Beyond the SIEM: Network Visibility for Municipal Cybersecurity - Season 2, Episode 1

Show Notes

It’s a common refrain from small municipalities: how do we provide robust cybersecurity protection with limited resources and budget? The City of Newton, Kansas, has just two IT staff members supporting 230 employees and serving 20,000 residents. The team wanted better visibility into their network and needed to enhance their protection against evolving threats. But the solution couldn’t strain their budget or require extensive manpower. Here’s how they navigated the critical selection process.

Transcript

Ted Gruenloh: All right, welcome to the Nomic Networks podcast. Maybe our first vodcast is what we're working on right now. That's a new term I learned recently, by the way. And we have with us today a couple of my favorite people from the City of Newton, Kansas. They're one of our customers, spoiler alert. So, we're going to talk about several things today, a breadth of topics. But I wanted to go ahead obviously and get some intros out of the way. I guess I forgot myself. I'm Ted Gruenloh, CEO of Nomic Networks, here to talk today with these guys. Nathan, go ahead and introduce yourself if you don't mind.

Nathan Wallace: My name is Nathan Wallace. I am the cybersecurity architect for the City of Newton.

Brenda Ternes: I'm Brenda Ternes. I am the IT Director for the City of Newton, and I am also the GMIS International President.

Ted Gruenloh: Yes, and we're going to touch on that topic too. That's kind of important to what we're going to be discussing today. So first, I'd like to dive in a little bit to the city itself, get a better idea of who you serve, that sort of thing. So, Brenda, how long have you been with Newton?

Brenda Ternes: I've been here for 18 years.

Ted Gruenloh: 18 years. Have you been IT director the entire time Brenda?

Brenda Ternes: Manager, director, jack of all trades a little for 16 years I was alone.

Ted Gruenloh: 16 years, okay, so that is an interesting segue. Hey Nathan, how long have you been there?

Nathan Wallace: Well, surprisingly enough, two years. So the other two years of her 18, I've been here helping her get the city kind of in a very good position as far as cybersecurity goes.

Ted Gruenloh: What do each of you do, like the roles you take on?

Nathan Wallace: Well, I would say, you know, we both kind of do it all. Brenda's very good at delegating things between the both of us. And, you know, we both handle everything from help desk tickets, all the printing issues, whatever else, all the way to, you know, configuring and designing the network and making sure that everything's done correctly. So, a little bit of everything.

Ted Gruenloh: Little bit of everything. Now where does cyber come into that?

Nathan Wallace: Well, for me, my big thing was making sure that we had visibility on our network. I knew that was something that I figured we were lacking when I came in. Now, we do have an MSP currently and they handle some of that, but I needed more visibility into checking and making sure everything was getting done correctly. That's when I kind of saw Nomic, I saw what you guys were doing, and I really liked the product. So that's what led me into inquiring and getting it implemented in our network.

Ted Gruenloh: Cool, and actually we knew Brenda before, right? We've known you for a little while. So a couple other questions about the city specifically, because we have a ton of municipality customers, and I'm always interested in these kind of stats and how you guys compare. So, how many employees for the City of Newton? Do you know how many people you serve?

Brenda Ternes: Yes, you have. We have just a little over 200, probably about 230 users or employees, with us.

Ted Gruenloh: Okay. Yeah. And then how many people live in Newton? 

Brenda Ternes: About 20,000. 

Ted Gruenloh: Okay. Yeah, so you're at the top of that magic ratio, right? You've got two people for, how many did you say, employees? 200 employees?

Ted Gruenloh: And then 200 support 20,000, right? So you're like, you're right on those, those lines, right? Like one, one employee per hundred that you're serving, right? And a lot of cities obviously try to get it, try to get that down to, you know, maybe one to 50 or something like that, I think is a magic number I've heard before. You guys are shaking your head. Yes. For those that are watching the video. Yes, please. We want to do that. 

That just underscores kind of a lot of the municipalities we serve in terms of just the difficulty of all the hats you all have to wear for an organization that size. All right, so is Newton, this is going to get to the question of like, what your guys roadmap is, what your plans are, that kind of thing, whatever you're willing to share obviously, but is Newton growing? So does that help you in that regard? Is your budget kind of creeping up? What are your plans?

Brenda Ternes: Newton is growing as a city. We are trying to be progressive and bring in new businesses which do bring in more citizens to work in the community and then also work for the city itself. IT is the backbone of all of these services that we are providing to our citizens.

And so as an IT in the city, we are trying to make sure that we are progressive, cost effective, fiscally responsible with our money to provide those services to our citizens. And as a department, we are growing. We've, you know, more software, more hardware is out there, an increased need for cybersecurity functions. As we all know that everyone is getting breached or tries or something out there. There's hackers running rampant. So, we're trying to put the city of Newton in a good stable place with the IT backbone to be able to serve those citizens.

Ted Gruenloh: And we're going to, I'm going to poke a little bit at kind of like what you guys are running in your shop, that kind of thing. don't have to, you obviously don't have to name names other than ours. But you don't have to name names, I'm not going to pressure you that way. I do wonder, do you think there are specific challenges to you guys as a municipality, as opposed to in the corporate world, that sort of thing? So like, just off the top of your head, if there's anything that you deal with besides just the fact that you're a small team, right? Are there any other challenges specific to local government?

Challenges of Municipal IT: Doing More with Less

Brenda Ternes: I would say budgetary resources is a big thing for local government. We don't have an unlimited amount of money to throw at problems or to hire enough personnel to maintain what we're trying to do. So that's the big challenge for us. So we have to do more with less.

Nathan Wallace: Yeah, I mean, luckily for us here at the city, we do have a lot of people that support what we're doing and where we're trying to go with our with our plans. So it's good for us here.

Ted Gruenloh: That's good to hear. Obviously, it would be, I wouldn't ask you to just say, throw anybody under the bus on a public podcast, but it does sound like you have the support you need and you feel like you're well supported, which is a whole other presentation we do, right? On talking about how to get budget and that whole challenge. Are there anything you guys do, anything clever you'd want to share in terms of like how different approaches to making your cybersecurity better with the resources you have. And I'm not looking for like a pitch for our product or anything, but just like in your day-to-day, Nathan, like is there anything that your procedures, policies that you put in place that save you time, save your city money?

Nathan Wallace: Well, there's not necessarily anything specifically that I could say along those lines as much as just making sure that I'm using my time efficiently to go through all of the different logs that we have, all of the different information that we get on a day-to-day basis. I try to do my best, which of course puts a little bit of strain on Brenda because she has to handle a little bit more of the day-to-day help desk things that pop up, but I really try to focus my time on making sure that I'm going through all of the influx of information that we receive to make sure that if there is a bad or an issue of things that are popping up that they're known bads. And so we know where we're going to resolve those issues. But as far as policies and procedures, that's all things that are upcoming. That's going to be, that's the plan.

Ted Gruenloh: Yeah, but you mentioned delegation earlier. You feel like you and Brenda do a pretty good give and take in terms of, she tries to take that load off of you so that you can do that work, right?

Nathan Wallace: Right. Yeah. And that's yeah, that's a big thing because a lot of this stuff, I mean, with our MSP, we had eyes on certain, you know, our EDR solution that we have and we get alerts for things, but there's just not really a way for us to get that deeper visibility into the network. So getting as much visibility as we can has really increased our levels of feeling more secure and feeling safer.

Ted Gruenloh: Yeah, gotcha. So, in terms of, how about, I'm going to lead the witness a little bit. Like, do you feel like the managed services you guys lean on, you mentioned that you have over time, you know, had or have a relationship with an MSP, you've got us as a managed service to a certain degree. Like, do you feel like that's a strategy for smaller organizations to lean on a little bit, you see a trend in that direction?

The Value of Managed Services for Small IT Teams

Brenda Ternes: I do. And the smaller organizations do need some type of support and outside support. So the MSPs or the services that they can get from other companies like Nomic or other people that they are contracting with, that is very important for the smaller organizations. I wouldn't have survived so long on my own had I not had some of that support from that. So, I do think that is very important. There's a fine line of when you get to a certain level or too big for some of that when you need more in-house support.

Ted Gruenloh: Yeah, and I don't want to take words out of Nathan's mouth, but you described that already, right? You're kind of hitting that line where there's, want more access, you want more visibility into things and find services that provide that for you. Okay, I do want to talk before we move on, I want to dive in eventually to technology, but I do want to take a minute because you mentioned you're active in the GMIS organizations, Brenda. I want to talk about that a little bit. Well, first of all, describe your many roles in GMIS a little bit first, and then I'm going to ask a couple questions there.

Brenda Ternes: GMIS is an organization of public sector technology leaders in a sense that come together and collaborate, network together, lean on each other, have task force, stuff like that. So, in my roles, I joined the board in I think it was 2018, I can't remember when it was. Maybe 2018 I joined the GMIS International Board. We have chapters throughout GMIS.

Kansas is a very strong chapter. I joined the Kansas chapter’s board of directors and went through the processes there. And I love this group of people that I have and collaborate with in Kansas. And so I went through that process and then I decided to join the international board. For about three years, I was conference director and that was a fun role. We have a conference every year that we put together on a national level. And it was really fun to put that together and provide the education and choose those different aspects. And then I decided to join, do more in the board and I was president-elect. I was voted in by the membership for president-elect and I am currently president from the 2024 to 2026 years.

Ted Gruenloh: Which is why I'm so nervous talking to you right now. It's a great thing and it's a segue from what we talking about before, like leaning on managed services. How do you as a small team figure things out? I have always seen GMS as a good example of that too. How often do you lean on members? How often do you talk to other people about solutions, etc.?

Brenda Ternes: The listserv is very active on the national level and on the individual state level. There's always questions going out, hundreds a week, and if I have something to interject, I can interject and I can help another entity out there and they do the same for us. I've asked for questions or asked questions out there and they respond and give me some answers, give me some guidance, whether it be policy, whether it be a certain vendor that is doing a product that I'm looking for. 

Reviews on vendors that might have products out there. You know, hey use this one because Nomic is awesome and they have great support. Different things like that. When we get together either at the Kansas level or at the national level there's just so many friends that we are and we talk about our challenges, and we try to overcome those challenges or help each other out. There's been times that there were people that had done things, say the MFA, when it was a popular thing that would, the cyber insurance was requiring MFA. 

One of our local cities had gone through that process and they helped guide the rest of us through and help get our administration buy-in, because that's a hard thing at a government level to use your cell phone, your personal cell phones for all of that or get tokens or anything like that. But they really helped the rest of us get to where we needed to be.

Ted Gruenloh: Yeah, yeah, that's great. And that from a vendor perspective, I mean, you know this because we've had conversations about it, but from a vendor perspective for a smaller company like us, the word of mouth, the collaborative nature, you guys aren't competing against each other, right? So just that collaborative nature really, well, it could hurt obviously, but from our perspective, it's kind of the only way to go.

We just feel like it fits our culture a little better to speak with these groups, whether it's GMIS or in Texas, TAGITM, any of those organizations. Yeah, and I like that collaborative nature, whether it's managed service, whether it's through those organizations. They really do help the smaller teams, which is kind of what it's all about.

Okay, so I do want to walk through a little bit. I know obviously you've grown a little bit. If you wouldn't mind walking through your cybersecurity stack, as it were, and again, you don't have to use names. Just want to know kind of generally what you guys, what you've prioritized kind of, and maybe where you're headed and learn a little bit more about that.

Nathan Wallace: Yeah, so, I mean, we have, of course, like the standard, we have EDR, XDR, MDR, all the above. We have, of course, without naming names, we do have that in place. That's a big thing that we've focused on making sure that we get something good put in place there.

Ted Gruenloh: Yep. Was that a list that you guys have done recently or was that, or a replacement or something, or has that been in place for a while?

Nathan Wallace: It's been in place. That's something that we get service from our MSP. And we are currently in the process of looking at getting a SIEM in place as well. That's been a big thing, that's kind of the lift that we're currently working on just because I have all of these different influxes of information from different, you know, logging systems and I'm just constantly having to check logs, and it can take some time. So, getting a SIEM put in place to really digest all of that and make it a little bit easier to go through. That's a big thing for us. 

But when I first started, when I first saw your guys' product, that was a good thing for me because I knew we didn't have an IPS, or an IDS system and you guys were more than that. You know, especially now that being more of an MNDR, it was something that I thought it was a really cool product and very innovative in the sense, you know, for a lot of different reasons. But we, we put your whole stack in place. So, we have your Insight, your Outposts. We have a couple of them. And then of course the HQ. So those were, those were big things as far as a lot of the cybersecurity before I had started was all handled by our MSP. We're in the process of taking that over. So that's where we're at now and that's kind of where we're going. We're looking to handle more of that in-house.

Outpost and Insight: Visibility That Enhances Security

Ted Gruenloh: Yeah, and then obviously you've got a firewall, right, on the edge of the network. You've got your endpoints covered. And then, obviously, hopefully with Insight, you've got visibility of the network traffic. So, you're kind of covering every piece of that. Adding a SIEM is then obviously a way to kind of coordinate all of that stuff. So now we talk about us specifically a little bit. when, let's talk outside first. So, with the Outpost, what brought you, what kind of attracted you to that, beyond necessarily what your firewall was doing?

Nathan Wallace: So I mean, the biggest thing for me and the reason why I thought it was such a innovative product is I hadn't ever heard of this obviously network cloaking before the fact that that was something that I saw and saw great value in, especially with the way that we have our network set up having a main firewall that handles a lot of our traffic. It takes all of the, you know, the standard rogue packets and things like that. It takes all of that traffic off of the firewall because of the fact that when it sees a malicious, you know, anything coming in, it blocks it and drops it off of the, off the network entirely with that network cloaking. It's not able to see it. It's not able to hit our firewall and our firewall is able to, you know, perform more efficiently.

Ted Gruenloh: Yeah, so you're basically reading right off our website, Nathan. That's great. Like that was perfect. No. No, I mean, hit, it honestly warms my heart a little bit. Like you're hitting right in what the value proposition is there. So, and hopefully that gives you a little time back, right? And it helps your other systems as well. 

Outpost, sure, great. It's been our bread and butter for a long time. Glad you see value in it. And Insight, here's what I'm really curious about, is you mentioned that you're headed towards implementing a SIEM, right. I want you to talk a little bit about kind of your journey towards that and the visibility that that's going to get you to. Starting from zero, implementing Insight, and then getting and I know are you got where are you on your implementation by the way do you have the SIEM yet.

Brenda Ternes: We're still trying to get approval from, yeah, the commission.

Ted Gruenloh: Gotcha, okay. Okay, so you're not, Nathan's not the be-all and all expert yet on the SIEM, right? Is that for the sake? Okay, so what I'm really interested in is the journey from Nathan saying, oh no, I have zero visibility into anything toward all the way to a sophisticated SIEM that's going to have every log you could ever want in it, and Insight is somewhere in between there. So, I'm kind of interested to hear and Nathan take as long as you want to kind of describe that process.

Nathan Wallace: Well, I mean, realistically, it's not necessarily a long process. It just came down to, for me, not having any visibility on the network and having an MSP that handles our cybersecurity. We are in a world, honestly, we are moving to the world of zero trust where we're not supposed to be, I mean, nothing should trust anything. But we're currently more along those lines of trust but verify.

That verification is the big thing for me. I needed to know that we had things in place and that things were being done correctly. So, when I came in and I was like, hey, can I have access to this? Hey, can I look at this? There was a little bit of pushback just because of the way that we were being managed. And I've been trying to figure out a way to get more visibility. When I saw that Insight was a product that then sits inside of our network, communicates with the Outpost to create all sorts of information for everything that comes on and off of our network. I mean, it was almost a no brainer. 

The more that I looked into it, the more that I realized this is a product that we could greatly benefit from. There's, I mean, I went to a couple of your demos. I'd seen a couple of things of you guys talking about how it works and how it could benefit us. And I mean, I was pretty sold on it from that point forward. Being able to see everything from the IP addresses that we connect to, the protocols, the attack types, everything that's happening. I mean, it's just very, it's where we wanna go as far as visibility goes. Now, obviously with the SIEM, it's going to create a lot more logging from everything that I have as far as our Azure logs and everything else. 

I mean,sign in and audit logs. mean, there's just, it's going to create a little bit easier way to read all that information and digest it in a timely manner. That's the end game is eventually to get to a point of where I have a little bit easier time going through all of the logs. But Insight was just, I mean, it’s a great product that creates these flows that I'm able to go through and check. And I know we talked a little bit before about how I get lists of malicious IP addresses that I will go through and I'll check and see if we've communicated with. And the fact that I'm able to go back and look, I mean, it's huge. And of course, with your guys' ability to log all of that information for an extended period of time, I mean, I can go way back and check. So ever since I put it in place, I'm able to go back and do searches. And it's just awesome. It's great.

The Future of Network Visibility: Beyond the SIEM

Ted Gruenloh: So do you see it as, obviously you mentioned, you kind of started with nothing, you wanted some visibility, right? And you didn't necessarily have the flexibility to get the visibility you wanted. Insight gives you that quick visibility into the network, cool. And then flash forward six, 12 months from now.

You've got the SIEM, it's gathering all the logs. Do you still see utility in the ability to quickly, I'm leading the witness again, to quickly find that information, troubleshooting, diagnosis, whatever you need to do. Do you still see the value in that?

Nathan Wallace: Absolutely. I mean, this is something that it was the first product that when when bringing to because Brenda and had had conversations about where we were going. She said, well, what do you think? And I said, I think this product, the value for what we're getting and the information that we're receiving. I mean, there's nothing else that can come close to it. I mean, a SIEM is not cheap. And so. that alone, that completely separately was, I mean it was going to be a lot. And so when I saw you guys, I saw what your products were offering, what all we were getting, this was the perfect starting point. And it was honestly more than I was expecting because you guys, unlike, well I shouldn't say unlike, but what you guys do very well compared to maybe some other organizations or products or solutions is your guys' continuous innovation. I mean, since we've had your product, you've implemented multiple things that have made my life even easier.

Ted Gruenloh: Did you get the notification on Friday of the update? We had a huge update on Friday.

Nathan Wallace: I did. Yes. I had it open and I was actually keeping it open when I was looking through things. The next thing I got a pop-up and it said, you need to relaunch. There's a big update. So I did that. Yeah, the fact that you guys brought the reporting software in, mean, that makes it extremely easy for me from month by month to take that executive summary and it builds it out, sends it to me. I save it and I have every month since we've had the product in place, all the alerts, all the countries, the ASNs, everything that we've, all the communication we've done, it's all put in a very clean, nice document so then whenever the commission or whoever asks about the product, I can show the value in it. It's very easy.

Ted Gruenloh: Have you actually used that, like in front of the commission? Brenda, do you take those reports to them?

Brenda Ternes: I haven't yet. I will probably do that this this budget cycle because since we did implement it last year, wasn't it last year? Yeah, we will be able to prove that hey, this was this was where we went and this was the value that we receive out of this.

Ted Gruenloh: Yeah. That is literally, I mean, we've had executive summaries on the devices themselves for a long time, but that pretty report, for those on video, I'm putting it in quotes, that pretty report, that's really the purpose of it, like is for you guys to at least have something you can walk to and say, you know. So I guess what I'm saying is I'm hoping that that is doing its job.

Nathan Wallace: There's yes, there's absolutely great value in it. And that's why, like I said, when you came out with that to have it automatically do it. Before that reporting was built into the HQ, I was going on them manually printing them out. I mean, it's not like it was terribly long to do, but this just made it so much easier. And again, it's like I said, you guys are just constantly innovating.

Ted Gruenloh: That's great to hear. Do you see, you mentioned the list serv earlier, and like if somebody were to ping you behind the scenes, hey, you guys use Nomic, and they're pitching this Insight thing to me. Do you see value in that device almost as, so in your case, it started off as an alternative to a SIEM, because you couldn't afford a SIEM, right? Now you're implementing a SIEM, but you've just mentioned that you still see value in it as like a supplement to the SIEM, right? And that's the way we kind of pitch it, one or the other. So would you recommend that to someone who, an even smaller organization than yours that can't afford a SIEM, that sort of thing, as a good first step.

Alert Fatigue vs. Cybersecurity Vigilance

Nathan Wallace: Yeah. And for multiple reasons, because it's more than, again, with the Nomic products, you're not just getting the Insight or the Outpost. I mean, you're getting a team backed by individuals that also have eyes on. I mean, you guys do more than just, I mean, and again, there's, because you guys have such great visibility with your products, I can see when people are signing in. I can see when you're checking on specific alerts. I mean, it shows me all of that.

But the fact that Insight specifically is essentially, like you'd said, a supplement to a SIEM, but it handles it just like a SIEM in the sense of all the information that I'm getting in a very quick and easy way to go through and look through all of the conversations and communications on our network. It's invaluable, for …

Brenda Ternes: Security and layers. You have to do that. There were things that when we first implemented it that we had users getting blocked, downloading software and doing things. And so we were in the Insight and we were looking and we were seeing and we figured out why they were getting blocked downloading their software. They would have never figured it out, but it was different like APNs that they were going through and they were malicious. And even though was a valid software, so we were at least able to tell them, hey, this is why you're getting this and figure it out. So it's really helped us in many aspects.

Ted Gruenloh: That's great. So, do you feel like it's kind of a little bit of side question. There's this aspect of, I haven't really talked about this, but alert fatigue gets brought up a lot in the marketing around SIEMs or IDS or firewalls or any of that sort of thing. How do you see yourself, I'm not even going to ask about our product, how do you see yourself with a small team, sort of figuring that out, solving that problem?

Nathan Wallace: So, it's hard not to talk about that without talking about you guys, because that's a big thing of what I use. But outside of that specifically, as an in... Right. It wasn't too leading. I see. I see. No. It comes down to a person as an individual. So for me, I mean, there are a lot of alerts that come through and they're the same thing over and over again. And there's multiple ways around that. But for me personally, it comes down to the individual. Like you have to understand that yes, alert fatigue is real and that does happen, but it is my job. It is my sole purpose for this organization to make sure that I'm keeping it safe. I can't allow myself to have alert fatigue because who knows it only takes once they only have to be right once I have to be right 100% of the time. So that's there's more to it than just that just touching on that aspect specifically. 

But I do understand that that is something that happens. You guys have a very good kind of you have features in place to kind of keep that from happening with the ability to scale down the amount of alerts or the frequency of the alerts coming in. But for me, I'll never be frustrated or annoyed at too many because a lot of the times they're the same thing, but it's the fact that you guys are giving us a known bad. I know these are regular things that are coming through. 

So most of the time, I get the alert at the end of the day from you guys and it comes through at midnight. I'm generally still awake at midnight. So I'll go through and I'll read through and make sure that everything looks the same as normal. And when it is, great, all is well, move on. Now it's those nights where I go through and I get it, I see an alert that doesn't look normal. Then I'm like, okay, well wait a minute. And then I'll pull up my computer, I'll go through and I'll look and I'll see and it tells me, you know, whether it's something specific, something worse or whatever it is, it's the fact that I know that that's not normal. And I wouldn't have that visibility if I didn't have this product in place. So again, it's just the fact that this creates a known bad that helps kind of, the alert fatigue doesn't really hit me just because a lot of the times it's mainly just reading through and seeing the same day-to-day stuff. And it comes through once a day.

Ted Gruenloh: Yeah. And I, what I'm hoping is when that, like you said, it's you, you trust those alerts, right? And, and that's what I'm hoping for you when you go down the road of the SIEM as well is that you get it configured such that where it is a, you know, a benefit to you and it's handing you information you care about, right? And so, yeah, I'm looking forward to that for, for you guys. I guess. Brenda did want to come circle back a little bit to kind of your path to get where you are and sort of to GMIS. So, the angle I'm taking here has to do with what do you lean on to kind of get to make it as far as you've gotten? Do you lean and touching back again on? Just want to kind of riff on that a little bit, like touching back on who you've leaned on over the years, whether it's a vendor, whether it's a GMIS, whether it's a, you know, that sort of thing.

Brenda Ternes: Actually both. When I got involved in GMS and was just a basic member, I found a family of like-minded people. And so, I heavily leaned on my peers because they had been there. They had done that, a lot of them. And so that really helped me grow as an individual and grow in the IT department, being the sole person for so long and coming from a non-IT background at all. And stepping into an organization that had never had an IT person.

Ted Gruenloh: Yeah, so how does that even happen? You go from no IT to IT, like magic wand? Like what's that story?

Brenda Ternes: I had a friend in a previous organization that I worked for when we were working day trading. He was the tech person, and I was the receptionist, and we became friends. Years later we stayed friends and when I wanted to make a change in my career when I was working for the school photography company. He said, well, you always had a great mind for computers. How about come learn with me? Sure, why not? And so, he was a great mentor along the way, started me out in things that I did not know that he was starting me out in like level three tech stuff. He was just saying, hey, do this. And I would do that. And then we would go down the merry little way. And so along the way, I learned all the aspects of what I needed to learn. So, they liked me at the city of Newton. I was contract here for a little while and then they really liked me. So, then I started here and I just kind of learned it all, redesigned the network a couple of times over and just on the job training, really.

Ted Gruenloh: Yeah, and you feel that's common in the municipality space, not necessarily a common to go from like zero IT to IT, but just a common pathway of like, yeah, you just gotta get in there and do it. You're not bringing in the super expert every time, right?

Brenda Ternes: Yes, and I do feel like that in a lot of in Kansas in particular, and I know that a lot of other states have the same challenges. They have smaller communities. They have the smaller cities, the smaller counties, and there's not a lot of people resources to be able to, you know, put there might be one-man shops, two-man shops. So, when I was introduced to GMIS, that was a huge help to me because all of these individuals, I was able to ask questions and, know, they just wanted to help. IT people in general just want to help.

So they helped me along the way and to continue to grow where I have been. And I think I've become a better director, a better IT person along the way because of that community that I was able to lean on. And along with that community, we have, you know, the sponsors and the corporate members that show up and help us along the way. Like, they want to see our organizations grow and become better and more secure if that's, you what they do and so I'm able to lean on those members too. You know I've talked to you and Greg, and you know Pascal and Chris and you know we've had those conversations and just knowing that I've got somebody that has my back, or I can find the answers through you if I need that. It's huge.

Ted Gruenloh: Yeah, that's really cool. I like your story. So, I wanted to make sure you shared that a little bit. Well, that's cool. Do you guys have any other questions before we drop off the line or anything else you want to mention? Plug us one more time.

Brenda Ternes: I personally think your support is awesome. We've reached out a few times. No, I have been really impressed with the support. The few times that when Nathan and I had just started with the products and we reached out to support, they're awesome. Very, very quick, knowledgeable, explain things well. I don't know. That's a huge part of a you know, investing in a company and having their products, the support back end and I, we've had really great support from Nomic. Obviously, you and Greg love you both to death. So, there's that too. There's, there's a lot of collaboration.

Ted Gruenloh: Right back at you.

Nathan Wallace: Yeah. And right. And the other thing, I mean, realistically is you guys have a relatively small team, but it's never felt that way. I mean, normally if you have, if you have, there's a, there's a, there's a give and take of, know, any sort of, MSP or, anybody that a vendor that we work with where it's like, if it's a huge vendor, you know, you, you never worry that you're going to have a trouble getting a hold of anybody or talking to anybody, but it could be one of 60 people. So, you never really know who you're going to talk to versus you have too small, you think, well, I'll never get a hold of them because they're going to be too busy. It amazes me how you guys have such a small team, and I've never once had any troubles getting connected or talking to anyone from you guys when I've needed to get any information.

Ted Gruenloh: That's great to hear. It's a sweet spot, pulling back the curtain a little bit. It's interesting to manage that size and make sure that we can cover what we're trying to cover. Because support is a huge, nobody knows who we are, right? So, we're competing against these 800-pound gorillas and how do we differentiate ourselves? We got to get in, we got to fight to get in. And once we're in, support sort of takes over from there. And it's like the sticky thing that's like, well, no, the support's too good. There's no way I'm going to... That's kind of way it goes. Well thanks again, guys and we will talk to you soon. I really appreciate the time.