This Week in Enterprise Tech 539 Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Louis Maresca (00:00:00):
On This Week in Enterprise Tech, we have Mr. Curtis Franklin and Mr. Oliver Rist join me on the show today. Now, with the current climate, lots of organizations have people exiting the workforce. The question remains, are they removing access to their most prize possession, their data, plus today? We might just have Dr. Zero Trust on the show today. Dr. Chase Cunningham on the show, he's Chief Strategy Officer at Ericom. We're gonna obviously talk about Zero Trust, but we're also gonna talk about how your organization can get there faster. Definitely shouldn't miss it. TW on the set
Announcer (00:00:33):
Podcasts you love from people you trust. This is TWiT.
Louis Maresca (00:00:46):
This is twt this week, enterprise Tech, episode 5 39, recorded April 14th, 2020 3.001%. Trust
(00:00:58):
This episode of This Week in Enterprise Tech is brought to you by Cisco, orchestrated by the experts at cdw. When you need to get more outta your technology, Cisco makes hybrid work possible. CDW makes it powerful. Learn more at cdw.com/cisco. And by thanks Canary, detect attackers on your network while avoiding irritating false alarms. Get the alerts that matter for 10% off and a 60 day money back guarantee. Go to Canary tools slash TWiT. Enter the code TWiT and the hat. Do you hear about us Box and by miro. Miro is your team's visual platform to connect, collaborate, and create together. Tap into a way to map processes, systems, and plans with the whole team. Get your first three boards for free to start creating your best work at miro.com/podcast.
(00:01:56):
Welcome to Wyatt this week at Enterprise Tech to show that is dedicated to you, the enterprise professional, the IT pro, and that geek who just wants to know how this world's connected. I'm your host, Louis Maresca, your guy through the big world of the enterprise, but I can't guide you by myself. I need to bring in the professionals and the experts on their very own principal analyst. And I'm Dia, he's the man that eats the sleeps and travels with the enterprise. He's a very own Mr. Curtis Franklin. Curtis RSA is coming up. Any space in the schedule to breathe
Curtis Franklin (00:02:27):
RSA is indeed coming up. And I think I may still have 10 or 15 minutes left on a day or two, but I'm sure my sales staff is doing their best to fill up that huge time gap. Yeah, looking forward to getting out to to San Francisco and doing all the stuff that there is to be done. We're gonna be talking to a lot of the people about a number of things, including, but not limited to how we look at define and quantify risk and how ai, especially this generative AI is being used in security and will be used in security because we know for darn sure that it's going to be used. I've, I've gotta say, one of the things I'm looking forward to doing on this trip is, is taking a new toy that I've got the good folks at Wombat.
(00:03:22):
I, I talked about one of their keyboards a couple of months ago. And they sent me, if I can find a way to get it into focus here. There we go. The Coli keyboard, which is their mechanical travel keyboard. It's a lot smaller than the normal one, but still has nice mechanical keys. I've been enjoying it. Is the feeling the same as their big keyboard? No. No, it's not. But this is a lot shallower, top to bottom. So it fits into my travel gear a lot more easily. Has three count 'em three different ways of connecting either U S B or Bluetooth, or they include one of their donals. And it is really, really reprogrammable. I've, I've gotta say, as someone who's not a gamer, I'm still going through the keyboard reprogramming process where I can get lights and macros and all of these things.
(00:04:33):
But, you know, this is, this is one that's a definite step above most of the keyboards that we get to, to carry around with us. I will admit you know, I'm someone, I have put millions and millions of words through the keyboard. And because I learned how to type on a mechanical typewriter I have a touch that I think is most delicately described as robust. My dear wife and a lot of keyboard salesmen have say that I abuse keyboards because I just pound the living daylights out of them. But the coli has been good. If you're an enterprise that is looking for things to to supply to your mobile workforce the Coli is definitely worth a look. And as again in the spirit of full disclosure, disclosure, they sent me the Coli to to play with. And I appreciate the fact that they did. So, like I said, looking forward to sticking it in my bag and flying around with it in a couple of weeks.
Louis Maresca (00:05:44):
Very, you go. Very good. Now, I, I tend to pound the living daylights outta my PC when it updates, but, but my keyboard, I'm usually pretty light on the, on the, on the on the touch. But I love mechanical keyboards. Do you get the clicky feeling out of it at all, or is it still the kind of the, the normal feeling?
Curtis Franklin (00:05:59):
No, you do get the cliquey feeling. And one of the nice things, if you go and order one of these, you actually have your choice of a couple of different switches that you can put in either reds or browns, depending on which touch you like the best. I'm, I'm a big fan of the very cliquey keyboard tho those of us who remember the original I B M PC keyboard or even the electric two two of the best keyboards for Phil that I ever put my hands on. And so this is, it's not there, but it's certainly a big step in that direction.
Louis Maresca (00:06:39):
Indeed, indeed, you get to play with all the toys. Very cool. Very cool. Thanks Curtis, for being here. Well, speaking of co-host Mr. Brian Cheese Al at Maker Fair Miami this week. But we have a long time friend of the show and co-host Mr. Oliver Rist back on the show today, Oliver, it's been a, it's been a while. How you, how have you been? What's what's doing with you?
Oliver Rist (00:06:56):
It's been great. Swept switched venues, went over to worse magazines, so now I do technology for Ultrarich people. That's, that's an education. Other than that, it's, it's really same old, same old, aside from the weather out here, which is currently frying my whole neighborhood.
Louis Maresca (00:07:14):
<Laugh> indeed. It's very warm. Very warm, all in the nineties today in New England. I, I think we're melting a little bit now. When you say the technology for the rich and famous, can you give us just a little of a taste what the, what the rich and famous is doing with technology?
Oliver Rist (00:07:28):
Well, one, of course, they're gonna make me do software reviews on investment software. And my latest one is, is investment banks. I have to rate in investment banks based on their technical capability, and Sure, I know all about that. He lied blindly. Is it Bliley or blithely? I never get that one. Anyway yes. So there's that. There's I was, I'm flirting with one on yacht management software. That's, I really want that one. I really, really wanna do that one. But so far there, there, it's their dubious reception on the editor's side.
Louis Maresca (00:08:01):
Fantastic, fantastic. Well, content-wise, I can just get, get one thing. I'll tell you one thing. The, the, the Home VoIP article you did for PC Mag just a while back, I actually got great use of that at one. So I, I suggest people go check that one out because I've been using Skype for my home phone for a long time. I can tell you I hate to, I hate to break it to Microsoft, but unfor, unfortunately it's not, it's not good anymore. So I think we should, I need another alternative. So I, I did use that. So I wanted to touch you. I know you're not doing anything with PC Mag too much, but I think that was a great article is that people should definitely check it out if they can. So, cool. Well, I think we should definitely get started cause there's lots of important stuff going on in the enterprise, and we have lots to talk about here.
(00:08:37):
Now, with the current climate and large changes that are happening around the industry regarding headcount, lots of organizations are, and lots of people are actually exiting the workforce. The question remains as they are appropriate. When we we remove access for people, are they prioritizing, removing access to all data? We'll talk about what that means. Plus today, we might just have DR of Zero Trust on the show today. That's right, Dr. Chase Cunningham, he's Chief Strategy Officer at Ericom. And we're gonna, we're gonna talk about Zero Trust, of course, but if possibly a framework that you could follow and maybe make you and your organization more successful around Zero Trust, we'll definitely get to that. So we'll stick around lots to talk about there. But before we do, let's go ahead and jump into this week's news blips. Wordpress is still a widely used on websites and blogs around the web.
(00:09:25):
It's a very powerful framework and includes the ability to attach plugins to the system to expand its functionality. Now, there lies some of the issues. Now with great power comes great responsibility. Over the years, several vulnerabilities were found in the plugin interface. Now, according to this Hacker News article, a recent security researcher firm actually, and the researcher themselves, found that a previous vulnerability that helped deploy malware called Blotto injector since 2017, is still in full force. In fact, there has been a tremendous amount of sophistication layered into its recent attack. The most recent campaign is easily identified by its preference for the use of the JavaScript a p I called string from Char Code of Sophistication. And that they can usually use a freshly registered domain hosting malicious scripts on random subdomains and by redirect to actually scam sites. Additionally, the attacks are engineered to read or download arbitrary site files, including backups, database dumps, log logs of AFI and error files, as well as search for tools like Ad Miner and php, my admin that could have been left behind by the site administrators upon completing maintenance tasks.
(00:10:32):
Now, the malware ultimately allows for the generation of fake WordPress admin users. It harvests data store in the underlying hosts and leaves back doors for persistent access. Now, the findings come weeks after Palo Alto Network's Unit 42 on Earth as similar malicious JavaScript injection campaign that redirects site visitors to add malware and malware and scam sites. Now, more than a 51,000 websites have been affected since 2022. Now, the activity, which also employs that string that from Char Code is a office casein technique. In fact, it leads victims to booby trapped pages that trick them into enabling push notifications by masquerading as fake capture checks to serve deceptive contact Now content. Now, if you're familiar with this api, this JavaScript api, it basically is a JavaScript function that takes a string or takes a sequence of characters that are actually in U T F 16, and it converts it to strings. Now what you, when you go look at it, it actually just looks about, about a numerical set of numerical characters. But when it converts, it actually evals and executes the JavaScript code on download. Now, you may be wondering, what can I do to actually protect my WordPress site? Well, obviously the first line of defense is an Oliva goodie. Keep your website software up to date, of course, but you can also remove unused plugins and themes and use
Oliver Rist (00:11:52):
Strong admin passwords.
Curtis Franklin (00:11:56):
Well, it's unusual to get inside into a ransomware attack after its conclusion. It's downright rare to have details while the attack is still in progress. But that's where we are with an attack that's underway at Western Digital manufacturer of memory devices used by consumers in the enterprise. Like as reported in an article at Dark Reading, hackers claimed to have control of the company's code signing certificate, company executives, private numbers, the s a p back office data and administrator access to the company's Microsoft Azure Cloud instance. The hackers provided screenshots and shared phone numbers and files to researchers from TechCrunch as proof of holding the data hostage. Now, this extortion attempt comes after a data breach earlier this month, which Western Digital reported as a network security incident. That breach caused the Corporation's Cloud network to be out of commission for 10 days with Western Digital, only recently getting the service running again. Now, we don't know whether Western Digital will pay any or all of the ransom, and the company is working with law enforcement officials and forensics experts. What we do know is that a network intrusion can have an impact on a company that lasts four weeks, months, or in the case of a company like Sony, even years. As always, our advice is to stay patched, stay updated, stay vigilant, and for heaven's sake, stay on top of who and what goes on inside your network.
Oliver Rist (00:13:32):
All right, so who's coming for ai? Chuck Schumer, according to Reuters Chuck Schumer yesterday and basically dropped the gauntlet on AI tech he's looking to start new bipartisan legislation to quote enable independent public audits of commercial AI products. So, in other words, Chuck wants to slow down AI before he can get enough brains team going to start killing Sarah Conna and the rest of us. Now, obviously you're gonna question it cuz it's a politician dabbling in tech and nothing ever goes wrong with that. And on top of that, it's, it's bipartisan, or at least it wants to be. And that's God's own issues these days. But Schumer does have some stuff on, on his side. So for one, it's legislation based on fear and that tends to work. Just look at the Patriot Act. That works great.
(00:14:25):
And for another he seems to at least be trying to understand what he's legislating cuz according to the the announcement he's only doing this after months of consultation. And that's, again, in in quotes of course, he doesn't say exactly whom he was, cons he was consulting with or exactly what they what they studied, but I guess it's a step in the, in the right direction. And anyway, this laws months from being enabled. So who he worked with. And since he's calling for public auditing of AI tech before it goes to market, he also has in details who would exactly be doing this, this auditing. But bottom line, it's supposed to be a framework of basically hoops that AI co companies need to, will, will need to jump through in order to get a product to market. Each hoop will be tested by some experts.
(00:15:13):
Again, we don't know who. And only if they pass all the hoops, are they allowed to work with us in the, in the public. So do I think it's a good idea? You asked me last year, I would've said no. But in my recent jump to a new magazine, we did a little experiment there just back in January with chat G P T, we asked it to write eight headlines for specific stories. And the little bot bastard did did pretty well. It kind of made the writer in me pee my pants just a little bit cuz that thing was only, what, three, four months old in January. So I'm thinking like a year or two years ahead of time. Yeah, I'm starting to think it's, it's, it's right because I mean, it's a, it's a good move from, from Schumer.
(00:15:58):
Not because I think AI's gonna wipe us off off the earth, but because if AI can start doing jobs cheaper or totally obviate the human component, typical mba, as long as they don't think their job is in trouble, yeah, they will cut corners wherever they, they can. And it won't just come after writers, it's already coming after lawyers. And it'll definitely come after software engineers and those types of, those types of jobs. So is is, I'm, I feel a little better that at least somebody's doing something about it. So I wish Chuck well as long as he doesn't screw it up.
Louis Maresca (00:16:34):
And we're all familiar with supply chain attacks in the years before. Now, this Hacker News article talks about a different type of attack with unintended consequences. A lot of people get their open source packages and their respective updates from packet managers and packet repositories like mpm. Well, on a recent attack, threat actors flooded the MPM open source package repository for no JS with bogus packages that briefly even resulted in a denial of service attack. Now, the latest campaign actually pushed the number of package versions that were out there to actually 1.42 million, which is a, a dramatic increase from the approximate 800,000 packages that were released on M P M. Now, the attack technique leverages the fact that open source repositories are actually ranked higher when it comes to search engine results to create rogue websites and upload empty MPM modules with links to those sites in the README files.
(00:17:25):
And they were releasing packages so fast that services couldn't keep up. And at the same time, organizations couldn't get updates to their current packages, even those ones that have security updates and so on, due to service unavailable errors. When they did the MPM update, it almost, it almost seemed like a botnet for MPM to package deployment. Now, check marks points out that while there may be multiple actors behind the activity, the end goal is to infect the victim system with malware such as Red Line Steeler the Smoke Loader and cryptocurrency miners. Now it's true supply and chain attacks are not going to slow down. Now, ways to protect yourself while actually there's a couple ways, is having MPM repositories like MPM incorporate anti-bot techniques during their user account creation. But it also means that organizations during the ingestion phase of those packages, you need to research those packages and understand what you're actually importing and understand what they do and how they do it, and how they actually do it before you ingest it and integrate it into your application.
(00:18:25):
Lots of work there, but it definitely pays off. So definitely check out your packages before you import. Well, folks, that does it for the blips. Next up the bites, but before we get to the bites, we do have to thank an amazing sponsor of This Week in Enterprise Tech, and that's Cisco orchestrated by the experts at C D W. Now, the helpful people at C D W understand that hybrid work continues to evolve and that your organization must evolve with it to succeed. Now, with so many options to collaborate remotely, you need a strong and consistent network to empower your workforce and keep them together. Consider Cisco Hybrid Work Solution designed and manage by C D W experts to deliver the same quality network experience to all of your offices, even your satellite ones, connecting your team from pretty much anywhere. Because Cisco networking keeps things flowing smoothly and securely with embedded security compliance and multi-factor authentication that protects collaboration among your spread out team.
(00:19:24):
Now with real-time visibility into distributed application security, user and service performance, you get better line of sight in how your network is operating and how better to grow your organization. And Cisco networking levels, the playing field, providing access to flexible high-end collaborative experiences that create an inclusive work environment. When you need to get more out of your technology, Cisco makes hybrid work possible. C d W makes it powerful. Learn more at cdw.com/cisco and we thank CDW for their sport of this week and enterprise tech. Well Folks, it's time for the News Bytes. Now, you may have heard a number of articles out there outlining the reduction in force to a number of organizations, including most notably Facebook, Twitter, Microsoft, and Salesforce. The impact has been great. Now, this dark reading article actually reports on another angle of that, of those stories surrounding the security of company resources even after employees exit.
(00:20:24):
Now, listen to this data. It's actually a survey conducted by password manager.com in March, 2023. Now, they found that 47% of former employees who have accessed the company passwords at their previous jobs, actually admitted to using their old passwords to access company resources and accounts after they left the job. That's pretty high. Now, the survey results indicate that many companies need to improve their offboarding process to ensure that the former pro employees no longer have access to company resources. That also includes remote revoking access to all accounts and systems, changing passwords and monitoring for unauthorized access. Now, this isn't a new thing. Now I'm just wondering why organizations still haven't been able to solve this problem. So I wanna, I wanna start with Oliver, because you did some research a long time ago, right around s e m in fact, Shiva, putting the notes s e m shootout, right? And the, and how credentials should be revoked is this, is, this is not a new problem.
Oliver Rist (00:21:23):
No, and it remains a current problem. This what, what I did what Brian and I did was a long time ago, but PC Mag we did I d m reviews every year for the past six. So here's, and I had a personal experience with this, with z So in HR software, we did HR software too. There is a feature in many AR packages now that will automatically kill creds or will if an employee is terminated. But the emphasis there is on terminated. And generally the feature is really just a text that gets sent off to, you know, the IT team saying, Hey, this guy's gone turn everything off. Now the I D M I would think would've done better, but I didn't get canned, I left. So I guess that's a bit of an excuse, but I didn't touch my passwords for eight weeks, and then a buddy asked me to, to do a favor.
(00:22:12):
So I was almost gonna ask them to reinstate me temporarily, but I figured I would try, I checked, everything was still live. I mean, up to and including the accounting system. Two factor worked. Everything worked. So I, I'm not gonna say which a HR system they had and which I d m they, they used, but I was a little surprised that the I D M didn't at least send alerts saying, Hey, this password hasn't been used for eight weeks. Maybe you should check into that. So as far as this problem being solved, personal experience tells me it is still a problem and it's gonna remain a problem until something really bad happens or somebody makes it sort of a, like a public wave of protest, which I don't see happening.
Louis Maresca (00:22:55):
Now, I I'm actually curious, Curtis, I wanna ask you about this because you covered the enterprise, you covered security quite a bit. Why, why do you think we're seeing this problem so often right now, even, even for many years? You know, I'd say, I'd say about 10 years ago people had this problem. Why are we still seeing this problem today? What are you seeing in the industry that people are still making mistakes on?
Curtis Franklin (00:23:14):
I think that this is a subset of the larger problem of rights management. You know, we have seen, there is a case right now that's going on that we're hearing about regarding secrets from the US government that shows that even those who are handling the most complex secrets don't use least management. We have long known and long lasting problems with permission creep with stacking permissions where they are never revoked. And I think it's, it's, to be brutally honest, I think that it's part of a, a, a set of activities that is just considered not important until it is it is not something that's considered a critical issue until the moment that a disgruntled or former or disgruntled former employee uses those still functional passwords and credentials to get in and, and work some sort of mischief on the system.
(00:24:46):
It is, it is a, a real shame because this is a problem where there, as Oliver mentioned, there are known solutions, there are existing solutions. This is not, you know, a pit of mystery into which we dare not tip our toes. This is something where there are products, there are technologies, there are processes to keep this from being a huge issue. And to echo something that Oliver said my career has led me to many different publications at many different publishers. And in at least one case, I know that I returned to a publisher after a two year gap and found that my credentials to the publisher's content management system were still active, still live, had never been touched. That gets us into another, another thing that makes this hard, we're still not using single sign on federated management across all the systems at most enterprises. We're getting better, but it's still not there. It's not unusual for people to have half a dozen different ins with half a dozen different related, but not the same credentials to get into those systems. And that is one of the things that makes this a much more difficult task for it, you know, across the board,
Louis Maresca (00:26:25):
You, you open the can of worms. You talked about federated scenarios, so I wanna talk about that for a second. And, and, and Oliver, I'm gonna bring you into this because you talked about CRM systems. Now, a lot of smaller organizations out there, they have eight to 10 applications and services they use, and they're all disparate systems. They're not connected in any way. They're probably with different companies. And they require, like you said a more federated scenario. We have identities managed in one place, and then the ability to federate that identity and permissions to use a specific service out to the application you're using, let's say Salesforce or SAP or or whatnot. However, not all systems are able to be federated. So you still have these, these separate credentials that then need to be revoked if they, if a user leaves.
(00:27:12):
Now I've actually worked with an organization in the past where they had like 20 different applications, third party applications that they had, and I'd say half, maybe even greater than half of them required separate logins for them. And then when the, the employees would leave the company, those would linger for a very long time until something would close up. There's no other fix for that other than federated unless you have some kind of repository that then sends out notifications to these companies to shut down access when a comp a user leaves. Is there any other solution for this? Have you guys seen anything when you've worked with application? What about you, Oliver? Oliver that you're working with different CRM systems?
Oliver Rist (00:27:50):
Yeah, crm hr, I D M, all of them federated seems to be, it's a very mature technology as long as both sides support, you know, in detail, the same thing that that tends to work. But the other stuff, what I'm talking about here or, or what the, the, the problem is for this kind of ID canceling is often just messaging and all these cloud services, the, the magic word there is rest, right? Everyone says, ah, we have a rest a p i and it'll work fine. Meanwhile, when after we did the I D M one, we went to another Zif property, which is Spiceworks, which is just a whole bunch of conversational threads forums where real guys talk about how they use the the technology. And when we talked about I D m, every single respondent was saying, it doesn't matter which I d m you use, you are gonna spend days plural with that company's engineering, people doing black box engineering, I mean stuff they just do custom for every customer just to make the rest API stuff work for single signon, for even interior features.
(00:28:59):
And that's why single sign is, is so hard to do. It. It it requires a lot of work. And the local IT guy that doesn't wanna do it, right, he just wants it to, he, he just wants it to, to work. And of course, the the guy on the company side is saying, well, you guys aren't doing it right and we don't wanna fix it for you. So there's this constant back and forth, and then it just never happens and you wind up having six different passwords, like, you know, for whichever one is easy, those work. But then there's always gonna be two or three apps for which it doesn't work. And I'm guessing HR and HR talking to the ID management system, even if it's just alerts, that's, that's probably a biggie. We also have the smart card system at at Zif just to get in the building. And I didn't try it, but dollars to donuts, that thing probably worked for three months after I left. I could have just walked in and out of that office. I will put money on that <laugh>,
Louis Maresca (00:29:52):
Maybe we should take a bet after the show. But I, Curt, I wanna throw this to you because I think the, you know, we hear a lot of companies out there saying, okay, there's a couple things that you can do as an organization to make this better. One Zero Trust, which again, we're gonna tuck to our the Doctor of Zero Trust here coming up pretty soon, but I, I wanna get into that then. But I think the one other thing that we hear is the identity access management solutions. A lot of companies are saying, Hey, go and implement X and this problem will get, will lessen or go away, is there's no silver bullet for this, right? That's not, that's not the solution.
Curtis Franklin (00:30:23):
That's not a solution. But, but there is a solution and, and everybody come in close get, get, get comfortable with this because we, this is a super secret, highly technologically advanced thing that that will go right over the head of many people. It's called a playbook, it's called a list of instructions. It's called a procedure that you follow whenever someone leaves the company for any reason. And this is especially important if you have a situation where you do have multiple systems, each with their unique sign on and credentials. It means that when someone leaves the company, one of the first things that's generated is a ticket to it that contains a workflow that says, you look at this person and you go down all of your systems, see if they have a login, and if they do, you kill it. And when you're through, when you have confirmed that you've done that, you send a response back to HR saying, this part of the former employees exit process is complete. That's the only way to do it. Is it time consuming? Yes. Does that mean that it's expensive? Yes. Does that mean that if you lay off 4,000 people at once, you are remaining it people will hate you very much? Yes, it does, but it's also the only way I'm aware of to make sure that you deal with this problem no matter how many disparate systems you have within your overall application infrastructure.
Louis Maresca (00:32:26):
Right, right. It's definitely an interesting problem. I think the, you know, we're, we're gonna talk a little about Zero Trust and how organizations can go and implement that with the guests in just a little bit. But I think the biggest challenge here is trying to bring together these services and making sure that not only you have a way to get rid of your users and access to things once they leave, but also ensuring that when they do have access to things they're in, in a way where they don't have access to the entire universe. And so when somebody does get a password or a credential, they can't make rec havoc on your network. And I think that's, I think these, these things definitely go hand in hand together. And I hope when organizations are definitely listening about it. But in the same sense, I do think that playbooks are a good thing to have in order to get started.
(00:33:08):
You know, I think I've worked with organizations that have things called TSGs, which are basically just troubleshooting guides that say, Hey, somebody leaves the organization, this is what you go and do. You, you go in, follow these steps, you send an email out to third party services, you send a note out to this service, you, you shut down this access, that kind of thing. And it's usually within 24 hours or whatnot. But I think the very interesting thing is the fact that there's no real way for organizations to test whether there is still exi existing things, existing access out there. And I think that is also another problem. Now, Oliver I wanna throw this to you before we move on. You know, obviously you've worked with a lot of HR systems and, and CRM systems. Are there ways for, I mean, obviously other than admins of accounts, is there ways for organizations to think to say, Hey, like this user had access, I don't want them to have access anymore. You know, I, I need to go and run some script or whatnot and make sure that I remove it. Do, do all of them have that? Is there something like the lowest level that you can do there?
Oliver Rist (00:34:09):
No <laugh>, all of them definitely don't have it. Some of them don't have it at all, <laugh>. Some of them have it, it's a text message they have, like, you know, it's just basically it kicks off an email and they say it's automated cuz it's an, it's a, it's a forming email to, to it where you just stick the user's name in it. And some go as far they, like, they claim it's policy-based stuff, but, and it's really just like a, it's a checklist for which, like, based on your role, this is what'll happen when you leave. And supposedly that will filter down, but it's dependent on which I d m you use. It's dependent upon which management pop apps your, your IT guys are using and how they're doing it. So again, it's, it comes with all that custom stuff so you can just see where certain people are like, eh, it's too much work. We'll, you know, how, how many people are we possibly gonna fire at at one time? And they just figured, I'll just send an email to Fred and Fred will take care of it, except that day Fred isn't there. Or Fred gets in his spam filter or whatever it is, and suddenly this person has access for a much, much too long <laugh> like I did.
Louis Maresca (00:35:16):
Yeah, it's true. And, and I think Annie even mentioned in in the chat is, can't this be automated? Obviously with the fact that they don't have these APIs or these scripting capabilities or whatnot, they're just not able to automate that. So it definitely becomes a, a bigger problem. So I I, I definitely think that there's, there's some some legs to this that there's that need. More organizations need to have better understanding of the third party systems and what they need to go through to essentially remove access. But in some cases it's just a big manual process. Well, folks, that does it for the bites. Next up our guests, and we're talking about Zero Trust in deep dive in that. But before we do, we do have to thank another great sponsor of This Week in Enterprise Tech, and that's Thanks Canary. Now everyone knows Honeypots are a great idea, so why don't all internal networks run them?
(00:36:00):
Good question. Right. Well this is simple answer because with all network problems, nobody needs one more machine to administer and one more machine to worry about. We just talked about that, right? Well, we know the benefits that Honeypots can bring, but the cost and effort to deployment always, always drops honeypots to the bottom of the list of things to do. Now, things Canary changes this having witnessed how easy they are to install and how impactful they are in ensuring security, I can honestly say, should definitely consider things Canary. Now Canary can be deployed in minutes, even on complex networks giving you all the benefits without the admin downsize. Now the canary triggers are simple. If someone accessing your, your lure files or brute forcing your fake internal SSH server, you have a problem, Canary uses separately uncomplicated high quality markers of trouble on your network.
(00:36:48):
Can hear us how it works? Simply just choose a profile for the Canary device such as a Windows box, a brand name router, or even a Linux server. And if you want, you can further tweak the services your Canary runs, and you may even be specific like i s server out versions or open s SSH or Windows file share with actual files constructed according to the name scheme that you actually give it. Lastly, register your Canary with the hosted console for monitoring and notifications. Then you wait, sit back and wait. Attackers who have breached your network, malicious insiders and other adversaries make themselves known by accessing your canary, your honeypot there and there's little room for doubt. If someone browsed a file share and opened a sensitive looking document on your canary, you'll immediately be alerted to the problem. They'll view testimonials@canary.tools slash love and see why customers on all seven continents love their things.
(00:37:40):
Canaries, deploy your birds and forget about them. They remain silent until needed. Get one alert via email, text Slack, web hooks, or syslog only when it matters. Visit canary.tools/TWiT and for just $7,500 per year, you'll get five canaries, your own hosted console, upgrades, support, and maintenance. And if you use Code TWiT in the how do you hear about a box, you'll get 10% off the price for Life. Vince Canary adds incomparable value, but if you're unhappy, you always return your Canaries with their two month money back guarantee for a full refund. However, during all the years TWiT has partnered with Things Canary, their refund guarantee has never been claimed. Visit canary.tools/TWiT and enter the Code TWiT and the hatty Hear About Us box. And we thank thanks Canary, their support of this week in enterprise Tech. Well folks, it's my favorite part of the show. We actually get the, we're gonna guest to drop some knowledge on the TWI at Riot. Today we have Dr. Chase Cunningham, he's Chief Strategy Officer at acom. Welcome to the show, Chase.
Dr. Chase Cunningham (00:38:49):
Hey, thanks for having me on.
Louis Maresca (00:38:51):
Absolutely. Now our audience is, it's a complete spectrum of experience in the industry and they love to hear people's origin stories. Can you take, take us through a short journey through tech and what brought you to Ericom?
Dr. Chase Cunningham (00:39:02):
Mostly really good people that realized I was destined for other things and me bumbling around and sort of solving problems along the way. Started out as a diesel mechanic in the US Navy wound up fixing some technology accidentally and that transferred its way into working at the National Security Agency and ultimately, again, bumbling my way into Forrester and writing books and other things. So totally luck and good people.
Louis Maresca (00:39:29):
Fantastic, fantastic. Now Ericom is making a big impact on the industry and I think the one big thing, we talked about this just recently, the fact about Zero Trust. Can you, can you maybe take us through just some of the challenges people are having just in the very beginning about implementing Zero Trust and moving to that, that specific type of model?
Dr. Chase Cunningham (00:39:50):
I mean, one of the biggest things is that there's this misconception about you're not going to trust your employees kind of at the human level. And that's not at all we're talking about. You can trust people all day long. You know, we're not saying don't have beers with people after work or whatever. What we're talking about is removing trusted relationships from within digital systems and computers and machines don't need trust. We need to remove that stuff because it's only good for the adversary to have default to the trusted relationships in the system. So really that's what I try and get people to understand is this is not, don't trust your homies, this is, don't let the machines trust each other.
Louis Maresca (00:40:27):
Right, right. Now there, the interesting thing is obviously I'll, I'll try to channel Brian Chee our other co-host here because he, he loves VDI I solutions. And the fact is he's worked with Air com's VDI I solutions back when he was at the university. And I think one of the biggest things is when you're using vdi, you're actually accessing a piece of software service through another box of some type virtual box. Does this make things easier? So if you have, we just talked about a bunch of disparate systems that might not be able to have centralized or s SSO or that kind of thing. Does VDI make that better?
Dr. Chase Cunningham (00:40:59):
Well, it makes it where you're able to do better command and control of infrastructure at scale. And the, the reality of it is, is this technology has evolved quite, quite quickly with the advent of cloud, advent of cloud rather. And it's, it's made it where you're able to not impact the user's experience because we all know the moment a security control gets in front of a user's experience, the security control now becomes an obstacle they gotta get past. So doing this, we ba basically make it where do your job, do your work, but security is part of the experience.
Louis Maresca (00:41:29):
Right, right. Now, Eric comment, they have a lot of different solutions. Obviously zero Trust being one of them. But you know, just recently I was reading a little bit about the fact that they have some other extended support for things like enabling Zero Trust in websites and having browser isolation and you know, making sure that users are segmented or segregated around away from reaching bad malicious endpoints. How is that working with this whole solution? How, how does this all integrate together?
Dr. Chase Cunningham (00:41:57):
Yeah, so the goal of of, of most organizations is I think to have some sort of I would call it an integrated portfolio of solutions. And the, because of the way this is architected, you're able to have things talk with each other and you don't have to rip and replace. You can add augment capabilities that need to be put in place depending on where they need to be put in place. And the remote browser isolation side, I think is one of the ones that is beginning to change the game for folks because I don't have to worry about whether or not somebody's gonna click on a Phish link because we use technology to get in front of that. I don't, I don't train my people about not clicking links cuz they're going to click links. I put technology in front of them that will remove the ability for malicious links to put software on their machine.
Louis Maresca (00:42:38):
Right. Now we, we talked about it in, in our bite a little bit about the fact that obviously organizations, they have these different systems and then they have users and people leave companies and they have to remove access. Now where, where can this type of solution help with that? Like how, if I have a third party application, let's say I have Salesforce for my crm and I have another kind of for my financials or me even my general ledger, I have some kind of on-prem type application. Is there a way to, to synchronize this all together and and enable Zero Trust in a way that it's not too expensive, not too cumbersome for the IT staff?
Dr. Chase Cunningham (00:43:15):
Yeah, I mean the, the real trick of it is to be able to have a constant upgrading of inventory assets, including users and accesses and privileges and apps and all those things that we all have. And because of the policy engine, you're basically able to keep that continual running, updating inventory on its own and everything's written in plain English, like I hate Reg X's. So we made it where the red X is not part of this thing. And if you're able to fog up a mirror, you can pretty much put a policy in place that will be enabling Zero Trust approach for organizations across the entirety of the enterprise.
Louis Maresca (00:43:48):
Now one thing that I'm curious about is obviously the fact that organizations are still starting to allowing that you're bringing your own device to work and the fact that that creates some level of risk extends the perimeter of the network to these devices that are now on remote work. What, what is these types of solutions? What is Eric and Ericom doing for the remote workforce? What, how is it helping that type of situation?
Dr. Chase Cunningham (00:44:10):
Yeah, so again, pushing everybody through the cloud and using containers and, and leveraging VDIs and things the way that we do, we don't care what your kind of endpoint actually is. Like you, you've, you're running your stuff at your house, by all means keep whatever you have at your house. But we are able to do things either via agent or agent less where we can check on policy and make sure that you are compliant the policy. And if you're not, we can tell you, look, you need to go patch your machine before we allow you access to this box. Or Hey, did you know that you have a Trojan running on your mobile phone? Like those types of things so that they can actually self remediate and we're not getting inundated with things that people should take care of on their own. And the fact is, the more that you can tell them and engage them and stuff and not make them go onto, cause nobody wants a corporate box. No. Make them use corporate machines. Everyone's experience becomes better.
Louis Maresca (00:44:59):
Right, right. Now you, you brought up a good point here is the fact that, you know, obviously some, some organizations are trying to implement mdm, they're trying to implement other solutions that essentially do a device health check or policy check before you're accessing resources or even logging into applications. How, how is this, how is this different than that? Like how, how are you, how are you guys doing th things differently? I know we, we have a in fact we even have a one of our sponsors actually does some, some, some type of this work where they validate your vet your vice or any device before you're actually accessing a service that you log into, let's say an Octa or so on. But how does this kind of differ from that?
Dr. Chase Cunningham (00:45:38):
So the, the difference really is the way that we're running the cloud infrastructure to keep a I guess you could call it a moat between the actual apparatus and the potential attacker side of it. And it's way better to have a container in the cloud get blown up because something got infected on it than it is to have your machine or an application inside of a network. And because of the proxy, because of the policy and the way that we're brokering those connections, we can sit man in the middle on those communications. We don't see the traffic, but we're able to see what's going malicious. And then worse case scenario, we blow up a container, which is a digital machine and it comes back online in 13 seconds and you never know that you really had a problem.
Louis Maresca (00:46:17):
Very cool. Very cool. Now I, I'm, I'm gonna leave the security questions to, to Kirk cause I know he's got probably a good number of those. But I do wanna ask, one thing is, is the fact that obviously since we're having a lot of remote workforce and a lot of bring your own devices, you, you, you risk organizations do risk the fact that employees will then go and access things they shouldn't or they, or they give access to somebody they shouldn't. And there's some malicious intent there. Is there some kind of additional resources or services that sit between all this? You said they, you can kind of detect this kind of stuff. Is there some additional resources or services that sit in there that can say, oh well you know, this, this user's access to these things is unusual that it's not normally the same way we should shut down this access, that kind of thing?
Dr. Chase Cunningham (00:46:59):
Yeah, so I would say we're not doing kind of the hardcore U E B A stuff that some of these other vendors are doing, but you are able to look at what's going on in the sort of back, back and forth transaction and say, does this make sense? Matter of fact, with a customer I worked on with recently y'all were talking about access management after they left, I had deployed the solution and the learning mode had done its thing. They actually saw someone that was logged in, that was a contractor there is that they fired 18 months ago and I found them on my call and we were able to revoke their access and kick him of the system. So it's one of those are we doing hardcore U E B A? No, cuz that's not our specialty. You can always hook into something else, but it becomes really clear when you know who's using what to get to which resource, whether or not that should be allowed.
Louis Maresca (00:47:43):
I do wanna bring my co-host back in, but before we do, I do wanna thank another great sponsor of this week, enterprise tech and that's Miro. Quick question. Are you and your team still going from tab to tab tool to tool losing amazing, brilliant ideas and important information along the way with Miro that doesn't need to happen? Miro is the collaborative visual whiteboard that brings all your great work together no matter where you are, whether you're working from home and or in hybrid workspace, everything comes together in one place online. At first glance, it might seem like a simple digital work and whiteboard, but Miros capabilities run well beyond that. It's a visual collaboration tool pack with features for the whole team to build on each other's ideas and create something innovative from anywhere shortened the time to launch so your customers get what they need faster.
(00:48:33):
With Murro, you only need one tool to see your vision come to life planning, researching, brainstorming, designing and feedback cycles that can all happen and live on mural boards across teams. And faster input means faster outcomes. In fact, mural users report that tool increasing project delivery speeds by 29%. That's a lot view and share the big picture overview. And as cinch, when everyone has a voice and everyone can tap into a single source of truth, your team remains engaged, invested, and most importantly they're happy. Cut out any confusion on who needs to do what By mapping out processes, roles, and timelines, you can do that with several templates including murs, swimlane Diagram. Strategic planning becomes easier when it's visual and accessible. Tap into a way to map processes, systems, and plans with the whole team so they not only view, but have a chance to give feedback as well if you're feeling meaning fatigue.
(00:49:35):
I know I am Mural users report saving up to 80 hours per user per year just from streamlining conversations ready to be part of the more than 1 million users who join Miro every month. Get your first three boards for free to start working better together at miro.com/podcast. That's m I R o.com/podcast. And we thank Miro for their support of this week in enterprise tech. Well folks, we've, we've been talking with Dr. Chase Cunningham, he's Chief Strategy Officer at Ericom. We're talking about Zero Trust vdi, but I do wanna bring my co-hosting cause I know I'm sure that they have some questions kind of stick in their back pocket there. I'll start with Mr. Curtis Franklin.
Curtis Franklin (00:50:19):
I appreciate it. One of the questions that, that I have involves this word trust. You know, we felt it necessary at the beginning of this to, to specify that we're not talking about trust in terms of well, I trust you to take my 10 bucks to McDonald's and bring me back a hamburger at lunch. It's machine to machine trust. But when I talk to companies, one of the things I hear all the time is how hard Zero Trust is. Oh, we love Zero Trust, but it's so hard. It's just, oh, it's difficult. It's hard. It's hard. It's hard. How much of that do you think is amplified by the fact that trust is in fact a word that has multiple levels of meaning in, you know, human relations, machine relations, corporate relations? I mean trust is one of these words that just has meaning stacked on meaning, stacked on meaning. Does that make it tougher to really get down and have a rational discussion about what Zero Trust is?
Dr. Chase Cunningham (00:51:28):
Yeah, I mean it's a very nuanced concept and you have to have a lot of deep conversations about exactly the type of trust you're solving for. So I agree it is, it is a bit of a mix when you're trying to get people to understand the specific type of trust you're dealing with and the way that you need to remove that based on a business outcome. It, it's never easy either for people to realize that they're going to revoke things like access and, and trust relationships and whatever within a system because sooner or later, like you guys were talking about earlier, somebody's gonna gripe about it. No one wants to hear someone griping about something that they probably didn't need access to or use in the first place, but trust at its core level. If, if, if people can walk away with nothing else, if you're just thinking about the digital system, computers and electrons, that they don't live in a trust space. Like trust is something humans came up with and we introduced into this digital space and it's causing compromise, therefore we should remove it.
Curtis Franklin (00:52:29):
Well, when those electrons are, are, you know, traipsing around in their entirely untrustworthy way, are we making things again, more complicated cause of all the different systems we're introducing into modern architectures? You know, when, when I, when again, when I talk to companies, the idea of just having a single cloud provider is, is non-starter. Every company has somewhere between half a dozen and a hundred different cloud providers for different things, and that's before we even get into the dependencies that exist. Is Zero Trust something that really can be an attainable goal in the sort of modern infrastructure where we're dealing not just with the relationships within our own immediate control, but all of these partner and provider networks as well.
Dr. Chase Cunningham (00:53:32):
Yeah, so that's what I, I, I think is is worth talking about too is that to be a thousand percent honest, you're never gonna be at zero because just like a bodybuilder that reaches zero body fat, they die. Like you can't, you can't exist with not some percentage of body fat. So you're gonna get to what we would call manageable or reduced trust. But then again, in marketing slang, it's not sexy to say manageable or reduced, therefore we say Zero Trust. And I also would like to remind folks that we never, those of us that actually are PR practitioners is et we never say that you won't have a compromise. As a matter of fact, one of the primary main tenants of ZT is accept compromise and then build trust, rely around that. So, and that's a hard thing for people to swallow as well when you're offering them a security strategy and say, Hey, guess what part of my security strategy is telling you you're gonna get owned?
Curtis Franklin (00:54:24):
Yeah, I, I like that because you're absolutely right. The, the real genius of Zero Trust is not that you're, you're going to avoid successful intrusions. It's just that when they get in, they're gonna be able to do as little damage as possible because you're going to keep them contained. You, you mentioned something else. And I, I think this is worthwhile because I talk to a lot of companies in the analytic space, and U E B A is one of those things that is becoming a bigger and bigger topic of conversation because there's this belief that if we only do enough analysis of what our people are doing, if we're only sophisticated enough, then we can get rid of a lot of other things. We'll, we'll base everything from identity to permissions to everything else on the analysis of what they're trying to do. And that's not what you are doing. You, you, you mentioned you're very honest, you're not a big U E B A engine that that's cool. Do you think that what you are doing with Zero Trust let's, and, and let's, let's expand it out, just zero Trust in general can exist effectively completely outside of U E B A. I mean, is is the trust relationship that is required between systems and components and you know, all the other pieces of a system sufficiently robust, that user analysis is something that can be looked at as an afterthought rather than an active part of daily definable activity?
Dr. Chase Cunningham (00:56:11):
No, I think, I think analytics and telemetry are absolutely key to enabling security strategy at its core. I think as you get to zt, it becomes even more critical and more crucial because I need to have an understanding contextually of what's going on so that I can decide whether or not an action that's occurring is either risky or I need to remediate or it's just a problem and I can deal with it later. And that, that really is where we get into kind of almost the military strategy of this when you're thinking about analytics is ultimately data and telemetry allow me to vector resources to solve problems. And if I've got really good telemetry and really good analytics, my fidelity of whether or not something is risky becomes better. And that, that helps us enable trust decisions. Because like you and I were talking about, I'll never have no trust. I'm gonna have manageable trust. And this is how I enable that manageable trust is because I'm making decisions based on context and input
Oliver Rist (00:57:08):
Roll over to Tyler or Oliver. Yeah, it's got the one where Curtis is more in the advanced security area. Me, I come from the SMB background, a lot of generalists. So 2021 Microsoft pitches me on WIN 365 and Azure vdi, which both still exist, but at the time it was a covid thing, right? So it's main problem was everybody and their mother's trying to use their SaaS apps from whatever their iPad, their, you know, personal notebook and they hated having to manage those things. If they had a problem, those guys would call them and like, I can't manage that. I don't even know what your home router is. So the, the selling point for WIN 365 was, all you have to do is manage that, that desktop, that virtual desktop, and you can tell 'em to go hang themselves over everything else. They didn't really talk to me much about security other than the usual basic single sign on with ad windows Defender for the usual stuff and some data encryptions Zero Trust was never mentioned. Now for a generalist, for a guy who's not a lot on his plate, what are the three things or whatever, five things you would use to sell that person, like specific benefits and what's your advice? What questions should they be asking guys like you to make sure they're getting the best thing for what they're using?
Dr. Chase Cunningham (00:58:27):
Number one, I would say if you don't have a dedicated resource to actually do security, find an outsource provider and move to an outsource management protocol because you can't dip your toe into security and think you're actually making a difference. This is something that has to exist as part of a strategic initiative. It requires effort, it requires budget, it requires focus. The moment you turn the lights off, the adversary all of a sudden turns the lights on. So that's when the roaches come out from underneath the desk. And that's, that's not a good place to be. The next thing I would say is look at the default things that are on your machines, on your endpoints and configurations. Like Microsoft's a great example, and I love Microsoft. Turn off PowerShell. People don't need PowerShell. If you're not a developer doing crazy nerd things, you don't need PowerShell.
(00:59:10):
Therefore turn it off. Cuz guess what? Ransomware invokes PowerShell. That will solve a massive amount of the problem. Like for me, it boggles my mind. People still wonder about how to stop ransomware, disabled power shell, there you go. I just solved 90% of your problems. Send me the royalty check. And then the last thing is really move to cloud infrastructure because cloud infrastructure, especially for small and mid-size business, enables management at scale. And if you look at the cloud providers, Google and et cetera, they have more powerful control capabilities that are able to be consolidated via policy than you'll ever get trying to cobble this thing together on your own.
Louis Maresca (00:59:49):
Well, unfortunately we're running low on time, but I did want to talk to you really quick before we, we jump outta here. Is around, there was, there's been an acquisition that happened, right? What, what's going on there? What, what's Aon doing now and, and how is this con gonna change for you guys?
Dr. Chase Cunningham (01:00:01):
Yeah, so ACOM was recently acquired by Cradle Point, which is part of the Erickson family. And essentially where that's gonna go is Cradle Point has got a lot of capabilities in 5G in the mobile space and they've got a lot of capability in backend and networking. ACOM has got a lot of stuff on connectivity, on security, on Zero trust. Those things are going to mush into one big happy capability that you're gonna be able to offer customers and take them literally from soup to nuts on mobile, 5g, et cetera, et cetera, and apply Zero Trust policies at speed and scale via the integration that's going on with cradle Point.
Louis Maresca (01:00:37):
Amazing. Well, Chase, thank you so much for being here. I didn't wanna give you a chance maybe to tell the folks at home if they wanted to get started with Ericom. Where do they go? How do they get started?
Dr. Chase Cunningham (01:00:46):
Yeah, so right now we're still lining a lot of it up cuz Air the acquisition just happened this week. But I would say look at cradle point.com, look@Ericom.com and then also look at Zero Trusts edge.com.
Louis Maresca (01:00:59):
Fantastic. Thanks again. Well, folks, you've done it again. You sat through another the Best Day Enterprise and IT podcast in the universe to definitely tune your podcaster to twt. I want to thank everyone who makes this show possible, especially these amazing guys, these co-hosts of mine. I wanna start with our very own, Mr. Oliver Rist Oliver, great seeing you again. Can you tell the folks at home what's going on for you in the coming weeks and where can they find you in your work?
Oliver Rist (01:01:21):
Well, like I said, I moved over to Worth getting access to Worth stuff is a little difficult, but they are online. And the last thing I did, I am rather proud of was, was the the Worthy 100 list. So just like the actors awards or actors giving and giving kudos to other actors. This is basically, you know, a billionaires giving kudos to other billionaires. Although we were encouraged to put real innovators and real change makers in the, in the list. We had a guy from who's been fighting pandemic since the seventies. We had a young lady, 15 years old who invented an algorithm that will help California predict firefi wildfires, stuff like that. And yes, there are, there are billionaires out there who, who are pledging to, to give all their money away. And there actually was one, one guy so far has actually done that, gave everything away except for 2 million bucks that he wants to, wants to retire on. So it's an
Louis Maresca (01:02:18):
Interesting, fantastic, thanks for being here. Well folks, we also also have to thank you very well, Mr. Curtis Franklin. Curtis, can you tell the folks what's going on for you? The coming weeks work, people find all your work?
Curtis Franklin (01:02:30):
Well, with just a little bit of luck, I will have a report out for our subscribers at Omnia this week on enterprise security management, specifically the cybersecurity awareness training part of it. Both those companies that are attached to security infrastructure providers and those that provide just the training. Working on a review of what went on at Enterprise Connect got a piece being published on what went on at the Fort Net event that I attended this last week. Getting ready for RSA and believe it or not, also beginning to look hard at what we're gonna be doing at Black Cat coming up in August because there will be a one day Omnia summit and I'm expected to have something profound to say that day. And so I am dropping a line and hook into the the well of profundity and hoping something sharp, lively and Wrigley comes leaping out. So stay tuned as I let folks know what's gonna be happening there.
Louis Maresca (01:03:52):
Fantastic. Thanks Curtis. Well we also have to thank you as well. You're the person drops in each and every reach, get your enterprise and it goodness, we wanna make it easy for you to listen and catch up on your enterprise and IT news. So go to our show page right now, TWiT tv slash TWiT. There you'll find all the amazing back episodes of Show Notes to the Coast information, of course the guest information and the links to the stories that we do during the show. And more importantly there next to those videos, you'll get those helpful download and subscribe links. Support the show by getting your audio version of your video version of your choice. Listen on any one of your devices or any one of your podcast applications cuz we're on all of them and subscribing definitely helps support the show. You may have also ho we also have Club Twit.
(01:04:33):
That's right. It's a members only ad free podcast service with a bonus TWiT plus feed that you can't get anywhere else. And it's only $7 a month. And there's a lot of great things about Club TWiT. One of them is the exclusive access to the members only Discord server. You can chat with hosts and producers, separate discussion channels plus special events. There's book clubs on there, lots of really fun stuff. So definitely join Club TWiT, be part of that movement. Go to TWiT.tv/club TWiT. Now, club Twit also offers corporate group plans as well. It's a great way to give your access to our ad Free Tech podcast to the whole team, to every team member plans to start with five members at a discounted rate of just $6 each per month. And you get it at as many seats as you like. And this is really a great way for your teams, your IT departments, your developers, your tech teams to stay up to date with access to all of our podcasts.
(01:05:22):
And just like the regular membership, they can join the TWI Discord server and get that TWI plus bonus feed as well. So don't go to go right now, TWiT TV slash club TWiT and join Club Twit. You know, after your subscribe of course I want you to impress your family members, your coworkers, your friends with the gift of Twit cuz we, we have a lot of fun conversations around technology on this show. I guarantee they will find it fun and interesting as well. So definitely share TWT with them, TWiT tv slash TWiT. Now if you're already subscribed and you're available on Fridays at 1:30 PM Pacific Time, like right now, you can watch this show live. That's right. Come see how the pizza's made, all the behind the seeds, all the fun stuff and the banter before and after the show. You can check that out at live, do TWiT.tv, that's where you can choose your stream and of course you're gonna watch the show live.
(01:06:09):
You can also jump in the infamous chat room that we have, our IRC chat room that we have. It's irc.TWiT.tv. You can log in right there and join the TWiT live channel there. You have all the amazing characters that's in there each and every week, plus all a lot of new people that come in and have had great conversations. So please join that, be part of that conversation and also be part of the live show. I definitely want you to hit me up on Twitter or LinkedIn or masses on wherever you're at on Twitter. I'm TWiTter.com/lu there. I post all my enterprise tidbits. I have lots of great conversations. So definitely hit me up there. Of course you can hit me up on Mastodon at lum twi Do social, of course you can, you can hit me up on LinkedIn. I'm also Lewis Maka on LinkedIn.
(01:06:52):
I have a lot of great conversations on there as well. In fact, I just recently had one about one of our shows. Really great conversation. I I really wish everyone would just reach out and and, and let us know how things are going. Also, give us some show ideas cause we have some really good opportunities to bring different parts of the different segments of the market in. And if you guys have some, have some ideas, definitely send us a quick note about that. If you wanna know what I do during my normal work week at Microsoft, please check out developers.microsoft.com/office. There we post the amazing and great ways for you to customize your office experience to make it more useful and productive for you. And if you have Microsoft 365 and you have Excel, check out that automat tab. That's right, that automat tab is my wheelhouse.
(01:07:35):
That's where we sit and we develop and we're building out this new platform called Office Scripts. We can create a macro and be able to share that with any one of your platforms, whether it's desktop or on the web, and be able to run those macros and power automate. So definitely check out that tab and play with that a little bit cause it's a lot of fun. Well folks, I wanna also thank everyone who makes this show possible, especially to Leo and Lisa. They continue to support this week in enterprise tech each and every week and we really couldn't do the show without them. So thank you for all the support over the years. Of course, thank you to all the staff and the engineers at TWiT because again, they make it easy for us. And of course I wanna thank Mr. Brian Chee. He's not only our co-host but he's also our tireless producer as well.
(01:08:14):
He does all the bookings and the plannings for the show, all the show notes. So thank you Chiefer for all your support over the years cuz again, we couldn't do the show without you. Of course. Before we sign out, I wanna thank our editor for today, Mr. Anthony. He, he makes us look good after the fact. He removes all of my mistakes. So thank you Anthony for making me look fluent. I appreciate that. And of course I wanna thank our TD for today, our technical director, the talented and amazing Mr. Ant Pruitt. And he does an amazing show called Hands on Photography, which I wor learned from each and every week and I really appreciate all the content on there and what's going on then on hop this week.
Ant Pruitt (01:08:47):
Thank you Mr. Lou. Well, this week I had the honor and pleasure to speak to a legendary photographer who I can also call a friend Dad Gummit, I'm so proud of myself, Mr. Rick Salmon joined me on the show this week and we talked about travel and vacation photography and what camera you should bring for your travel and vacation photography. And I gotta tell you, you're gonna be surprised with this answer, TWiT.tv/h o p.
Louis Maresca (01:09:14):
Thank you so much and until next time on Louis Maresca, just remind you if you wanna know what's going on in the enterprise, just keep TWIET.
Jonathan Bennett (01:09:25):
Hey, we should talk Linux. It's the operating system that runs the internet, but you game console, cell phones, and maybe even the machine on your desk, you already knew all that. What you may not know is that Twit now is a show dedicated to it, the Untitled Linux Show. Whether you're a Linux Pro, a burgeoning Ciit man, or just curious what the big deal is, you should join us on the Club Twit Discord every Saturday afternoon for news analysis and tips to sharpen your Linux skills. And then make sure you subscribe to the Club TWiT exclusive Untitled Linux Show. Wait, you're not a Club Twit member yet. We'll go to TWiT.tv/club TWiT and sign up. Hope to see you there.