Technology is moving faster than ever before. From robots responding to customers, AI anticipating orders before they are placed, and the ability to stream music, share cars, and have groceries delivered at the touch of a button is being driven by the latest technology innovations. With technology transforming daily it has opened up opportunities for cybersecurity attackers to use new technology for their advantage meanwhile defenders are trying to keep up.
Harry Brelsford sits down with Aaron Warner to discuss security and how the pace of technology is effecting it.
Video Transcription
Harry Brelsford
Hey nation nations back back with another one of our podcast, Aaron Warner over at pro circular in Iowa, Iowa City, Iowa. Did I get that? Right?
Aaron R. Warner
That's That's right. It is home of the fourth largest teaching hospital in the world, in the University of Iowa, among, among other things.
Harry Brelsford
All right. Well, sir, what's your story? I'm looking at the LinkedIn, your LinkedIn profile, and you have a long career in tech. And it looks like us in with a bias towards security. What? briefly introduce yourself?
Aaron R. Warner
Yeah, ah, well, so Harry, my name is Aaron Warner, I worked. I spent quite a bit of time in biotech, I spent 22 years working in life sciences for a company that manufactured custom DNA and RNA and synthetic genes. It was like a buffet if you're a nerd. So if you're into everything, if you're into engineering and chemistry and computer science, and just the advancement of technology, it was a wonderful place to work. I helped to build that company. And then, you know, this cybersecurity became more and more a part of my job as a CIO. And I couldn't find somebody to help me out, I could find really big companies that were happy to hit me for three quarters of a million dollars for an assessment. And I could find little tiny companies that could sell me a thing, but I couldn't really find a good Sherpa in cybersecurity. So I did what a lot of people do. I couldn't find it. I started as a company. And it's been about I our firm started in 2016. So just before all of this election stuff, and it's been a wild ride, just the last five years. It's been. I mean, it's it's been interesting, for sure, but it's it's been a lot more than I originally saw. Fascinating. Every single day, I learned something new, I learned a bunch of new things.
Harry Brelsford
Yeah, let's talk about that. What are what's newest get lately? What are two things down on me as we sit here today and approaching the March 9th full disclosure, folks? You'll probably see this a couple days after that date. But as we sit here at March night, clearly the world's changed rapidly yet again. What's news?
Aaron R. Warner
Well, I mean, you can't really have this conversation today without talking about Ukraine a little bit. Things are really unsettled. In Europe right now. There's some kind of horrible things happening there. From from a security or cybersecurity perspective, to a certain degree, it's, it's a little bit like a hornet's nest has been kicked. There's a lot of activity, there are all kinds of tools being thrown back and forth. In fact, just one example. We got a look at some malware that a group called Conte had been using. It's a they're a really bad threat actor. And I mean, bad like when all of the other hackers and Europe's and we're not going to attack hospitals during COVID. They said, Yeah, forget that we're gonna attack hospitals, we don't care. So these guys have a bad reputation amongst a whole group of people who already have a bad reputation. Some of the specific lines of code within that software were called a called 403 Biden White House, which is sort of hacker code for keep Biden out of the White House that that Biden is from forbidden from the White House. But those tools were deployed last week. So what we think it was an indication of is that a lot of the tools that had been used in the, in the last election, and presumably the election before that, on that were pointed out, the United States have now been pointed at Ukraine, and probably some other some other victims within within Europe. Honestly, our, our incident response business is a little slower than we normally see, and, frankly, a lot slower than what we expected. That is we again, this is conjecture, but we spent a lot of time on this subject. We think that it's because there is a lot of infighting in Ukraine and in Europe, and in Russia right now. And frankly, a lot of the hacker groups that have to maintain sort of a friendly relationship with Putin's regime in order to continue to exist and get away with what they're doing. They aren't sure who's going to be in charge on the other side of this. So I think there's a lot of waiting and seeing going on. And I mean, if there's a silver lining to any of this, it's that at least today, three, nine of 2022 incidents in the United States are actually down a little bit. Not to be the doomsday guy. But I think what a lot of us expect to happen is that once things have settled out, or at least the future is a little more clear. One way or the other, we'll, we'll see, I think we're all expecting an increase in attacks, mostly, because that's the least expensive and probably most effective form of recourse that Russia has, you know, it's a weapon that they can use and get away with, it can be difficult to attribute some of those attacks to them. And it doesn't really cost a lot to launch one of those attacks. So I suspect what a lot of us in industry, I really hope that that isn't the case that things go back to normal or maybe maybe quieter than before, when it comes to incidents that ransomware and hacking incidents. But I think a lot of us are kind of watching our clocks and saying well, so maybe it's next week
Harry Brelsford
well, you know, here's what I did a couple of weekends ago, I guess you know, 60 minutes kind of scared the bejesus out of me again, as they tend to do great show though, love it. And I I looked over my security stack here at SMB Nation, right, just took a fresh look, you know, trust me, we got backups, we got this, we got that. But I took a fresh look. And I went ahead and purchase the five annual licenses over a PC Matic I said, you know, I, I'm coming up on the end of a relationship with a another anti virus thing I don't want to renew. And my friend and yours over at PC Matic, I went ahead and rolled with it. And part of it was here's my thinking, and I'm not, you know, I'm not an isolationist. I'm not a big nationalist. But part of my thinking was compared to what I've been using with some Eastern European roots. PC Matic is truly American based, you know, and it just, it's, it's like, you know, I'm just roll with them. And let's, let's give them a year, and then we'll give them to, then we'll give them three. And that
Aaron R. Warner
is closure. We don't we don't sell. For the most part. We don't sell products we don't sell and point like PC Matic. But that said, I know that that team really well. I met Rob Chung many times and our friend in common is, you know, is a guy I think he sees the world with through the right lens. And it's, I think you're right to have some concerns when it comes to who's monitoring your endpoints, who's writing the software that monitors those. There are lots of opportunities to introduce backdoors when you author a piece of software and your it's not conspiratorial at all, if you look what happened with Hawaii, the telco manufacturer, right, they got in huge trouble with the US government because essentially, they were selling phone systems that doubled his listening devices. That was a very well documented fairly well organized effort on the part of the Chinese government. So I don't think you're crazy at all for no Gnostic.
Harry Brelsford
It's just it's, it's one of those times to use a biking analogy, and and we'll start to wrap up, but I like to buy come in the Texas Hill Country. Back in Seattle, 32 years in Seattle, I had the full on Rengar, you might imagine, right? And it's expensive, man. It's like ski clothing, you know, and it breathes, and it keeps you dry and all that. And I'd ride the ferry in the Seattle and there were just days where you'd see all of you know, maybe 100 Bikers out of 2000 people in the ferry. And we're like, you know, it's like doctors putting on Scrubs, right? It's like, then, you know, we got a, we got a button up, so to speak. And we're going into a storm. And that's kind of an analogy of where my emotional feelings are with cybersecurity right now.
Aaron R. Warner
You know, there's so much so much technical debt. I mean, at the end of the day, technology moved so much faster than security, our adoption of technology move faster than security can keep up with, if you look at COVID A perfect example of that, you know, in March of 2022, the priority wasn't let's do this in a secure way and get people working from home and take, you know, a couple of months to plan out VPN, it wasn't that it was I have 1000 faculty that need to be able to teach next week. How do I get that done and security kind of thrown to the wayside. So yeah, you know, we're we're kind of dealing with the aftermath of that, but also, I mean, On a more macro scale, that's been a challenge that's been brewing for 30 years.
Harry Brelsford
Yeah, yeah, it has I concur. All right. Well, hey, Jimmy, if you could get Aaron back next quarter. We'll get you back late in q2 and check in with you on what's going on in the world if you don't mind.
Aaron R. Warner
No, I appreciate it. Thank you. Really appreciate the opportunity.
Harry Brelsford
Alright, have a great day. Thank you.