Episode 15

full
Published on:

22nd Oct 2024

Cybersecurity: The Future is Now - What You Need to Know

In this episode of the Las Vegas IT Management Podcast, host Shaytoya Marie interviews Chris Behar, a seasoned IT and security consultant with years of experience in the field. Chris dives into his journey in the IT industry, sharing how he has navigated the evolving landscape of cybersecurity and the critical role of physical security.

Visit our website for more information and additional resources.

Make sure to like, comment, and subscribe to stay updated with our latest episodes! 

#LasVegasIT #Cybersecurity #PenetrationTesting #AICyberSecurity #TechInsights

Disclaimer: The opinions expressed by the guest speakers on this podcast are solely their own and do not necessarily represent the views or opinions of K&B Communications

Transcript
Speaker:

Hey guys, it's Shatoy with the Las Vegas IT Management Podcast.

2

:

Today I'm super, super excited because I get to interview Chris Bihar with Blue Bear

Consulting.

3

:

Welcome, Chris.

4

:

Hi Shatoy, thanks for having me on.

5

:

Yes, of course.

6

:

I'm very excited to have you on today.

7

:

I know this has been a couple of weeks process of getting you on, but I'm super, super

excited.

8

:

Just a little learn a little bit about more about what you do.

9

:

And I know you've been in IT

10

:

and security consulting since 2001.

11

:

What caused you to be inspired to start your own company?

12

:

And how has the industry involved since then?

13

:

So my first job in IT was actually CompUSA when I was 15.

14

:

I'm a lifer.

15

:

I've never worked outside of IT.

16

:

So I've been kind of fortunate in that way that I knew exactly what I wanted to do.

17

:

I started my computer editor career working in retail.

18

:

I absorbed as much knowledge as I could.

19

:

I took classes offered through CompUSA and I earned my MCSE when I was 16 years old,

transitioned into the repair department and got other certifications in Nobel, A +, Apple,

20

:

HP.

21

:

I was doing printer repair for a while.

22

:

And I remember sitting in a class, I think it was a networking essentials class for the

MCSE and it was taught by a computer consultant.

23

:

And I remember thinking that's exactly what I want to do.

24

:

I loved the idea of getting hands-on with the technologies.

25

:

having the freedom to work independently and working closely with organizations to improve

their IT, their security.

26

:

Back then, security wasn't as big of a deal as it was now, but it was definitely something

that a lot of people talked about and it ended up becoming one of my specialties over the

27

:

years.

28

:

The industry has evolved immensely since I started.

29

:

Obviously, the internet wasn't as big as it was and the importance of cybersecurity just

wasn't there.

30

:

I realized early on though, probably in the early 2000s, that security was really

31

:

very very important.

32

:

I started attending the DEFCON conferences here in Las Vegas.

33

:

I'm a transplant, I was from San Diego, that's where I was for about 20 years and moved

out here to Vegas.

34

:

I started going to the conventions and have been going off and on to the DEFCON Security

Convention for probably about 26 years now.

35

:

It's a great opportunity to meet people in the security industry, to learn new things, get

hands-on, get some real-world experience in some of this.

36

:

Got it awesome well thank you Chris for sharing that and I just love San Diego so that's

so awesome here you know originally from there but you did mention the DEFCON is it it

37

:

pronounced that correctly?

38

:

awesome exactly what is that?

39

:

So DEFCON is an Agneal security conference that's been held for I think 32 years now and

basically it's a hacker convention where they set up talks they have labs and villages.

40

:

for all kinds of different areas of cybersecurity.

41

:

I mean, these days we have things like car hacking villages, aerospace hacking villages.

42

:

Everything you can think of having to do with computer security is there.

43

:

You can get your hands on, you can talk to people.

44

:

That's one of the big things about the DEFCON and the security culture in general is this

idea that we share kind of vulnerabilities and exploits and things that we found to help

45

:

others protect themselves.

46

:

I really kind of believed in that ethos and it's a lot of fun.

47

:

know, it's a great opportunity to just get out there and I met some of my best friends at

the convention over the years.

48

:

Got it.

49

:

And is that the convention that we all talk here about that occur at the casinos that they

say every year that people come into town and they have to protect their services from

50

:

hackers?

51

:

For sure.

52

:

You know, it's one of those things we have to have a good security posture going into it.

53

:

So I personally, you know, like to bring a burner phone.

54

:

I don't bring the work.

55

:

corporate phone, you don't want to join different Wi-Fi networks, even having your

Bluetooth on, you'll see little pop-up where, hey, something wants to connect and be the

56

:

keyboard on your phone and whatnot.

57

:

A lot of it is just, you know, kind of people joking around, but, you know, it does

underscore the serious threats that are out there, and a lot of the people that attend

58

:

there are some of the best, you know, security people in computers all over the world.

59

:

It's a great bet for anybody, whether you're getting started or you're a seasoned

professional in IT.

60

:

check out sometimes.

61

:

Got it.

62

:

And I've you know, being a native from Las Vegas, I've heard a lot about it.

63

:

So that's so awesome to hear that you've attended those for quite a while now.

64

:

And Chris, with your experience across various projects, like website development,

application design, and infrastructure solutions, what project has been the most

65

:

challenging or rewarding for you?

66

:

I've had a lot of challenges in my career.

67

:

And I think the most significant one came in 2020.

68

:

I'd been working with a small biotech for a few years.

69

:

They were only about 60 employees at the time.

70

:

And they had a rapid PCR flu test.

71

:

And when COVID came around, they got some government grants and needing to scale up.

72

:

So within a year, I took this company from 50 employees to 700, opening new sites, hiring

employees of mine, training their employees, creating security plans.

73

:

even spinning up new buildings during the time of COVID, which was really difficult

because of supply chains and getting vendors on board.

74

:

This rapid growth was very difficult and allowed me to put a lot of my skills to the test,

technical operational skills.

75

:

I had to expand my team and build their infrastructure to allow for that kind of growth,

which is pretty dramatic.

76

:

Most companies will never see that kind of growth in 20 years, much less one year.

77

:

So this included a lot of hands-on work, coordinating with the vendors to expand and scale

the systems, bring up the new sites and buildings for office work, laboratories,

78

:

manufacturing areas.

79

:

Like I said, supply chains were very difficult, so it was hard to get switches and servers

and things like that.

80

:

And we had really tight deadlines, which seemed almost impossible at the time to achieve.

81

:

While most people were home, I was out working 60 to 70 hours a week on site, making

critical IT decisions and building.

82

:

policies, procedures, and systems in a highly regulated FDA environment.

83

:

So it was pretty intense.

84

:

It was extremely rewarding though to navigate that period and see my client eventually get

acquired in:

85

:

So that was really fulfilling from a professional standpoint.

86

:

But in addition, we did a lot of good.

87

:

was a time where the world was kind of looking for solutions and answers to control the.

88

:

pandemic and felt good to be part of, you know, that that process to bring something to

the community and to the world that would help out.

89

:

no, that's amazing, especially during the time like a lot of businesses were struggling

just due to COVID.

90

:

So for you to have that growth, that's absolutely amazing.

91

:

And when it comes to physical security is often overlooked in today's digital focused

world.

92

:

Can you share some insights on why access control and video surveillance?

93

:

are still critical for businesses security?

94

:

Sure.

95

:

mean, the reality is physical control of your assets is one of the most critical

components you can have in cybersecurity.

96

:

We do have a lot of stuff in cloud, but most people still do work in some kind of

on-premise nature.

97

:

They have some kind of business processes that happen, manufacturing and whatnot.

98

:

So it's also important for employee safety.

99

:

You need to make sure you protect your people and having a good secure site and facility

for them is

100

:

is absolutely important.

101

:

Your people are your number one asset.

102

:

That's one thing they teach you in the more advanced management security courses is that,

yes, your data is valuable, but the people are really the biggest asset you have.

103

:

And you want to make sure that you keep yourself free from litigation and maintain

compliance, regulations, and whatnot.

104

:

A lot of those require good principles of practical, physical security.

105

:

One of the most successful hackers of all time, his name is Kevin Mitnick.

106

:

He specialized in the art of engineering and regularly was able to walk his way into

organizations, extract data or program software and get whatever he needed simply by

107

:

walking in and pretending to be a vendor.

108

:

He wrote a great book that I like called The Art of Intrusion that I recently reread.

109

:

and he details his exploits in physically penetrating organizations.

110

:

it's something that I think was written about 20 years ago, pretty much everything he

talks about still rings true today.

111

:

So it's very important to keep your physical security under control.

112

:

Got it.

113

:

Very.

114

:

And when it comes to risk and vulnerability, investments are key to a solid security

strategy, what common

115

:

What vulnerabilities do you encounter most often when conducting these assessments for

clients?

116

:

You know, I find that the same vulnerability has persisted over the years and it's the

most effective vector for attackers and the easiest to fix and that's people.

117

:

They're the weakest link in any system.

118

:

You know, creating a cultural security in an organization with frequent trainings and

robust policies is the most cost effective solution to prevent attacks from being

119

:

successful.

120

:

MGM right here in our backyard was compromised last year with the ransomware attack that

cost them a hundred million dollars.

121

:

And it all could have been prevented by implementing better policies and procedures for

their help test team.

122

:

A large organization like that can be vulnerable than every organization is vulnerable.

123

:

So it's the same story we saw with the DNC hack by the Russians in 2016 when they

compromised a Clinton campaign.

124

:

You know, it's better off that you train your staff and train them well and have good

125

:

policies and procedures because that's really kind of the first line of defense.

126

:

These types of attacks are the easiest to pull off, they're the least technically complex.

127

:

And there's a really good book that I read on this recently as well, I do a lot of

reading, it was called Fancy Bear Goes Fishing, and it covers that attack as well as the

128

:

history of viruses and malware.

129

:

Highly recommend that book, it was a great read and really gives you kind of some insight

into what is it that we're dealing with and where it came from.

130

:

Got it.

131

:

And you didn't mention the importance of training your employees.

132

:

How does someone start this process or, you know, making sure that they're going through

the right process of making sure that they're doing the right training?

133

:

You know, the key is to have the right person on your side, a good advocate.

134

:

You know, there are a lot of IT people that kind of focus on the nuts and bolts and aren't

really so trained in kind of operational aspects.

135

:

So I think this is where, you know, key stakeholders, board of directors, et cetera,

really need to look at

136

:

kind of the big picture.

137

:

You know, it isn't so much necessarily about technical security controls.

138

:

A lot of them are operational and really kind of thinking big picture.

139

:

So a lot of that starts with just kind of sitting down and saying, hey, we need a security

program, developing some policies, procedures, and those policies and procedures can kind

140

:

of dictate actions like, you know, frequent awareness training, phishing assessments, etc.

141

:

So it's really about kind of starting right from the bottom and building a good foundation

to build your business on.

142

:

Got it, understood, which I think is super important.

143

:

Thank you for sharing, Chris.

144

:

Could you walk through a real life example of a penetration test you've conducted and the

kind of threats or vulnerabilities you were able to uncover?

145

:

Sure, there's been quite a few, but penetration testing and vulnerability testing is often

very easy because once you find your way through an overlooked area of the system,

146

:

It's easy to gain leverage and move laterally and escalate your privileges and then

implement what we call persistence, which means that, you know, if one system's turned off

147

:

or something gets rebooted, that me as the attacker can still get back in.

148

:

The key is really just getting your foot in the door undetected.

149

:

And from there you can kind of, you know, do whatever you want.

150

:

One incident that comes to mind was a project I was working on a few years ago with the

target being a educational institution.

151

:

I was hired on by the director to do short engagement to assess their overall security.

152

:

There were no easy points of entry that I could find at the network, so I turned to

phishing and social engineering, which usually works pretty well, and it's a pretty quick

153

:

way to getting something and getting in the door.

154

:

I looked at their website and I noticed they had a fundraising event coming up that seemed

promising, and the email address used by the organizers was a Gmail account.

155

:

versus one issued by the organization itself.

156

:

I created a similar Gmail account by just adding a the in front of their official email

address, and then wrote a little script to scrape their website and download all the email

157

:

addresses of all the staff and faculty.

158

:

I then created an email pretending to be the organizers with a link to a survey that would

enter the respondent into a raffle to win free tickets to the fancy black tie event they

159

:

had and a hundred dollar gift card.

160

:

I knew who the chair was organizing the event, I impersonated them, and in the email I

said it was sponsored by one of the families who were listed as one of the main donors.

161

:

All of this built credibility in the email, and the link to the survey took the targets to

a website I had created that looked a lot like a Google sign-in page.

162

:

Within about an hour, I had harvested the credentials of 50 staff and found that many of

them did not have two-factor authentication enabled.

163

:

So from there, I was able to gain access to

164

:

VPN and the internal network, as well as other important systems that relied on single

sign on with that Google account.

165

:

This attack was very noisy and it was the kind of thing that would have been uncovered

within a short amount of time.

166

:

Really, it was just a proof of point, you know, to the executive board and stakeholders

that they needed to put some time and effort and money into training the people.

167

:

But, you know, at the end of the day, they weren't ready for a comprehensive test.

168

:

The reality is that most organizations that

169

:

do get pen tests or think that they need one, haven't put the time and effort into

securing the basics.

170

:

And they'd be better off investing their time and money into practical security

improvements like developing and implementing effective policies, procedures, and engaging

171

:

an ethical hacker like myself to kind of evaluate and give them some recommendations.

172

:

In a lot of ways, it's kind of like a marathon, right?

173

:

If you haven't trained for it, you know, wouldn't go out there and try and run 24 miles.

174

:

So I think that's, that's one of the

175

:

things that a lot of people don't understand about penetration tests is that they're most

effective after you've had a period of hardening and really typing up security controls to

176

:

really find the things that were very unique and very kind of more difficult to exploit.

177

:

So that was a fun one.

178

:

I've done quite a few over the years.

179

:

It's aspect of our job I really like a lot.

180

:

Got it.

181

:

That sounds like something that's probably much needed.

182

:

figure out where people are, their companies are weak at.

183

:

I get it.

184

:

you, you act of a advocate for a pragmatic approach to security, starting the end user

awareness training.

185

:

And in, your opinion, what's the most important aspect of security that businesses tend to

overlook?

186

:

think most businesses don't realize how vulnerable they are until it's too late.

187

:

You know, security is kind of an afterthought in many cases after the damage is done.

188

:

lost revenue, data, and the impact on reputation that can cost an organization

significantly.

189

:

And it's a big risk that many take without serious effort into taking some basic steps to

protect themselves.

190

:

Sure, it does cost a lot to hire a consultant to help implement these controls and set

these things up.

191

:

But if the cost of hiring that consultant is less than the potential impact of a breach or

a hack, then it's worthwhile.

192

:

Also, it's the kind of thing that, you know, once you set these things up, they kind of

keep going and it's not like you have to keep making that investment over and over.

193

:

You just kind of make incremental improvements to it.

194

:

So that's one of them.

195

:

And then the other thing that I see is a lot of people think that cybersecurity insurance

is the answer to this.

196

:

Oftentimes claims are rejected because many people don't prepare and have reasonable

security in place.

197

:

And that's the thing that, you know, you really have to

198

:

protect yourself and have a good security posture.

199

:

Having cybersecurity insurance is great, but it's not gonna save you at the end of the

day.

200

:

It's really just gonna save you if you've done all the right things to try and protect

yourself, show that you've been diligent about it.

201

:

Right, so the insurance pretty much doesn't technically protect you from the stuff that's

out there.

202

:

So I understand.

203

:

And then so what are some of the key policies or procedures every company should have in

place to build a strong security foundation?

204

:

Sure.

205

:

There are a handful of policies and procedures that every organization should have at a

minimum.

206

:

Things like acceptable use and training policies are instrumental for your staff.

207

:

You also need like a backup and disaster recovery and incident response plan and policies.

208

:

Every organization should have an onboarding and offboarding policy and procedures to

ensure that

209

:

those critical processes are handled consistently.

210

:

It all really depends on the nature of the organization and what regulations apply to

them.

211

:

For example, if you have sensitive health or personal financial information, you should

have a lot more policies and procedures and be a little bit more robust than say, you

212

:

know, a small business that just kind of deals with, you know, customers on Yelp or things

like that.

213

:

These policies should be shared with staff.

214

:

and where appropriate become part of the culture so that they're effective and well known.

215

:

Policy means nothing if it's not enforced and a procedure is useless if it's not followed

every time.

216

:

I think having less is more in this case and having the right ones is really key.

217

:

Got it, which is very, very important.

218

:

And then with so many new tools and technologies entering the market, how do you stay

updated and decide what's truly valuable for improving security?

219

:

I like to read a lot, know, many vendors put a lot of good information on emerging

threats.

220

:

CrowdStrike does a really good job getting some of that stuff out there.

221

:

They also talk a lot about big threat actors like nation states and whatnot.

222

:

I follow a lot of people on X and Twitter.

223

:

It's a really good resource.

224

:

There are many accounts that talk exclusively about cybersecurity.

225

:

In addition, there's some good weekly podcasts available.

226

:

So like on Spotify, listen to one called Risky Business.

227

:

It does a really good job on kind of keeping the pulse of what's new.

228

:

It's tough sometimes to make time to learn while you're working full time, but it's

absolutely essential for any IT professional to continue evolving and learning as well as

229

:

business owners.

230

:

They really need to at least be aware of this and make sure they've got the right people

in place and are asking the right questions to protect themselves and their companies.

231

:

Got it.

232

:

And you did mention a few books.

233

:

Is there any current books that you're currently reading?

234

:

Kind of in between.

235

:

I'm actually right now studying for a couple of certifications, so the books for those are

kind of Bible sized.

236

:

But yeah, you know, I really just like to read anything about cybersecurity.

237

:

lot of good authors, like I mentioned, Kevin Mittnick, he's one of my favorites.

238

:

There's also another author called Bruce Schneer.

239

:

He's really, really good and has done a lot of books on kind of cybersecurity in general.

240

:

You know, you really can't go wrong with putting more time and listening to this, learning

about security, particularly if you're in the area and you work in IT.

241

:

Brought it and if you don't mind if you could provide me some of those links for our

listeners to go look for that'd be awesome.

242

:

And so, you know, you've been passionate about AI for many years.

243

:

Have you seen AI evolve in the security industry and what excites you most about the

recent advancements?

244

:

Sure.

245

:

You know, I've been into AI pretty heavily since the early 2000s.

246

:

Again, I used to read a lot of books on this.

247

:

One of my favorite authors there is Ray Kurzweil.

248

:

kind of highly regarded as the godfather of AI.

249

:

His books over the years going back into the 90s have kind of predicted what's been

happening with AI.

250

:

So it's really fascinating now even to look back and read some of these and see how bright

it was about a lot of these things.

251

:

What was really needed for us to get where we are now with AI is computing power.

252

:

And it takes a lot of processing to make something like GPT work as well as it does.

253

:

And it took time for that technology to advance.

254

:

You also need kind of the internet to grow up around it.

255

:

So AI really needed all these foundations to really become what it is now.

256

:

And what I find amazing is that at our fingertips, we have the most powerful technology.

257

:

Everybody has access to right?

258

:

ChachiBt is freely available.

259

:

There's other ways to access AI tools.

260

:

It is the most powerful tool that humans have ever created.

261

:

And there's a saying that, you know, the last invention that humans will ever make.

262

:

is what they call AGI, artificial general intelligence.

263

:

Because at that point, we won't need to create anything new.

264

:

The AI will be so much more advanced that it can actually start creating new innovations

in healthcare, technology, microprocessor development, et cetera.

265

:

So it's really pretty powerful stuff that I'm very excited about.

266

:

What's really exciting for me too these days is how much AI is being woven into

applications that we use day to day.

267

:

and the potential benefits for businesses of all sizes to be more efficient and more

secure.

268

:

AI can help automate manual processes.

269

:

It can help find intrusions into your network, identifying weak passwords.

270

:

There's AI these days for penetration testing.

271

:

So there's a lot of good stuff and a lot of it's freely available.

272

:

So now's an exciting time to be alive, that's for sure.

273

:

Got it.

274

:

And I personally love the software that's available to us.

275

:

And do you I don't think you mentioned it.

276

:

Do you have a current favorite when it comes to either some type of AI?

277

:

I there's so many different softwares out there.

278

:

mean, I built my own built and trained my own AI models.

279

:

You know, the thing about it is it's so expensive.

280

:

like chat, GPT, Gemini, the amount of money it takes to train those models is, you know,

we're talking billions and billions of dollars.

281

:

So I personally do like chat GPT.

282

:

I think it's one of the better ones out there.

283

:

They're kind of

284

:

revolutionary in the way that they solved the problem that others have been working on for

years.

285

:

Google has been working on AI for over a dozen years and they actually came up with the

GPT part in chat GPT.

286

:

They just weren't able to innovate on it.

287

:

So it's fascinating to see this small company that started relatively obscurely in Silicon

Valley kind of come up out of nowhere.

288

:

And it looks like OpenAI is going to be probably one of the biggest companies in the world

when it IPOs.

289

:

So pretty exciting stuff.

290

:

And yeah, we'll see what the future holds for all of us, but it looks pretty promising.

291

:

Yeah, very exciting.

292

:

When it comes to what emerging trends or technologies in IT and security are you currently

keeping a close eye on and how do you think they will shape the industry in the next five

293

:

to 10 years?

294

:

I mean, AI really is the name of the game.

295

:

It's going to be integrated into everything.

296

:

You know, we're seeing it on the cybersecurity side.

297

:

You know, I tend to

298

:

CrowdStrike conference, also go to like Cisco convention, it's integrated into networking,

pretty much everything, I mean, down to your iPhone.

299

:

So that really is the name of the game is getting that integrated.

300

:

The key though is responsibly integrating it into business workflows and processes.

301

:

You know, there's a lot of potential for abuse for it, for, you know, leaking of data.

302

:

AI models can be tricked, you know, I've taken a course on adversarial AI and hacking AI.

303

:

And that's something that really needs to be addressed.

304

:

I think like anything else, when you've got this massive emerging industry, regulations

are kind of few and far behind.

305

:

So this is where I think the industry itself has to kind of self-regulate for a little bit

until everybody else catches up.

306

:

It's very exciting, but I tell businesses who want to integrate AI that

307

:

You need to do it responsibly.

308

:

Sit down, let's come up with an AI governance policy.

309

:

Let's really decide what kinds of things are allowed, what isn't allowed, what kind of

checks and balances are going to be put on that AI.

310

:

And how do you test this stuff and make sure that it's actually going to work?

311

:

This is especially true in some of the emerging areas that AI is really going to be able

to help with, like healthcare and things that are really kind of close to the human

312

:

experience.

313

:

So it's exciting like anything, but

314

:

We need to tread lightly and make sure that we're doing the right thing as we go.

315

:

Got it.

316

:

I totally agree with you.

317

:

Thank you for sharing, Chris.

318

:

And what advice would you give to businesses that are just starting to build their

security programs?

319

:

What should they prioritize to ensure they are well protected?

320

:

Sure.

321

:

mean, starting with the basics and getting a good advisor to help you on your journey and

focus on building a strong foundation early on with those policies or procedures.

322

:

That's really going to allow you to kind of drive those business decisions.

323

:

And security by design is a principle that we like to talk about in the industry.

324

:

It's often overlooked where, you know, it's much easier to build security early on those

processes, kind of get all that stuff early before an organization grows because it's much

325

:

harder and much more expensive to implement afterwards.

326

:

So, you know, I think that's, that's kind of the best advice is, you know, think about it

early on and make sure that, you know, as you start kind of building your organization.

327

:

and adding staff that you've got those foundational pieces in play.

328

:

And then also kind of evaluate it.

329

:

It's not the kind of thing that you write these policies and procedures five years ago and

don't ever touch them.

330

:

They're meant to be kind of these living, breathing documents that need to be reviewed

annually and adapt into whatever changes in your business.

331

:

Thank you for sharing, Chris.

332

:

OK, I was going to ask you.

333

:

So when it comes to

334

:

them looking for a business that's just looking to starting out with an IT advisor, would

you be the right connection for that business?

335

:

Definitely.

336

:

I've been doing this for a lot of years and I look at things from a technical standpoint

as well as kind of a business operational standpoint.

337

:

And that's where I think a lot of people make the mistake is they think they just need

somebody to set up the computers or do the technical part of it.

338

:

It really takes a little bit of planning ahead of time.

339

:

just to make sure that those things are being set up according to a policy in a way that

is secure and that takes security as an important factor.

340

:

So I know myself, I know a lot of other consultants.

341

:

There are a lot of skilled people in this area.

342

:

The key is really to make it a priority early on.

343

:

You're gonna make a little bit of an investment in it, but that investment I think pays

off in the long term.

344

:

And as a business scale, that investment continues to grow because you've already set up

345

:

foundational key characteristics of what your security program is and kind build off of

that.

346

:

Chris, thank you so much for sharing that with me.

347

:

I totally, totally agree with you.

348

:

as us as a low voltage technician, yes, there might be some investment, but I feel like

just my personal opinion on it, you may disagree or agree or agree or disagree.

349

:

But a lot of times if they do that investment, it could possibly save them money in the

long run.

350

:

I don't know if you agree with that.

351

:

comment that I just made.

352

:

For sure.

353

:

You know, like I said, I've worked with a lot of consulting efforts to kind of build new

buildings and retrofit existing ones.

354

:

And having a good plan is absolutely essential.

355

:

Right.

356

:

And thinking about the future, you know, if you're going to have a certain area that you

may not necessarily want to build out right now, maybe pre-running cable and doing some

357

:

things can save you some money down the road, putting in some conduit right between

buildings.

358

:

You've got the, you know, the trench opened up.

359

:

Right.

360

:

Why not put something there to allow you future connectivity?

361

:

So in a lot of ways, I think, you know, I really do understand the of business that you're

in.

362

:

work with a lot of low voltage cabling that really, you know, having that solid plan and

looking a little bit forward is really a smart thing to do.

363

:

Can save a lot of money and, you know, allow you to expand as needed.

364

:

Got it.

365

:

Yes, agreed.

366

:

And then looking back on your career, what's one lesson or piece of advice you wish you

had known when you first started in IT and security consulting?

367

:

You know, it's much easier to learn new skills when you're young, you have a lot more time

and less responsibilities.

368

:

So use that time wisely invested in yourself and your career, learn as much as you can,

and apply yourself to really getting good at learning your craft.

369

:

Dive into as many areas as you can, even if it's some areas that

370

:

you know, you're uncomfortable with.

371

:

It'll pay off long term and allow you to be more successful down the road and have a solid

understanding of different technologies.

372

:

I feel like I did spend my time wisely.

373

:

I started my company when I was 20 years old and did put in a lot of effort into learning

those things.

374

:

But even me still with all these years of experience, I'm still learning every single day.

375

:

And I think that's something that you have to prepare for if you're going to be in this

business.

376

:

The only thing that's constant is change.

377

:

So you need to be able to change and be able to constantly absorb new information and just

get better and better.

378

:

I personally see IT as something that a lot of people turn to these days.

379

:

It's a good paying job and it's a great opportunity.

380

:

There lot of good jobs out there for it.

381

:

But I don't see a lot people have the same passion for it as myself and some other friends

and stuff that I have.

382

:

I think that's...

383

:

kind of a detriment because really, you know, to do it well, I think you have to live it,

read it, really kind of as part of it, just because, you know, everything changes so fast.

384

:

So, you know, that's the best advice I can give people is, is really take that time, build

that discipline early on, and, you know, become a learner of IT and security.

385

:

It'll serve you well throughout your entire career.

386

:

Got it.

387

:

And what do you think has caused?

388

:

people to not be as involved with IT?

389

:

I think it's just that, you know, now it's become kind of more mainstream.

390

:

So you can kind of go to college and kind of learn these basics.

391

:

And I personally have worked with developers who, you know, have a master's, right, in

computer science, but they don't understand anything about networking, which is crazy to

392

:

me, right?

393

:

Because you're building these applications that work over a network.

394

:

How do you not know what IP addresses?

395

:

and subnets and fundamental stuff.

396

:

So I'm not really sure what it is.

397

:

I think it's just come down to where it's IT knowledge has been commoditized in a way.

398

:

And I think that's where I personally have seen it.

399

:

I've tried to hire people in the past when my business was growing.

400

:

And I would interview people who came out of college.

401

:

And I had kind of this simple quiz, five questions that seemed pretty basic and people who

said that.

402

:

You know, have Linux experience and networking and I would ask them very simple questions

and they couldn't give me an answer for it, you know, which is really, I think, kind of a

403

:

bad thing because these people end up in jobs, you know, they're responsible for certain

things.

404

:

They don't have this foundational knowledge.

405

:

They could actually, you know, lean to a breach or some other outage or something like

that that could cost an organization money.

406

:

So the thing about IT as well is it isn't regulated in the same way that like architects

or

407

:

lawyers or doctors are.

408

:

And that's kind of a good thing, but it's also a bad thing because we don't have those

kind of strict things that hold people accountable.

409

:

So I personally like to teach awareness and getting people to really look at this as

something serious that has, in some cases, it's life or death, right?

410

:

If a call doesn't go through to dispatch center or something like that, network goes down,

people's lives can be lost.

411

:

because of that I teach so I think we all need to take it very responsibly these days.

412

:

Got it.

413

:

No, totally agree.

414

:

And then Chris, if someone's looking to possibly do business with you or anything like

that, how can they reach out to you?

415

:

Sure.

416

:

You reach me on my website, www.bearcyber.com or LinkedIn.

417

:

Those are usually kind of the main avenues.

418

:

I love working with businesses of all sizes.

419

:

I've worked with nonprofits, schools, construction companies, architects.

420

:

everything to Fortune 100 companies.

421

:

So I like to specialize kind of in the small medium sized businesses.

422

:

think startups really, you know, are near and dear to my heart and I think I can offer

kind of the most value to them just as kind of a liaison and give them some guidance where

423

:

I think a lot of it's lacking these days.

424

:

So yeah, feel free to reach out to me anytime.

425

:

I love having conversations about IT and technology.

426

:

Definitely something that's really close to my heart and I really have a passion for it.

427

:

Awesome.

428

:

And we'll be sure to add that to the description.

429

:

Is there anything else you'd like to add?

430

:

No, thank you so much for being me and having me on the podcast.

431

:

I really appreciate it.

432

:

You know, I was looking at your website and kind of the things that you do and some of the

past interviews and I think this is a great thing.

433

:

You know, I made Nevada and Las Vegas my home.

434

:

I was very big into the community, you know, working with businesses, networking events,

doing seminars, training, that sort of thing.

435

:

I look forward to doing that here in Vegas and kind of my new home.

436

:

And it was a pleasure to meet you.

437

:

really appreciate you inviting me.

438

:

Thank you.

439

:

Yes, of course, Chris.

440

:

And I've enjoyed it as well.

441

:

And I look forward to our conversation in the future.

442

:

Thank you so much.

443

:

All right.

444

:

Have a nice day.

445

:

You too.

446

:

you

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for Las Vegas IT Management

About the Podcast

Las Vegas IT Management
Weekly Insights from IT Experts
Welcome to the Las Vegas IT Management Podcast, hosted by K&B Communications with our host Shaytoya Marie. Your go-to source for weekly insights and expert advice from top IT professionals in Las Vegas. Each week, we delve into the dynamic world of information technology, exploring the latest trends, challenges, and innovations shaping the industry. Join us as we interview seasoned IT experts who share their knowledge, experiences, and practical tips to help you stay ahead in the ever-evolving IT landscape. Whether you're an IT professional, business owner, or tech enthusiast, our podcast offers valuable perspectives and actionable insights to enhance your understanding and success in the IT world.

About your host

Profile picture for Shaytoya Marie

Shaytoya Marie

Shaytoya Marie, the host of the Las Vegas IT Management Podcast, has been with K&B Communications for almost 10 years. Throughout her time with the company, she has taken on many roles, including sales, marketing, accounting, and recruiting. Shaytoya’s hard work behind the scenes has been essential to the company's success.

Inspired by her diverse experience and dedication, Shaytoya started the Las Vegas IT Management Podcast to share valuable IT insights and connect with local experts. Her passion for technology and helping businesses thrive makes her the perfect host to bring you expert advice and practical tips each week. Tune in to learn from Shaytoya and her network of top IT professionals in the Las Vegas valley.