How to Protect and Back Up Your Data | An Interview with Cathy Miron | Show 179
What happens if you have a data
breach? You know what happens?
It's over.
So the best thing for you to do is to
secure your data the best way possible.
And to do that,
you need to know what we're going to
share with you on this edition of the
Inside BSS Show. Hey, now I'm Dave
Lorenzo. I'm the godfather of growth,
and I'm here with my partner Nicki g
Nicola. How are you this afternoon?
Hi Dave. I'm doing great. And how are you?
I'm fantastic, thank you. So Nicola,
you talk to a lot of clients
and a lot of clients who
have data in their business, and
I know this keeps 'em up at night.
What happens if somebody has
a data breach and they didn't
do what they were supposed to do? What
are the legal implications of that?
Sure. So the legal risks can be
significant when you have a data breach.
So I'm setting aside right now
for purposes of this discussion,
all the business risks,
because certainly there are costs
to your business to correct it.
There are reputational concerns you need
to be thinking about when it happens.
But aside from all of that,
you also may have a massive liability
exposure that you need to be thinking
about and thinking about immediately.
Oftentimes what we see when there is a
massive data breach is a lawsuit that
follows it in the civil space, and
oftentimes it's a class action.
So put simply a class action is
a lawsuit brought by one or more
individuals as plaintiffs on
behalf of a class or a group of
similarly situated individuals who share
a similar harm that occurred to them
as a result of the defendant's conduct.
So in these particular instances,
what we will see is data was exposed
for a massive group of consumers,
and so a lawsuit is brought on their
behalf to recover those monies for what
they were damaged.
The lawsuit settlements that we have seen
come out of some of these massive data
breaches are immense.
We're talking anywhere from $150 million
in settlement monies to upwards of
700 million. Some of the examples
we've seen are with Uber,
with T-Mobile and with Equifax.
So there are significant liability
risks associated with that from a civil
standpoint that you absolutely need to
be considering along with everything else
that's going on with the
business at the time.
So Nicola, you are so impressive
with your legal definitions.
It's almost as if you're reading
it out of a legal textbook.
One of my clients who is in the
managed service space said to me
one time that a data breach
is drunk driving these days.
It's like a rite of passage.
Almost everybody has had that happen
to them at some point. And I said,
actually, no. You know
what a data breach is like.
It's like if you're a school bus driver
and you're drunk driving and you drive
the school bus off the edge of a
bridge and all the children are killed.
That's what a data breach is
like because it has a massive
impact, not only on you legally, it
has an impact on you financially,
it has an impact on you reputationally,
from the standpoint of the fact that if
you have competitors who have not had a
breach,
everyone's going to flee to a competitor
immediately because they're never going
to trust you with their data
or their money ever again. So I
don't want to spend the rest of this
show talking about how horrible it is to
have a data breach,
but I do want to sufficiently scare
the crap out of people who are
not taking the proper
precautions to secure their data.
And we can spend a couple of minutes at
the end of the show talking about the
proper way to handle a breach
if you've had it. I mean,
you got to engage an attorney first
and then have the attorney hire all the
experts. We can talk about all
that at the end of the show.
I'd much rather focus on what we can do
upfront to make sure that everything is
secure.
And to do that we have the perfect
person as a guest on the show
today. So folks, if you're
listening, if you're watching,
we are going to introduce you to
Kathy Myron. We call her cyber Kathy.
She's the queen of the cloud.
She owns a company called
EI and they specialize in
helping people just like you prevent
all that nasty crap we just talked
about from happening.
But the depth of her knowledge
is so much greater than that.
I can't wait for you to meet
her. Kathy, welcome to the show.
Thanks for joining us today.
Thanks for having me, Dave and Nicola.
Oh, it's so great to have you
here. So Kathy, let's start off.
Why don't you give the folks
your background because
when I listen to a podcast,
the first thing I think of is, all
right, so I know who Dave and Nicola are.
Now they're putting somebody in
front of me and they say she's sharp,
but we can't do you justice as well as
you can. So talk about your background,
talk about how you got to the place
where you are today as an entrepreneur,
but talk about where you were
before that because you, like me,
had a background in corporate America.
So explain to the folks
where you came from.
Sure, Dave.
So before I was the c e O of East Silo
and we're a data backup and cybersecurity
company. As you can imagine.
I spent 15 years at a Fortune
10 multinational organization.
So I was at a company called
ge. You might've heard of them.
They make aircraft engines,
healthcare machines.
We ran or recycled 12 billion of
commercial paper every single day.
We had a lot of different businesses,
and I spent nine of my years
at GE in the corporate audit
function.
So really looking at these different
standalone businesses and evaluating
their cybersecurity health, their
business resiliency, their IT systems,
and the quality of the data that came
out of those systems and was used for
everything from financial reporting to
handling of client information and so on
and so forth.
So that's really where I came from and
where I learned that when you think about
technology and cybersecurity specifically,
you might be governed or regulated
by a number of different three letter
agencies. And depending on what
country you're talking about,
there's a whole bunch of
different regulations.
But if you strip all of that
back, what makes good technology,
a good high functioning technology
system or organization is really the
same. The requirements
are by and large the same.
And that is are you protecting
information in the way that it's accessed?
Are you protecting the network
that all of those systems run on?
Are you protecting the systems that are
housing all of that information and how
you interact with third
parties and so on and so forth.
So that's really where
my background comes from.
After I spent nine years in audit,
I actually moved on to a C T O role.
So I was one of the chief technology
officers up at GE headquarters,
and at the time my team was responsible
for all of the productivity tools,
mobile and collaboration tools for
a global 350,000 person workforce.
So again,
you think about the variety of
technology and the kind of problems that
organizations like that have,
staying safe and staying compliant,
I take that knowledge and I bring that
to my small and midsize clients and help
them understand and distill down these
are the most essential things that you
need to be putting in place to protect
yourself, to protect your employees,
to protect your clients.
And we help do that in a way where
they're able to leverage tools that maybe
they've never heard of before
or have never been exposed to,
and also implement the right procedures
that are going to keep them out of
trouble in the longterm.
So how did you get into
tech in the first place?
Were you like a little baby crawling
around on the living room floor with your
parents' t r s 80 Radio Shack
computer and tooling around with it,
and that's how you got into tech?
How did you become somebody who
was interested in technology? No.
But what you're describing is my
son, growing up with all the devices,
I always was a really
avid user of technology.
So I was always the first to go out and
buy the MP three player when it came out
or the tiny pocket camera.
So I loved using technology and I was
always excited by the power that it could
bring. But then it wasn't until I
went to college, I studied finance,
information systems and operations partly
because I frankly didn't know what I
wanted to do. And partly because I
knew that I wanted to be in business,
whatever that meant.
And I knew that technology and numbers
were going to be a huge part of it.
So that's really how I got my start.
And I was fortunate that
when I was in college,
they were doing recruiting for a bunch
of different leadership programs.
And so I was lucky enough to get into
GEs information management leadership
program, and that just put me on
the track for the rest of my career,
gave me a lot of opportunity to see
different areas within technology so I
understood what it meant to be on the
infrastructure side versus creating
applications versus sitting with a
business owner and understanding their
problems and translating that into new
technology that we could create and
deliver for them. And that's
really what got me started.
Hey, Nicki G, did you know you can
also get our show as an audio podcast?
Of course, I know you can get the
show as an audio podcast. I'm on it,
but does our audience.
I don't know. So those of you
who are watching on YouTube,
you can find us wherever
you get your podcast.
Just search up the Inside BSS show
with the Godfather and Nicki G and
you'll find us right there.
Click the follow button so that
you never miss a show. Now,
there's a couple of reasons why you're
going to want to do that, Nicki G,
tell 'em what the first reason is.
You get to ask us questions
that is exclusive to our podcast
listeners.
Yeah, we only answer listener questions
on the audio version of the podcast.
We don't do it on video.
So if you want to hear what everyone's
thinking or if you want to ask us a
question, you got to download the
audio podcast. The second reason,
and my favorite reason is
because you can take us with you.
You can have a little Nicki G in your
pocket while you're working out in the
gym, washing the dishes
or walking the dog.
I love me some Nicki G in my
pocket when I'm walking the dogs.
I don't know about you, Nico, Nicola,
but that's one of my
favorite things to do.
Absolutely. Take us with you.
After you watch this
episode here on YouTube,
go to wherever you get your podcast,
click the follow button so we can go with
you on your journey and you can ask us
questions. We will see you
or more like hear you there.
Okay. So when you're at ge,
and let's say you're in your first or
your second year at GE and things are
going great and you're
doing well because ge,
they pay their employees well.
Do you have one eye on always doing your
own thing and being an entrepreneur or
was it something that
was foisted upon you?
Never. It happened by accident.
I could have just as easily
stayed for 40 years and retired,
as you said, they treat you too
well to make you want to leave.
But I had other factors in my life that
happened. I had met my husband at work,
so that was fantastic. But also that
meant that we brought it home every day.
We would always talk about the same
people. Our teams worked together,
which I think made our teams
uncomfortable. But anyways,
he had an amazing opportunity
to come down here to Florida.
So he left the company, came down
here. I stayed remote for another year,
but I realized, and this was back in 2016,
that I spent all of my days in my home
office on a video camera talking to
people in other parts of the world.
Now we all do that post covid,
but at the time I just didn't feel like
I was creating the connections here
where we were going to
live and put down roots.
So that was really the beginning of me
starting to look around and ultimately
shift to be more entrepreneurial
because where I live,
I'm about two hours north of Miami.
There weren't a whole lot of GEs in this
neck of the woods and having a young
family and we had just had my daughter
and we were about to have my son,
I knew that being in the car four
hours a day wasn't going to cut it.
Yeah, yeah. All right.
So you decide that you're going to exit
GE and you're going to
become an entrepreneur.
What was your process like?
Because I know you now for
a year and you like a very
thoughtful, logical person. So I'm
assuming that you had some sort of a plan.
What was your plan?
Of course, I had a plan, I
don't know if anyone knows this,
but Harvard Business School would teach
a course and they also put out a book
about how to buy a business.
And I stumbled upon that while I was still
at ge and it kind of put on the light
bulb and I said, well, I never
considered myself entrepreneurial.
I don't think I have the stomach of
what it takes to start something fresh,
but I can absolutely go and buy
something and make it better.
And I had felt like my time at GE
was very much a real world M B A,
and so all the management training
and leadership skills, I said,
I can go find something that I can
be really passionate about and put my
own market in it,
and hopefully I'm going to find something
that's already successful and I can
just make it better.
So I went out, I devoured the book,
I hired a business broker,
and I went shopping.
And I didn't know that
there was a business M L Ss
just like there is for home
sales.
But so you sign a couple NDAs and you
start looking at all these businesses,
and I wanted to think differently and
think more broadly than I had before.
So I entertained a lot of different
business models and companies.
I wasn't dead set on
tech, and to be honest,
most of the technology
businesses for sale,
either I couldn't buy on my own or
there were websites and I wanted a
real business that had a real impact.
But ultimately I got very lucky in the
sense that East Silos founders were
looking to exit.
They had built a very
successful enterprise over
the course of 15, 16 years,
but the founders were a bit tired
of the same thing at the time,
we were exclusively an
offsite backup company,
and we didn't have any of the consulting
work or any of the real cyber focus.
And so I saw that as a chance for
me to pick up a key component of a
good cyber hygiene plan is offsite
backups and disaster recovery,
and what do you do when something bad
happens and really add to it all of my
consulting experience.
So that's ultimately how I found EI
and acquired the company back in 2018.
Gosh, I just want to hear
some more about this journey.
So you purchased EI and tell us
what were the immediate challenges.
So you went right from working with
ge, being in the corporate world,
being thrust into entrepreneurship
voluntarily of course.
But what were some of those early
challenges that you faced in taking that
company and shifting it to
expand what they were offering
to the market?
Some of the best I got advice I got in
the very beginning was for my broker and
he said, don't break what you just bought.
So I had all of these ideas of
the things that I wanted to do,
but I also knew that it was really
important to stop and listen to the team,
listen to the customers,
interview our partners,
and understand what was
working well and what wasn't.
And I had to train myself
to be really patient,
which is not a natural trait for me.
So that was a little bit challenging.
And the other thing I think is it was
extremely humbling because coming from a
large enterprise, it had a level of
confidence over, oh, this will be so easy.
And as all of us know now that
we're here in the real world,
entrepreneurship, owning a business,
running a business is not easy. There
are so many things that you have to do or
find the right person to do or
figure out how to do, learn it,
whereas when you come from corporate,
there's a team and there's a department
or a person that you can always call on
to do those things. So I think
I'm a person who loves to learn.
I'm constantly trying to better
myself and better my skills.
I think that was a good match,
but it also just took me a long time to
learn how to do things that I'd never
done before. I did a lot of
influencing within corporate.
We called that sort of selling,
getting other people to do things,
but I never had to get someone
to open up their wallet.
And that for me was
definitely a big change.
And so just one example of
many as I first got started.
Sure. What would you
say helped you? I mean,
you've identified you're struggling
with these challenges and you're finding
your way through it,
but is there something that really stands
out to you that really helped you get
through that difficult time period?
So I made my own little board of advisors,
so people that I knew and trusted and
had expertise in the domains where I was
weak. So that certainly helped.
I had listened to more business podcasts
and started reading business books.
I never did any of that in
corporate. I was heads down,
this is all I needed to do.
And I realized there's a whole world
out there of consultants and coaches and
people who have helped hundreds,
if not thousands of people that were in
my shoes get over some of those initial
humps.
So realizing that and finally raising
my hand and asking for help and hiring
some good people to
help me was really key.
So yeah. Let me ask Cath real quick.
How did you decide which advice
to take and which advice to
not take?
Because there's so much
out there and there's
so many people who are
giving out so much advice,
that's bad advice.
What was your process to sort through it?
I will admit at the time, I don't
think I had much of a process.
That's the first thing I can say.
But I've always had this philosophy,
and I used to tell this to the folks that
I would mentor you go ask three people
the same question.
They're all going to give you a different
answer from their unique perspective.
And your job is to triangulate
between those responses,
what resonates and feels true
for you. And that's essentially,
I guess the process,
even though I wouldn't have consciously
realized that that's what I was doing at
the time.
So the stuff that someone would give
me a piece of advice on messaging, oh,
you need to be more
emotive in your messaging.
I'm a very rational matter of fact
analytical person. And they're like,
you sell based on emotion. It's like,
well, I'm how to do that? All right,
let me go read some books.
Lemme go talk to some people.
Lemme hire her to write stuff for
me so that I can learn how to do it.
So those are things where I think almost
instantly sometimes you realize, yeah,
that makes sense. Let me go and try that.
Whereas sometimes I got advice from folks
and a lot of times one of the filters
I apply is, well, do I want to be them?
Do I look up to them for something that
they've accomplished or achieved in
their personal or professional life?
And I really try to make sure that I'm
taking advice from people I consider to
be role models and who have a lot to
offer because you get a lot of free advice
sometimes, but it's not
always good as you said.
Well, yeah. Nicole can tell
you about unsolicited advice.
What's the mantra we have about
unsolicited device? Nicola.
The advice is for you, not the
person on the receiving end of it.
Yeah, a hundred percent. A
hundred percent. Go ahead, Nicola.
You got the next question?
Sure. So let me back up a moment.
When you step into this role,
did you already decide from the outset,
these are the key objectives that I
really like to achieve? And if you did,
how and if did that change from
the time you got through all the
self-education and you're really
getting your footing moving forward?
I wish I could say that I was much
more strategic and intentional when I
started, but the reality is I
didn't know what I didn't know.
So part of this was me jumping in
feet first and figuring it out.
Had you asked me in 2018 if I ever
thought growing a consulting sort of arm
of our service would be a big priority,
I probably wouldn't have said so, or if
I did, it would've been much further on.
So I think things kind
of evolved differently.
I will tell you that one of the first
things that I had intended to do was a lot
of work around analytics.
So in organizations and AI is becoming
so popular at this point or so
mainstream I should say,
but I was thinking if we've got
data from 300 different companies
about their internal operations,
wouldn't there be some way to anonymize
that and derive analytics from it so
that we could show you here's how your
operations or transactions compare to two
dozen other peers in your same industry
all across the country. And then of
course,
you quickly realize that some things
that sound good are not very easy to
practically implement in a safe
and secure and in a way that
aligns with your core values.
And so I ultimately abandoned that idea
and we moved on to different things.
But I'll tell you that my goal
for the business wasn't very
specific in terms of products
or services or whatever it was.
I just want to help small businesses.
I just want to help people who don't
have access to the information and the
resources that I had
when I was in corporate.
And I'll give you a perfect example,
when you're in a Fortune 10,
the big vendors, everybody comes
to you, Microsoft would come to me,
Salesforce would come to me.
I went and had lunch with Steve Ballmer
when he was the c e O of Microsoft. I
mean,
you never get an invitation like that
except for when you're in those large
enterprises,
small and mid-size organizations are
trying to get support when something's
broken and they can't even get
to someone in this country.
Or you open a ticket and then it gets
routed to 15 different places and then
five days later someone gets back
to you. And I said, that's horrible.
And I wanted my clients to feel that
white glove concierge level service,
that level of we actually care
about how your business is doing.
And so that's really where I was focused
on is making an impact and doing the
things that I knew I was really good at.
But for a community that really needed
it and frankly would be a lot more
appreciative than some of
the larger corporations where
you're just a cog in the.
Wheel,
give us the kind of
overview of your e silo as a
company and your team. You're virtual.
I see you're working from
an office in your home.
Those of you who are listening,
Kathy has a very nice office in her home
and I've been in there virtually many
times.
So is all of your team
virtual and how many folks
do you have and do you have
separate consulting people from
the product or service offerings
that you have? Explain how it works.
Yeah, sure. So we're a
hundred percent remote.
Mostly of the team is in South Florida,
although we have somebody who's up in New
Jersey and in three days I have a team
member who's moving from
Miami to the Czech Republic.
So we truly embody being able
to work and live anywhere.
And I think that's a huge
attraction to what we do.
The team itself is we're fairly small,
so we're about five people
core to the organization.
Most of my team is very technical,
so they run the day-to-day
of the backup service,
they're handling client issues,
they're doing all of that.
Most of the client facing
components are going to be me.
So you think about high
technologists, they're very,
very introverted and they're much happier
with their numbers and their screens
than they are interacting
with the clients every day.
So I love to take that on. I love to
be in that role of the problem solver.
I've always sort of been in that
translation of what are you trying to
accomplish in terms of
business? What's the problem?
How do we make things
better with technology?
And then directing the team behind
the scenes to be able to do that.
So that's essentially how we work when
it comes to cybersecurity assessments
where we might be dealing with regulations
in different areas or with different
jurisdictions.
I do have a broad network of resources
that I can also call upon if we need
somebody who's a specialist in that field.
And that's all they do all day long,
but our core team is
really the five of us.
Is there something that triggered that
passion for working with small and
mid-size businesses, aside from
developing some of that while at ge,
is there's something further back in
your background that made you want to do
that?
I guess I'll say the closest
peak I had into entrepreneurship
was my mother was in real estate and
my father was an electrical engineer,
but on a contract basis. So he was very
much sort of running his own business,
but on his own.
So he would work for different
companies as projects would arise,
and I saw how hard they worked for what
they were able to provide me and my
family and being a first
generation American.
So my parents were both from Hong Kong,
they came over to the US for school,
for the idyllic American dream.
I wanted to I guess pay
thanks to that and really
respect everything that I
had watched 'em accomplish.
I mean when you were in college and
they would ask you to write the essay of
like, who's your hero? I literally
would write about my dad.
And when he came to the us,
he didn't speak a whole lot of English.
He got very basic education.
He put himself through school
In three years he worked,
he also has polio. So
ever since he was one,
he's walked with a limp.
And I think people will sometimes
discount you for things like that.
And I just watched him
build the most resilient
spirit and he has the
most can-do attitude,
but he does it in a very kind way
where he takes care of other people.
He's never up for one-upping
or any of that type of bss.
And so when I think about the
average small business owner,
they're building a
legacy for their family.
They're working their butts off to
provide for their children and their
grandchildren, and a lot of
them are also immigrants.
And so they don't have always
the best backgrounds come from
all of these opportunities and means,
but they're able to make an incredibly
amazing life for themselves,
but also impact on their community.
And so it is playing a very small
part in helping those businesses
thrive because whatever,
85% of businesses in America
are considered small.
I think that's a huge part of what we do.
Kathy, when you were growing up,
how much influence did your
parents' journey to the US
have on you and what
was that influence? You
said your dad was your hero.
Was it the work ethic? I mean
coming here with nothing,
that's almost like the
entrepreneurial journey,
only high stakes for the whole family.
Did that have an impact on you and to,
did you reflect on that before
you left GE to go out on your own?
It wasn't incredibly conscious,
but it's always been a component of
my personality and something that I
valued. What I got from my
parents was absolutely work ethic.
It was also courage to
do something unknown and
to put yourself in unfamiliar situations
if you think that there's tremendous
upside. On the other side of it,
I think about what their parents must
have felt sticking their kid on a plane.
And if I use my dad as an example,
his whole family scraped up
enough money to send him here.
My grandfather was a fisherman,
so they didn't really have a lot.
There were seven kids, he's the
only one that they sent to America,
and he didn't have enough money to get
back home for something like 10 years.
So when his mother passed away,
he didn't have enough money
to come back for the funeral.
But I watched him work hard and save and
create something. And so that level of
work ethic definitely kind of permeates
into my personality. And
also just for a little while,
I had a chip on my shoulder
when I was younger.
And I don't know if it's because
I'm Asian, because I'm a woman,
because I'm smaller, I always look young.
So I would find that people
would often underestimate me.
So I wanted to show that I was just
as good as if not better than the
other men in the room or
the other students in the
classroom or whatever it is.
And it took a while for that
fire to kind of wake up inside.
I didn't have that through school. I
was kind of like, eh, whatever school.
But as I got into the working world,
I realized that that was going to
be something that set me apart.
And if I didn't stand up and speak
up and have my voice be heard,
I was going to regret that later.
And it was probably one of the best
things that I did in a culture and in a
company where that was really
rewarded and diversity was valued.
And so I was very fortunate to be in
the GE ecosystem because I think I got a
lot of opportunities early in my career
when I was younger that in most other
organizations, you wouldn't have a shot
at a job like that until you were 40,
50 even sometimes. So
that was pretty amazing.
Yeah, I really want to pick up on
this, and we share this, Kathy,
I remember growing up and being a woman
who wanted to be in business and there
weren't many,
and you always feel like you kind of
have to overcompensate for you to try
harder, you have to be smarter,
you have to be more driven to be able
to break through a lot of the barriers
that existed. And I
really want to ask you,
because tech is such a
male dominated field.
I mean it's something like less
than 30% of women are in technology,
the percentage of women who are leaders
in technology or even less than that.
So I want to hear just first of all, your
initial impression when you hear that,
if it's something that you consciously
think about or if you did as you were
coming up through the ranks
and owning your own company.
Yeah, it's definitely
in the back of my mind.
It's why a lot of the nonprofit work
and volunteerism that I do within the
technology space is focused on girls
in STEM and women in technology,
women leaders, because
there's never enough of us.
And I think the generation needs to
turn around and pull up those that are
coming behind them. And I was lucky
enough to have a lot of women role models,
women mentors who helped me make that
transition. So that's definitely huge.
But I will say that in the last couple
of years, I think it's gotten better,
more women in tech and women in cyber.
We're still one out of maybe
every seven or eight in a room,
but it is getting better.
I just think that when you don't have
enough women in the boardroom period,
it's really hard to get
women in leadership in other
places. So the more that
we can be visible, and
I think it's podcasts,
like it's speaking
events, it's conferences.
And I'm looking forward to, in September,
I'm going to be moderating a panel on
cybersecurity and disaster recovery at the
Disaster Recovery Journals
conference in Phoenix.
And I was really vocal about the panel and
wanting to make sure that we had diversity
on the panel and really happy that
it's an even 50 50 split men and women.
And so those are the types of things
where I think if we push for that more,
the women leaders in the field
get recognized and aren't visible.
Yeah, absolutely. Is there
something that for you,
when you think about this and helping
to advance more women into technology,
is there something else that stands out
to me? Obviously you're giving back,
you're active in these programs
where they're focused on stem,
and I think that's really been significant
in the last few years in showcasing
opportunities for careers and technology
in those other areas to women,
especially in other students. Is there
something else that from your standpoint,
would help advance careers
and technology or other ways
companies rather can think about helping
to promote careers and technology,
especially for women?
Yeah, I think when it comes
to companies promoting,
I would say make sure that there's
equal opportunity for training.
A lot of times in a group setting,
our unconscious bias creeps in
and even find it with myself,
where you'll see a group of professionals
and then there's a woman in the room.
And sometimes you might assume that the
woman is the marketing person or the
HR person or the intern there to
get everybody coffee as opposed
to the technologist or
the cybersecurity person.
And so I think opportunities for one,
catching that unconscious bias
and educating people on it,
but then sending women to training,
giving them opportunity
to be the tech super
user of the systems that you
have or to be the liaison
with the managed IT partner
that does your firm's
technology.
I think those all help through
exposure to get them into and
interested in technology.
That's really how I fell into it.
I thought I was going to be in finance.
I did an internship at Morgan Stanley
and they happened to just luck of the
draw.
I got assigned to a team
that was automating a lot
of business processes and I
was like, whoa, this is really cool.
We could do the spreadsheet
thing and all of that,
but the power of technology
in an enterprise like this,
that's what I want to go do.
And so that kind of changed the course
of where I was looking in terms of career
prospects after I graduated.
So I think it's that kind of exposure
that just helps women see that there's
other opportunities and hopefully that's
another woman on the other side of the
table who is already in the field
and can show them the ropes.
I think there's also comfort
in a community of your peers.
And I'll say the same thing for
my financial advisor. He's a man,
but he has a woman on his team.
I will call the woman 10 times more than
I'll call the man just because I feel
more comfortable with her
and that's the way that it's.
So Kathy, let's dig into EIS now. So
give us your business model. Tell us what,
we have a lot of hardcore business
folks who listen to the show.
So give us what is the
east silo business model?
How does a brand new client come
to East Silo and what's the client
path along the client lifetime journey?
Sure.
So majority of our new clients come to
us through cybersecurity assessment,
and that's usually because they either
just had a breach or maybe they had a
close call, so we almost got hit,
but then the bank was able to recollect
some of the funds that we had wired to
the wrong person or something else.
Or sometimes it's just that they
are either in a regulated industry.
So there's an annual requirement for our
assessment or an external third party
assessment,
or in the case of John who's a partner
at a management consulting firm,
and they've been a client of
ours for a couple of years now.
They were courting much bigger clients.
They were recording Fortune 500 companies.
And those companies have a lot more
strict supplier security reviews than your
average mid-size customer.
And they knew that they needed to up
their game in order to pass those reviews
and land those deals. So usually they'll
come to us through the course of an
assessment,
we'll determine with them what's the
standard we should be assessing them
against. So what are the
applicable regulations?
Or if there isn't a direct regulation,
we'll often do a NIST cybersecurity
framework assessment, NIST C S F,
national Institute of
Standards and Technology,
and that's the gold standard
for our industry. Over the
course of several weeks,
we'll get really deep into their business.
We'll interview a bunch of folks on
their team, and at the end of it,
they get a very detailed
report from us that says,
here are the places where
you meet those expectations.
Here's where you're doing well,
and here's all the places
where maybe you're not,
and here's a roadmap for the next
three months, six months, 12 months,
of the things that you need to do in
priority order to close those gaps and
reduce your risk of a cyber attack or a
data breach. And I think a lot of folks
when they think about cybersecurity,
they think about tools, right? Oh,
I just go buy this tool and I
install it and everything's fine.
And I think the marketing for those
companies that make those tools,
they don't do anybody any favors
because they oversimplify the problem,
they oversimplify the solution, just
buy this one thing. When in reality,
just like many other things,
cyber is a people process
and tools conversation.
And we pride ourselves in not shying
away from the conversation around people
and process. It's very easy
to buy and resell tools.
We will do that in some
cases, but to be honest,
that is not core to our
business model at all.
It is really partnering with our
clients from a strategic point of view,
how are you setting
your technology budget?
Are you investing in cybersecurity
compared to your peers? Here's what the
benchmark is.
Here's how you should be thinking about
investments in hardware and software and
cloud services. And in a lot of cases,
they're stuck with some older
technology that's been around for many,
many years, maybe it used to meet
their needs, but it doesn't any longer.
But they don't know how to
get into something better.
They don't know how to modernize. So no
matter what it is that their problem is,
we'll advise them on how to solve
that through better technology.
Some of that's going to
be a cyber conversation,
but some of it's just going to be let's
introduce you to partners who develop
custom software or let's introduce
you to platforms that out of the box,
do what you're looking for and maybe
it's an opportunity for you to move and
save some money and save some hassle
in the process. So that's how they
get in. Once they are in as
part of that action plan,
we're usually sitting down and helping
them write information security policies,
business continuity policies,
incident response plans,
helping them put in place the
right capabilities so that
if and when an attack does happen,
they know how to properly respond.
And that's where the backup side of our
business comes in. So as I mentioned,
when I bought eai, we were
exclusively offsite backup.
So for a law firm or an accounting
firm or a medical practice,
we would be their offsite backup
storage. So if they had an issue,
whether that was a tornado or hurricane
or a cyber attack, they would call us.
So we would be the ones to help restore
their data working in concert with their
IT people. We still do that,
but we don't often lead with that as the
first part of the conversation. That's
a component in our toolkit for how we
help them be prepared for those types of
events.
So after or as a part of that action plan,
we'll often work with them on an
ongoing basis as their fractional C I O,
so chief information officer,
that's your C-suite level
person who is overseeing
your technology, not
doing the hands-on work,
but overseeing your vendor or your
team that's doing it and providing that
strategic level guidance to the board
and the management on what needs to be
happening.
So that's kind of the third leg of our
stool as far as the things that we do for
our clients.
That's great. If somebody's
buying a company,
would you do a technology
assessment like upfront as a way to
assess the vulnerabilities
that may be there?
So if you're buying a company and a lot
of what you're buying is the database of
their clients and the goodwill,
is there a way that they could connect
with you to look over what they have and
get an estimate for how much it would
cost to shore up whatever data they
may have? Yeah.
So I'm glad you asked that because I
think it's something that gets overlooked
in m and a transactions is
the potential cybersecurity
cyber of what you're acquiring. And we've
seen that happen time and time again.
So somebody gets acquired and then they
discover that six months before the
acquisition there was a leak, but
nobody knew it until post close.
So that's absolutely something that
people can come and ask us to do an
assessment. So they get an idea of
how well was the company operating,
how buttoned up are their systems?
And I think that'll give you a really
good indication of the rest of their
operations too. It's a
good leading indicator.
The one thing I will say that
we're not specialists at,
because I like to be very transparent
about what we're good at and what we're
not is valuing the technology.
So if it's a company that has
its own proprietary technology,
we're not experts in that valuation,
but we also work with and have a lot of
companies that we could refer them to
for that component of it.
But really what we focus on is the
technology that supports their internal
operations and how they
run their day-to-day.
How early should a company come to you
if they do want you to take a look at
that in m and a transaction.
As early as they've got a
potential target in mind?
And the reason I say that is
because my business experience,
there's a whole bunch of other things
besides just looking at the technology
that I'm going to ask them questions
about that third parties and suppliers,
how are they thinking about how
are they managing that risk?
One of the big things that we talk about
a lot with the companies that we work
with is supplier related risk almost.
I don't want to quote the wrong number,
so I'm going to say a significant number
of breaches are as a result of third
parties that are compromised. You
look at Target, that was a huge,
very popular breach many years ago,
but they were compromised
their HVAC provider.
So you think about how large
companies are very well protected and
very well resourced,
but their suppliers tend to be smaller
and tend to not be. Those are the ones
that are a target. So a lot of
times we'll have people say, oh,
but I'm not big enough to be
a target of a cyber attack.
I have no valuable data.
We're not on anybody's radar.
And it's not that you specifically are
targeted, it's who your clients are.
And frankly, sometimes it's
just that no one's targeted.
It's just easy pickings. If you leave
your car unlocked in the mall parking lot,
someone one day will eventually pull
the handle and take everything that's
inside.
So sometimes it's also just a matter
of opportunity that you have to be
aware of.
I tell the story all the time, Kathy,
of how when I switched to a business
fiber internet connection, I went from
a variable IP to a static ip,
and they didn't tell me that they were
moving me to a static ip and they didn't
tell me the risk of having an ip
that didn't change all the time,
every time we we logged in.
So my phone vendor happened
to say to me, Hey, listen,
now that you're on fiber,
you have a static ip,
so you absolutely need a firewall.
And I ordered one and it took two
days for the firewall to get there.
During that two day period,
I woke up one morning,
the second day that I had
this turned on my computer.
There was a text file on the desktop
and the text file when I opened it had
a digitally drawn smiley
face with zeros and ones,
and it said, your data is
exposed. You need a firewall.
You're lucky you have nothing
of value, or it would be mine.
And I freaked out, I unplugged everything,
turned everything off,
and I got in the car and drove and
bought the firewall and installed it
like that day. So I mean,
you think it can't happen to you.
I'm a guy operating a business out of
my house with a dozen contractors that
work for me.
I got nothing of value yet within like 24
hours of having a static ip,
somebody found my vulnerable
system and was in it incredible,
absolutely incredible.
So it's amazing to me explain
for the people who don't know,
right? There's an
entrepreneur here who is,
he owns a railroad in
Pennsylvania. I know.
We actually have one guy who listens to
the show who actually owns a railroad in
Pennsylvania. I met him through Vistage.
So he may not know what backing up
stuff to the cloud means,
and he may not know how to select
the right vendor to do that.
So what is the difference
for that guy for hiring
you to back up all his data to the
cloud versus dragging and dropping a
file into Dropbox?
So there's a whole bunch of differences.
The first thing I'll say is if
you're running a real business,
you need a real business backup solution.
You don't want to use a
consumer tool to do it.
You don't want to use a Dropbox
or OneDrive or a Google Drive.
Those are actually cloud sync tools.
They're not cloud backup tools.
It's a common misperception when
you think about it like this.
If your computer gets compromised,
you click on a bad link that came
through an email of somebody that looked
familiar,
and all of a sudden your computer
is infected with a virus and your
files all get corrupted. So they
get jumbled up. They're all there,
but you try to open them. You can't
actually make heads or tails of it.
You can't see it. You
can't use any of the data.
If you are using Dropbox
Sync or OneDrive sync,
then the copy of that file that lives
in your cloud that you think is your
backup is now also corrupted to,
right?
So the changes are kind of indiscriminate.
If you delete a file from your computer,
then the copy in the
cloud can be deleted also.
So what we always tell folks is that you
don't want a constant synchronization
of your data.
A real backup is going to be as
of a point in time where eight
o'clock every night, you're going
to take a backup of your files.
If something happens after
that backup at eight o'clock,
you can roll back everything on your
system back to a single point in time.
So there's consistency there.
The other thing is that
a tool like Dropbox won't
allow you to control when new
versions get made and how many versions
get saved, right? You buy a plan,
the plan includes however many versions.
They often don't tell you because they
want to be able to change that behind the
scenes.
It's not part of what you pay for,
and you don't get to control that
version history. Whereas again,
if you have business grade backup,
you can decide that the backup
happens once a night at eight o'clock.
It happens every six hours. It
happens every two hours, right?
So you control frequency and
you also control retention.
I need that backup to be
saved for 30 days, 60 days,
seven years because of my
regulatory requirements.
And so you now have a lot more control.
So that's really one of the first things.
The second thing is you want to make
sure your backups are encrypted,
because if something ever
happens to that provider,
if something ever happens to that storage,
you want to make sure that even
if it falls into the wrong hands,
nobody can actually view the
files and take them and use them.
And if you were to have a leak of
private information, if it's encrypted,
that's going to help you quite a bit as
far as your breach responsibilities and
what the implications might be. And then
the other thing is that you want those
backups to be completely automatic.
There's a lot of organizations I talk
to where the backup is so-and-so's job
when so-and-so gets sick or is on vacation
or just gets really busy and forgets
your backups don't happen.
And too often we find companies that
think they have a set of backups and a set
of routines, but nobody's checking on
them. So you don't realize that, oh, well,
that was a task of somebody
that we fired six months ago,
and so they haven't been happening,
and then they go to restore from a
cyber attack or a ransomware incident,
and lo and behold,
there are no backups or the backups that
they have are two months old because no
one's been watching the store.
So when you have a business grade
backup service and business backup
software that's happening
for you automatically,
it's run by outside people. So that's
like my team. That's all they do.
They run the backups, they
check 'em every morning.
We call clients proactively when
something happens. I'll never forget,
in the beginning of covid,
people started traveling a lot.
And so we saw one organization,
their clinical psychologist,
and we noticed that the backups
hadn't happened for a while.
So one of our team members
called her up and said, oh,
I'm working for a beach house in
Delaware. I got a new computer. Oh, well,
you kind of got to let us know that
so we can get you set up for your new
equipment.
So that's an example of the level of
personalized service that when you have a
good system, someone's watching for you,
think about it like an outsourced IT
department dedicated just to managing your
backups.
Whereas you can swipe your credit card
on a website and get access to some
software, but there's nobody who's
monitoring that for you. Trust me,
the call center in the Philippines is
not paying attention to your backups and
going to give you a call when
something that they spot is unusual.
Oh, that's great. This reminds me of,
it's almost like being
in the medical field.
Someone's monitoring where your
heart rate is at a regular basis.
There's doctors behind
the scenes doing it.
If you're someone who has had the device
implanted, you have the monitor on,
and then they're watching it in
real time calling you. I mean,
this is really first level service.
What we're talking about here is someone
is out there watching out for you,
calling you when it's happening, so that
they can work with you immediately to,
I'm sure,
catch this a lot sooner and prevent
a major issue then when they start to
notice it,
which for those of us who
are unsophisticated handling
data or cybersecurity
issues, that could be
well down the road, I'd.
Imagine. Yeah, no, absolutely.
And I'll tell you a quick story.
One of the things that people tell me
often is that while I don't need backups
from a third party, my team's
already got that covered.
We pay this vendor to manage all of our
IT and backups are included as a part of
it. And while that may be true, a
couple years ago there was an M S P,
A managed service provider, one of
these outsourced IT departments.
They have about 200 or so clients
in the South Florida area,
including sports teams that teams
you and I would've watched on tv.
So they serve big clients.
The M S P was hit with a ransomware
attack. And unfortunately,
all of the clients who
that M S P served and
had access to their systems,
they all got infected too.
And there was about a dozen or so of
those companies that we happened to share
in common. So way earlier on, they'd
been with us for 10, 15 years.
They called us up right away and they
said, look, this is the situation.
Our M S P can barely return. Phone calls.
Their folks were working around the
clock and no knock against them. I mean,
they were literally pulling people off
of the billing desk to answer level one
help desk calls and try to troubleshoot
what was going on. But they said,
it's been several hours. No
one's getting back to me.
Can you just restore my backups from
your copy because I can't wait for them.
And so we did, and lo and behold,
all of those local backups that were
managed by that M S P were completely
trashed. And it was just because you have,
one of the things you learn when you're
in the resiliency business is you don't
want a lot of things that look the same.
Too much commonality puts you at risk.
It's concentration risk.
So you had the same people
who were managing the
production servers and machines
that were also managing the backups.
Same accounts, same passwords, right?
Same personnel. And so
when they were compromised,
everything they touched was
essentially poisoned. Whereas our team,
it was a different team, different
accounts, different platform.
We don't actually run and
save our backups on windows.
We use Linux for added variety. We
store them on a different network.
We store them offsite. So we had all
these different factors where we've,
at this point in that situation, but
also ever since I bought the business,
we have a 100% ransomware recovery
rate. And we actually tested that,
just I want to say two, three weeks ago.
We're a regional healthcare
provider client of our same thing.
They got ransomware, their internal
backups were hosed, ours were not.
So you got to ask yourself the
question, right? If my data is really,
really important,
how many layers of protection am I willing
to put in place to ensure that when
that worst day happens, I
have a means to recover?
I have experts who I can call upon,
who will roll up their sleeves and get
into my systems and actually do it for me
or do it with me. That's really
the value of having EIS backups.
So you must have to segregate
data from specific industries
from everything else. So for
example, medical data has to be,
everybody has to have their own,
I don't know if they have their
own separate server or whatever,
but everybody has to have their own
separate little area where you can't,
because that can never be
compromised if that gets out.
There's a huge issue with that. I mean,
there's an issue with all data getting
out, but medical data especially,
or client specific data for a law firm,
I have a client who got hit
with a ransomware attack,
and the entire firm was rendered helpless
for a week because they didn't have
access to their information.
And they were very tight-lipped about
it because they didn't want the word
getting out that they had gotten
hit with a ransomware attack.
And I have to believe they didn't have
an effective backup system like you're
talking about. Otherwise it
wouldn't have been as big a deal.
But how do you segregate that
data and how is it tested for
compliance purposes?
How is your backup data tested for
HIPAA compliance or for compliance with
FINRA's rules for financial
data, that sort thing.
So we treat all of our clients as if
whatever information that they're backing
up with us is the most
important thing in the world.
So we apply the same level of protection,
the same high bar to everyone and
everything because to be honest,
by the time the data comes to us,
we don't actually know what it's,
we can't see it. Even our staff can't
unencrypt and view our client's data,
and we do that on purpose.
We have no reason to need to see any
of the information that you back up and
trust with us. So we have separate
encryption keys for each of our customers,
which means that even if we were to have
some kind of a widespread breach that
you couldn't get to all the
data of our individual clients,
only they have those keys.
So that's one of the protection measures
that we have. The other thing is,
what I'll say is it's logical separation.
So even though the data
might be physically stored
on the same physical server
as part of our private cloud,
because of the way that we
store it and how we store it,
it is logically separated. And
so there's no crossover access.
There's no ability to see
from your backups. Nicola,
could you see Dave's
data on the other side?
And so the encryption piece
though is incredibly key to that.
The other thing I would say is that
when you are in the business of data
protection, you design, we
call it security by design.
So everything from the ground up is
designed to ensure that things are
segmented, that there's zero trust,
that there isn't the ability for
if somebody were to get into our
environment to be able
to move between servers.
So that's ultimately how I'm able to
sleep at night because I know that we've
put in place those correct protections.
To be honest with you,
the weakest link in the entire chain,
and this is often where it happens,
is people and my clients
have to have access,
username, password that gets
them into their own backups,
and that is what I worry about the most
because they use the same password for
that as they use for other things.
So a lot of what we do is
education with our clients on here
are good cyber hygiene practices
that you should be applying
in every area of your life,
not just as it pertains to
data that you protect with us,
but you should be turning on
multi-factor authentication.
If you don't know what that is, message
me and I'll help you get it set up.
That is the single best thing that you
can be doing to protect your accounts,
whether that's your bank account, your
Amazon account, your backup account,
all of it. And that just ensures
that when you log into something,
you're using multiple ways to
authenticate yourself to that system.
It's a combination of something you have,
which is a password and something which
is often like a six digit code they get
sent to you on your phone, and there's
even layers of security within that.
There's good M F A practices
and not so good ones.
So that's where we do a lot of just
education on here are the things that you
need to do to play your part
in securing your own data.
So let me ask a question that I'd imagine
there's a lot of people sitting in our
audience right now that are thinking,
I have a million passwords. Kathy,
where's the best place to store those?
Because I'm sick of saving and worrying
about every password that I have to
every different account. I was.
Going to say, so before I.
Tell you, definitely don't write them.
Though. You tell me where
you're storing yours.
Oh, Dave.
Nicola, what do you do?
What do I do? I have, well,
I have a password protected file
that have passwords in them.
So you have an Excel
spreadsheet that has a password,
and it's the password spreadsheet
and the password is password 1, 2, 3.
Then no password whatsoever.
Mine is not a complicated one.
All of them are unique and
they're complicated. They're long.
There's nothing that's
uniquely identifiable.
So I use LastPass and I used an assigned,
I used a randomized password
to get me into LastPass,
and so every time I forget the damn thing,
it takes me an hour to get all my
passwords, but I think it's safe.
I mean, I think they had
a breach at one point, but
I think that's the best I can do, right?
Yeah, so a password manager or
password vault, like a LastPass,
but maybe a different one would
be the easiest thing to do.
So I love what Nicole said
about having totally unique,
totally randomized passwords,
hopefully really long ones.
You can Google time it
takes to crack a password,
and you get these really scary charts
that'll show you that even if it has eight
characters and it has a combination
of upper and lowercase and numbers and
symbols and all that,
it takes like 0.3 seconds for somebody
to breach it with the right hardware.
So you really need a long,
strong, complex password,
but then you store it in a vault like
one password is a good one or there's a
whole bunch of them out
there. If you're on LastPass,
I would recommend moving away from it
because of the breach that happened.
Interestingly enough, in the breach,
the attacker stole a backup
copy of the databases.
So that's why I advise people
against it or to move on to
something else. But that's
really the best that you can do.
But I would say if you
have a password vault,
you've got unique passwords and you've
turned on M F A in every system that
supports it,
then you've at least covered off the
basics of the things that you should be
doing to secure your accounts.
Kathy, explain to people,
when I travel, I use A V P N.
Explain to people the value
of using A V P N and why
people need to use A V P N.
Yeah. V P N stands for
Virtual Private network,
and it creates a secure tunnel between
your computer and the websites that
you're communicating with.
And why that matters is if you
travel often and you're in airports,
hotels, Starbucks, you're on public wifi.
If that wifi is not properly protected,
any other individual who's on that same
network can potentially be spying on
your communications or even intercepting
and changing the communications that
are occurring between your computer
and your bank's website or whatever,
whatever it is that you're doing.
A V P N helps to eliminate that
by creating that secure tunnel.
The other thing that's nice
for folks who travel a lot,
especially if it's out of country,
is they'll use a V P N to be able to
watch American shows and countries where
that stuff is blocked. But from my
point of view, that's a nice to have.
It's the security value that I think is
really important for anyone who's on the
road.
If you've ever been on an airplane and
you open your Bluetooth or you
click on the wifi and you see Joe's
iPhone pop up as an option,
that's why you need a P n,
because if Joe's iPhone is popping up,
you can be damn sure your computer's
going to pop up there too. So,
oh man, that is, for me, that is the
scariest, the absolute scariest thing,
especially people who have
access to confidential client
information and they're
sitting in the airline club doing
their work on that confidential client
information using the
airline club wifi without any
type of protection whatsoever.
It scares me. Alright, Kathy,
before we let you go, let's
talk a little bit about
how you get clients.
So how does EIL find
companies to work with?
99% Of our clients come through referrals.
So we work with trusted advisors,
whether that's attorneys or accountants,
also their IT provider.
So you think most small to mid-size
organizations do some level of outsourcing
to another IT provider,
and those are often the ones that bring
us in because they know that what we
offer in terms of expertise and services
is going to be a little different than
what they do day to day. So that's
always been our best source of.
Clients. Kathy,
what's the most frequently asked
question that leads to clients doing
business with you?
Yeah,
I think probably the most common place
that they're at when they come to us is
if I had a security incident
tomorrow, I don't know how I would do.
And it's that fear of the unknown and
the recognition that whatever I'm doing,
it's probably not enough,
is really what motivates them
to reach out and call us.
I want to touch on one more thing
and then I'll turn it over to Nicole.
And that last thing is,
your business as an entrepreneur
is a really good business model
because when you onboard
a client, I would guess,
and you can tell me if I'm wrong,
probably upwards of 90% of your clients
are recurring revenue clients in that
you bring them on and then they're going
to pay you for a service monthly or
annually, over and over and over again.
Did that factor into the type of
business that you were looking to buy?
And if it didn't explain,
or even if it did,
explain the benefits of having a
recurring revenue model in your business?
Yeah,
so having recurring revenue was an
absolute core criteria as part of my top
three criteria when I was
shopping for businesses.
And what I loved about this
business model was that you
build the technology once, I
call it build once, sell many,
just like people with cloud
websites, it's same sort of thing.
You build it once and every improvement,
every enhancement can be
shared by all of your clients.
So that was the big appeal for me.
It's actually why the
consulting side of the business,
it was a little bit surprising.
We do strive to make that
a recurring relationship,
but a lot of it sometimes is one time,
and that wasn't necessarily our
focus in the very, very beginning.
But what I would tell you
is that in this space,
if you treat your clients
well and you do good work,
they will stay with you forever.
We've got customers that have
been with us for 15, 16, 17 years.
When I bought business, that was the
last time I did the analytics on it,
but at the time, our average retention
was like nine and a half years,
and it's only increased since
then. So I think that's huge.
That's part of what enables us
to do what we do is we've got a
core base, core service
that we can offer them,
and everything else is
kind of value on top.
So that's really one of the things
that I love the most about this.
What do you think, Kathy, what's,
what's your vision for the
company for the next few years?
Where do you see the company,
and I'll use the benchmark 40,
where do you see the
company in five years?
That's a hard question. Where
do I see it in five years?
So I would like to say that we're 50
50, the cybersecurity
consulting side and backups.
As much as I love the
backup side of the business,
it is harder and harder to sell
standalone backups as a service.
There are so many other service providers
that bundle that with other things.
So I would say we would be 50 50 on
that mix and we would play an even
bigger role in terms of disaster recovery
and business continuity planning.
And what I mean by that is a lot of small
businesses don't put a lot of thought
into those business continuity plans,
but mid-size organizations absolutely do.
And they understand that it's an
orchestration of not just technology,
but also their whole operations
and people process as well as
tools. And so I think we are uniquely
positioned to help them build business
resiliency,
business continuity plans that take into
account both the technology component
but also the cyber side.
So things that intersect
across those different areas.
That's where I would love to be and twice
the size of where we are right now in
those couple of years.
Kathy, when you're thinking about,
and I know you've thought about this,
I know you, when you're
thinking about how this ends,
what would an exit look like?
Would an exit look like East Silo being
acquired by one of the bigger players?
Or would an exit look like
you merging with another local
technology provider that's
complimentary to you where you
remain an investor, but you
step out of the day to day?
What's your vision for
an exit from East Silo?
It'd be a strategic
acquisition by another,
and I'm going to use local in quotes
because it doesn't have to be in South
Florida,
but most likely another service
provider where what we do and what they
do is very yin and yang,
very complimentary.
I don't foresee us being acquired
by a big player in the industry.
We're not that tools focused where
I think we would be an attractive
acquisition candidate in that regard.
But definitely on the services side,
I think that's where
we would have our play.
And do you envision yourself as
kind of a serial entrepreneur,
maybe investing in
something else or, I mean,
you could do that as the c e o of East
silo and invest in something else.
I mean,
is that something you see yourself
doing or are you just sticking to the
knitting and focusing on East Silo?
I would say I'm a very, what's here and
now, what's right in front of me person?
I give it off my full attention.
When I bought the business,
I remember someone asked me, well,
what's your exit strategy? I said,
I don't get married to plan my
divorce. I get married for life,
and this is what I'm going
to do until I'm unhappy.
And then I'll start thinking about
options if I ever get unhappy.
But I would say that a dream of mine.
So my husband is also in
the cybersecurity space,
and he's pretty active in the
scene here in South Florida.
He's actually on Governor
DeSantis cybersecurity committee,
and he has all of these amazing
ideas. He's a big ideas guy,
and I would love for us to be able
to go into business together where
he's executing on the vision and I'm kind
of standing behind him and making sure
the trains run on time. So I would
love to do something like that,
but I'm not sure that I'm ready to
have both of us take the leap into
entrepreneurship.
It's nice that he's still on the
corporate track and I'm able to have the
freedom to do this. So we'll have to see.
There it is. Complimentary partnerships.
Complimentary partnerships. We need
to have a conversation about that.
Let me tell you, oh boy. The
way you have it set up now,
Kathy is probably ideal. You
both can understand each other,
but your worlds are completely
separate, which is fantastic.
Exactly. All right, Nicole, what have
you got for Kathy? Before we let her go?
What I want to do is kind
of bring this full circle.
So we've spent a good deal
of time getting to know you,
really digging into some of the technical
aspects of cybersecurity for our
audience. And we've buried
the lead a little bit.
We want to have you come back as a
reoccurring guest free segment with Cyber
Kathy. And so I just wanted
to hear your thoughts on that,
what might be,
and you can just give a short preview
in store for some of the things we can
discuss with and bring to
the entrepreneurs who are
listening to the podcast.
Well, I would absolutely love that.
I have so much that I always want to
share with other business leaders.
There's a lot of myths, I think that
people believe about cybersecurity,
either how easy or how hard it is.
And so I'd love to dispel
a lot of those myths.
I do a ton of different trainings for
business leaders on those exact topics.
So I think that's a great opportunity.
And then the buzzword
right now is generative ai,
and everybody's thinking about how
to apply it in their businesses.
And not that I ever want to be a naysayer,
because us cybersecurity and risk
management people can get a reputation for
being the poo-poos of things.
But I think being smart
about how you use tools like
that and where your data goes and how
to still take advantage of those tools,
but in a safe way,
I think would be a really important
topic for us to dig into on a future
episode.
Oh, that's great. I love that.
I think that's a fantastic idea.
Alright, so cyber, Kathy Myron,
thank you for joining us.
I want everybody we're going
to put down in the show notes,
I want you to subscribe to
Kathy's YouTube channel.
I see her shorts pop up all the
time, and her shorts are outstanding.
You're doing a great job
with the information that
you're sharing with folks on
YouTube. And I will tell you that every
time I watch one of those, I'm like,
oh man, there's another
thing I didn't know.
Which is, and I got to go do Thank you
for watching and for listening us today.
It's been such a pleasure having you,
Kathy Myron, join us today on the show.
We've learned so much,
and yet there's so much more in store
for those of you who are following our
podcast. So if you enjoyed today's
episode, please watch another one.
This is the Inside B Show.
I'm Nicki G, and you are.
I don't even remember Dave
Lorenzo, the Godfather of Growth.
We'll see you tomorrow. We'll see.