Cybernomics Radio
Welcome to Cybernomics, the podcast where we break down the latest enterprise innovations and challenges shaping the Information Security industry. Whether it’s AI, cloud computing, or digital transformation, we dive deep into the forces driving businesses forward.
Join host Josh Bruyning as he engages with industry experts and technology leaders to explore how businesses are leveraging technology for growth. From cutting-edge advancements to the economic impact of tech decisions, Cybernomics delivers insights that keep you ahead of the curve.
Tune in for expert analysis, compelling discussions, and a front-row seat to the future of Information Security.
Cybernomics Radio
#41 Why Your Business Is More Vulnerable Than You Think - Corey White, CEO @Cyvatar
Cybersecurity doesn't have to be overwhelming or unaffordable for small and mid-sized businesses. Corey White, CEO at Cyvatar, explains how their platform provides right-sized, comprehensive security that serves as a business driver rather than just a cost center.
• Most companies don't need to hire a full security team – outsourcing cybersecurity makes sense just like outsourcing HR or payroll
• Even with the best security training, 3% of employees will still click on malicious links, so protection must go beyond awareness
• 98% of cyber attacks are preventable with the right controls in place
• Hackers typically choose targets of opportunity rather than specifically targeting your company
• Many businesses discover their cyber insurance won't pay out because they weren't actually implementing claimed security measures
• "Right-sized cybersecurity" tailors protection to specific business needs and risk profiles
• AI plays a critical role in both attacks and defense, requiring human expertise to guide implementation
• Quantum computing will revolutionize cybersecurity in the coming years
Check out Cyvatar's free assessment tool and basic security tools at cyvatar.ai, and connect with Corey White on LinkedIn to learn more about affordable, comprehensive security solutions.
Corey White, ceo at Cybertar. Welcome to Cybernomics. Thanks for carving out some time in your day. Your busy, busy schedule.
Speaker 2:Yeah, Josh, thank you for having me. This is exciting. I look forward to this. Let's dive in.
Speaker 1:Look, I'll admit I don't know a whole lot about your space and the space that Cybertar lives in, and the way that you summed it up to me and the way that my little monkey brain is trying to rub two brain cells together to make sense of it is that you're a platform that helps companies manage all of their, or most of their, or the majority of their, cybersecurity tools activities, and all that stuff targeted mainly to those companies that are small, medium, large. I guess that's the whole gamut, right? Everybody needs this, but especially those small to medium companies that may not have a full on security team and they may need some help managing all of the different parts and the various legs of the spider. So those are my words, Corey. In your words, what is Civitar?
Speaker 2:Yeah, let me give some analogies and then I'll bring it home to answer. What is Civitar? So, when you think of a mid-sized business, or many of the small businesses out there, like, none of them go and say, day one, I'm going to hire a VP of HR, do payroll and HR and benefits myself, right, because that's not their expertise. Right, they're not experts in that. So you have, you know, your Trinance, your Rippling, your Gusto, all these companies, all these PEOs out there, that you just simply outsource it. And that's exactly what I did for this business. I am not an expert in dental care or either healthcare, you know, god forbid, right, I'm tired for all that. I just need to know my employees have all that covered period. So let's equate that to cybersecurity, right? So here's the challenge Companies, in order to grow, they got to be able to fill out third party questionnaires, they got to be compliant, they got to have cyber insurance. And oh yeah, by the way, they cannot get hacked with a ransomware attack or business email compromise attack or anything that cripples their business. So why would you say, ok, well, hey, we're a midsize business Even if you got, you know, 100 employees, 200 employees, I'm going to go hire a CISO and a security team. I'm going to go do a bunch of product evaluations and test all of it out first, and then I'm going to go and implement it and I'm going to manage and maintain that.
Speaker 2:That would take you anywhere, depending on the size of your organization nine to 12 to potentially even 18 months, depending on how long your evaluation is. Or you can come to Savitar and we're going to bring in the best of breed products. We're going to install it, we're going to configure it, we're going to assess your gaps, we're going to remediate your gaps on a continuous basis. We're going to get you cyber insurance. We're going to get you compliant and have your third party risk management. And yes, we just added managed IT, but it managed secure IT, because a lot of the companies have IT vendors doing their cybersecurity. Well, we're a cybersecurity company that's going to do your IT. Okay, so everything IT related that is implemented needs to be done securely, otherwise you will get hacked. So we come in with that angle. So that's what Savitar is.
Speaker 1:So I wasn't way off. You summed it up way better than I ever could. But I'm curious, Corey, how did you get into this business?
Speaker 2:I get that question a lot and it makes me laugh because I've been doing it for 30 years. The business did not exist in 1995 when I started. Okay, like, I got out of school and the internet came out, so you know Pascal and COBOL program, and that wasn't a thing. So I had to learn how to continuously learn. So every single day, week, I am learning something new to stay on top of this. So when I dove in my first gig, literally in 1995, I was working for Microsoft supporting Windows 95. The day it came out it was the first operating system with an IP stack, and so with the internet, internet Explorer, exchange 1.0, all this was what I was supporting. So I had to learn all that stuff brand new. But nothing I learned in college was really applicable. So I had to go get Microsoft certified, cisco certified, a bunch of sand certifications, et cetera. And so as a result of that I've just been continually learning and right after I left Microsoft I got into consulting and consulting.
Speaker 2:You're the expert. Whether the product just came out or goes wherever it is, you're the expert. Like when I built the external network for Intuit, you know TurboTax, so we can do tax returns for the first time in 1997, down in San Diego, my boss came to me. You know, literally this is how horrible for a podcast, but it's a true story. So we're in the bathroom, you know, at the urinals, and he was like Corey, do you know load balancers? And I was like Corey, do you know load balancers? And I'm like, looking straight ahead, because you can't look side to side Looking straight ahead and I'm like, yeah, I can figure it out.
Speaker 2:I've never done one before, but you know well, they just came out a couple of weeks ago. We got this gig in San Diego, want to go do it? And I'm like sure. So I got the manual from Cisco and I'm reading up on load balancers, trying to figure it out, and I implemented it. Anybody that did a tax return in 1997 through Intuit TurboTax went through my load balancers in the perimeter network that I built. So it's just a process of continuing learning. And so when I built perimeter networks, I got into perimeter cybersecurity assessments and pen tests and the remediation of it. So I literally have been in this world for 30 years.
Speaker 1:Well, it's a good thing he didn't ask you to shake on it.
Speaker 2:Yeah, exactly. Yeah, I've been an elbow bump or something. Yeah, yeah, yeah, yeah, just to wash your hands, got it?
Speaker 1:All right, it sounds like you have to be a generalist to oversee something like Civitar, and it seems like you've seen it. All right, Do you have to be a generalist to do this job?
Speaker 2:I think 100%. You've got to be a Swiss Army knife, because when I talk to people in my public talks I usually ask the question how fast does technology move and evolve and change? And for giggles, what do you think? How fast do you think it moves, josh?
Speaker 1:Faster than you can blink. Faster than you can blink.
Speaker 2:Faster than you can blink and so literally, I started really asking that question about 10 years ago, so roughly, you know, 2016-ish. I would ask people in a public talk in a crowd like hey, what is it? They will come back and say at the time, 12 to 18 months. Things are evolving and the metric I use now is how often does a new AI model come out? Okay, and it's getting faster, it's getting faster.
Speaker 1:I think it's weekly. At this point it sounds like.
Speaker 2:Exactly so. The things that we were able to couldn't do in an AI model like a month ago. Now it can do and it's better at it, and that's going to keep on getting shorter and shorter and shorter. And so when you look at where we are from a cybersecurity perspective the end customer that is trying to secure their organization they're in most cases using some legacy approach. But what are the hackers are doing? The hackers and especially what's going on with our economy right now people losing jobs. The hackers and especially what's going on with our economy right now people losing jobs.
Speaker 2:If I were a malicious person, I know I could probably make more money faster by hacking into companies with ransomware, business email compromise, because there's ransomware as a service. Business email compromise as a service. There's fraud, gpt. So all these things have automated cybersecurity. You don't have to be a technical cybersecurity expert at all. You just got to say I want to target this company and put it in. It will build up your phishing page or phishing campaigns. Everything is automated. So that's what we're fighting against. So if you're a small or mid-sized company and you're fighting against an automated AI-based attack, then you're not going to be able to survive, because many of them don't even have the tools in place. We solve that for our customers. We have to stay cutting edge and solve that for our customers.
Speaker 1:Well, somebody has to. If not you, then someone will inevitably take that place. But it sounds like you are uniquely qualified. Not just Civitar, but you, corey. With your wealth of experience, you are uniquely qualified to tackle this problem. Now, one of the challenges of tackling these problems in cybersecurity, especially for medium-sized businesses small businesses even more so. They may not know what they don't know right. So there's a lot of education that might not might. That inevitably has to happen. So what are two or three misconceptions that you encounter on a regular basis?
Speaker 2:What I end up getting is a few things. Number one a lot of companies and CISOs of companies that are like, well, we have antivirus, is that it Well? And I explained to them and they'll throw out like a Norton or, you know, mcafee or whatever. The problem is is that those solutions? You know they were good for what they were back in the day, but they're using signature-based technology and it's almost starting to leverage, you know, ai-based. But again, we all know if a company has been in business for a very long time, it's really hard for them to use the latest and greatest technology. But the hackers are. They're using the latest and greatest technology. So there's a big gap. So, to stop cyber attacks, what we have built across our customers is an AI-powered tool set. And then you have our AI-enabled team that is securing your environment. And so the misconceptions and questions that we get is companies come into us like, well, we have antivirus. Well, let's just say you have the best antivirus out there. There's some great vendors and we leverage them. But let's say, you have that, but what if it's not installed correctly and not configured on every single endpoint?
Speaker 2:And the analogy I give I love car analogies because you know, most people have a car, unless you're like New York or something. But you know, when you think about a car, you get out of your car, you park it in a parking lot, you close the door and you lock it and you let your windows up. And you lock it and you let your windows up. But if you say, okay, we have antivirus, even if it's the best antivirus, that's the equivalent of saying I closed my door but my window is still down, okay, and then you may still have your wallet in the front seat. And then when you go back to your car and your car is stolen and your wallet's gone, right, and your whole thing is gone, then you're like someone hacked into me, someone stole my car. You're like, well, you left your wallet on your front seat and your window down.
Speaker 2:Well, if you don't have multi-factor authentication, you're not patching your systems. And let's just say, and you did antivirus, right, but you didn't do the other things. Then that's the equivalent. So, yeah, you will still get compromised. And what I don't think most people understand is that there's not this one product or one thing you can do and then you're secure. That's not it. And that goes back to the car, just because you roll up your windows doesn't mean your door is locked. Your door could be wide open, but your window's out, hey, you're good. And so I think most people aren't thinking about cybersecurity as holistic as it needs to be.
Speaker 1:When you're implementing AI. Okay, first of all, is AI wreaking havoc on your roadmap?
Speaker 2:It's coming out so fast?
Speaker 1:I mean, how do you keep up?
Speaker 2:Yeah. So you've got to use the right technology for some formals. So I went and did an audit last year of all the technology. Just check in base, make sure Every technology we're using for our customer base is using AI at some level. Okay, built into the product, okay. Then the second thing I did is, you know, worked with my team to better understand how are they using AI, how are we automating ourselves? And, for me personally, ai is my co-pilot, it is my co-founder.
Speaker 1:So it starts with you it does. Is what you're saying, yeah.
Speaker 2:It absolutely has to start with me, because I can't have my teams, you know, saying, hey, make sure you use AI, and I'm still old school, not using AI. Like everything that I'm developing and strategizing around is using AI. And I was talking to a good friend of mine just last week and you know literally two of my friends. We were having this debate and both were in the marketing space and so we were talking and we were just debating around what's different with AI and even marketing, but the same thing applies to cybersecurity.
Speaker 2:The gap that we're running into now is that you have new people coming into business whether it be marketing, cybersecurity, whatever and they're using AI. With me being in cybersecurity and technology for 30 years, I know what questions to ask. I know where I need to take it okay, when I'm using AI, but if you don't have the foundational components, then you're going to ping AI and it's going to give you an answer back and it will sound freaking amazing, but it ain't the right answer, because you cannot continue prompting and fine-tuning it, because you don't know the right answer. You can't trust AI to give you the right answer. Okay, and you got to have the experience to know where you need to take this.
Speaker 1:Yeah, that's, that is my experience with AI as well. You try to go to it in a, in a field or in a domain that you have no idea what you're doing. You don't know anything about it and you're like you know what I'm going to get by by just using whatever the AI spits out. And then you lay it out in front of somebody who's got all the experience and they look at this and they're like did you? It's a classic scenario of the professor. You know, a kid writes a paper. The professor can tell right away you didn't write that paper, that that paper, that paper actually doesn't really make much sense. And if you really read Shakespeare, you'd be able to look at this sonnet or this poem or this play this way, and I can tell that it just doesn't have the human touch. So you're totally right when it comes to AI, you can't just slap it on a product and ship it out to market. You have to really understand what's going on and the AI is your co-pilot. You use that word, which is the key word here is that it is your co-pilot. Okay, so that's the first.
Speaker 1:That is the first misconception. It's that people think that they can just use antivirus or they can use one or two products and that gives you holistic security, which is really a good point. So I'm going to stick on that just a little bit more and maybe we can unpack that. I've always heard and maybe you can decipher this for me a little bit I've always heard that if you've got multi-factor authentication, you implement zero trust and I think there's like 18 controls that you can slap into your network. You're 90% covered. I know this is sort of the philosophy behind the um. Is it the CIS top 20?
Speaker 2:Yeah, yeah, okay.
Speaker 1:So is that a myth or is that real, that if you were to get those 18 controls, put them in place, then you're about 90% covered? Is that just a total myth?
Speaker 2:It's not a myth. No, absolutely not. I'll even go a little bit further than that. So when you take the CIS-18, they actually have three implementation groups. So implementation group one and it's called IG-1, right, is a little bit basic, but it's not as stringent as two or three. You do three, you're ironclad, you're solid, right.
Speaker 2:But here's another nuance, another spin on what you said. So Gardner came out with a stat, probably about three years ago, and it says 98% of all cyber attacks are preventable. All right, so you know that's higher than your 90% number. And so, with my background, like I said, 24 years of incident response, I've seen every type of attack out there and what I'll say is incidents fall into two different categories. Okay, number one, I'll call it the drive-by hacker. Okay, and what that means is they. You know, think of this analogy in another. You know this is a house. Now, analogy If I'm driving down the street, josh, and I see huh, josh has a nice car in the garage, you know garage door is up. You know side gate is open, garage door is up, side gate is open, but as I go down that whole street, everybody else, garage door is down, side gate closed, locked up.
Speaker 1:At that point you were morally obligated to steal my car.
Speaker 2:Yeah, exactly, steal your car to break into your house, whatever it is right, and so that's the drive-by hack. Now let me explain it in cybersecurity terms. So if I'm scanning the internet and you are scanned literally thousands of times a day, every single second, someone is scanning your external presence or probably sending you a phishing email. It is continually happening. So if you don't have proper controls and you aren't patching your systems, you don't have multi-factor, you don't have endpoint protection, your gate's open, your guard's closed up. And to just give you a stat which is just, everybody needs to just marinate on here for a second. Everybody's heard of security awareness training, right, and people say, god, I have security awareness training. If people would just stop clicking, we would be okay. A couple of things to that. The internet is all links, like. Your email address is a link. A calendar invite that we use to set up our initial meeting is a link that you can embed malware in. Okay. So even if you have the best breed of security awareness training out there, you could possibly have. The best you're ever going to get is you can get your click rate on malicious attacks down to 3%. So now you got to make the assumption that at least 3% if you're really good are going to click. Average companies, usually, if they have nothing in place, is around 30, okay, so you got to design your security program.
Speaker 2:What happens after the click? All right, because the click is going to happen. Okay, the gate is going to be left open eventually. All right, so now let's go to the other type of attack. Okay, my point is, you know, attack scenario one that all can be prevented and stopped, and we do that across all of our customers. You know we've never had a successful breach and always knock on wood when I say we've never had a successful breach five years in business. You know, hundreds of customers. Okay, so we know, just in the last six months I look at our stats we blocked 195 ransomware attacks and 165 of them were from someone clicking on something. So the click is going to happen.
Speaker 2:But, we blocked it every single time. Okay, so it can be stopped. Okay, now let's go to scenario number two, which I call a nation state threat actor attack. What that means is you know it goes old school. By any means necessary, they're going to hack into you. Okay, that means they have a group of people after a specific target to get into your company. They specifically have targeted your company, but that's only about 2% of the hacks out there where you get a targeted threat actor group coming after your company.
Speaker 1:Most of it are hacks of opportunity. Corey, let me ask you this because I know that your customers, your prospects, the general public, anyone in business.
Speaker 2:They're going to ask this question why would anybody want to hack me? Here's what the real answer to that is they don't want to hack you. They're hacking you because your gate is wide open. It is a hack of opportunity.
Speaker 1:It's an opportunity thing, okay.
Speaker 2:Yeah, okay, like literally, we've got a ton of manufacturing companies. Those are the ones that get hacked all the time. But again, if you're just to say literally, you know I was talking to one a few weeks ago billion dollar manufacturing company, okay, and so what we designed for them is right size, cybersecurity. They have no compliance needs, they have no PII, nothing, okay, nothing saying that you need to be compliant with anything, nothing. So what we did is so we said the most likely way you're going to get hacked is business email compromise okay, or some type of financial fraud where you know it's similar to BDC, but you know, some kind of financial fraud because they're a billion dollar company, so they're handling millions and millions of dollars of transactions on a regular basis.
Speaker 2:So, and then the last one is ransomware. So if you have access to that much money, or even if you're smaller you're smaller you still have access to money. So I had a manufacturing customer come to us. They lost $150,000, you know, because business email compromised, they got compromised. Their user that did, all their finances got compromised, and so the person you know did not know, but the hacker got into their email and they sent emails and said send money to this bank account, so all their customers were paying to the wrong bank account.
Speaker 1:That is a big problem that needs to be solved, because 150 grand may not be a lot to a big company like Walmart, but for us little guys, 150 grand could be the difference between your doors staying open and being closed. That's like being in New York City and losing your job. Right, you can be two paychecks away from you know, asking for change on the subway. So that is not a small problem and I think that that needs to be highlighted. That a lot of people they may ask nobody wants to hack me, or why me or the percentage chance of my company being hacked is so low. But the thing is, the impact of getting hacked is so high.
Speaker 2:Yes, and let me give you a couple layers to that particular same hack. So that same hack. This company had cyber insurance. So they're like okay, let's reach out to our insurance company and let's get this money back. Well, when you fill out your insurance questionnaire, if you're not a Sabotage customer pretty much everybody else you're saying we have multi-factor in place, we're doing continuous patching and remediation, we have antivirus, next-gen antivirus, edr on every single endpoint. So you're checking those boxes saying you're doing that and several other things that you have in place.
Speaker 2:So when you get breached, they're going to come in and do forensics and figure out how did this happen? And if it happened because you didn't have antivirus or you weren't monitoring that system, didn't have multi-factor, didn't apply a patch, then guess what? You're not going to get paid. So, literally, companies are paying for years having cyber insurance and then when the breach does happen, then they don't get paid back from it. Yes, they lost $150,000, but let's just say, if you're paying $8,000, $10,000 a year for your cyber insurance policy, then when the breach actually happens, then you don't get paid out either.
Speaker 2:Well, what CyberTar has done is, while we're experts at bringing all this together, we have the insurance ecosystem partners. We have the preventative controls in place. You don't even have to fill out the questionnaire. If you're a Sabotar customer, okay, we have solved that for you. And so, even if the breach did happen, then we can sit and show we were automatically applying patches every single month, or week, I'm sorry, or day, depending on the need there. Right. Then, on top of that, we are continuously blocking malware, because your endpoint protection is designed to protect, and then we monitor a lockdown endpoint and you have multi-factor. You are covered. Okay, they still get in, which is possible with these sophisticated threat actors. The analogy I give when you think about a sophisticated threat actor you can have your house locked down or your car locked down as hard as you want, but if someone gets a big rock and breaks the window and reaches in, okay, when I say by any means necessary, that's what happens.
Speaker 1:Now, just to wrap up, I think that there's something here that we take for granted especially in the security community, when we're trying to drive home the importance of security for the general public and for the large enterprise, small, medium businesses, for everyone which is that security is you can spend all of your time, all of your money, you can spend your resources. I know CEOs, presidents, cfos, executives they're up all night at times worrying about how do I make more revenue, how do I hit those numbers, how do we close the quarter strong, how do we do this in a way that you know? How are we responsible to our employees, to our partners? They're doing all this stuff to make sure that their company is growing and moving forward, but when it comes to security, a lot of times they just kind of go, they put it on the back burner or they don't prioritize security as much as they possibly could or should. It seems to me and you can tell me, am I nuts here that if I'm spinning my wheels and I'm trying to take care of my business, my baby, and I'm doing all these things to make sure that my company grows, why would?
Speaker 1:It's like having that Ferrari that you worked so hard for and you know it's. You've. You've got the best wheels, you've got the Brembo brakes. You wash it, you make sure that nobody touches it, that birds are nowhere in a. You've got a bug zapper that zaps the birds when they're 10 within 10 feet of the car so nobody's pooping on it. You do everything to make sure that that car is perfect and you worked so hard blood, sweat and tears and then you drive it into the bronx and you leave your wallet on the seat and the doors unlocked and the windows rolled down. Or you or you drive it into the garage and, uh, you forget to put the garage door up and you don't lock. You don't have any security on it. That is a crazy thought to me and I hope that this doesn't disparage I hope I'm to small, medium business owners, business owners across the gamut in such a way that they can really grasp and understand the gravity of the situation they're in.
Speaker 2:Yeah, I think, fantastic question. Here's the deal. Cybersecurity is a business driver. It needs to be Okay.
Speaker 2:The example I gave of the manufacturing company that has no PII, no driver for cybersecurity. So we didn't come in and say you need to meet every single requirement of the CISA team, okay, no, absolutely not. It's called right size cybersecurity. Okay, and so we built the right solution for their size cybersecurity. Okay, and so you, we built the right solution for their size and their need. You know, because there are a lot of things that we're not recommending they do.
Speaker 2:It could be further along in the roadmap, but you got to secure what your highest risk is, based upon the overall threats to your business. So that's one piece of it. The other piece to it is and this is why we've designed Savitar the way we did what drives companies to buy cybersecurity. If I'm a small, medium-sized business and again, I'm keeping the lights on and I'm growing, but I'm keeping the lights on Am I going to stop because I've never had a breach before and I'm not going to worry about it? Am I going to stop and say I'm going to go spend a million dollars or even $10,000 on cybersecurity? No, you're not. But for you to grow your business.
Speaker 2:If you've got to be able to answer a third-party risk questionnaire to partner with some large global company that sent you that questionnaire, you've got to meet those requirements. Yes, that's where Cybertar can come in and help you. If you need to get cyber insurance and name that large company on that policy, yes, that's where Sabotar can help you. And then ultimately, of course, you want to be compliant and secure at the same time and not have additional costs, high costs, associated with it. That's where Sabotar comes in. We're not trying to charge a gazillion dollars for cybersecurity. We don't. We have made it affordable and we've solved the whole ecosystem issue with insurance and compliance and third party risk management. We've solved all that for you so that you can affordably meet your goals all in a simple subscription and then make a subscription monthly. Ok, so instead of paying a large sum all at once, you can pay monthly. So it's a small chunk coming out that meets your business and cybersecurity goals.
Speaker 1:I like you, corey. You're speaking the language of the business. That's what I really like about your style and the way that you approach this. You put the business first. You put that in terms of hey, if you don't do this, you can be losing out on business. You can be losing out on business, you can be losing out on partnerships because you're not compliant, you're not risk conscious and you're not cost conscious. So this seems to me to be a cost conscious solution and one that puts the business first, and I really think that this is where a lot more of cybersecurity should go.
Speaker 1:I'm a part of this community and I hear the business side of it a lot right, and I'm more on the business side now than on the technical side, and, to be honest with you, I don't have a lot of technical chops. I don't have an engineering bone in my body, so I tend to take the side of the business a lot more, and I don't have an engineering bone in my body, so I tend to take the side of the business a lot more. And that question is so important why should I care? Why does this matter? And a lot of times when I ask that question of someone in the security community. I get a lot of technical jargon and it's all about you know, hackers and all that which is true, as you've we've been talking about for the last half hour or so. But really what it comes down to is how do you articulate security in such a way that the business understands that without it, it's not just a cost center, but without it revenue would go down.
Speaker 1:And in the world that we're living in, people are spooked. They don't want to do business with someone who does not have proper cybersecurity implementations. They don't want to do business with someone who has the door open because now can just walk into your house. But you're inviting your friends and your neighbors over and you're inviting their kids over for a sleepover. Nobody's going to want to come over to your house if you've got no security, knowing that in the middle of the night, a little Johnny's going to get a visit from the tooth fairy, and a very unwanted visit that's going to result in some missing teeth that he didn't intend to go missing. So look, we can extend this analogy as far as the moon, but we're running low on time, so I'm going to ask one last question what do you want your legacy to be Not just Civitar, but you, corey. What do you want your legacy to be?
Speaker 2:Once you've been in business for 30 years and run teams, you get beyond. Oh, I just want to make a lot of money, you know, and get a yacht and go on an island or something. A few things about me that give this perspective. I'm a bit of a biohacker. I plan on living at least 150 years, maybe more. So when you think you know, only I don't know a third of the way in, you know, at this point, you know I got lots of room to grow and expand, but the goal is this Because I existed, this world got better. Okay, because if you spend your time chasing money or chasing success or chasing some kind of stardom, that's, that's not deep enough, like the world has to be better. Because I exist and I've been blessed to have just a ton of experience and technical knowledge. And one thing I'll share with you, josh that I'm loving what is happening.
Speaker 2:Over the last, let's just say, 15 years, my little side hobby has been, you know, just quantum physics and just understanding how the universe works and how science works, and that moving my mindset from the Newtonian mindset of how things work and moving into a quantum mindset, and so how this ties into cybersecurity and computers, fascinates me. So check this out really quickly. Quantum computers. So when you think about what quantum computers which will be here in the next five years or so, is already partially here, when you think about what's happening with it in a quantum computer, how it's different from a legacy computer, is on a legacy computer, like we're on right now, it's looking at zeros or ones, okay, and that's it.
Speaker 2:Okay, it's either a zero or a one. But in a quantum world it's a zero or a one, a one and a zero one. It's all of that. At the same time, everything exists in a possibility, in what's called superposition. Now, here's the analogy that really blows my mind, which I love. So us, as human beings, we live in a quantum world and we're just not realizing it. Okay, you know, it's in quantum. Entanglement is what Einstein called. You know there's something spooky going on here.
Speaker 2:Spooky action at a distance. Yes, exactly, he couldn't figure it out. Like, why is this happening? So it's just like you know now. You know, Josh, you and I we've met, and we've done this together with quantum entangled, no-transcript computers where we as human beings have been living but not really realizing it. Now all that has converged into one. Okay, we have no other choice other than to embrace the quantum world. Okay, so that's what's exciting.
Speaker 1:Quantum GPT. It just makes me so excited to think about, when that happens, what it's going to be like. We're going to be cyborgs on steroids.
Speaker 2:Exactly.
Speaker 1:Yeah Well, corey, thanks, and you know we should follow up. We should do an entire episode. If you'd like to come back, the invitation is yours and we can dig into the quantum stuff. Because, you're right, quantum computing is right around the corner. I don't think that the cybersecurity community completely understands it and, like you, I have taken an interest in the quantum world and there's a significant amount of overlap and the cybersecurity in the technical world is going to become ever more philosophical. It's already a nebulous concept, but there's more to come. Corey White, thank you so much for stopping by Cybernomics. If people want to learn more about you and want to learn more about Civitar, how can they follow you?
Speaker 2:Yes, please connect with me on LinkedIn. That's where I am most active, so hit me up on LinkedIn. Obviously, it's Corey White, easy to find me. I look just like this in my profile. You see me public speaking on my picture and then, on top of that, go to Savitarai C-Y-V, as in Victor A-T-A-R, dot A-I. We have an offering for every single person out there that has a business called Freemium, because we do not believe in charging you to do a CIS assessment. That's free. On our website, josh, a gap analysis is there. You know, using CIS questionnaire, it takes about 10 minutes to go through, so it shouldn't pay anybody to do the gap analysis. Just, you know, that's free.
Speaker 1:Wow, really. Yeah, I know of companies that I hope they're not listening to this. Actually, I hope they are because you're challenging them to bring their A game. I know companies that this is their bread and butter and you're kind of eating their lunch. Sorry, go ahead.
Speaker 2:Well, here's the premise behind it If you know you don't have anything in place, companies know they're not patching or don't have multi-factor. Why do I have to? Why do you have to pay money for me to tell you hey, josh, you don't have multi-factor in place. You know that already. Go and fill out the questionnaire, figure out where your gaps are and then we match them to solutions to solve those gaps based upon the CIS-18, you know, in our platform. On top of that you get your free MasterCard risk recon scans to see what your external exposure looks like, and then on top of that, we do external scans once a month for you for free and give you free cybersecurity policies. So all that basics. That's taken care of in our freemium. Then, when you're actually ready to secure your organization, you can click subscribe right in our platform. It takes you to our e-commerce page and then we guide you or jump on the phone with us and we'll do a consultation and help build a security program for you that meets your needs and right sizes your cybersecurity.
Speaker 1:Well, you heard it here on Cybernomics, check out Civitar, and if you want to search me I don't know if you want to look for me for whatever reason check me out on LinkedIn. Josh Bruning, uh, b-r-u-y-n-i-n-g. If you want to learn more about bruning media and what we do, go to bruningcom, b-r-u-y-n-i-n-gcom and check out cybernomics. You can catch full interviews, just like this one, every wednesday morning at 7 am. Thanks for listening. Bye, all right. Bye, all right.