Somebody To Say No!

Show Notes

See how businesses can effectively manage cybersecurity challenges while aligning technology with strategic goals in this episode of the Particle Accelerator Podcast by Particle 41 featuring Norman Kromberg, founder of SommIS and a cybersecurity leader with decades of experience. Norman unpacks the impact of AI, mobile computing, and risk tolerance on organizational growth. He discusses the critical decision-making process behind BYOD policies, the importance of saying “no” to reduce vulnerabilities, and how a practical approach to technology fosters resilience. Gain valuable insights into navigating the intersection of security, technology, and business priorities in a rapidly evolving digital landscape.

🌟 Key Highlights:

Norman’s career from IT Auditor to Virtual Chief Information Security Officer. 

The evolution of mobile computing and its impact on business. Adapting to technological risks with a “yes, but” approach instead of outright “no.” 

Why treating endpoints as “cattle, not pets” fosters resilience. 

🎧 Key Takeaways: 

Balancing innovation with security in a constantly evolving tech landscape.

The role of respect and open dialogue in driving organizational change. 

How AI is transforming both cybersecurity offense and defense.

 #cybersecurity  #businessstrategy  #ai  #podcast   #riskmanagement

Chapters

• 0:00: Ben introduces the podcast and Norman Kromberg
• 3:32: Tech Trends Revolutionizing Industries

Transcript

00:00:00.040 hey everyone welcome back to the article
00:00:01.839 accelerator podcast where we talk to
00:00:03.600 Future thinking Business Leaders about
00:00:05.359 how to grow their business and uh and
00:00:08.240 accelerate their teams I'm here with uh
00:00:11.200 Norman H Norman would you introduce
00:00:13.920 yourself hey good morning good afternoon
00:00:16.680 good evening depending on where you're
00:00:18.000 at uh I'm Norman Kromberg I am based in
00:00:20.960 Omaha Nebraska I grew up in lakens so
00:00:23.439 I'm a lifelong Corn Husker fan in
00:00:25.400 football uh professionally I've spent
00:00:28.000 over 30 years developing a unque
00:00:30.320 background in information security cyber
00:00:33.879 security if you will also in it controls
00:00:36.879 governance risk and compliance um
00:00:39.559 started out in banking when I was in
00:00:41.280 college was a finance and management
00:00:43.000 major but through my career as a bank
00:00:45.280 regulator and IT Auditor and Chief
00:00:47.760 Information Security Officer rounded out
00:00:49.680 that business knowledge with information
00:00:51.640 security and it controls knowledge in a
00:00:54.920 number of different Industries but most
00:00:56.559 of that experience came from highly
00:00:58.399 regulated ones such as banking
00:01:00.600 payment processing and IT
00:01:03.280 services um currently I run a company
00:01:05.680 called sis which is my limited liability
00:01:08.280 Corporation for Consulting in Virtual or
00:01:10.960 fractional Chief Information Security
00:01:13.200 helping companies with their security
00:01:15.439 strategies road maps to move forward
00:01:17.880 especially in the concept of aligning
00:01:20.079 security and Technology with the
00:01:22.000 business goals and objectives something
00:01:24.240 I think is very challenging in this day
00:01:25.880 and age as we look
00:01:27.600 forward yeah cool awesome well um we'll
00:01:32.720 move on to some of our mean questions
00:01:35.560 here what tech Trend significally
00:01:38.520 impacted you or your industry and how
00:01:41.640 did you or your company
00:01:43.719 respond okay if I look at from the past
00:01:46.600 I would have to say the
00:01:48.680 Advent I'll start with end use of
00:01:50.759 computing but the Advent of mobile
00:01:53.159 compute whether you look at it laptops
00:01:55.640 phones tablets distributed computing and
00:01:58.560 that led to the cloud and if you think
00:02:00.479 about that in terms of the Innovations
00:02:04.759 and what it means the fact that these
00:02:07.800 devices have more compute than Apollo 11
00:02:11.120 that landed on the moon there's more
00:02:12.680 Computing capability in this than that
00:02:15.080 and we landed somebody on the moon with
00:02:16.680 something less that's just incredible
00:02:19.080 but that means you have to think
00:02:20.680 differently the fact you have a wallet
00:02:23.200 electronically that you
00:02:25.080 can go and put into a system like chat
00:02:28.480 GPT or into to co-pilot and saying write
00:02:31.800 this program for me write this letter
00:02:33.959 for me can you tell me this can you you
00:02:36.599 know show me this just
00:02:39.239 that movement and change then enables so
00:02:42.280 much more into the business and how you
00:02:43.879 think I mean I still go back to I hate
00:02:46.560 to say it I still have them next to me I
00:02:48.480 pad and paper but the ability
00:02:51.720 to capture data have it available
00:02:54.360 anywhere just because of that compute
00:02:56.959 capability is to me one of the most
00:02:59.080 significant trans that what that meant
00:03:00.840 for business how do you
00:03:02.879 adapt you know I I worked as an intern
00:03:05.280 at a bank in college and I ran a proof
00:03:07.720 machine if you understand checks we had
00:03:09.440 to make or encode the amounts on those
00:03:12.319 and we were
00:03:13.640 10 checks hardly exist today so if you
00:03:16.640 think of that Evolution comes out of
00:03:18.280 that kind of thing so you have to adapt
00:03:19.760 that way how do you capture it how do
00:03:21.040 you have accuracy how do you you know
00:03:23.959 ensure the relevancy of the data and
00:03:26.680 that's kind of important in this day and
00:03:28.040 age what is relevant what is not
00:03:30.319 so having the people and the leaders to
00:03:33.000 take advantage of that to think about it
00:03:34.680 how do you monetize it how do you
00:03:36.120 minimize the expense let's go back to
00:03:37.680 what you asked before where do you say
00:03:39.200 no or how do you do yes but what um all
00:03:43.000 comes into play so you need some of that
00:03:44.680 contrarian view that thinking on
00:03:46.599 different levels of how to take
00:03:48.599 advantage of it but also what risks and
00:03:50.480 exposure does it present to us as you go
00:03:52.879 through that Journey yeah what's some
00:03:55.200 way that you guys have clearly responded
00:03:57.280 to that that that trend of of just
00:04:00.439 device
00:04:01.720 everywhere um is there something that's
00:04:04.120 that's really for you become a core part
00:04:06.640 of what you
00:04:07.560 do well obviously there's all kind of
00:04:09.799 technologies that enable it uh if you
00:04:13.280 think about the
00:04:14.560 incling and do you trust the device and
00:04:18.279 maybe this is back to our Point earlier
00:04:20.320 where do you say no or where do you say
00:04:21.720 yes but so if you think about it do you
00:04:24.720 want the company to own the device or
00:04:26.919 are you okay with somebody bringing
00:04:28.360 their own device well if they bring
00:04:30.199 their own how do you capture control and
00:04:32.960 monitor the exposures to the company
00:04:34.919 whether it's the data you put on that
00:04:36.479 device or what that device will bring
00:04:38.639 into your
00:04:39.800 organization so what do you do to
00:04:42.320 control it how do you handle the human
00:04:44.039 factor the process factor and the
00:04:46.240 technology factors to it um so we go
00:04:48.840 through those conversations but it's
00:04:50.160 also the tolerance of risk within the or
00:04:52.600 to of risk is driven by am I okay with
00:04:55.440 this and can I respond to it or do I
00:04:59.080 want to the money to lower that
00:05:01.039 tolerance or manage the uncertainty by
00:05:04.160 I'm just going to force everybody to use
00:05:07.320 my corporate devices whether it be the
00:05:09.320 laptop tablets or phones and invest that
00:05:12.720 way now the technolog is all there to
00:05:14.240 enable each one of those but it gets
00:05:15.680 down to that what's your tolerance
00:05:17.000 what's your monetary limitations what's
00:05:18.759 your business
00:05:19.800 enablement um and I work with companies
00:05:22.160 to go through those conversations how do
00:05:23.720 you of that business yeah I would love
00:05:26.560 to so you know a lot of CEOs podcast and
00:05:31.319 so you're talking about a distinct
00:05:32.960 choice between B yod bring your own
00:05:36.280 device and corporately issued devices
00:05:39.680 and it's interesting um I've worked with
00:05:42.800 a couple of clients that have have moved
00:05:45.160 to the bod my it manager loves the BYOD
00:05:49.520 we don't do BYOD
00:05:51.880 here um we we've been a ma shot for a
00:05:55.160 while and that has risks and
00:05:57.759 challenges um but I'm interested in you
00:06:01.440 know if somebody wants to go
00:06:03.919 BYOD does that mean that they're doing
00:06:06.440 BDI served by the company so then you
00:06:08.759 have a BDI expense what have you seen be
00:06:12.120 the uh kind of tips and tricks for this
00:06:14.639 Choice whether to issue devices or
00:06:16.960 whether they not to well interesting
00:06:19.639 question um there is no I'm was going to
00:06:23.360 say the classic it all depends
00:06:26.840 um um but first of all I'll go back to
00:06:29.840 what are you trying to accomplish and
00:06:31.599 what is the
00:06:32.720 motivation um I am an advocate of BYOD I
00:06:36.360 think it puts us to the next level of
00:06:40.639 Workforce enablement corporate
00:06:42.240 enablement and all that and it can
00:06:43.599 reduce the workloads but for example
00:06:46.599 it's not always all or none you can even
00:06:49.639 segment the company that says certain
00:06:51.360 individuals are going to be can do buod
00:06:54.280 other ones you may not so if you're
00:06:55.639 system admins probably going to tell you
00:06:57.720 any system admin I want them on a for
00:06:59.840 device because of what they that role
00:07:02.599 will do to the
00:07:04.039 Enterprise um but if it's somebody in
00:07:07.039 sales marketing maybe we're better off
00:07:09.680 with them and we have um certain
00:07:12.319 controls on the devices they're using
00:07:14.400 but let's face it we still come back to
00:07:16.039 a simple Point here these are employees
00:07:19.319 people we've established trust with and
00:07:22.720 I think we need to think through where's
00:07:24.639 that line of what can we do technically
00:07:26.720 b a wh point do we continue to say there
00:07:30.199 blessed to be part of this organization
00:07:32.479 we've given them the rights they have a
00:07:34.520 need to know and I follow that least
00:07:36.240 privileged need to know concept that
00:07:37.840 says what kind of data can go where and
00:07:40.120 what's their access to it that can then
00:07:41.560 drive what you do at the end point so it
00:07:43.639 would be a conversation with those CEOs
00:07:46.199 what is their knowledge what is their
00:07:47.560 tolerance of risk and it may be a series
00:07:49.199 of conversations so a lot of times this
00:07:51.599 isn't the end answer it's the process
00:07:53.919 and the journey to it which allows you
00:07:55.759 to keep going through this conversation
00:07:57.639 over time that's great that's great so
00:08:00.599 good well what three technology
00:08:02.960 Innovations are you betting on for your
00:08:05.000 future business growth this is
00:08:06.800 definitely the future question okay are
00:08:09.000 there three technology innovations that
00:08:10.800 you just call out that's going to like
00:08:12.479 either rock your world or make
00:08:14.080 difference
00:08:15.440 s um I'm not sure there's three right
00:08:18.120 now there's one and it's called AI MLL
00:08:21.199 whatever you put them um word not cuz
00:08:24.240 let's face it it's being used in every
00:08:26.440 advertisement shoot the new apples Apple
00:08:28.840 AI you know you just hear this all the
00:08:31.400 all over so I think that's going to be
00:08:33.599 enabl and I think the reason it's
00:08:34.919 getting so much attention is it can be
00:08:36.519 very simple for somebody but also
00:08:38.519 enables some of the most complex things
00:08:40.200 to be achieved you heard me earlier
00:08:42.000 reference I can just go into chat GPT
00:08:44.320 and say write this program for me well
00:08:47.040 it's taking open source to the next
00:08:49.040 level isn't it um you can ask it what
00:08:52.920 did I do last week I mean so I think
00:08:56.040 that technology of AI then you couple
00:08:59.000 that with the amount of listening that's
00:09:01.040 occurring around you I'm sitting here
00:09:03.600 with a device from Amazon I can't say
00:09:06.800 the name because it'll start talking to
00:09:08.519 me um the other ones from Apple but then
00:09:11.920 you combine that with AI and what can
00:09:14.000 that do for enablement of a business and
00:09:18.440 then the amount of data that's
00:09:21.360 available to then make that happen but
00:09:23.959 also I think we have to put it in
00:09:25.160 context when I think of AI you know the
00:09:27.640 mobile computer the listening with you
00:09:29.399 and the data
00:09:32.279 is it's been around for a long time and
00:09:35.440 I mentioned before I came out of credit
00:09:37.040 card if you think about fraud detection
00:09:39.079 with credit cards or payments even back
00:09:41.160 30 years ago it was dependent on
00:09:43.880 algorithms that would capture data
00:09:46.079 immediately and then make a decision of
00:09:47.680 whether to let the transaction go ask
00:09:50.200 for somebody to call or do that well in
00:09:52.720 essence that's what AI is doing for us
00:09:54.519 today but with more speed more
00:09:57.640 data and quick
00:09:59.880 response back in movement
00:10:03.200 now that is powerful to enable business
00:10:06.320 to move at speeds we hadn't seen before
00:10:09.320 um but it does come with risk so if you
00:10:11.839 ask it was the AI the ability for
00:10:14.959 technology be in your world every minute
00:10:17.920 and the amount of data out there and the
00:10:19.839 use of that data yeah I totally
00:10:22.560 agree
00:10:24.760 um yeah and it'll be interesting to see
00:10:27.959 how there's like AI
00:10:30.000 offense and AI defense in this cyber
00:10:32.880 security space
00:10:35.120 right and which ones and you put it
00:10:38.240 offense and defense you flip the
00:10:39.839 equation somebody will say what I
00:10:41.160 thought was offense is now defense and
00:10:42.920 defense is offense depending on who you
00:10:44.680 are and where you come from right right
00:10:47.040 and that high blows some people's minds
00:10:48.480 to think along those lines but that's
00:10:50.360 part of what I have to do every day as I
00:10:52.360 talk to people challenge their view on
00:10:55.360 on things to make sure we think through
00:10:57.200 the different risks and alternatives
00:10:59.560 yeah makes sense well um what do you
00:11:02.360 think there what are the most
00:11:04.000 significant gaps between your digital
00:11:05.880 Ambitions and realities today what are
00:11:08.800 some gaps for
00:11:10.440 you kind of keep
00:11:12.880 get I I would say it's the human factor
00:11:16.440 um and
00:11:18.000 expectations and I know that's an easy
00:11:19.839 one to come back to but when you think
00:11:21.160 about it you can Envision I'm highly
00:11:22.680 conceptual by by thinking along with
00:11:25.600 some
00:11:26.399 analytical so I conceptualized
00:11:29.600 a world with a lot of technology and on
00:11:32.800 the three points I just made when you
00:11:34.160 can buy AI with the ability to listen
00:11:36.360 and be there with the data but you've
00:11:39.000 got the human factor and how far do you
00:11:41.040 go back to account for the different
00:11:43.279 versions I mean you've seen these things
00:11:44.920 posted that say how old are you when you
00:11:47.440 you know did you ever use a rotary phone
00:11:49.360 did you ever have an a track did you you
00:11:51.720 know have a VHS tape and you know it's
00:11:54.040 getting scary now and things I thought
00:11:56.160 were my middle age are now not even
00:11:58.639 handled by
00:12:00.279 the the younger people today but that
00:12:01.959 plays into how do you make to your
00:12:04.440 question enable all this because you
00:12:06.880 still have to account for those people
00:12:08.079 who aren't there you know you go to get
00:12:10.480 on a plane today what 75% of people have
00:12:13.760 their boarding passes on the device but
00:12:15.560 they're still ones who have the paper
00:12:17.320 because they don't have the device and
00:12:19.519 my dad just gave up his flip phone he
00:12:22.399 would have gotten one if there would
00:12:23.480 have been somebody to sell it well how
00:12:24.880 do you balance all that as you move
00:12:26.720 technology because you still want to
00:12:27.880 account for it that accounting for it
00:12:29.920 leaves tech technical debt within these
00:12:32.360 organizations that as you look for
00:12:35.000 security sometimes that's the easiest
00:12:36.959 path then so you can't forget about it
00:12:38.880 so you want to know about it and linking
00:12:41.160 it and at what point do you retire at
00:12:43.560 yeah our our our company focuses on
00:12:47.480 application
00:12:48.760 modernization and we're finding that
00:12:50.800 application
00:12:52.560 modernization the you know we love
00:12:54.800 partnering with msps and cber security
00:12:57.839 companies because they're finding that
00:13:00.440 technology debt that needs to be
00:13:02.279 refactored and replaced and we love
00:13:05.800 those process the process of taking um
00:13:09.320 both the new need like what does the
00:13:11.000 software really need to do in the new
00:13:12.519 world uh and
00:13:14.760 also uh kind of the the idea of looking
00:13:18.760 at the kind of doing an archaeological
00:13:20.639 digs like okay Welling in the past uh we
00:13:24.279 were replacing a Cobalt application and
00:13:27.240 we realized that their idea of a daily
00:13:29.399 average was to always divide by
00:13:31.800 31 where any modern program knows the
00:13:35.639 number of days in a month you say hey
00:13:37.480 give me a daily average and it is
00:13:39.320 calculating a daily average it knows 29
00:13:42.160 28 31 it knows those numbers inside of
00:13:45.399 itself you don't even have to specify a
00:13:48.720 daily average it knows how many days are
00:13:51.199 in those cycle in those
00:13:53.519 ranges um and then but to see uh you
00:13:57.440 know to see it do a hard 30 one and so
00:14:00.320 we've even been using AI to discover
00:14:02.759 some of those business Logics that maybe
00:14:06.120 um because the hardest thing to do
00:14:08.079 between the old system and the new is
00:14:10.160 race them you know put them you know put
00:14:12.519 them next to each other and you stare
00:14:14.240 and compare when you're in a completely
00:14:16.040 new world trying to compare it to an
00:14:18.440 older irrelevant one um so yeah I would
00:14:22.440 I would uh kind of extends like not only
00:14:25.199 is it the human element which is yeah
00:14:27.600 people always did what they were supp to
00:14:29.920 do um then you wouldn't have quite as
00:14:33.480 much risk as you have uh have now you
00:14:36.040 could you could get risk to zero but
00:14:38.279 with people in a mix uh risk will never
00:14:41.440 be zero and it's interesting there so
00:14:44.320 think of this and I go sometimes I go
00:14:46.639 back to the past or lessons and guidance
00:14:49.120 of what we're going to look at the
00:14:50.120 future so your story right there you
00:14:52.160 know what came to mind for me was Y2K I
00:14:54.320 was actually demand centers and stuff as
00:14:56.560 we went through that cycle company with
00:14:58.720 at the time our first location was in
00:15:01.040 New Zealand so that was early in the
00:15:03.079 morning here in the states and we just
00:15:05.440 followed it all around the globe but I
00:15:07.920 think back to your point of replacing a
00:15:10.079 Cobalt program but the whole y 2K thing
00:15:12.480 was they had to save space so they went
00:15:14.800 to two digits versus four and most of
00:15:17.360 them used window so we may have another
00:15:19.560 Y2K issue come up in a couple years when
00:15:21.680 you have to get to 50 cuz they use the B
00:15:25.199 50 or less is this first two digits if
00:15:27.639 is 50 or more these two digits 19 versus
00:15:31.000 20 but now with AI and the you know that
00:15:34.600 how quickly or how easily can that be
00:15:36.680 accomplish or what will it mean once we
00:15:39.800 get to that you know into the 2040s when
00:15:44.880 we have to start dealing with it or I
00:15:46.880 won't be because I probably won't be
00:15:48.120 working then but so to your point on
00:15:51.440 those simple things of doing side by
00:15:53.279 side so I'm fascinating somebody thought
00:15:54.720 you do 31 well we all know it's some are
00:15:57.600 30 some are 31 sometimes it's 28
00:16:00.120 sometimes it's 29 yeah
00:16:03.120 uh and those are the things that come
00:16:05.440 back to bite you because all a sudden if
00:16:07.399 you hadn't counter report it in that
00:16:08.880 digital enablement guess what
00:16:10.959 something's wonky and that's why I go
00:16:12.839 back to what I said before data the
00:16:15.079 Integrity of the data and how it's used
00:16:17.480 is so critical I actually came up an
00:16:19.680 acronym for myself I call it the rack
00:16:21.639 test relevant accurate and timely yeah
00:16:25.759 and I keep thinking of that my mind for
00:16:28.440 all this not just at the data level but
00:16:30.279 how it goes through the applications how
00:16:31.800 it gets to the device how is it used
00:16:34.560 it's it can keep you up at night times
00:16:37.440 but for sure well what do you think the
00:16:40.120 biggest challenge is for you and your
00:16:42.399 company maintaining a Competitive Edge
00:16:44.440 in your
00:16:45.880 industry
00:16:49.880 uh I think what we're facing and
00:16:52.440 especially as cyber security now we at
00:16:53.839 an interesting Pivot
00:16:55.360 Point
00:16:57.279 um and this is me relying on the past as
00:17:00.480 we look to the Future I'm not sure
00:17:03.199 security is going to be as critical in
00:17:06.119 the structure of the business as has
00:17:08.559 been for the last 10 to 20 years and I
00:17:10.520 think what we're facing is and maybe
00:17:12.119 it's the evolution of the technology and
00:17:13.599 all this but it's the concept that the
00:17:17.000 fear and certainty and doubt you know
00:17:18.640 the fear of being taken down by
00:17:20.959 ransomware or malware or a hack or a
00:17:24.240 breach or an incident just let's be
00:17:27.679 frank hasn't material realized to the
00:17:29.760 catastrophic layer that some people
00:17:31.919 thought it might or still May contend it
00:17:34.400 would companies have survived and I draw
00:17:37.679 the comparison to they have to go
00:17:39.080 through hurricanes natural disasters
00:17:41.320 those events occur so you have to be
00:17:43.160 prepared for those uh another analogy I
00:17:45.720 use is the ship that ran into the bridge
00:17:47.919 in the Baltimore Harbor shut down that
00:17:49.760 shipping land in a bridge the bridge
00:17:51.320 still doesn't rebuilt you have to adapt
00:17:53.919 so I think what we're facing on the
00:17:55.200 security side is the fact that it's
00:17:57.880 coming into the same level as other
00:18:00.400 administrative or control functions in
00:18:02.400 an Enterprise there is procurement
00:18:04.919 there's accounting there's facilities
00:18:07.480 there's marketing there's HR there's all
00:18:09.880 these functions why think Security is
00:18:11.400 coming down to that what that means from
00:18:13.159 a competitive nature for somebody like
00:18:14.840 me is okay how do you help businesses
00:18:17.120 put it in in an efficient logical method
00:18:20.200 link to the business objectives in
00:18:21.919 partnership with technology and those
00:18:23.559 other functions and a little bit of
00:18:26.200 humbleness do we really need to be
00:18:27.919 sitting in the boardroom do we really
00:18:29.640 need to report to the CEO asking those
00:18:31.919 questions helps us then say how do we
00:18:34.640 find the right competitive placement
00:18:37.679 customers or enablement of a s security
00:18:40.360 program and I'm finding there's a fair
00:18:43.400 amount of receptiveness to that logic
00:18:45.880 because it helps to see go I don't have
00:18:48.360 to spend as much time and I really look
00:18:50.000 at a level of success on a project or an
00:18:52.960 engagement to say can we get the CEO or
00:18:56.200 the CFO who tend to be the two people
00:18:57.919 that talk to the board and are
00:18:59.559 accountable to the
00:19:00.679 shareholders to be able to explain the
00:19:04.039 security program in the most fundamental
00:19:06.039 way so that the ceso Chief Information
00:19:08.120 Security Officer does not have to be
00:19:09.720 there or do it for the CI whoever the
00:19:12.400 structure is can we enable that that
00:19:15.080 pulls it back to me that says that's
00:19:16.799 when you've aligned it with the business
00:19:18.120 so they can explain it in that context I
00:19:20.200 know that's a little different than here
00:19:21.400 in some other places but I think that's
00:19:24.159 what we're facing in the future and
00:19:25.360 that's what I'm seeing is my challenge
00:19:26.679 is to help that become division within
00:19:29.880 these organizations and how to have a
00:19:31.480 structure to do that so you you you're
00:19:34.679 an absolute unior and I love it um you
00:19:38.440 really are because um there's a book
00:19:41.000 that we read in devop space called The
00:19:43.679 Phoenix project
00:19:45.640 WR and um one of the characters in the
00:19:48.760 book is kind of the ceso or the
00:19:50.799 compliance
00:19:52.080 Guy and um at one point the the
00:19:55.600 company's moving quick they're taking a
00:19:57.320 lot of risks and they they he feels
00:19:59.520 unheard like he feels like his uh you
00:20:03.240 know kind of
00:20:04.600 overactive um overactive measures were W
00:20:08.760 and then he is
00:20:10.919 um the the character in this book is
00:20:13.880 mortified when all hell breaks loose
00:20:16.520 because of a compliance incident but it
00:20:19.440 is you know an audit that's not passed
00:20:22.080 by the investors or something but then
00:20:24.559 through
00:20:25.480 conversation the compensating controls
00:20:27.960 are are ulated so like hey we do this
00:20:32.600 with people yes no these all these
00:20:34.640 sophisticated measures weren't in place
00:20:37.400 but was it really a problem like can we
00:20:39.880 move forward and in this case it but it
00:20:43.080 devastated the uh the ciso it devastated
00:20:46.720 the person whose purpose has been to
00:20:49.600 have the I Told You So moment at the at
00:20:52.159 the critical failure point right um and
00:20:55.760 so it's kind of a book kind of applies a
00:21:00.200 metaphoric lesson to um to like it'll
00:21:04.280 all be okay we make stage appropriate
00:21:07.320 decisions it sounds like you're the kind
00:21:10.279 of ceso though that wants to kid keep
00:21:12.320 the kids away from the
00:21:13.919 knives in the simplest form like hey I
00:21:16.880 want to make sure that this is a safe
00:21:18.480 place for you to innovate and if the CE
00:21:21.640 CEO and seef understand those guard
00:21:24.720 rails then you
00:21:27.240 win EX interesting way you put that
00:21:29.679 because it does put it in context and so
00:21:31.960 way I describe it sometimes is can we
00:21:33.760 reduce the level of uncertainty and I
00:21:36.039 think you're point there is okay the
00:21:38.279 kniv is one of the most dangerous things
00:21:39.760 for a kid so you don't want them to get
00:21:41.600 access to it because the level of
00:21:43.880 uncertainty for their survival man
00:21:46.039 you're really scared well as they get
00:21:48.960 older can you open that up as you've
00:21:50.919 learned and taught them so can we create
00:21:53.120 environments like that
00:21:55.760 or what's the so what so I've used the
00:21:58.159 term also when I look at compin keep
00:22:00.440 mind I came up as a regulator so the
00:22:02.840 ultimate in checking on ORS because you
00:22:04.679 have the power to do a lot especially in
00:22:06.480 banking I've been an IT Auditor of
00:22:08.760 several different organizations so if
00:22:09.919 you think about it I've come through
00:22:11.640 that compliance world that regulatory
00:22:13.880 world that audit world and so the way I
00:22:16.440 looked at all these Reds and stuff I use
00:22:18.919 the term it's the Trojan Wars in a lot
00:22:21.080 of cases it's the easy way to explain
00:22:23.279 something to those Layman to to the
00:22:25.159 board because they did we pass this are
00:22:27.360 we meeting this well it opens the
00:22:29.279 conversation blop then what I can do
00:22:30.919 withinn that is have the controls for
00:22:32.960 technology for audit that really enable
00:22:35.279 the business and I look at it what are
00:22:37.840 those key controls underneath there that
00:22:39.679 will reduce the level of uncertainty put
00:22:42.279 us in the best position to handle what
00:22:44.679 comes at us and handling of can be how
00:22:47.559 you design applications so you you
00:22:49.640 mentioned Dev offs one of my pet peeves
00:22:52.440 is I hate the word Dev SE Ops why do we
00:22:54.720 separate the two let's pull them
00:22:56.200 together shouldn't it be one and with
00:22:57.880 the AI and the technology back to the
00:22:59.559 data the listening and the AI an
00:23:03.440 operation Center can do a lot more if we
00:23:05.600 put the right information to them um but
00:23:09.159 what I think our challenge was security
00:23:10.760 separated itself for so many years and I
00:23:12.919 think a lot of developers said I don't
00:23:14.919 have to worry about secure coding that
00:23:16.279 security group is going to do it well
00:23:17.640 let's pull it back and say they are
00:23:19.679 professionals one of their requirements
00:23:22.120 is as you build this application this
00:23:24.720 process this technology account for what
00:23:27.679 we need for the business is to make
00:23:28.919 money account for the security account
00:23:30.799 for what we need to meet the basic
00:23:32.400 compliance rules and how do we keep it
00:23:35.279 enabled so we can survive incidences I
00:23:37.440 think yes I guess I I just used a lot of
00:23:40.159 words you got me in a silt box to say
00:23:41.919 yeah let enable the business and it's
00:23:44.559 okay to take risk you're not going to
00:23:46.600 prevent 100% of things so
00:23:49.120 let's be in the business of taking risk
00:23:52.559 yeah love it love it well what lessons
00:23:55.360 have you learned from Tech initiatives
00:23:57.159 that fail to deliver EXP Ed value one
00:24:00.559 lesson I hate this term because people
00:24:02.360 say oh this failed very few of the tech
00:24:04.720 projects have ever failed now you may
00:24:07.039 have had a grand and glorious view but
00:24:08.840 if you got to 50 to 75% why is that not
00:24:11.720 a success in certain cases so and maybe
00:24:16.440 this is my conceptual and sometimes we
00:24:18.559 will find out we succeeded in other ways
00:24:21.679 that we hadn't anticipated so you know
00:24:24.880 when you ask that my first reaction is
00:24:26.520 I'm not sure anything fails because you
00:24:27.960 can learn from the mistake you can react
00:24:30.279 to the mistake if it is in fact a
00:24:32.240 mistake um great example coming out here
00:24:35.200 a few weeks ago crowd
00:24:37.559 strike I mean I was sitting back and
00:24:40.159 thankfully I wasn't in an operational
00:24:42.039 role but some of the things you learned
00:24:44.080 so first off most people didn't realize
00:24:47.360 how big of impact crowd strike has
00:24:49.159 around the globe let's face it that's a
00:24:51.360 learn is it a mistake or a problem well
00:24:55.200 it's a problem not necessarily a mistake
00:24:57.520 but
00:24:58.840 one single line of code in an update
00:25:02.600 that got through QA and process of the
00:25:04.600 released into the companies who did Auto
00:25:06.520 relases because they were on the
00:25:07.799 security side back to my examples or do
00:25:09.960 you really need to update immediately
00:25:11.480 it's a good question to ask now but
00:25:13.320 those who did immediate updates found
00:25:14.919 they had a blue screen of death boy the
00:25:17.840 interesting thing you learned from there
00:25:19.480 is how many companies had effective
00:25:21.520 incident response we could talk to each
00:25:24.240 other and get going I've heard stories
00:25:25.600 of people who were up in an hour or two
00:25:28.000 no no problems they just got the patch
00:25:30.080 applied it some took a few more hours
00:25:32.520 primarily because it happened overnight
00:25:33.960 so they get people up and in then we've
00:25:36.039 heard the stories of certain companies
00:25:37.720 that went for over a week all of which
00:25:40.559 if you pull back the layers tells you a
00:25:42.200 lot about those processes so when you
00:25:44.799 ask what's the biggest one I like to
00:25:46.720 learn lessons from each one and I think
00:25:48.520 there's opportunities they may have been
00:25:50.720 a success but on a different scale yeah
00:25:53.600 we're huge advocates for this concept of
00:25:57.880 it's called pets versus cattle and and
00:26:00.600 of course you don't want in points that
00:26:03.320 are like pets right where the only the
00:26:05.559 only way they continue to operate
00:26:07.240 properly is if you go feed them and
00:26:09.080 water them stroke and and bet them
00:26:13.399 cattle there's a problem you just you
00:26:16.000 just kind of I'll be I'll be BL you kill
00:26:19.159 them and get new ones right you uh you
00:26:22.880 don't have an attachment to them and so
00:26:26.880 um the the more practical way of saying
00:26:29.320 this is is you know spending the time to
00:26:32.080 invest in an infrastructure pipeline not
00:26:34.720 just a code pipeline so one of our
00:26:36.919 clients was a c crowd strike user they
00:26:40.320 had auto updates
00:26:42.200 on um their laptop started glitching and
00:26:45.559 they were already up later they had they
00:26:48.520 had Personnel already up late deal
00:26:51.840 dealing with a deployment and and
00:26:53.799 they're kind of already online and their
00:26:57.000 laptop started so that automatically
00:26:59.559 it's like okay something is going on
00:27:01.520 here that's not part of our deployment
00:27:03.559 because it can't be an AWS issue my my
00:27:06.440 laptop isn't on AWS right um and so they
00:27:10.679 were able to just reprovision the
00:27:13.480 infrastructure and their system
00:27:15.559 automatically deployed the latest things
00:27:17.520 on top of it because they had a full um
00:27:21.039 we we built them in infrastructure
00:27:22.760 Pipeline and a code pip not just a code
00:27:25.640 pipeline which is what most customers
00:27:27.679 will order
00:27:29.320 or or want to have done we did the
00:27:31.080 infrastructure pipeline as well and so
00:27:32.799 they were able to recover before any
00:27:34.799 clients
00:27:36.080 noticed um and um and I think that
00:27:41.360 differs greatly oh and but then when
00:27:44.919 when the online did happen um or or
00:27:48.440 maybe it was maybe it was H the client
00:27:51.159 he tried to go buy something later that
00:27:53.679 morning he couldn't he couldn't purchase
00:27:56.200 it because the credit card processor for
00:27:58.799 that particular um gas station or
00:28:01.279 wherever he went that morning couldn't
00:28:03.360 yeah you he couldn't buy his Donuts so
00:28:05.679 he was like this is great because we
00:28:07.679 invested in this infrastructure pipeline
00:28:10.080 we weren't able to
00:28:11.720 recover and I couldn't buy my Donuts the
00:28:15.440 next morning right so just phenomenal um
00:28:19.799 that that they were able to validate
00:28:22.279 some of that investment and work that
00:28:23.919 they had did work that they had done
00:28:26.320 even more so than some pretty major
00:28:28.399 credit card processors many people
00:28:30.760 couldn't get a keyboard on that machine
00:28:33.840 right they couldn't boot into safe mode
00:28:35.919 and Le the just this it was all manual
00:28:39.960 it still even in the cloud or even in
00:28:43.679 this and you think about the evolution
00:28:46.399 here simple things like who understands
00:28:48.799 command levels because at some point you
00:28:50.360 may have to get down to the single
00:28:51.600 command level those of us who grew up
00:28:53.159 with you know the original Windows the
00:28:54.720 MS DOS everything was Command right
00:28:58.399 typing commands well some of that's
00:29:00.080 still going to be relevant with all this
00:29:01.679 new technology but number of people who
00:29:04.080 understand it so that plays into the
00:29:05.960 future too is the capabilities to
00:29:07.760 respond update I like what you said
00:29:09.919 though at what point do you just say I
00:29:11.320 could trash it is is this a commodity or
00:29:14.799 a business supply versus an asset and
00:29:17.559 many people don't even put laptops on
00:29:19.240 their balance sheets anymore because
00:29:21.360 they're fully depreciated well why not
00:29:23.000 treat them that way especially when you
00:29:24.240 get things like Chromebooks and all of
00:29:26.320 that into the mix so it's it's
00:29:28.880 fascinating to see how you can respond
00:29:30.519 from something like that and learn from
00:29:32.120 it yeah for sure um yeah we uh we just
00:29:37.200 feel like the world is uh is a little
00:29:40.279 bit easier just to treat it as cattle
00:29:42.679 like kill it redeploy it you're all good
00:29:45.000 and as we move into containers more it's
00:29:48.360 even more so like the the Reconstruction
00:29:50.760 of the container
00:29:52.640 should well and it's fascina you say
00:29:55.039 that I'm just dealing here you know I've
00:29:57.519 come to real ization I don't need the
00:29:59.279 physical device as much I as I mentioned
00:30:01.480 earlier I put my data personal and work
00:30:03.880 in the cloud I you know if you configure
00:30:07.000 it's going to be
00:30:08.200 safe but the ability then to be
00:30:10.880 independent of the device is fascinating
00:30:13.200 I can bounce between four five devices
00:30:15.320 like that whether it's the phone the
00:30:16.760 tablet a computer somebody else's if I
00:30:18.840 have to and I think of this R of ours
00:30:22.320 lost their had their wallet stolen in
00:30:24.519 Chicago over the weekend and I justed go
00:30:26.480 back to can I get to a cop of my
00:30:28.440 passport or my driver's license without
00:30:30.640 the devices around me I know it's a
00:30:32.760 simple one but I'm can go yeah I can go
00:30:34.760 up to a TSA agent hey I can show you who
00:30:37.480 I am can you let me log into your device
00:30:39.200 probably wouldn't let me because of
00:30:40.279 their security rules but to be able to
00:30:42.679 get to that data and information with
00:30:44.399 such ease and energy supports your idea
00:30:47.000 can we treat them as cattle or you know
00:30:49.240 it's like a pencil can we just pass
00:30:51.559 theil get a new one that's sharpened
00:30:54.679 yeah that's cool yeah I would love that
00:30:57.480 um so how do you how do you cultivate a
00:30:59.840 culture of innovation digital fluency
00:31:06.600 organization I first word it comes to
00:31:08.799 Minds
00:31:09.960 respect and the ability to listen and
00:31:12.600 engage with all the users of the
00:31:14.320 participants and it's going to depend on
00:31:16.039 the the kind of business you're in where
00:31:17.919 you know when you say users of the
00:31:19.000 people can be customers it can be
00:31:20.360 vendors it can be shareholders it can be
00:31:22.039 employees it can be contractors it can
00:31:24.760 be a philosophical could be you know a
00:31:27.360 sector if if you're in government or
00:31:29.120 higher education or not for-profits or
00:31:31.960 whatever but when I say you know respect
00:31:34.080 is
00:31:35.159 listen and try to put and answer
00:31:39.799 questions needs with technology in their
00:31:42.440 vocabulary remember when I said back to
00:31:44.440 the CEO and them being able to do the
00:31:46.880 update can you imagine the conversation
00:31:48.760 if they're somewhat knowledgeable and
00:31:51.480 you've respected and it says here's the
00:31:53.080 facts let them come back to you and in
00:31:55.600 their verbiage you'd be amazed what
00:31:57.440 could come out of the the
00:31:59.519 technology um I remember a conversation
00:32:01.960 I had years ago when I was engaging on a
00:32:04.320 secur a strategy assessment for security
00:32:06.480 and we were meeting with the CEO old
00:32:08.720 very old gentleman you know classic you
00:32:11.320 know short sleeve shirt dress shirt and
00:32:14.760 when we started out goes I don't know
00:32:16.159 why I'm talking to you about security
00:32:18.399 and go I'm not necessarily here to talk
00:32:20.000 about security I'm here to learn about
00:32:21.880 your business he goes you want to learn
00:32:23.360 about the business yeah tell me how you
00:32:25.559 what you do and all this so we go
00:32:26.799 through all this and they were more in a
00:32:28.360 commoditized business and he came back
00:32:29.880 and said the most important thing to him
00:32:31.559 was variable expense so then we got into
00:32:34.200 the conversation of how does technology
00:32:36.120 security play into their ability to
00:32:39.519 manage that variable expense so when he
00:32:42.440 asked the question how do you get that
00:32:44.120 it got him thinking okay these are the
00:32:45.760 factors that play into it I'm going to
00:32:47.600 respect the CIO and his business come
00:32:51.000 for five to 10 years that CIO is now a
00:32:53.320 critical player at the
00:32:54.919 table commenting on all the security
00:32:57.399 things technology things enabling the
00:32:59.799 business so I think when you show that
00:33:02.639 respect that conversation really plays
00:33:05.320 into helping that move forward because
00:33:07.600 they may not try to be the enabler by
00:33:11.080 what this we have to do for technology
00:33:12.799 but they can explain the business that
00:33:14.320 if you talk to them give them some
00:33:16.360 options might be surprised what comes
00:33:18.159 out of it yeah I find a lot of time it
00:33:21.639 say technologists we're talking to
00:33:23.840 people who are using results language
00:33:26.679 and then we talk to them Solutions
00:33:28.679 language like they're saying Hey I want
00:33:30.639 to accomplish these results and rather
00:33:33.519 than staying there okay let you
00:33:36.399 understand more about the results that
00:33:37.880 you're trying to achieve um you know if
00:33:41.200 you simply ask a developer hey by when
00:33:43.480 will it be done and then they start
00:33:45.679 getting you the solution well I need to
00:33:48.320 make the flux capacitor flux a little
00:33:50.240 bit it just it's a bad conversation it
00:33:53.720 works um and so sounds like in this use
00:33:57.440 case just brought up they they stayed in
00:34:00.600 results conversation right okay variable
00:34:04.159 expenses that's the goal okay let's see
00:34:06.519 how we can help you with that and um and
00:34:10.040 and I find that like I often find that
00:34:13.239 as technologist would cross that
00:34:14.879 boundary when but if we just stayed in
00:34:17.239 results language used results language
00:34:19.520 to
00:34:20.359 articulate uh it would be it would be
00:34:22.719 understood it's they're almost like two
00:34:24.760 different languages if if brought
00:34:27.040 against each other
00:34:28.679 you know it calls to mind um from the
00:34:31.440 past a mentor of M as I was dealing with
00:34:33.280 risk and control and all this
00:34:37.199 and this professional share it it's not
00:34:40.480 the end result it's the journey as you
00:34:42.520 go through it so while we might have
00:34:45.399 gotten to a point that said the risk is
00:34:47.280 this it was the conversation as we got
00:34:49.719 there so to your point results versus
00:34:52.480 solution we may have bounced between
00:34:54.520 those through that whole conversation on
00:34:56.320 risk and it was an any number of context
00:34:58.320 it could be disaster recovery business
00:35:00.599 continuity you know how much security to
00:35:02.760 put in what technology approach to use
00:35:04.760 you know how much Cloud you go whatever
00:35:06.280 it is it's the
00:35:07.839 conversation and that by which is really
00:35:10.680 the end result not the answer because
00:35:12.560 then you can keep coming back to that
00:35:14.599 maybe it's a circle of life quote The
00:35:16.640 Lion King
00:35:20.800 uh well share an experience with
00:35:23.280 somebody who's just starting their
00:35:24.920 Journey um or or share some advice like
00:35:27.720 what would you say to the Young Buck
00:35:29.440 that's coming into the security my son
00:35:32.400 right now is in in college he's getting
00:35:34.200 a cyber security
00:35:36.720 degree um which is basically computer
00:35:39.400 science plus is what I'm
00:35:41.800 finding um uh you know what advice would
00:35:45.240 you give to someone who's entering the
00:35:50.119 space
00:35:51.880 ah good luck
00:35:54.839 um uh understand what securities there
00:35:57.800 to do and I would say appreciate the
00:36:01.400 factors of the business side like I know
00:36:04.440 it's all you know probably getting a
00:36:06.160 highly technical degree all those
00:36:08.599 factors but understand and learn the
00:36:11.440 other parts of it and now I respect some
00:36:13.760 of the classes I took that were outside
00:36:15.160 the College of Business and less
00:36:16.440 technical you know history of American
00:36:18.960 Jazz you know art classes economic
00:36:22.440 geography some of these things that were
00:36:23.960 more not my wheelhouse but I still go
00:36:26.119 back to those principles so I'd say
00:36:28.240 make sure you have a broad enough
00:36:29.520 Horizon to appreciate what you're trying
00:36:32.359 to secure cuz let's face it does it have
00:36:35.560 to be secure well why being able to
00:36:38.319 answer those questions so you understand
00:36:40.119 what's all being in there that would
00:36:41.920 mean you know hanging out with some
00:36:43.800 business students heart students
00:36:45.960 expanding your horizon volunteering and
00:36:48.359 things an interesting thing I've heard
00:36:50.800 lately though is and maybe this is
00:36:53.960 because I'm talking to more security
00:36:55.319 people it seems like the Security
00:36:56.960 Professionals are more engaged with each
00:36:59.480 other in networking and talking and
00:37:01.839 within an organization and maybe it's
00:37:03.440 because they have to answer those but
00:37:05.720 being that leader that helps the
00:37:07.280 technology side that may not have done
00:37:09.480 it and I'm not sure they haven't it's
00:37:10.880 just the view somebody shared that okay
00:37:13.599 the security guys are more open and
00:37:15.319 networking and talking than the it
00:37:20.280 gu but to any professional coming in
00:37:24.079 being open listening um expanding our
00:37:27.000 Horizons being patient
00:37:29.960 uh and keeping multiple paths open I
00:37:32.640 don't know that security is going to be
00:37:33.880 the same in 5 to 10 years as it is today
00:37:36.560 and it certainly isn't the same as it
00:37:37.880 was 10 years ago or 20 years ago I
00:37:40.280 started out in the mid
00:37:42.800 80s uh early 90s the term ciso did not
00:37:46.240 exist ransomware did not exist breach
00:37:49.200 did not exist in the same context so be
00:37:52.040 Cog that Evolution and that's why I look
00:37:54.520 back to the history shared this story I
00:37:57.079 was told they used to have vice
00:37:58.520 presidents for power or electricity in
00:38:00.560 companies why because you had to have
00:38:02.599 programs and process process in place to
00:38:04.839 get electricity for the work today at
00:38:08.160 best it's covered by procurement for
00:38:09.839 somebody in a county who monitors the
00:38:11.560 utility bill because you just naturally
00:38:14.000 have power so beware of that Evolution I
00:38:16.960 kind of think that may happen with our
00:38:18.280 security world it's going to evolve to
00:38:20.599 where if we engage pulling it together
00:38:24.160 the developers the seup the devops all
00:38:27.200 these functions will help enable the
00:38:29.200 security probably won't be to the same
00:38:31.200 degree as it is today so being creative
00:38:33.280 open look to the
00:38:34.920 Future yeah that's great yeah I mean um
00:38:39.040 a a goal aligned
00:38:41.599 uh cyber security officer is almost like
00:38:44.839 an oxymoron right it's it's more of a no
00:38:48.200 a no position rather than a yes but
00:38:51.880 position and sounds like you figured
00:38:53.880 that out well it's initially when you
00:38:56.359 make that um statement because the
00:38:59.440 reality is at some point businesses
00:39:02.839 require somebody someplace to say no if
00:39:06.359 you think about the board of directors
00:39:08.520 they don't want you to say yes to
00:39:10.000 putting in something that's going to
00:39:11.240 expose them to a significant risk
00:39:12.920 whether that be in security technology
00:39:15.400 business you know pricing anything like
00:39:17.920 that I mean I go way back and this is
00:39:19.760 more on the business side was in a
00:39:21.599 meeting and I had a senior level person
00:39:24.079 say that's okay the margin is below zero
00:39:27.520 we'll make it up on volume and we all
00:39:30.240 looked at him and go wait a minute you
00:39:32.200 can't make that up on volume because
00:39:33.960 it's still negative it's just the number
00:39:35.640 gets bigger with it and so in that case
00:39:38.560 somebody should have said no right right
00:39:40.480 so it's fascinating to say that I put it
00:39:42.280 in that context but I think when you
00:39:43.880 said yes but it's like folks let's take
00:39:46.000 a step back and think about this let's
00:39:47.839 look at the risks the issues and see
00:39:50.119 what we can do and what are the options
00:39:52.280 yeah I I think on the application
00:39:54.880 development side oftentimes we feel like
00:39:57.400 when we're
00:39:58.520 innovating um have you've ever seen The
00:40:01.480 Matrix it often feels like those squidy
00:40:04.480 things that come in the real world when
00:40:06.680 they're in the Matrix and they're doing
00:40:08.040 cool stuff those squidy things come and
00:40:10.680 they attach to your spaceship that
00:40:12.960 you're using to access the Matrix and
00:40:15.160 they start tearing stuff up right that
00:40:17.599 they call them the centurions right
00:40:19.839 these robots um really for the purpose
00:40:22.560 of Destruction like destroying
00:40:24.680 Innovation you know it's kind of the
00:40:26.400 metaphor here
00:40:28.280 um and a lot of times you know when
00:40:30.960 we're heading up uh Innovative projects
00:40:33.240 we feel that's how we feel about certain
00:40:36.640 roles uh compliance roles sometimes they
00:40:39.480 can even like sometimes project
00:40:41.480 management can feel that way where it's
00:40:44.319 just intended to like mess up my
00:40:48.280 progress oh yeah it's you know the word
00:40:51.800 I use lately on that I think goes to
00:40:53.520 your point is the bureaucracy are you
00:40:55.720 putting in steps that make sense and
00:40:57.800 enable the business or are they there
00:40:59.599 for certain just check the box which is
00:41:02.640 a tough conversation in this day and age
00:41:04.760 especially if companies get bigger and
00:41:06.640 more complex as they evolve through the
00:41:09.240 you know the growth factors from
00:41:10.680 entrepreneur to midsize to large so I
00:41:13.880 get where you're coming from yeah cool
00:41:16.560 well let me engage to know you a little
00:41:18.040 bit that um one of the ways I love to do
00:41:20.720 that is by asking how did you make your
00:41:24.359 first dollar what was your first job
00:41:26.400 like for me it was paper rout um and I'm
00:41:29.520 just interested like you know what what
00:41:31.640 was your what was your economical
00:41:35.000 beginning well it's interesting you ask
00:41:37.040 that much like any youngster in Nebraska
00:41:40.560 there was things like mowing lawns snow
00:41:43.280 shoveling even tried babysitting once
00:41:46.240 that didn't work for me so my first real
00:41:48.680 one when you asked that question was I
00:41:50.119 was a bus boy to State C and linoln
00:41:52.480 Nebraska um still go back to that have a
00:41:55.680 passion for restaurants and find dining
00:41:58.200 but man it's you start thinking about to
00:42:01.160 get that dollar how much work you have
00:42:02.760 to put into it and told people this
00:42:05.560 story I was responsible for mixing up
00:42:07.720 and making the blue cheese dressing that
00:42:09.560 we used on the salad bar quite frankly I
00:42:11.800 was up to my arms and that dressing and
00:42:14.680 the aroma if you ever had blue cheese it
00:42:16.800 it's strong and it took me a good five
00:42:18.520 to 10 years to get over that Aroma to be
00:42:20.359 able to eat use blue cheese dressing
00:42:22.400 again especially with my wings but yeah
00:42:23.920 my first one was a bests boy at a
00:42:25.920 steakhouse
00:42:27.559 cool that's great well what toy or hobby
00:42:30.800 did you have as a child that inspired
00:42:32.480 what you do career-wise
00:42:35.599 today well I'll probably go to this one
00:42:39.520 um I'm 61 so was in grade school junior
00:42:43.680 high high school in the late in the 70s
00:42:45.559 so in the late 70s my dad brought home
00:42:47.559 one of the first Apple computers that
00:42:50.119 was made had the Dual disc drives and
00:42:51.839 all that his favorite story is regarding
00:42:54.640 that he brought it home my brother and I
00:42:56.440 younger brother and I we had it out
00:42:58.240 unpacked up and running almost
00:43:00.640 immediately and had it working for him
00:43:03.599 and he was just blown away by it but
00:43:06.400 that enabled my interest in technology
00:43:08.400 along with my interest in business and
00:43:12.319 but continued there is it got me enough
00:43:15.079 interested that I would a check
00:43:16.359 reconciliation program for extra credit
00:43:18.319 in high school and this was before Excel
00:43:20.720 Lotus any of the applications day we're
00:43:23.040 talking pure command level programming
00:43:26.079 and I kind of maintained that all the
00:43:27.359 way through so I would go back to that
00:43:29.119 one that said probably the hob with
00:43:31.359 technology and computers and just
00:43:34.800 business yeah you triggered my Nostalgia
00:43:38.359 do you remember this program called logo
00:43:42.119 that it had a turtle like a
00:43:44.400 triangle and my first intro to
00:43:47.359 programming right around those apple two
00:43:49.319 days was the the turtle had a pin and
00:43:53.240 you could say like forward 90 right turn
00:43:55.839 90 and you could even like the advanced
00:43:58.760 thing was saying hey repeat four times
00:44:00.760 and then you do a square right just
00:44:02.880 forward 90 right turn 90 and um and then
00:44:05.960 you know you got some you do some really
00:44:07.960 cool geometric shapes did you ever use
00:44:10.920 that was
00:44:12.079 that I I don't recall using it I
00:44:15.400 remember things like that but even when
00:44:18.200 you describe that it calls to mind if
00:44:19.880 you think about gaming and just go back
00:44:22.240 to the original pong which is just the
00:44:25.200 Simplicity of that program but how
00:44:26.599 engage it was or mind sweep or things
00:44:30.079 like that
00:44:34.359 uh
00:44:36.319 yeah yeah there is a uh I was using that
00:44:39.960 as a metaphor uh the other day because
00:44:42.880 uh the three there's a a book called
00:44:45.920 leadership and self- perception that's
00:44:47.599 required reading in our company and it
00:44:50.040 talks about like being in the box and
00:44:52.680 then like when you're in the Box
00:44:54.079 everyone else is just an object but when
00:44:56.200 you're out of the box and people are
00:44:57.800 people with challenges right so we talk
00:45:00.480 about being in the Box versus being out
00:45:02.280 of the box and how you uh encounter
00:45:04.640 certain challenges and that the asteroid
00:45:07.160 gain came into came in as a metaphor
00:45:09.920 where you're kind of in the center when
00:45:12.000 you're in the Box you're in the center
00:45:13.319 of your own world and everything around
00:45:15.079 you are just
00:45:18.640 objects well what quote in your what
00:45:22.160 quote from a famous person lives in your
00:45:24.000 mind R
00:45:25.359 fre yeah a that again i' miss what quote
00:45:28.760 from a famous person lives in your mind
00:45:30.839 rent free
00:45:33.160 rentree yeah like just what what's your
00:45:35.880 favorite famous person
00:45:39.880 quote God I don't necessarily go back to
00:45:42.680 quotes I do keep a quote book but
00:45:45.480 probably when you say that I have to go
00:45:47.280 back to Martin Luther King and his
00:45:48.720 speech at the Lincoln Memorial I have a
00:45:51.359 dream and things from that um that would
00:45:56.000 probably be the closest to for my answer
00:45:57.680 on that cool I was expecting some
00:46:00.440 awesome Larry Osborne
00:46:05.200 drop um I lived in Omaha for three years
00:46:09.000 uh and was in Lincoln quite a bit uh for
00:46:11.559 different events and um I lived right
00:46:14.720 near the old market area for about three
00:46:18.319 years so oh how long ago was that you
00:46:20.359 might be surprise what it's like
00:46:22.440 now too long okay you know 20 years ago
00:46:27.240 probably oh it's if you recall the lady
00:46:31.160 mall where the Lagoon was that's all
00:46:34.079 been filled in it's Parkland
00:46:35.960 amphitheaters the development in
00:46:38.040 downtown if if you liked it then it's
00:46:40.440 life years ahead now as to what you can
00:46:43.520 do and the housing and the dining and
00:46:46.599 the entertainment is just incredible
00:46:49.200 yeah it was getting pretty good back
00:46:50.760 then I can't imagine
00:46:53.240 uh i' would love to come back and try it
00:46:55.640 out well you're welcome to i' love to
00:46:58.319 take you out cool what was your greatest
00:47:01.480 what do you think the greatest invention
00:47:03.200 or Discovery was in the past 300
00:47:10.440 years I would have to say the greatest
00:47:13.280 discovery is along the lines of the
00:47:15.200 telephone and Communications and the
00:47:17.640 reason I say that is think about what
00:47:21.119 that invention has
00:47:23.400 enabled um prior to that they had you
00:47:26.960 know the Pony Express it was archaic it
00:47:29.280 was tough to communicate and move you
00:47:31.160 know get information exchange but I
00:47:33.240 really look at things like the telephone
00:47:35.319 and that electronic communication
00:47:37.319 capability as to the speed by which
00:47:40.559 information and relationships and things
00:47:43.480 like that could move and if you look at
00:47:45.599 it now we're able to do things like this
00:47:47.599 video wise um all because of that kind
00:47:51.359 of invention or enablement you know the
00:47:53.119 movement of information across a little
00:47:55.000 line to anywhere in the globe
00:47:57.640 or wirelessly up to space to satellites
00:48:01.640 and all that I just look at that as the
00:48:03.280 foundation of that
00:48:04.839 invention um enabled so much of our
00:48:08.400 world to advance and move forward for
00:48:10.839 the good as much as anything
00:48:13.160 else yeah cool yeah I was like that's
00:48:16.480 great that's great so if people like
00:48:18.599 what you've had to share today how would
00:48:20.040 you like them
00:48:21.520 to uh look for me on LinkedIn it's
00:48:24.520 Norman kber and shout to me there um
00:48:28.599 you'll see a number of links things like
00:48:30.400 that I'd be glad to have a conversations
00:48:32.160 about this if you haven't picked it up I
00:48:33.839 tend to be a contrarian I'm thinking on
00:48:35.440 a different level and it use the term
00:48:36.880 unicorn well I embrace that I take that
00:48:39.200 as a compliment because I'm trying to
00:48:41.400 see how we enable this in a way that
00:48:44.000 moves business forward and I'd welcome
00:48:47.040 the conversations I'm looking to serve
00:48:49.079 on Advisory Board boards um be that
00:48:52.160 fractional or virtual leader for these
00:48:54.799 programs um help with seeing things a
00:48:57.400 little different way through strategy
00:48:58.960 assessments or you know certain projects
00:49:01.520 so just reach out let's
00:49:04.559 talk yeah that's great thanks nor Norman
00:49:07.559 for that invitation and appreciate your
00:49:09.960 time today thanks for being on the
00:49:11.319 podcast my pleasure um enjoyed a great
00:49:14.119 deal I love these conversations
00:49:16.030 [Music]