government needs to have one IT organization that does generic it. And then individual departments can do their own things for their own unique requirements. Do you like an email? Like, shouldn't there be one organization running email for the entire federal government and securing it and locking it down? Well,

Shiva Maharaj:

here's a question for you based on that. Do you think FedRAMP works or is effective at what it's supposed to do? I,

Vince Crisler:

you know, I think all of these compliance regimes, whether it's, you know, FedRAMP, or a lot of these NIST, things end up being paperwork drills, it's easy to paper over, it creates a lot of work for folks. I'm not sure it drives security at the end of the day. Right. I think. I think the question is, and we've been having, I'm also on the on the board at the CompTIA Cyber Security Council, and we've been having a lot of discussions about compliance and security. And around kind of compliance should be about proving you have security not being not not being its own program. Right. When when you have people that are running compliance programs and creating 60 page documents, but then the the underlying infrastructure is completely insecure. That's not helping anybody. Right. And so I think it's a challenge. It's like, Where Where do you draw that line of how do you make sure things are done in a secure manner? How do you prove that they're being done in a secure manner? But how do you not create immense amounts of work around documentation that have no impact?

Shiva Maharaj:

You know, one of the things I've always discussed with Eric is, I think, we as a country should drop every single compliancy we have and adopt one. And in this case, maybe to CMMC, because they have levels three, four, and five, I don't consider one into anything, because there's no logging, so why do it, but the reason I say this is you have a single language that everyone is speaking. And if you have tiered levels, whether it's one through five, and then you tack on, you know, top secret clearance, and those on top of that, at least you know, where you stand and you know what you're dealing with, but having to map a DFARS against NIST 181. I mean, it's it's misery and HIPAA, HIPAA, and CJIS to me are the poster children of fail to compliance.

Vince Crisler:

Yeah, and you have every, you know, state data, state privacy laws, if you're in California or New York, you know, you have different things you have to worry about. It creates a lot of headache. The cynic in me says there's so much money and compliance, that it's hard to change that, of course, and a lot of these, a lot of the watered down compliance regimes are driven by the lobbyists and industry that don't want government to do anything, right. So it's like take take PCI as an example, right? Like PCI came about, because industry did not want government to regulate it. And so they came up with their own scheme. And when industry comes up with their own scheme, it has to be good enough to make everybody feel like it's good and secure. But it can't can't restrict business.

Shiva Maharaj:

Well, that's the same thing with the medical boards, right? Yep, rheumatology board, radiology board, they are doing. I mean, look at the radiologists, they control how many people graduate every year to fix their price that they charge.

Vince Crisler:

So maybe, maybe over the course, the next couple years, we're going to have some natural selection going on with these ransomware attacks and other cyber attacks are just going to start taking people down. And we're going to realize, like, the compliance approach doesn't work. And you know, as much as people, I'm going to, I'm going to go on a little bit of a rant, because like, go for I get it, I get into discussions with investors about like their, you know, we talk about what we're doing and our approach to the market. They're like, Well, how do you compare to this AI tool or Cylance, or take any other sophisticated tool? And it's like, they have so much more capability? And the answer is, well, it's not working. Like we're not, we're not protecting the mass market, these people are completely exposed. So put, put whatever expensive product you want on a pedestal, that's only going to work for 1% of the population out there. And maybe those are enterprises that spend big money and making money as an investor. But there's a massive market here that's underserved that nobody's projecting.

Eric Taylor:

What conversation going around, what product Do I need to buy to secure us? Um, there's not just one.

Vince Crisler:

Yeah, the the talking point I use is the punchline at the end of cybersecurity, for all the geeks like me is that cybersecurity is about boring old risk management, right, you have to determine what you have the value of what you have, how much you spend to protect it, and what the best way to spend that money on is on protecting it. Right. And unfortunately, and people just don't take the colonial pipeline, take anybody else. Like, if you have a good kind of AV anti malware, you have a good your your endpoints are locked down with a relatively decent ad and in tune where users aren't admins on their machines. And you're doing logging and monitoring ransomware, you know, is a lot harder to get through. Right, some very, very basic things. And the discussion that you're seeing at the national stage about we need to overhaul compliance, we need to do this, we need to do it. Nope. People just need to simplify this. And we need to get some of the marketing speak out of the way and let people get the basics in place to protect themselves. It's so freakin confusing. If you're not a technologist, and you're trying to figure out how to secure your company, like go on to, you know, go on to any major firewall manufacturer website, as somebody that doesn't know technology and try to pick a product,

Shiva Maharaj:

the most expensive one, that's always the best product.

Vince Crisler:

Exactly.

Eric Taylor:

It must be this as expensive as the best of the best.

Shiva Maharaj:

What are your What are your thoughts on going back in time a little bit solar winds? Who do you think fail their solar winds are the government in their procurement and their and how they kept it in play? Because it was to me it would seem they vetted them to bring them in. But there was no continuous vetting on the renewals or throughout the product lifecycle in the government space.

Vince Crisler:

I would say as a nation, you know, going back to since the 11, which was supply chain risk management, we as a nation have not figured out how to think about supply chain risk management as a strategy. I worked very closely with DHS and Sandia Labs on the supply chain risk management stuff. You know, I think it's been proven that if you have access to the supply chain, of a product or a service or hardware that you can embed backdoors that nobody will ever find, right period. Right. And so if you start with that assumption, you know, I don't think the failure is necessarily, there are some there are some stupid things. I don't know how true they are around like, did they really let an intern set a password, like some really, really failures like that. But at the end of the day, it's a systemic issue that we do not know how to think about. Once somebody gets into the supply chain, and is able to compromise hundreds or 1000s of organizations because of it. It's hard to say who's at fault, right? Because it's such a systemic issue. And I'm, I don't know if you guys saw the report that we wrote on IoT security, we just released it a couple of months ago. Now, this is one of those issues like consumer IoT devices, like you can go to Walmart, and you can buy a camera from a company called mercury for like 34 bucks. But what you don't know is behind that company is a is a Chinese company that just went public called tuya. That I think they're they raised like over 950 million in the US stock market. They're a Chinese company. They're they're basically taking command and control of consumer IoT. And they're doing it from what I've been told from people in the industry, yet the low costs.

Shiva Maharaj:

I've seen that. I another company I used on one time was a bicycle, distributor, or bicycle parts and one of my people went over to China. They brought back these really cute toys for kids of the people that work for me. Yeah. And they all had to be charged via USB. And when we plugged one in, we started seeing all that flow data going back to China. It was impressive. And this was 2014. I think 2013. So this was before China became the Big Bad Wolf, so to speak. But

Vince Crisler:

Yep. And so you know, there there are going to be a lot more incidents like that. I mean, we've that we're fighting it at the national security level level with Huawei and ZTE, right, like amazing gains and Africa and South America on infrastructure, telecommunications infrastructure built by China, we're gonna see it in commercial and consumer IoT. These are the big supply chain things we need to get a national security strategy around in solar winds. It's just a small part of that.

Shiva Maharaj:

Oh, absolutely.

Eric Taylor:

I mean, will you take a turn looking at, you know, companies, like simply safe or ring or anything like that, you know, you're adopting these devices to your portal? How, who's actually looking into, alright, Where the hell is this registration server? You know, I mean, come on, guys. I mean, got

Vince Crisler:

a major, I can't divulge too much, but a major like alarm company is adopting some IoT infrastructure, IoT devices that are manufactured by to you. Right. So again, a Chinese company, and what two years telling all of their, all the people that are shopping with them is like, Look, we have infrastructure on AWS, and it's in the US. So you're fine, don't worry. But, you know, I did a kind of a breakdown of that infrastructure. And it's just copy and paste across the globe in different AWS zones. And the AWS zone they picked in the US, happens to be us west to which has the lowest latency back to China.

Shiva Maharaj:

Well, you know, perfect example, this is super micro, Bloomberg has run two articles 116. And they updated it earlier this year. Supposedly, MSS put some chips on the motherboards. But I'd be hard pressed to think that they have not been doing that for the last 20 years. I mean, look what they did to Nortel back in the early 2000s.

Eric Taylor:

And Cisco for years.

Vince Crisler:

It's been a that's been a fascinating story to watch, because the first one came out and everybody's like, No, no, no, it didn't happen didn't happen. Right. And then the second one came out. And it's like, yes, it's happening. Like, it's just amazing,

Eric Taylor:

super micro still to this day claims. Now, this isn't?

Shiva Maharaj:

Well, I can't I mean, you know, half of the battle, and this is something that I don't think many people understand or see is, it's a mind game as well, right? You need to have these IOC is made public to break our resolve. And then we have our government as say, No, no, no, it's under control. Because if you lose faith in them, it's tough.

Vince Crisler:

Yeah, part of the challenge is like you look at you look at the public discourse around Huawei, you look at people that have been in the intelligence, community intelligence space, and you know, their answers, Huawei is up to no good. And in the public space, like, it's like, well show me an example. Right. And it's really hard to prove it. And the point is, if you can hide backdoors, in these devices that you can't tell her there, you know, if I were, if I were in China is known to have a very long strategic planning cycle, you know, we're not talking years, we're talking decades, you know, yeah, let's talk pile this, this infrastructure. So when I want to use it, I can use it and you're not gonna, we're not gonna have evidence until it's too late. And so I think this evidentiary based approach, again, going back to the requirement on this administration, and Congress is to really figure out how to solve this national security issue. The industry can't solve it. It's not going to be solved by the security community community, the decisions that are going to be made aren't going to be easy. But you know, something's got to be done.

Shiva Maharaj:

How do you feel about bringing manufacturing back here with the caveat that Russia and China sold control the raw materials anyway, for chip production?

Vince Crisler:

Yeah, I think I think it's not an all or nothing, I think you can talk about getting getting hardware manufactured, where it makes economic sense to do so. But then thinking about the firmware in those devices. So if I take a device that was manufactured in China, should I reset the firmware with my own firmware? Right? So you can still take advantage of some of the cost savings from a hardware manufacturing perspective, but we can do some additional security measures to protect those devices.

Shiva Maharaj:

But what about the super, super micro incident where they're putting a separate chip on the motherboard that would probably bypass any firmware or software updates that we're so good at making?

Vince Crisler:

Yeah, you know, again, it's going back to risk. So how do you manage risk, like if I'm putting it into, I volunteer in my part time to run it and security for my church? Right. So I run the data center, it's probably the most blinged out IT infrastructure for our church. I'm running SCCM I'm doing all sorts of cool stuff. But what I care about buying a server that might have a backdoor to China, for my church. Yeah, maybe not. Right. What I care about buying a server that has a backdoor to China for the F 35 program?

Shiva Maharaj:

Yes, they already do.

Vince Crisler:

So So then the question is, if you think about it in terms of level of risk, like do you have This was a concept that I'd heard discussed as part of the supply chain risk management stuff is, you know, let's say it's, it's cost prohibitive to do some of this manufacturing in the US. And so out of, you know, I'll just throw some numbers out there out of 100, f 20. twos, we're gonna design 10 of them that are going to cost 10 times more, but they're all going to be done in a separate manufacturing line in a way that they're a high competence package. So if the bad day comes, and we go to war against China, we have 10 of them that we can rely on versus 90 that we can try to rely on. But if they, if they fly themselves back to China, you know, we at least have something. So I think it's about thinking about this the strike package mentality from from a military perspective, and how do you make sure that you can survive through a battle like that?

Shiva Maharaj:

Well, I think you bring up a good point, I think anything related to the defense of the country should be done here. barring the cost. I mean, we just print money, right? or giving it away 10 ways till Sunday at this point. But yeah, it's a whole different podcast. But build it here. You know, you look at China, they're producing their own chips. They're producing their own technology for their armed forces. And so as Russia, were the only I mean, not the only ones. But the Western world loves to buy from China to fight you all. Fight China. And I make a joke with Eric, for the trade war that everyone thinks is coming. What are we going to do? Park The Nimitz off the coast of China and say, Don't export to the US. It's not going to happen anymore.

Eric Taylor:

Yeah. Yeah. The whole I mean, circle back a little bit the you know, the whole executive order and going around supply chain and air like that. I mean, you know, when you start taking a look at Okay, colonial pipeline got hacked by Darkside whether or not they pay the ransomware or not, I guess there's a legal discussion that's gonna be fought off the courts. Forget stupid that we have to have that type of discussion now.

Shiva Maharaj:

But they defied Congress and said, they're not going to release that information to them.

Eric Taylor:

They, I guarantee you, they paid the damn ransomware whether it was a restore their servers or not, but I guarantee you is because there was stuff in there, they did not want get public

Shiva Maharaj:

ENRON. Part Two.

Eric Taylor:

Yeah, maybe maybe not. But I mean, when you take a look at, you know, the executive order, right, so if How much would that executive order that you're saying, really have stopped me? Oh, the whole SolarWinds issue, the whole colonial pipeline issue? Things I got my answer. But I'd love to see what your answer is.

Vince Crisler:

I mean, there's this concept of like the NTSB review board. So like, okay, so solar winds happens, and we pull a bunch of experts in the room to figure out what happened and make recommendations. Again, I I think at the end of the day, I don't think this executive order is going to make much of an impact. I think there are other efforts that are strategic. So things like the cyberspace solarium commission, I think they're doing really great work. If you haven't heard of them, they've released a report and what, what's what's what's good about what they're doing is they're pulling in experts to write policy recommendations that are actually getting put into law. Right there recommendations are made to get into the National Defense Authorization Act to fund the DOD. And like, that's where we have to move as we have to like, all of this talk about things we could do or should do, we got to start taking action. And even more importantly, going back to kind of the mission of dark cube and what we're focused on, like, none of this is going to help protect that smaller midsize company, right? Like, we're forgetting about the small guys in terms of, you know, how do we create a floor of protection and visibility and security for these folks that doesn't require, you know, a computer science degree and a team of 10 and a SOC?

Eric Taylor:

Yeah, I mean, that's kind of where I was going to go with because I mean, this executive order does dick to stop solar winds. Yeah, it wouldn't have done a damn thing to stop colonial pipeline. This is, you know, not to get over political but it's fucking pony dog and pony show, right? So you know it. You know, you got there and friggin Oh, I'm doing something. Yeah, great. Shut up. And

Shiva Maharaj:

listen, it's gonna take them 103 orders 180 days to do MFA. When it shouldn't take time to do so it's okay. We're in good hands

Eric Taylor:

ways to say oh, well, we need a little bit more time just by submitting a letter to. And

Vince Crisler:

so how many years has any expert in the industry been saying MFA is no longer optional? I know. I've been saying that for at least three years. Yeah. Right. And the fact that it takes an executive order for the federal government to figure out that MFA is important,

Shiva Maharaj:

but DYOwas already FedRAMP Moderate. So Shouldn't it already been in in place? And then not

Eric Taylor:

to Cisco DUO's credit they give it to free for the part two MSP partners? Yeah, you do not believe how many times I come across it. That's the that's got breached? Oh, no, we didn't. We didn't know. What rock Are you under? I'm gonna blow that up.

Shiva Maharaj:

Cisco gives just for your edification. Every MSP gets 50 internal use licenses of their premium dual product. So there's no excuse on our end, but I've often said No, but I know we're coming up on time for you. And I want to be mindful of it. So anything you want? Oh, yeah,

Vince Crisler:

I'm all for it. This has been fun. We should do it a little later in the day when we have some whiskey or something to drink to

Shiva Maharaj:

Thursdays or Fridays, I'm good. Tell me what you like, we'll have a bottle sent over for you. There we go. Anything you'd like to close out with Vince?

Vince Crisler:

Now I just want to thank you guys for your time and the hard questions. I think, you know, I think in our industry in the security industry, it's time to start looking beyond the marketing fluff beyond kind of the fanciful discussions and let's start getting real about how do we protect companies? And how do we do it in a way that makes sense. And you know, where our team here at dark cube, we're excited to be supporting that mission and excited to work with folks that are looking for new creative ways to solve these problems. So thanks for including me, this has been a blast.

Shiva Maharaj:

No, thank you.

Eric Taylor:

For everybody here. Let's go ahead and how can people reach out to you

Shiva Maharaj:

if you want them to

Vince Crisler:

Google dark, cubed dark cube com I'm on LinkedIn, connect with me at Vince Crisler on Twitter, although I don't post all that much on Twitter, but I'm there. So connect with me on LinkedIn, go to our website. We've got a great team. happy to talk to you.

Shiva Maharaj:

Thanks again for joining us for the cybersecurity amplified and intensified podcast.