This Week in Enterprise Tech 514, Transcript
Please be advised this transcript is AI-generated and may not be word for word.
Time codes refer to the approximate times in the ad-supported version of the show.
Louis Maresca (00:00:00):
On This Week in Enterprise Tech, we have Mr. Brian Chi, Mr. Curtis Franklin on this show today. Now, Uber's past security chief is guilty of a coverup. New communities building solutions to reduce the impact of natural disasters like solar and flooding routes. And our hosts Round Table takes you through many steps, prepare yourself and your organization for natural disasters. Definitely shouldn't miss it. It's quiet on the set
Announcer (00:00:25):
Podcasts you love from people you trust. This is TWiT.
Louis Maresca (00:00:37):
This is TWiT This Week in Enterprise Tech. Episode 514 recorded October 7th, 2022. Master Your Disaster. This episode of this weekend, Enterprise Tech is brought to you by Hover. Whether you're a developer, photographer, or small business, hover has something for you to expand your projects and get the visibility you want. But a hover.com/twit to get 10% off your first purchase of any domain extension for the entire first year. And by Neva, tired of the complexity and cost of traditional pro AV solutions for large spaces. Neva has simplified everything about meetings and classroom audio. You get great audio in plug and play systems that are easy to install and manage and cost are fraction of in ceiling systems. Visit nare.com/twit and by New Relic, use the data platform made for the curious. Right now you can access the whole New Relic platform and a hundred gear bytes of data per month, free forever, no credit card required. Sign up at new relic.com/enterprise.
(00:01:48):
Welcome to twit This Week in Enterprise Tech, the show that is dedicated to you, the enterprise professional, the IT pro, and Nike geek who just wants to know how this world's connected. I'm your host, Lewis Moka, your guy through this big world of the enterprise, but it definitely can't guide you by myself. I need to bring in the professionals, the experts in their field, starting with their very own Mr. Brian Chi, he's net architected sky fiber, our network expert, security professional, and all around tech geek cheaper. How are you doing my friend? What's keeping you busy this week?
Brian Chee (00:02:18):
Nothing's keeping me busy. I am flat on my back with a heating pad and taking muscle relaxants cuz I managed to throw my back out during hurricane prep and it kind of snuck up on me and all of a sudden I'm wearing a back brace. Those thingies that you put around yourself when you are doing moving and lifting heavy stuff, I got that and I've got some muscle relaxants in attempt to try and get this under control.
Louis Maresca (00:02:49):
Well hopefully it's improving. Is it improving? At least
Brian Chee (00:02:52):
Seems to be. It's just really, really annoying that you know, cough and all. You get the shooting pain and it's like, no, why
Louis Maresca (00:03:02):
<laugh>? I've been there. Backs are debilitating. I'll tell you, people don't realize how debilitating back injuries can be. So I totally get that.
Brian Chee (00:03:09):
Yeah, well I'm doing some reading and I'm helping out my partner in Honolulu, apparently he's getting some weirdness by when he uses switches, certain types of switches in an installation one type of really cheap switch, all of a sudden he can't get DHCP to work correctly. Oh geez. And go to a slightly better switch, but physically larger and it works. So I got a sneaky hunch. I'm gonna try and get 'em to ship me the lpo. I have a feeling it's going to have one of those really, really cheap knockoff ethernet chip sets that do not negotiate layer two correctly.
Louis Maresca (00:03:57):
Either that is a real world scenario or you're just getting 'em to ship you some equipment.
Brian Chee (00:04:03):
<laugh>. Yeah, a little of both. Hey, when I was at the University of Hawaii, we actually got an entire batch of quantity 100 ethernet cards shipped. They low bid, so they're Chinese knockoffs. They were all the same ethernet address. They had literally copied ethernet cards,
Louis Maresca (00:04:25):
<laugh>. So UN stuff. UN stuff. Well thank you cheaper for being here as always. We also have to bring in our man and many talents. He's including our you also as the person security and enterprise world as well. He's Mr. Curtis Franklin's, senior analyst at the Curtis. How are you doing, my friend? What's keeping you busy this week?
Curt Franklin (00:04:43):
Well, right now I'm here on twit and waiting for it to end so I can walk down the street to borrow a cup of muscle relaxers, but
(00:04:52):
<laugh>, I think that apart from that been trying to recover from the storm damage and doing pretty well. I managed not to hurt any major part of my body. It's been fun walking around town this week, seeing where trees are down, where trees are broken, but realizing that up here in the central part of the state, we came off pretty easily on the whole out of this. Although it's interesting as is so often the case, the major event was last week, but over here in the eastern part of our county, some of our rivers are still rising. You know, can draw kinds of analogies to different security issues where you have a major event and then the consequences just keep building over time. Right. Speaking of those, I've got a lot that I'm writing about both at abia at dark reading on LinkedIn and other places. So I'm managing to stay out of trouble and in my copious spare time getting ready for Maker Fair Orlando, which is coming up in just about a month. I'll be over at our maker space this evening teaching some classes and helping people build the things that we'll use for displays at Maker Fair.
Louis Maresca (00:06:21):
Yeah, thank you for being here, Curtis. Well, we're definitely gonna talk about several topics regarding the impact of NA's esters. Like Ian Hurricanes continue to impact entire climates. People in these climates, we're looking for ways to minimize the impact on their lives. We're gonna talk about some of the areas that they're doing to work on and make things better for themselves. Now, being secure by design is also a tough challenge for any organization. We're gonna discuss some of the best practices there. Plus we have an amazing host round table today. We're gonna take you through disaster prep. That's right, not only from the normal disaster scenario for yourself but also for your organizations. Now this is not zombie apocalypse type getting ready, but this is real world natural disasters and we'll talk about some options and some ideas there. So definitely stick around. Lots of fun stuff to talk about.
(00:07:06):
But before we do, we'd have to dump in this week's news blips, data breaches have been a common topic on this show. Know if you remember back in 2016, Uber had a data breach where hackers accessed tens of millions of customer records. However, we didn't hear about it for a very long time and it's almost as if Uber was hiding it from the public. Now, according to this AP article, US attorney's office and federal jury in San Francisco, Uber's past chief security officer is being held accountable and is being convicted and he's been convicted of obstructing justice and concealing knowledge that a federal felony had been committed. Now, Sullivan remains free on bond pending sentence and could face a total of eight years in prison on two charges when he sentenced. Now the story goes that Sullivan was emailed by hackers that 57 million users and 600,000 driver's licenses were stolen.
(00:07:58):
He immediately went into action to communicate that there was no investigation or breach going on while he found out a way to actually pay the hackers a hundred thousand dollars in Bitcoin and have them signed at nda, see any mistakes in that planet there other than many issues there. Just rereading the NDA part is kind of funny to me and the fact that that most hackers are not really that rational and would probably not sign an nda. Now this is a job. This was actually a job of a loan hacker and it caused an immediate surrender of good judgment by management. The loan hacker apparently gained access, posing as a colleague, tricking an Uber employee into surrendering their credentials. Screenshots the hacker shared with security researchers indicated they obtained full access to the cloud-based system where Uber stores sensitive customer and financial data. Now there are numerous stages when your organization has a breach, but falling apart is not any of those stages. So stay calm and work through it.
Curt Franklin (00:08:55):
Well, according to a report from check marks, the LOY cyber attack group has been doing its dastardly deed since 2020, infecting open source supply chains with malicious npm. That's node package manager packages in an effort to turn legitimate software applications into criminal tools. In a dark reading article on the report, the packages have been used in thousands of installations to steal credit card data gaming and streaming account information before spreading the stolen credentials in dark web hacking forums. Since Brazilian Portuguese and a file called Brazil dot js is used, some of the packages researchers have tended to believe that the gang has its roots in Brazil. The group uses a number of different tactics for embedding malware of a variety of different types, but all share one critical feature in that they use open source software as an attack vector. Now I'm not suggesting that opensource software isn't safe enough for the enterprise to use, but it is worth noting that keeping up with SBOs, that software bill of materials to those not up to their necks in software development and verifying the providence of opensource software used in projects is critical. The mere presence of a package on GitHub or any other repository for that matter, isn't enough if you're going to use open source software except the responsibility to verify its safety, security and suitability for your project before you get to a public release.
Brian Chee (00:10:33):
So this article comes to us from the folks at Dark Reading and I thank them very much. The headline is interesting. Former NSA employee faces death penalty for selling secrets. So apparently he thought he was swapping secrets with the foreign government for crypto, but the contact turned out to be an FBI agent. So when he left his job as an information system security designer with the National Security Agency, Jira Sebastian Daka allegedly took a few classified documents with him stealing and then attempting to sell those secret government documents and could land the Colorado Springs man on death row. Wow. Dokey has been charged with trying to sell those government secrets to a foreign government. The sale went bust and turned out that the potential buyer dokey believed was an emissary from a foreign nation was an undercover FBI agent instead, according to the Department of Justice affidavit.
(00:11:36):
Anyway, other than this is a mega nono, the significant here is how the DOJ is looking at the death penalty for this act of treason and may well be tying into what's happening with ex President Trump. While rare, the death penalty does still exist on the books for acts of treason that significantly damages the US National security and especially in cases where the disclosure causes the harm of US field assets, meaning people die. To put this into perspective, the case of when the walkers disclosed the design of US submarine propellers that didn't trigger the death penalty. They just got stuck in the slammer for a very long time. So whatever jar Sebastian dokey did would have to be significant indeed and most certainly SCI or specialized compartmentalized information, which oh by the way is how several of the folders found at Mar Alago were marked.
Louis Maresca (00:12:44):
Supercomputers have proven a useful asset for crunching large amounts of data and solving broad scale problems. Some of them are so powerful, they require special private power sources to ensure reliability. Well, Tesla has now joined the club and at first didn't learn the power lesson right away. Now according to this electric article, Tesla has unveiled its latest version of its Dojo super computer and it's apparently so powerful that it trip the power grid and Palo Alto. Now Tojo Dojo is Tesla's own custom super computer platform built from the ground up for AI machine learning, and more specifically for video training using the video data coming from its fleet of vehicles. Now this unit is supposed to put Tesla one step closer to self-driving by increasing its capacity to train neural nets using video data and a computer vision. It's one of the technologies is still really lacking in the world of self-driving right now.
(00:13:35):
Now unfortunately on AI day 2022 this year, Tesla unveiled its progress made on this project. Now what it also unveiled was it wasn't ready for the amount of power draw of the system and it actually tripped the power grid pushing over two megawatts. They're always growing pains when it comes to this developing cutting edge technology out there to Tesla's no exception. Now what it's pushing its limits, one hopes that Tesla's able to actually finally get over the hump and deliver self-driving vehicles soon. Well folks that does it for the blips. Next up we have a really great set of bites, but before we get to the bites, we do have to thank a really great sponsor of this weekend enterprise tech and that's hover as time to make plans and let hover help you achieve them. Whether you're blogger or creating a portfolio or building an online store, you just wanna make a more memorable redirect to your LinkedIn page.
(00:14:24):
Hover has the best domain names and email addresses just for you. Email at your domain name is a key to connecting with customers and building trust for your brand. Whenever I see an email coming from a custom domain, I have an immediate sense of trust. They have domain names based emails for all your needs, small or large. It's so easy to set up. You can add as many mailboxes your domain as needed. Plus renewals are easy because when your domain name renews, your mailboxes will two n. Their prices are unbeatable, their most popular mailbox is a no-brainer solution for business owners as well. Get access from anywhere. Use the email app you're already comfortable with. If apps aren't your thing, their web can be accessed wherever you are. Personally, I really love Harbor's ease of use. They have a huge collection of top level domains plus super easy to transfer.
(00:15:13):
That's right, makes my life easy. Some of the other domain registrars out there run things like I use Car Salesman. If you ever tried to transfer something from them, it's kind of a headache. Hover isn't here to upsell you on stuff you don't need, they just wanna help. They have pro-level tools, they have powerful domain and email management tools that are intuitive and easy to use, whether you're Web Pro or just really getting started. They also have who is privacy protection included with your domain purchase. Your private information will just remain that private. It's a great way to reduce spam and protect yourself from unwanted solicitations. Plus Hover Connect lets you pick the service you want to use to build and host your website. Connect helps you start using your domain name right away with just a couple clicks. At Hover, you're a customer, not a source of data.
(00:16:00):
Take back control of your data with reliable track free email. Don't take my word for it. Hover is trusted by hundreds of thousands of customers who use the domain names and emails to turn their ideas into a reality. Whether you're a developer, photographer or a small business hover has something for you to expand your projects and get the visibility you want. Go to hover.com/TWiTto get 10% off your first purchase of any domain extension for the entire first year. That's hover.com/TWiTto get 10% off your first purchase of any domain extension for the entire. And we thank Hover for their support of This Week in Enterprise Tech. Well folks, it's time for the bites and we have a couple bites here. Now the topics here are really kind of related to Hurricane Ian and the impact on the entire ecosystem. Now people who have lived in the path of storms like this have been looking for ways to really minimize the impact of them and not having to remove themselves from the area or even the families from the area.
(00:17:04):
This CNN article calls out a particular individual, Anthony Grande and he moved away from Fort Myers three years ago in a large part because of hurricane risk. He was living in the southwest Florida area for almost 19 years and had experienced hurricanes Charlie in 2004 and Irma in 2017 and saw what strong storms can do to the coast. Now Anthony wanted went on a quest after that to find a place where there was an area that was actually trying to do something to minimize the impact and provide resources to people to ensure resiliency when natural disasters came along. Now, what he found was one of America's first solar powered towns calling itself Babcock Ranch, just 12 miles northeast of Fort Myers. Now, not only was the town solar powered, but it actually had a number of other improvements to empower and lower the risk of the impact for natural events.
(00:17:57):
The streets were meticulously planned for the neighborhoods where they were designed to flood. So the houses don't. The native landscape along the roads helps control storm water and power and internet lines are buried to avoid wind damage. Climate resiliency was built into the fabric of this town with stronger storms in mind. In fact, Florida already has a robust set of building codes out there, but Babcock takes it to the next level. Now Sid Kitson, he's a former professional football player for the Green Bay Packers in Dallas. Cowboys was the mastermind of Babcock branch. He envisioned it to be an eco-conscious and innovative neighborhood that is safe and resilient from storms like Ian. Now the biggest highlight here is the fact that the entire town, 2000 homes are powered by 700,000 individual solar panels and I wanna bring my co-host back in because they are residents of the Sunshine State here and had to endure Hurricane Ian. I wanna go to Curtis first. Curtis, how big of a deal is this proof of concept that is Babcock Ranch?
Curt Franklin (00:18:58):
It is a pretty big deal, Lou and some of that is owing to the specifics of the development and some of it is owing to how it came about. Babcock Ranch gets its name cause it was in fact a ranch. Most people don't realize Florida is home to certainly the largest cattle ranches east of the Mississippi and some of the largest ones outside of Texas. But Babcock Ranch covered thousands of acres in southwest Florida. A couple of things happened to the property when it was bought. Basically the people who bought the land on which this development was placed paid for the rest of the ranch to become part of the state's holding of lands a national forest nat or state forest state park sort of thing.
(00:20:01):
One of the things that they have done with Babcock Ranch is indeed try to show that you can build in resiliency, you can design the entire infrastructure for resilience and continuity rather than having to do things piecemeal. And they have gone so far as to have generators on site so that if the solar panels can't keep up with demand, let's say because it's nighttime and the grid outside Babcock Ranch is down, they can still be self-sufficient. The important thing too is that they have done this at a range of housing prices that go from some that are quite expensive, seven figures plus to some that are well below the national average price for a house today. So they're showing that resilience that ruggedness do not have to be solely capabilities that are available to the wealthy. Frankly, I think it's a wonderful thing. I hope that there are more developers in Florida who are paying attention who will look at this and who will start putting a lot of the principles that they've demonstrated at Babcock Ranch into practice all over the state. As we saw with Ian this is not some the sort of storm that has impact only within five miles of the coast. This is one as I've told people, it's a big storm when there is flooding sur storm surge in Naples in the southwest corner of the state and in St. Augustine in the northeast corner of the state and damaged kind of everywhere in between. So the time is right to learn lots of good and valuable lessons from this.
Louis Maresca (00:22:23):
I mean obviously Babcock did some things obviously outside of the normal model that is Florida but cheaper. I wanna throw it to you because obviously you take it to the next level as Y. You've been out through a bunch of these storms and you did a bunch of things to actually minimize the impact on your property. Now solar isn't the only thing, right? To actually be prepared here.
Curt Franklin (00:22:43):
No, no, definitely not there in Florida and any place like Hawaii to have hurricanes there are regulatory issues on building codes and hurricane straps and how they're put in and going as far as making sure that your house is actually strapped down to the foundation. Those kinds of regulations make a pretty big difference. Now, some of the things that some developers in Hawaii have done, not necessarily as big as Babcock Ranch, but a lot of developers, before they turn the infrastructure over to the city they actually will go and bury utilities underground. Now one of the big developments out in Milani, which is in the west side of Oahu they wanted to go and maintain the value of the homes and people just don't seem
Brian Chee (00:23:45):
To poles. So by putting all their utilities underground, they also preserve the value of the homes. Now one of the things that they have done, and I believe Babcock Ranch has also done is not only are they putting conduits in so you can run power communications and so forth, they are actually putting in separate conduits for future use. So in the case of the Milani community, they actually ran surveillance in there when they started getting a lot of house break-ins and thefts and things like that the community actually voted and spent the money and put in surveillance so that they could actually track the movement of vehicles within the community. Put a big fat kabosh on the street racers very quickly. So I'd count that as a success. Now going to other things that you can do when you're not in a planned community.
(00:24:45):
A lot of people have been asking me, I do, how did my house go? And I said, Well it was while there's a lot of rain and wind and things like that and there's a lot of tree trash all around me nothing happened to my home. When we moved through Florida, we spent the money, I went to a metal roof, in this case it's a standing scene metal roof. I had the solar contractors use the high end grippy mounts that basically the solar panels are mounted on machined aluminum grips that grab onto the standing sea metal roof so that it would actually take a cat 5, 4, 5 to lift the panels off my roof. It would have to hit a lot harder than what Ian hit in the central Florida area. And then I'll also put batteries in. So on a smaller scale, that was great.
(00:25:43):
Now here's the problem. Batteries are still really expensive. The sad part is, while there are several manufacturers of batteries, in fact if you are interested on Facebook, there's a gentleman named jhu Garcia that actually does DIY power walls. And in some counties, not necessarily Orlando, but in some counties you can legally hook up your own power wall that you have built yourself and you can do it for a fraction of what Tesla charges for their branded power walls. So there's a lot of things that can be done and from an enterprise standpoint we'll talk a little bit about that during the round table. But there's a lot of things that you can learn from what happens. There's JHU Garcia, this gentleman is absolutely brilliant. He actually has DIY lessons on building power walls, how to build battery packs for cars, bicycles, you name it.
(00:26:49):
And the trick is he's actually recycling old laptop batteries cuz if you get rid of a battery pack for a laptop, there's a really good chance that 90, 80 to 90% of the cells that are in that laptop battery pack are still good. You just have to find the bad ones, recycle those, and then take the other ones. There's Mr. Garcia and go for it. And Mr. Garcia actually sells a lot of these batteries that you can get really, really cheaply really cheap if you're willing to take it apart yourself. Or he charges a slight premium if you buy the batteries that he is. He and his people have tested, but he personally drives a hot rod electric VW beetle that I think is just awesome.
Louis Maresca (00:27:38):
Very nice, very nice. Well solar is one of those things you think. I've been hoping to get some solar in my area as well because this is a big area for power outages. All the power lines are elevated and above lines so nothing's really underground and we get a lot of power outage, especially in the winter. And so obviously we have a generator, but the idea here to have a little bit more cleaner energy would be very helpful. Now I thought residential fiber was huge, but entire communities also going to solar, there's a big step forward for our future. I hope we see actually more here. So let's move on. I'll
Brian Chee (00:28:16):
Tell you before we move on, let's go show the smart flower cuz that's something that I know Lou is waiting to hear back from them. They are starting to go and put a lot of these smart flowers in commercial installations cuz they look pretty cool. Think of it as a Chinese fan. And I could easily see because when I was driving through Vermont, there's actually a big solar research farm in the Vermont Burlington area and the only solar rays that seemed to work in such a snowy environment are Helio stats where they track the sun. So that's why I'm really high on flour and I really, really wished I could have gone with that here in Florida, but I just don't have enough open area for it. So we'll see. Maybe Lou will get one if they ever call 'em back
Louis Maresca (00:29:11):
<laugh> they ever call me back. That's right. Thanks. Cheaper. Well we should move on cause we have another great bat bite to chat about here. And being secure by design is a tough challenge for any organization. Curtis, what's what's going on here?
Curt Franklin (00:29:23):
Well, you're absolutely right. And in the same way that we were looking in the piece on Babcock Ranch at being resilient by design, we look at the idea of being secure by design. Now you've heard me talk a lot of times and all of us here at Quiet about the importance of treating security not as something that is just sort of draped lightly over an infrastructure or an organization, but something that's really baked into all the processes and all the infrastructure. Well that is very much the ideal. And in an article at Dark Reading they've talked about some of the things that you can do as an organization to make sure that security is in your processes, in your systems by design. Now there are a couple of these that I think are related. For example, let's go through and just quickly list them, limit shadow it, adopt zero trust, strengthen software development processes leverage red teams and make people part of your defense.
(00:30:53):
All good ideas. But if you think about it making people part of your defense and limiting shadow, its are two sides of the same coin. Because if you make people part of your defense, they will understand the importance of not going around your security controls and starting shadow it their they're related in the same way, if you've strengthened your software development processes, and by that I mean not just use your software bill of materials to make sure that all of the open source components you employ are legitimate and secure and properly developed and vetted. But designing in secure processes, secure functions so that the users are not tempted to try and find ways around that particular process. You're doing the same you, you're working on avoiding shadow it. So all of this is very good. I was most interested, I'll be honest in the idea of leveraging the red team, this is something that we don't hear about quite as often.
(00:32:26):
Part of that is that there are many, many organizations that don't have an internal red team. Red team is something that is brought in from an outside on a once a year basis. And I think it's interesting that if you are to leverage the red team, it is easiest to do if you have a red team, even if it's a small say two person red team, but a group that is consistently looking for weaknesses, looking for exploitable vulnerabilities and reinforcing the lessons that have been taught to your employees through cybersecurity awareness training. And I think that these are all very good ideas and I wanna bring my co-host in, Lou, let me start with you because they talk about strengthening the software development processes. From your standpoint point, are there limits on the extent to which you can build software into an application or is it something where a great deal of software of security can be built in? It's just most teams don't go to the trouble of making their applications truly secure?
Louis Maresca (00:34:03):
That's a good question. I think obviously security is one of those things that a lot of organizations are learning that they need to focus more on when they're developing software. I would say some of the big wigs out there like the Googles and the Microsofts and the Facebooks of the world, they are understanding that these needs to be in there and ingrain in its fabric as a fundamental thing as a ship software. And I think you're probably right in the second part of that, the latter part of that, which is most organizations don't really wanna spend the resources or the time you're doing it. There's lots of things you have to do. Obviously this whole software build materials is an important thing. Ensuring what your dependencies are, where lies your weaknesses in those different dependencies ensuring you have good practices, secure coding practices, and making sure you're having the correct gates within your system.
(00:34:54):
So you're no way to release things that you're being compliant, following a lot of regulatory things around the world that are trying to secure things especially in the eu making sure that you're following those things similar to some of the stuff that's coming outta the executive order just recently is also really important. And they all fundamentally go back to ensuring that you are starting out using secure practices when you're developing software. And I think I can definitely tell you Microsoft takes this super seriously. It's ingrained we, it's part of the cost of doing business when we develop new stuff or even existing fixing existing stuff. And it's a never ending process of, and you need to ensure that you as an organization understand that this is gonna be a repeating cost and that you need to make it part of your budget and make it part of your process as you move forward so that you can ensure that you have that built in going forward.
Curt Franklin (00:35:54):
Well Brian, I'm interested. We've heard from Lou about developing software in the costs and the complexity of doing is without question a critical part of building security in. I wanna ask you about the people. I mean you have dealt with an awful lot of people in your jobs over the years. Same sort of question from what you've seen. Are there just some hard limits on how well a user population can be trained to be part of security? Or is this yet another thing where we are building better training and thereby building more secure employees as we go?
Brian Chee (00:36:45):
I actually think the answer isn't really about building better employees or something like that. I think it's building better management. A lot of the problems that I found with this type of concept is when you have management that says, Well we've done it this way, it's perfect. We don't have to change a thing. Or you get an attitude of, well we hired this specialist to do it, they're the ultimate answer. We don't care what you peons think. You'd be surprised at how often I walk into a shop and I get that attitude thrown at me. And I said, Well have you ever heard of a concept called peer review? It's an academic concept, but basically you have other people not involved with your research project or whatever taken outside. Look, they say fresh eyes. So one, I tell a lot of managers, it's like, no, you may hire specialists, but there are other stakeholders out there.
(00:38:02):
Your people need to feel like they're part of the process. They need to feel like they're, they own something. You can't just go and expect people to be robots. And I don't find that attitude as much as I used to when I first started my career. But the management needs to be able to work with the employees and say, Hey, everybody's got a stake in this. The company needs to survive. We need everybody to take a good hard look at this. And even if you're only doing a peer review within your company, that's still a set of fresh eyes. Looking at whether it's a security process, a new product maybe some new policies coming out about after hour access or how often we turn out the lights, whatevers make your employees feel like they're part of the process, I think is actually the biggest lesson that management needs to take because everybody's involved and you get more people doing really, really cool things when they think they're part of the process.
Curt Franklin (00:39:25):
I find it fascinating, Brian, that you took it right back to management. And I do agree there are far too many times when management will say one thing when it comes to security, Oh, we care deeply about security, job one, all that. But then they will turn around and the message that goes out to employees is, you must be more productive, you must be more efficient. So don't let anything get in your way be efficient, efficient, efficient, productive, productive, productive. And therefore any sort of security control that slows them down even slightly is seen as something that management wants them to get around. And that kind of mixed message creates an incredibly dangerous situation at companies. And in most cases, that is where greater security built in or bolted on needs to start. Well I think that's gonna do it for that particular bite. I know we've got some more conversation to go and I'm looking forward to it. But before we do that, Lou, it seems that I've heard rumors of you having something else to tell us about a great TWiTsponsor.
Louis Maresca (00:40:50):
Thank you Curtis. That's right. Next up we have our host round table. Before we get to that, we do have to thank another great sponsor of this weekend enterprise tech and that's Arava. Today's IT Pros are really in a tough spot. The shift to hybrid working and learning means they must equip and support more spaces with audio and video conferencing systems. And at the same time they're busier than ever with network security, the shift to cloud-based solutions, infrastructure issues, and much more. Now these factors along with product shortage is, and delays have put an unprecedented strain. IT resources, people time and expertise and budgets. This has driven customers to demand intelligent products that require minimal effort from IT to deploy and manage at scale with the bonus of requiring zero end user training. Now when it comes to audio conferencing in large patients, it's common to be faced with the multi-component systems that are really complicated and costly to design, install, and maintain and manage.
(00:41:48):
And Arava is changing that by offering solutions that deliver a high level of simplicity. With Nova, you get true full room mic pickup from just one or two microphone and speaker bars. You can install NOVA system in most spaces in less than 30 minutes. In fact, for large spaces it may take 60 minutes. Amazingly simple though and in no special expertise is required. Compare that with installations for traditional systems that can take your rooms offline for days and some traditional systems may require you to go from room to room and use complicated software. Now with Neva, you can monitor, manage, update, and adjust all of your Neva systems from a powerful cloud-based platform called Neva Console. Nova's very scalable and can bring their simplicity to large organizations as well. Nova Systems cost a fraction of traditional systems. Visit nova.com/twi, that's n U R eva.com/TWiTand we think Nova their support of This Week in Enterprise Tech.
(00:42:57):
Well folks, it's now time for our host round table. I'm excited because we've had a theme on this episode and it's really the whole impact of natural disasters like Hurricane Ian now, we being prepared for them is really a tough challenge for any person in organization. Now the unpredictability of weather related events can really make businesses without robust protections built in extremely vulnerable. But upfront planning and preparation is really key to enduring severe weather that begins the long term planning and it's way before the storm actually happens right now. That's what we wanna talk about today. I wanna bring my cohost back in here cause we're gonna do a little bit round table here. Now I wanna throw this to you guys and see what you have to say. Now what's this one of the most surprising things you heard when it came to people and organizations not being prepared?
Brian Chee (00:43:46):
I think I'll jump in. One of the things that I keep hearing is, oh well my data center stayed up because I've got a generator, but all the switches in my closets went down. It's like, yo duh. So real fast, there are things called extended runtime uninterruptable power supplies. They are not super expensive. And please, please, please, please stop doing this. Oh, I'll just put a bigger ups in. So if I'm, I'm only drawing maybe 600 volt amps cuz that's how you measure a ups. You multiply the voltage times how many apps you're drawing. The standard UPS is designed to run 10 minutes at 80% load and that's where UPS is most efficient. So the knee-jerk reaction from a lot of people is, well, well I'll just go put a 5,000 VA ups on this and it'll run for, yeah, sure it will, but it's gonna run in its lowest efficiency band and create a ton of heat.
(00:44:59):
It's a lot better to size the ups correctly and put what's called an extended runtime battery on it. So yeah, if this chart that we have listed here, these are some of the options from people like Lebert Ridell eatin and so forth, these extended runtime UPS's. You can sometimes daisy chain multiple battery packs, which are very cool. That's actually what we did at the University of Hawaii so that we could even ride out in some cases on really high important build importance buildings like the telecom centers some research labs and so forth. We actually stacked up upwards of 10 hours of battery because we couldn't afford to go down. So that's something that a lot of people really need to think about extended run time UPSs, because now we don't have plain old telephone system anymore. Everybody's running voice over IP for your telco, and that means if the switches in the telco clouds go down, you've lost telephone service too. So that's kind of my big pet peeve about preparedness that people kind of miss the boat.
Curt Franklin (00:46:23):
I will, we'll jump in and one of the things that I find most interesting about preparing for a natural disaster is the failure to consider all of the services that you need. You know, do need electricity, you do need water. The odds are good that you do need an internet connection. And people who will have a giant UPS have or have the big caterpillar generators sitting outside ready to ramp in and hold them for days. Why? After the UPS has bridged them over, we'll have a single commodity ether internet line coming in. Or they will think that they're prepared because they have two internet connections from the same provider when the fact is that if you want to keep internet connectivity, you need connections at least from two different companies where the local CO or pop is as widely separated geographically as possible. It may even be that for certain critical pieces of your application infrastructure, you need to have wireless available as a failover.
(00:47:58):
In the worst case, people don't think everything through, they look at one thing or they get a particularly effective sales call from one vendor and feel that in getting the services from that vendor or the product from that vendor or whatever that they've dealt with the problem. This is a big issue and we haven't even started talking about the complicated stuff. What do you do if you have your generator up and running? So your building is powered, but none of your employees can get there. What happens then when you don't have operators for all of your hardware? And believe me, if you've got racks of servers, you're going to have operators. Computer operators are not limited to the mainframe world of mounting tapes and things like that. You need human beings on the ground. If you don't have good internet connectivity, how are you going to have those remote workers gaining access to the data on your servers at your C at your ceo? I mean, this is the kind of thinking that has to go through disaster preparedness and being ready for a disaster. It's a, it's complicated, it's expensive, but it's also vital if you want to keep your business alive through the worst case scenario.
Louis Maresca (00:49:39):
There's lots of things to consider here. Obviously you guys have called out some really good things here that people and organizations really didn't think about, but I wanna throw another one out there. Obviously security is another big thing. What, what's something that people and organizations probably should be thinking about when it comes to security, when it comes to natural disasters?
Curt Franklin (00:50:00):
Well, that could be taken a lot of different ways. <laugh>. So have having done this there, here's one of the issues security guards. A lot of times people have these really nice data centers, they've prepared them. They have all kinds of emergency supplies and so forth. I actually heard of a organization that was well
Brian Chee (00:50:27):
Prepared for the floods in Texas and then they got robbed. All their little generators even their sandbags were stolen by thieves. And the hassle is the people that were on site didn't have any way to deal with this because the security guards were taking care of their homes and they didn't have anyone else that could take care of this. So one of the things that they did, and this is the reason why I actually bought it from my home, is the liability of having untrained people with firearms is just enormous. I actually think that's a really, really bad plant. I'm not against firearms, but I'm not wild about a little old lady buying a 3 57 and maybe goes to the range to practice once.
(00:51:29):
So I went and got this for my wifey. This is actually a pepper ball gun it looks like a flashlight. I did not want something that looked like a gun because I don't want someone accidentally going, Oh, they have a gun, let's blow them away. No, it looks like a flashlight. It holds three pepper balls and you just have to get within 12 feet of someone and it will be a heck of a deterrent. And most importantly, it's less lethal. Pepper balls and pepper spray is actually legal in all 50 states at least on all the articles and things that I've found so far. There are some places where you cannot have pep, New York City, you can't have pepper ball, but you can have pepper spray. But that's one of the things you might be able to do for your people. The one that I happen to get is nice because it doesn't puncture the CO2 cylinder until you try to fire the first shot and it's three rounds. And if you're firing three pepper balls unless it's a really big group that that's enough, we don't need anymore. That'll give the people that are taking care of your facilities, at least the fighting chats. But that's kind of my opinion. That's one of the phys sides of physical security that I thought of when you asked me that question.
Curt Franklin (00:53:06):
One of the other things that you have to think about in physical security, and this is something that when I was dealing with business continuity companies back around the Y2K issue, they A of companies dealt with, and that is, let's say you've got a situation where you have a plan in place to move critical employees to another location, a location outside the disaster area, you have to be able to have them carry their families with them. Because if you tell someone we've got a Cat five hurricane bearing down on our city, we want you to leave your family here while you take our important company information and fly to safely safety 500 miles away. Many times they won't do it.
(00:54:15):
And you're left with a bag full of recovery, medium and no one to recover it because they quite reasonably and quite properly prioritize their family's safety over a business process. So if you want to have your key employees take the company data and make sure that it is operational somewhere else, budget for having them carry their families with them. And as I said, the last one is, make sure you know how you will contact your employees in the case of a natural disaster. You say, Oh well what, I'll just use the phone, the cell phones, cell phone towers come down. Even the best cell towers have to have a battery backup that will carry them a maximum of 72 hours. What do you do at hour 78? How do you contact people? What do you tell them? In other words, do you have preset messages that are very short and can be understood to mean do the following set of things? Because you can find that local radio stations might be a way to get that information out. Telephone trees, person to person, trees. And there are all kinds of things that must be considered if you're serious about keeping your business operating when things go south.
Louis Maresca (00:56:19):
When we come back, we'll talk more about security and other ways to really be prepared for a disaster. But before we do have to thank another great sponsor of this weekend Enterprise Tech and that is New Relic. Now I know lots of developers out there and most of you are very curious people. The first to explore the newest tech digging into the documentation, not only wanting to know how things work, why things work, and that's exactly why so many engineers turn to New Relic now. New Relic gives you data about what you build and shows you what really is happening in your software life cycle. It's single place. See the data from your entire stacks. You don't have to look to 16 different tools and make those connections manually. And a New Relic pinpoints issues down to the line of code so you know why the problems are happening and can resolve them quickly.
(00:57:07):
Now that's why dev and ops teams at DoorDash, GitHub, Epic Games and more than 14,000 other companies use New Relic to debug and improve their software. Now, when teams come together around data, it allows you to triage problems, be confident in decisions, and reduce the time needed to implement resolutions using data, not opinions. Use the data platform made for the curious right now you can get access to the whole New Relic platform and a hundred gigabytes of data per month, free forever, no credit card required. Sign up at new relic.com/enterprise, that's N E W E L I c.com/enterprise new relic.com/enterprise. And we thank New Relic for their support of This Week in Enterprise Tech. So one of the things that's interesting here is obviously I wanted to real quickly show before we moved on to the next part of the topic here is the fact that there's a tremendous amount of impact when it comes to natural disasters.
(00:58:13):
And this particular site, which is the National Centers for Environmental Information, they have showed just how impactful natural disasters are, both on people and businesses and how much they cost obviously to recover from these things. And a lot of these things that you've been talking about are trying to help people and organizations not only be prepared but also recover. Obviously, organizations being geographically diverse, big thing, making sure that they build their buildings to physical standards that are required. Making sure you have redundancy and diverse connectivity making sure that your people are prepared and your organization's prepared. But sheer, I want to throw this back to you because you've talked a little bit about communications and just being prepared for that. Well, what else organizations do, cuz a lot of times normal terrestrial communications are down, right? They're not easy. Cellular and standard communications are down. What else can organizations do or people do?
Brian Chee (00:59:10):
Well, actually this exact question came up just before Hurricane Ian came roaring into town and was one of our friends actually at the maker space and she, she works for a charity, but her big question is, how can I afford for my people to check in if they're helping do something, something special how do they tell their family they're okay, especially if the family's out of the state. So I started asking you a bunch of questions. Now the knee-jerk reaction is by buying Iridium phone. That's fine and good, but in Iridium phone is going to put you back 2, 3, 2 to $5,000 depending on what you want it to do. And your monthly charge is going to run. Geez, I think the absolute bare minimum is like 200 bucks a month. And if you are using a lot of time, it's going to start getting up into the couple thousand dollars. We use those a lot on research vessels and they are expensive to run. Now, hopefully Ant will be able to bring up this URL that I posted into the back channel. There is a device called an inReach from Garmin Corporation. Think of it as a text only satellite phone. They make two different models. They have the Explorer, which has a touch screen and that allows you to go and send data, send things around.
(01:00:48):
And they also have another one, I can't remember what they call it, but it's their cheaper. It's like half the price. And instead of having a touch screen, you use your cell phone and allows you to send messages and they have varying rates. I actually pay $30 a year just to have the account active. And then the emergency plan, which I activated during Hurricane Ian, it was $15. And that'll give me a certain number of SMS messages certain number of weigh points so I can tell people where I am if I'm moving around and things like that. A very economical way of doing things. Now at the top end, if you wanna be able to send an unlimited number of text messages and map waypoints that gets to a whole $65 a month. So well within the realm of reality. And Mr. A, Oh, actually Lou was making noise in the back channel.
(01:01:46):
The Apple SOS satellite service worked. But what happened if the satellite SOS service finally became available from Apple, I'd be really tempted to go to an iPhone 14 because then I wouldn't have to have my inReach Explorer subscription and pay the money for that. But it was very cool. In fact if some of you were following me when I was doing my Yukon expedition and going through Alaska and the Yukon, you actually saw my satellite waypoints coming from my inReach explorer. So you could actually trace my movements through the Yukon territories. So that's an interesting way and because it just uses rechargeable batteries, get yourself a solar one of those small solar power banks so you can recharge it and keep that in your emergency kit so your people can check in.
Louis Maresca (01:02:47):
Well, unfortunately we are over time, so time flies. Definitely when you're having fun, I want to thank everyone who makes this show possible, starting with our very own Mr. Curtis Franklin. Curtis, what's going on for you in the coming weeks and where can people find you?
Curt Franklin (01:03:02):
Well, as always, people can find me writing on dark reading. I try to post on LinkedIn and I let people know about what I'm doing on Twitter. I'm at KG four G w a, would love to have you follow me so you can keep up with that away from work. I'm going to be taking part in the Orlando Maker Fair, which comes up November 5th and sixth. If you're anywhere in the southeast or especially Florida, come on down, we'd love to see you. It's gonna be a great experience. We are still adding new things and I'm excited about what I'm gonna see there. I'm also excited about taking part in the setup for steam roller printing. We're gonna be using a steam roller as a printing press, and that's gonna be exciting. That's got me all kinds of excited for what we can do.
Louis Maresca (01:04:02):
The guy more you guys talk about this thing, the more I get excited, I feel like I have to fly down there and actually be part of it. I might have to do that. So I'll have to
Curt Franklin (01:04:09):
See. Absolutely. No question at all.
Louis Maresca (01:04:12):
Thanks Curtis. Well, you also had to thank I very own Mr. Brian Chiche. What's going on for you in the coming weeks quicker people behind you?
Brian Chee (01:04:19):
Well, first off, you don't have to fly. You can actually take the train and it's a very nice trip. And the route from your area down to Orlando actually has LTE coverage almost the entire way. So I was actually able do a whole bunch of writing and emails and things like that as I was going up to visit you. Wow,
Louis Maresca (01:04:42):
Nice.
Brian Chee (01:04:43):
So that, that's an alternative. And right now, because Amtrak is really desperate, the auto train is a really interesting option. You just have to get on in DC and when I priced it going from Florida up to DC, it was 650 bucks for the car and you got a bogo buy one, get one deal on the rus. So it was actually work gonna work out a lot less expensive than flying anyway, other than in my love of train travel because it's not actually a super duper love of train travel. It's a hatred of airports. <laugh> I will rant about all kinds of things. Watch me when I go through an airport, I will rant almost nonstop. But we do hearing your rants and your rants about what we should be covering. I try to go by themes. We tried really hard. Our guests didn't work out today, so apologies for that.
(01:05:53):
But you folks have given us feedback that you seem to really like our round tables. So we gave you a round table today. My Twitter address is A D V N E T L A advanced net lab. You can see what I'm working with. I'm actually kind of giving some hints to the Duke Energy people that they might want to consider doing a few things but they finally changed me over to underground. So I no longer have power feeding me overhead. So that's kind of nice. But you're also welcome to throw your ideas, your comments, your questions. I'm also cheaper spelled C H E E B E R t@twi.tv. Or you're welcome to also use twi@twi.tv. That'll hit all the hosts. We'd love to hear your show ideas. We'd love to hear your comments. I'm not as wild about your rants and complaints, but I've got thick skin. So go ahead and we do encourage people in other countries that if you want to ask questions, use your native language. I'll use a machine translator and we'll try to answer your questions. Take care of everybody.
Louis Maresca (01:07:08):
Thank you Geer. Appreciate it. Well folks, we also have to thank you as well. You're the person who drops in each and every week to get your enterprise goodness. And we wanna make it easy for you to watch and listen to catch up under it news. So go to our show page right now, twi.tv/twi, Then you'll find all the amazing back episodes. The show notes, the coast information, the guest information, and the links with the stories that we do during the show. But more importantly, next to those videos there you'll get, you'll those helpful. Subscribe and download links. Support the show by getting a audio version or video version of your choice. Listen on in any one of your acts, devices or podcast applications, cuz we're on all of 'em. So definitely subscribe and support the show. Plus, you may have also heard, that's how we also have Club Twit as well.
(01:07:52):
It's a members only ad free podcast service with a bonus TWiTplus feed that you can't get anywhere else. And it's only $7 a month and a lot of great things that come with Club twi. One of them is the exclusive access to our members only Discord channel or server. And it's of course you can chat with hosts, producers, separate discussions on all the different amazing channels that are in there. Plus they also have special events as well. That's right. Lots of fun discussions and channels in there. So definitely check that out. Join Club twit and be part of the movement. Go to twit.tv/club twit and Club twit also offers corporate group plans as well. It's a great way to give your team access to our ad-free TED Pod Tech podcasts. And the plans start with five members at a discount rate of just $6 each per month.
(01:08:35):
And you can add as many seats as you like. And this is really a great way for your IT department, your sales department, developers, tech teams, whichever to stay up to date with access to all of our podcasts. And just like regular memberships, they can join the TWiTDiscord server and get the TWiTplus bonus feed as well. So definitely check it out twit.tv/club to it. Now have to subscribe. You can impress your friends, your family members, your coworkers with the gift of TWiTbecause we talk a lot about fun tech topics and interesting topics on the show. Definitely guarantee that they will find it fun and interesting as well. So definitely share it with them and have them subscribe. Now if you're already subscribe, definitely watch the show live as well. We we're live every Friday, 1:30 PM Pacific, and we do this show live.
(01:09:19):
We have a lot of streams. You can check those streams out it live dot twi, do tv, come see how the pizza's made, all the banter behind the scenes, all the fun stuff that we do here on TWiTand on twi. So hopefully check the live stream out live dot TWiTtv. But if you can watch the show live, you might as well jump in our infamous IRC channel as well. That's irc, that twit TV there. We have all the amazing people that are in there each and every week. Of course, we also have some new characters every week as well. And in fact, we get some good show titles in there. So Master Disaster, love that. Thank you Reverb Mike. But we also, they have some great topics and questions during the show as well. So definitely join the chatroom, IRC dot twit dott that tv, it definitely hit me up at twitter.com/lum.
(01:10:00):
There I post all my enterprise tidbits, things that bother me, <laugh>. I also have great conversations with people like you. So definitely hit me up direct. Message me behind the scenes, whatever. Hit me up on LinkedIn as well and we'll have some great conversations. But plus, if you wanna check out what I do during my normal work week, check out developers microsoft.com/office. There. We post all the amazing rays for you to customize your off office experience to make it more productive for you and your organization. So definitely check out some of the new ways we're offering in there as well. I wanna thank everyone who makes this show possible, especially to Leo and Lisa. They continue to support this speed enterprise tech each and every week, and we can do the show without them. So thank you Lee and Lisa for all your support over the years.
(01:10:44):
And of course, before we sat, I also wanna thank all the engineers and staff at TWiTand of course, Mr. Brian Chi one more time. He's not only our co-host, but he's also our titles producer. He does all the bookings in the plannings for the show. So thank you for his support because we couldn't do the show without him. Of course. We also wanna thank our editor for today, Anthony. Anthony, thank you for all your support and help over the we years and making us look good after the fact because we make lots of mistakes here and you make them look good. So thank you Anthony. Plus also our TV for today, Talented Mr. Aunt Pruitt, who does an amazing show called HandsOn Photography, and I love watching it each and every week and what's going on then this week.
Ant Pruitt (01:11:23):
Well, Mr. Lou, thank you for the support this week on Hands-on Photography. I get into video and we're talking about the scopes, those wonderful little graphs that you see in your video editor that can be quite helpful when it comes to making your videos look better from a color standpoint and exposure standpoint. But I also wanna plug something else, sir. This is October. Yeah, this is Breast Cancer Awareness Month. So folks just take a moment and just consider this, and if I have several people in my family that's been affected by this, so I take this quite seriously. So just wanna raise awareness. That is all. Thank you, sir.
Louis Maresca (01:12:06):
Thank you for that. Appreciate that. Until next time, I'm Louis Meka. Just reminding you, if you want to know what's going on in the enterprise, just keep quiet.
Brian Chee (01:12:17):
The world is changing rapidly, so rapidly in fact that it's hard to keep up. That's why Micah, Sergeant and I, Jason Howell, talk with the people Macon and break in the tech News on Tech News Weekly every Thursday. They know these stories better than anyone, so why not get them to talk about it in their own words? Subscribe to Tech News Weekly and you won't miss a beat every thursday@twi.tv.