Episode Transcript
[00:00:00] Speaker A: One, two, three. Come on.
[00:00:02] Speaker B: In the grand stadium of the digital landscape, where teams of innovators and hackers face off daily, there stands a commentary box like no other picture. The buz of a pregame show, the strategy analysis of the halftime break, and the deep dives of a postgame discussion all rolled into one.
Welcome to Off The Wire, a play by play on cyber issues. Your sports desk for the big league of cybersecurity. Just like in sports, in the cyber world, understanding the play is key to staying ahead of the game. And that's exactly what we offer, a podcast that brings the strategy room to you, helping you to understand the moves, the players, and the landscape like a true analyst, off The Wire, a play by play on cyber issues.
[00:00:54] Speaker C: Hey, welcome back to Off The Wire, a play by play on cyber issues. I'm John Watkins. Today I've got, of course, with us, our co host.
[00:01:01] Speaker D: Hey, Anthony Kent.
[00:01:02] Speaker C: It's good to be back. How's the weather in your part of the woods down there in your part? It's really cold up here in Ohio. That's what I can tell you.
[00:01:10] Speaker D: It's cold here, but nowhere like the frozen tundra where you're from, John? I'll stick to my North Carolina weather.
[00:01:17] Speaker C: It is 28 degrees, and that's warmer than our high for tomorrow of 27. So nice and chilly up here in Ohio. Doing good on the podcast, right?
[00:01:27] Speaker D: Yeah, it seems like we're getting quite a bit of traction. A lot of new listeners, a lot of new followers. It's looking great.
[00:01:33] Speaker C: Fantastic. I was just checking the stats right before we came on the show, and it looks like we're up to 320 listens or a little bit over that now so far. And that's I don't know how many different states, like 30 different states, I think, of the 50 states. So really happy with the way this is going. So thank you to all of our listeners. We do greatly appreciate your continued support. Of course, our podcast is available on Apple and on Spotify. We do have that donation page.
I don't think I'm putting it in the show notes correctly, so I'm going to really try to work on that. But before we get to that, let's introduce you, Anthony, and then I'll do my introduction for those that may be listening for the first time.
[00:02:14] Speaker D: Hey, everyone. This is Anthony Kent over at Four County EMC. I have about ten years of co op experience, off and on, and I have about ten years of cybersecurity experience, and that's with the Department of the Navy. And then also this year I attained my CISSP, and that's about it, John.
[00:02:30] Speaker C: Fantastic. I'm a CISSP holder as well. Can't spell it, but I do hold one, and I've been doing cyber for the last 14 years. And with that, I've done a variety of different things from Red team exercises, a lot of different tabletop exercises. I also do policy development and just held a variety of different kind of from cybersecurity analysts, then a different variety of roles. Love cybersecurity, love working for the co ops, worked for at a co op for over a decade as an It manager and then, of course was the vice chair of the Members Advisory Group for Cybersecurity at Nraca as well. So that's kind of what my background is. And I guess today we're going to be doing something kind of neat. What are we doing today?
[00:03:14] Speaker D: We have our very first interview.
[00:03:16] Speaker C: All right, so who's our interviewee?
[00:03:19] Speaker D: We have Eric Braxton from Central EMC.
[00:03:22] Speaker C: Okay.
[00:03:22] Speaker D: They're a co op in central North Carolina. I believe they have about 23,000 meters. And they're over in Sanford, which is about 45 minutes west of Raleigh or Fayetteville.
[00:03:33] Speaker C: All right, before we get into talking to Eric a little bit, let's just take a quick visit with our sponsor.
[00:03:39] Speaker B: Today's episode is sponsored by John Watkins Consulting, the Cybersecurity expert electric cooperatives trust. Are you an electric co op? Struggling with limited resources and the daunting task of safeguarding critical infrastructure. John Watkins Consulting specializes in easing that struggle. With over 14 years of experience, john offers tailored solutions to fight your unique cybersecurity challenges.
Don't let the difficulty of board engagement and cultural challenges hold you back. John Watkins Consulting will guide you through these challenges, turning your pain into progress. Yes. Ready to fortify your coop's digital defenses? Call 937622 Eightyn or visit johnwatkinsconsultant.com. John Watkins Consulting. Turning your cybersecurity struggles into strengths.
[00:04:39] Speaker C: So thank you to our sponsor, John Watkins Consulting. Hey, by the way, we are filling up sponsorship slots as we speak. I'm actually having conversations with five different potential sponsors right now. So if you're looking to sponsor, we're looking to talk to you. So get a hold of Anthony or myself. You can get on our LinkedIn, you can get on the podcast website and get a hold of us. Of course, you can just reach out directly, whatever the case might be. We would love to work with you and we have several different packages that you can look at. And we'd love to work with you and work and see how we can get some more sponsorship opportunities for the podcast. All right, with that, I think it's time to transition and talking to our guest, very first guest, as you said, Eric Braxton. And as you said, he's from Central EMC in North Carolina. Welcome to the show, Eric.
[00:05:32] Speaker A: Hey, everybody.
[00:05:33] Speaker C: Now you're also in North Carolina. So how's the weather in your part of the state?
[00:05:38] Speaker A: Not much different from what Anthony said. The next couple of days are going to be a little cooler in the 40s, but today I think it may have reached 60s. So it's not Ohio. We'll go with that.
[00:05:49] Speaker D: Yeah, it was 60 here as well. Yeah, you can keep that coldness to yourself, John.
[00:05:54] Speaker C: I'm half the temperature up here for you. Guys, but that's okay.
I guess that means we're cool up here. I don't know, maybe that's the way I should say it, but hey, Eric, one thing I wanted to talk about before we get into the actual talking about the questions and stuff that we have for you. I wanted to congratulate you for receiving the Tim Peed Technology Excellence Award down at the Ctce conference. That was a pretty big deal. Can you just talk a little bit about that before we start the interview?
[00:06:20] Speaker A: It was kind of a surprise, honestly.
My supervisor, she had mentioned that she thought that I would be a good candidate for that award. It's the first time they had ever given out the award. She had reached out to me and just kind of had me paint a picture or just kind of give her an overview of just some of the things that I'm doing not just in the co op but also out in the community and just giving back that it really is just an award that kind of embodied tim in general. He had a strong love and desire for cybersecurity.
He was a great advocate in that space, but he was also just a solid standup man operated with integrity, and he was just highly thought of in his community, his church, and just in the cybersecurity space in general. Humbling and awesome experience.
[00:07:10] Speaker C: Yeah, that's fantastic. Congrats. You and I both served with Tim there for a while on the Mag, right?
[00:07:16] Speaker A: That's right.
[00:07:17] Speaker C: Well, fantastic and congratulations. So let's back up a little bit and let's see how that all came about. Tell us a little bit about your role at CMCE.
[00:07:26] Speaker A: Sure. Well, I'll start by saying that most folks at the co op, I wear a lot of hats. But seriously, I can kind of go through a little bit. And what's in my job description, I think that'll paint a better really, my job title is Cybersecurity and Support Analyst. So with that, I'm responsible for the overall security posture at Central EMC.
I manage and support our distribution automation system, also manage and support our AMI communication network.
I'm over all things physical security, from door access to camera administration to physical security out in the field.
I also am over our SharePoint environment. But in terms of the cybersecurity side, I'm responsible for our yearly cybersecurity audits, employee related end user training. Oversee installation, configuration, maintenance and troubleshooting of all devices that gets installed on our network. Conducting research on security standards just to make sure that the products we're using adhere to industry standards and best practices. Manage all of our security related hardware. Our cmips, our managed security providers know before with our end user training, all of our MFA and just various projects around the It department. So there's not really a day in the life, honestly, because it looks so different every day.
[00:08:57] Speaker C: Yeah, it doesn't sound like you're doing hardly anything at all.
[00:08:59] Speaker A: No, not at all.
I still found time to talk to you guys.
[00:09:04] Speaker C: Isn't that fantastic?
[00:09:06] Speaker D: Eric, I'm just curious, how many It folks are there at Eric co op?
[00:09:10] Speaker A: So we've got myself Cybersecurity analyst, we've got our director of It, and then we've got our director of operations support. And her role, she kind of helps out supporting the linemen. She does a little bit help desk types work, but she also manages the dispatch and after hours team that we've got. So she's kind of got a dual role as well. We have a business data analyst, and she's kind of got a dual role. She does a little bit for our member services department, but then she's also doing data analytics, which falls under the It umbrella. And we've also got a network architect.
[00:09:48] Speaker D: Yeah, I think wearing multiple hats, that's just every co op has people that do wear multiple hats.
[00:09:55] Speaker A: Absolutely.
[00:09:56] Speaker D: It's everywhere.
[00:09:57] Speaker C: Absolutely.
And thanks for sharing all that. And it doesn't sound like it's a huge team. You've got a normal size, it maybe a little bit bigger than some folks. I think, especially for 23,000 meters where I used to work, we had about 17,000 meters with a three person It team. Sounds like your OT and your It is pretty well combined. Is that right?
[00:10:19] Speaker A: We've got a great relationship. I don't know if that's where you're heading with it. I oversee a lot of the OT security.
There's always the It and OT or It versus OT, depending on where you're at.
And I feel like that's a whole nother discussion for another podcast.
It is, but we can certainly go down that route. I'm happy to speak about that. But I will say that one thing that's interesting, and if your environment is an it versus OT and not it and OT, that while you're trying to figure out who's going to do what, who's responsible for what, and if you've got any internal beef, I'd say, for lack of better terms, the threat actors are still coming either way, so sure. I feel like everybody's got to get on the same page with that.
[00:11:06] Speaker D: Yeah, that's one thing we try to focus on is really just having a great relationship with our engineering department. I think that goes a long ways with that.
[00:11:14] Speaker A: Absolutely.
[00:11:14] Speaker D: So, Eric, how did you get into cybersecurity?
[00:11:17] Speaker A: I really got interested in Cybersecurity once I started at Central Electric and I started as a systems administrator. I will say at my previous job, I worked for a global water quality systems company. I was an It systems analyst there. And in our job description, everybody it didn't matter what role you had, it had in there. It just said cybersecurity. And that's all it was. It was one word. It just said cybersecurity. And I feel like that's kind of the way the world's heading. Everybody's job description now says other job duties is needed. But I feel like everybody has a role to play within cybersecurity. To get back to the question, I really got interested once I started here as a system administrator. One of my first tasks, I started in March, and we had just got our security assessments back that we had wrapped up the year before. And so one of my first tasks, I was given this big notebook and they're saying, hey, here's a lot of vulnerabilities and remediations that need to be addressed in our environment. So as time permits, knock yourself out. I didn't have a ton of free time at that point because we do wear a lot of hats, so I didn't dedicate a lot of time to it. But after six months of working here, my supervisor or my manager, she had come to me and had an opportunity to become our director of AMI. But by taking that role, I was already doing all the field networking components at our collector sites. But this really got me in the weeds of how meters operate and communicate. And then I really became curious. And I think that's something that anybody in cybersecurity, you have to be curious to a certain degree. And as I got more involved and started to own our RF network and distribution automation network, I realized that it just really wasn't secure. I mean, it's OT, right? And like I said earlier, that's a whole different podcast. But I started looking for new ways to secure that environment and I started to love cybersecurity and the challenges that it brought. So at that point applied and went to grad school. Honestly, I got my master's in cybersecurity and stressed to our management just the need for a cyber related position, and they agreed 100%. But at the same time, things don't really move fast at the co op, so I just had to wait till the timing was right. But once that happened, I was our cybersecurity analyst. And it worked out beautifully, though, because I was already familiar with our It environment. And I just spent the last year and a half getting to know our RF system SCADA distribution automation, and our OT environment as a whole went through a whole AMI overhaul during my time. So all of those things helped me establish a rapport with our engineers, our alignment, and it gave me a better understanding of OT in general. So that's kind of my story on how I got into cybersecurity, and I love it because it's something different all the time and you just have to be a continuous learner in that field.
[00:14:03] Speaker C: Yeah, I think you make a fantastic point here about the OT, and I think it's just incredibly useful that you had all that AMI for those folks that don't know the automated metering infrastructure piece as a part of your training. Having that background, I think, like you said, really help you to understand some of the vulnerabilities. And not only that, some of the use cases of why the engineering team is wanting to do the things the way they want to do it. So I think it gives a real understanding that maybe a pure It person wouldn't have that's.
[00:14:33] Speaker A: Right.
[00:14:33] Speaker C: So my question is this what did your security look like there before you started? It sounds like you had some assessments being done and then kind of talk about some of the changes that you've implemented since you've been there.
[00:14:45] Speaker A: And we had a pretty solid security program, but I don't know if anybody owned it, per se. We had our managed security provider. We were a customer with them for ten years, and we had our SIM IPS. They kind of did some firewall management and stuff for us. We had end user training through using Noble For. But once I started, one of the first things that I kind of implemented, I went in and I just realized the need for multifactor authentication because it checks so many boxes, right? And we didn't have a framework per se that we were adhering and following. So trying to establish that and just get some self assessments. And I'll add to that honest self assessments, because if you're budging anything on a self assessment to look good to management, you're just doing a disservice to everybody at that point. It's just a process of just becoming more and more mature in your environment. So we went from implementing MFA to trying to increase some of the security. We updated our in terms of physical security. We upgraded all of our cameras. We've changed our door access system. We're going into the substations and implementing some SEL, some software defined network switches. We've upgraded our firewall in house, and now we're getting into some zero trust and micro segmentation. It's an ongoing challenge, for sure.
[00:16:09] Speaker D: Eric, I'm just curious what's your typical day to day look like and what do you think the percentage wise that you focus on security specifically?
[00:16:17] Speaker A: Man this is a great question, and it's one that I get often, especially at conferences and stuff. I wish I knew, honestly, what my typical day would look like. When I come in in the morning, I do have some we'll call it standard work that I kind of do every single day I'll come in and if we've got any new help desk tickets that come through, I'll kind of look at that. I'll log into the portal, see if there's been any new threat hunts from overnight. I always go in and look at the threat intelligence stuff, and it's stuff that I really don't have to look at. I like to know what's going on in the environment. I'll look at that, I'll go through and check out the firewall and just really we've got alerts on all of our stuff, so if something was wrong, we would get alerted by it. But I'll do that just as kind of standard work coming in in the morning and then it's just really whatever projects and stuff we've got going on. In terms of the percentage of what time I'm spending on security, again, it all depends on the day, which makes it tricky to answer. Security certainly takes precedence over other tasks. However, if the meters aren't spinning or member services representatives can't answer phones or help our members, then that definitely pulls me away. Some days I can devote 75% or more of my time to security, while others may be less. But I'd say overall, probably half of my time is directly focused on security related tasks.
[00:17:39] Speaker C: Okay, well, and I think you alluded to this already, but you talked about cybersecurity services that are being outsourced.
[00:17:46] Speaker A: So in terms of outsourcing, I'd say it's more of a hybrid approach than fully outsourcing. I spent a good deal of time in the portal running reports, viewing threat analysis, threat hunting, and so forth. However, with me being the primary person doing that, we're not staffed to handle 24 7365. So I think you have to outsource some things to a certain degree, but you know who is staffed 24 7365? And that's threat actors.
You know what I mean? We've all got lives and stuff, and we've got families that we want to spend time with, so we just physically can't have our eyes on the screen all the time. And our third party assessments are obviously outsourced as well.
[00:18:29] Speaker D: So Eric, if you go back in time at the co op world, I would say go back 20 years ago. Most co ops didn't have a vice president of It, some of them didn't even have an It department. And as time move forward, you're seeing a lot more VPs of It and just further developed It departments. But I still feel like it's rare that folks have a dedicated cybersecurity person such as yourself. I just want to see what are your thoughts on co ops that don't have a dedicated cybersecurity person or staff.
[00:19:01] Speaker A: For this one, I'll answer it a little bit differently depending on the situation of the co op. So I know many co ops who have cybersecurity expertise on staff, but don't necessarily have a person with cybersecurity in their job title, and I think that kind of goes with you guys, anthony at Four County and for those cooperatives, I think they're just fine. Honestly, if all aspects of cybersecurity are being spread out amongst the team, then I don't see a huge problem with it. And as I kind of talked to a little earlier, I honestly feel that every job title should have something mentioning cybersecurity in it, because cybersecurity is everybody's job, and I think it's becoming more and more similar to safety and kind of goes with John in the recap program. Fast forward ten years from now. I think with the rise of AI other machine learning capabilities, as the electric grid matures, new regulations are almost guaranteed to come with all that and they're going to come sooner than later. So I think you're going to absolutely see a huge rise in dedicated cybersecurity roles in our space. You went back ten years with your question, but also go back ten years in terms of sophistication of attack vectors from malicious actors. It's crazy how sophisticated their TTPs are and they're only going to get better with time. As technology gets better for us, it also gets better for the bad guys. But for those who have no cybersecurity expertise on staff, I think it poses a significant risk to the organization's posture. And quite frankly, it could be seen as a disservice to their members. And I know that's a harsh statement, but I think it's a hard truth. Also, almost all cooperatives, I think, have a similar mission statement, which is something along the lines of providing reliable and affordable electric service, serving their members and communities, and emphasizing values like cooperation and sustainability. And so I guess I'll wrap this question up with more of an open ended statement, but are we really serving our members and communities if we're not safeguarding and protecting their data?
[00:20:57] Speaker C: I 100% agree with that. I mean, the fact of the matter is, and you know, my passion for safety and as it correlates to security, my mantra has been for a long time, that safety and security, that's job zero. So safety and security, that's job zero. And if you're not providing a safe environment in which your line workers and all your engineering folks, operations folks, are working, you are doing a disservice to your members and to your employees. But the same can be said for cybersecurity because if you're not operating in a secure manner like you said, you're not safeguarding the data of your members, which is obviously a big deal. We know of co ops who have had a big hit to the ACSI score and their reputation because of some kind of a breach or ransomware that happened in the environment. And we've seen another one with staff leave. So I know of one co op in particular, their experiences. They know this breach and ransomware and it was a very just ugly situation. And now all their senior staff is new post incident, and so they lost data in that incident. And then all your senior staff is new. And then even your frontline staff, your member services folks, are impacted because members they're interacting with those members. And those members are not happy that the co op got hacked, because no matter if it was just ransomware and there really wasn't data loss of member data, right? The perception is not good and perception is reality, especially in a member's mind. So we're seeing a big hit on reputational side of things for some of these co ops that get breached. So I think to your point, it's such a risk to the business not to take care of this. And at the end of the day. You guys have master's degrees in cybersecurity. And I know you agree with me when I make the statement that cybersecurity is just another business risk. That's really all it is. Yes, it has a very broad set of technical requirements, not to mention the human factor. But you boil it all down and it's just another business risk. So why would you ignore this risk? You have to address it in the right way.
[00:22:48] Speaker A: Yeah, and I think too, you can pay for it now with an employee or you can pay for it later.
[00:22:54] Speaker C: And it's guarantee you it's going to cost you more in the long run. The old Ben Franklin.
What is it? I probably won't have the saying right, but penny of prevention is worth a pound of cure or whatever the case is on that statement if you get out in front of this. And that's what I like about the co ops. I've always been a proponent of co ops because I've seen co ops tackle problems and when they tackle problems, they don't just attend to ignore them or just kind of brush them aside. The co ops that I'm familiar with and the folks that work these co ops, they're fantastic people and they look at these problems and they go, okay, how can we fix this? And then even better than that, they use that cooperative principle number six of cooperation among cooperatives and say, how can we do this together? So that's why I really loved being involved with the Members Advisory Group because that's what it was. It was a bunch of folks, like minded folks coming together to kind of solve some of these challenges. What advice do you have for others that are in a similar role to you?
[00:23:55] Speaker A: I would say be curious for me. And I kind of got this from one of our security assessors. He was talking about curiosity one day and he was saying, if I see a network for it, I'm going to go plug in and see what happens. I want to see what I can see. That kind of got the wheels turning for me is just you got to be curious and you have to crawl before you can walk. And you have to walk before you can run. I'd say you need to be an avid learner. And that's not just when you get into the field. You need to be a lifelong learner. Things change fast. Threat actors change their approaches quickly. I'd say start with fundamentals network security, operating systems, security policies. Get some practical hands on experience that could be through a home lab or a sandbox to experiment with different tools, techniques and technologies. One thing that I think is often overlooked when people are trying to get in and that's networking. Networking is huge. Make connections with people who are already where you want to be sure and just get a seat at the table. That's such a crucial piece. In my opinion, effective communication and soft skills are often underestimated as well, but they're crucial in the cyber field. Develop an ability to articulate complex technical concepts to nontechnical stakeholders, writing clear reports, working collaboratively with a team. This is going to depend on individual circumstances, such as prior experience and career goals. Someone who wants to be a SoC analyst or a threat hunter may want to develop different skills than somebody who wants to be a CISO one day. But the key takeaway really is just to continue to update your skills and you're never done that's.
[00:25:35] Speaker D: Just what I look for in people, period. But yeah, that's great. Eric. I think for security folks, and it folks, if they have that mentality, they're going in the right direction. The next question I want to ask, and this is going to put you on the spot, what is the biggest challenge that you have in regards to cybersecurity at your co op?
[00:25:53] Speaker A: I would say the biggest challenge for me would probably be, I guess just the budget. Ask for some of the things that we need. You're asking for something that is a huge price tag on it that we haven't had in the past, we may not have had an issue in the past, so it's kind of like, why do we need it now? One of my mentors has always said this statement, and I think it's certainly true here. It's until there's an adequate answer for the question of why the price tag is always too high. So with that, I think it kind of goes back to the soft skills, explaining why we need it, what it's going to do to our environment, what happens if we don't have this in place, what risks we're introducing into our environment, or what risk we already have in our environment. And cybersecurity tools, insurance, all that stuff is just getting more and more expensive. So I think the budget side of It is probably the biggest challenge that I've got. We've got the buy in here. Everybody at the co op, they know that cybersecurity is real. They hear the horror stories, but not a lot of people really understand. I think that's probably the biggest challenge, in my opinion.
[00:27:05] Speaker D: Yeah, I think having the soft skills to articulate that is just do. I do want to call out our statewide organization that me and Eric fall under NCEMC. They have been great at speaking with our board of directors and also our CEOs and telling them the importance of cybersecurity. And I think that helps. Eric and I have those conversations when we speak with the board and speak with the CEO on that. So I just wanted to give them a thank you for that.
[00:27:32] Speaker A: Yeah, absolutely. And I'll add, too, that my boss, the VP of It, she's also the VP of It metering and Customer Service or member services, but she's got a seat at the table and she's. At the board meetings and she gives a report to our board on what's going on on the cybersecurity side of the house. Our board does the same exact training. They get the same phishing emails. In October for Cybersecurity Awareness Month. We give presentations to the board as well, so they are aware of what's going on and I think that's a big piece of it as well. They need to know the realities of it.
[00:28:08] Speaker C: Well, fantastic. Eric and I think you've shared some fantastic points. We're so glad having you on the show. Before you go, I'd like to know, I guess just to kind of balance that question, what are some of your biggest wins?
[00:28:19] Speaker A: Oh, that's a good question. Now that we do our end user training once ever so often, but we make a big push in October for Cybersecurity Awareness Month. I think that we have communicated oftentimes over communicated just the importance of cybersecurity so whenever we want to implement something new so like last year, for instance, we went from the standard eight character password to 16 character passphrases. We had zero pushback from it because we explained it in a way that, hey, this is important, this is how quickly like a password could potentially be cracked. This is why we're doing it. And we had no issues with that. Whenever we implemented MFA, we thought that we may have some pushback with it, but I think it was kind of in the way we explained it. We got our senior management on board with that. So if you log into your computer 50 times throughout the day from locking your computer to come back to it, you're going to get hit with MFA every single time. And we have no complaints from anybody with that. I think it's the little wins like that, that really is what makes it, or makes my job, I guess, successful. I do think we've got a ways to go, but I think that we've accomplished a lot so far.
[00:29:38] Speaker D: Well, I was just thinking we're getting ready to up our character requirement in 2024. Eric, I would appreciate you coming out there and winning that over for me.
[00:29:46] Speaker A: Oh, I'll be happy to do that. We got some funny looks and stuff. But what really sold it is when we had our eight character password, we were requiring people to change it every 90 days. And then with PCI 4.0 coming out, if you've got MFA in place and you've got the 16 character passphrase, I think PCI may say 15. It's 15 or 16. They only have to change their password or passphrase every 365 days and we tell them like, you're good with this password for the entire year unless there's some type of breach or something going on, then we'll force it the matter. At that point we've had zero pushback.
[00:30:29] Speaker C: Sounds like a familiar podcast episode, doesn't it Anthony?
[00:30:33] Speaker D: It does.
[00:30:34] Speaker A: I listened to that one and I was telling some people that also listened to it. I was like, I've got a lot to say about this one.
[00:30:43] Speaker C: Well, it's been a pleasure having you on the show. Also want to congratulate you again for winning that Tim Peed Excellence Award. I think that's a fantastic I guess just kind of you talked about wins. I think to me that's huge that you won that Technology Excellence Award and that your manager, that she recommended you for it. And having worked with you myself in a limited capacity, but nonetheless, having spent some time with you, I totally would agree that you're deserving, and I think it's a real honor to have you on the show for sure and appreciate your insights. Anthony, anything else to add to that?
[00:31:17] Speaker D: Yeah, I just want to touch on that award. I knew Tim for quite some time when I first started at ATS, now owned by Meridian. He would actually come down and bring us food for Christmas. He was just always a stand up guy. And I remember I got out of the co op world and came back in, and one of the first people I reached out to was Tim, just to kind of I'd just been out of the loop for like eight years, and I would call Tim and have some conversations with him. And anyways, he was just a great person. But also, I think you're truly deserving of that because our co op, we've reached out to Y'all and spent some time with Y'all, and you guys were very courteous and inviting and letting us visit your co op, and we appreciate it.
[00:31:58] Speaker A: Yeah, I appreciate that. And it's certainly an honor to be on the podcast. And hopefully if I'm on it know, I will hopefully say at that point I'll have my CISSP so I can join the ranks of you guys.
I'll be finishing up my MBA in February, and I've taken all the coursework for my CISSP. I just need to actually sit for it. I don't know why it terrifies me.
[00:32:22] Speaker C: All I'm going to say is practice test, practice, test, practice, test.
[00:32:26] Speaker A: Well, hopefully early next know, I'll be calling you guys to say, I got it.
[00:32:32] Speaker C: Nice. We'll be looking for that update on your LinkedIn. And speaking of which, Eric is out there on LinkedIn. You can check him out, give him a follow and check him out, see when he's going to get his CISSP. I think that would be fantastic. I know he will. Thanks, Eric, for being on the show. Just some other things that we want to kind of talk about here. We're doing very good with the podcast. If you heard in the beginning, we've got a lot of new listeners and we've got a lot of folks who are checking us out. And we greatly, greatly appreciate everybody that's listening. Like I said, we've got some sponsorship opportunities coming up. I've got five different sponsors that we're talking to if you want to sponsor our show, I've got a slide deck that I can give you. So as a sponsor, there's a really good opportunity there for you. And also, we're getting all kind of just, like, great comments from our listeners. They're telling us that they love the show and they love the play by play stuff that Anthony and I are doing. So we appreciate that, appreciate having Eric on the show. And maybe in the future we'll have some more folks that we end up doing interviews with. If you like that part of it, let us know. We'd love to hear your feedback on what you're thinking about Off The Wire.
[00:33:37] Speaker D: Just want to say thanks to our sponsor, John Watkins Consulting. And just want to thank everyone for listening to us.
[00:33:45] Speaker C: Yeah, share this share this podcast if you hear this, you think it's something that someone else would get a benefit from, please do take the time and share this. We're on Spotify. We're also on Apple if you want to share it, if you want to like it, all that stuff, we'd appreciate we appreciate your comments as well. We do have a way that you can donate to this podcast, and if I ever get this right, I will put it in the show notes. But basically, we're looking for donations and or sponsorships, and that's how we're monetizing this podcast. So, again, thank you for listening in this one. It's a little bit longer than normal, but I think it was valuable having Eric on the show. Any final words, Anthony?
[00:34:18] Speaker D: No, just glad to have Eric on board and having this conversation with him.
[00:34:22] Speaker C: Fantastic. Well, until next time, this is John Watkins and Anthony Kent for off the wire.
[00:34:27] Speaker B: One, two, three.
[00:34:29] Speaker A: Come on.
[00:34:30] Speaker B: Thanks for listening to off the Wire, a play by play on cyber issues featuring Anthony Kent and John Watkins. Make sure to, like, subscribe, follow, and hey, share this podcast. If you liked it, we appreciate it. Appreciate your time.
[00:34:46] Speaker C: See you next time.
[00:34:49] Speaker B: The views and opinions expressed in this.
[00:34:52] Speaker C: Podcast do not necessarily reflect those of John Watkins Consulting or its affiliates.
[00:34:56] Speaker B: Always consult with a qualified cybersecurity professional for tailored advice.
