This is techie and the biz; a podcast to explain and simplify how business technology is changing and why it can benefit your organization.
Cybersecurity and cyber attacks have become one of the hottest topics for both consumers and corporations in recent years. On average, a Cyber attack happens every 39 seconds and costs the United States economy $3.5 billion each year. Today, we are joined with Zac Grant, VP of Enterprise Solutions and security expert at MetTel, to learn more about cybersecurity and a new breed of tools available to help combat this constant threat. Welcome, Zac.
Thank you. Thanks for having me. Welcome. So great to have you on the show, Zac. I have to start by saying that I still remember the first trip you and I took together because I learned something about you that I honestly didn’t expect. We were driving in a rental car from one state to another trying to make a dinner meeting in Columbus, Ohio, and I looked over and saw the speedometer somewhere around 105. As Zac must have noticed me clinching to the bar in the car because he turned to me and said, “Don’t worry, Max. I’m the next New Mexico state trooper.” Now that’s something you don’t necessarily hear every day. So how did that transition happen?
Yeah, you know, I was always interested in law enforcement so pretty much my entire life, I’d always dreamed about being in law enforcement. Obviously, I started out my career in the military and then started going to school and in college. I was intrigued by technology and was looking for a part-time job. I started working for a local ISP and going to college at the same time and really focusing on law enforcement. So I pursued that track but as I got into my career, digital forensics and digital security really became a topic that I started hearing more and more and you know with my schooling and my interest and just this natural knack for networking and Technology. I thought you know what I’ll start looking at doing maybe cybersecurity digital friends and started going going down that track and then again, that’s how I ended up here right kind of made the leap away from the public sector into the Private sector and you know just kind of found my Niche working with customers and talking about not only just networking but cybersecurity and how to protect your digital assets and keep your family and your company safe.
It’s a real exchange of career Direction it is and it’s funny because I Max what year was that that had to be 70? I have to say It’s gotta be like 20 15 16, maybe. Okay. Well, why it was just memory but I believe that is a true story because that sounds just like me. I am a I’m a lead foot. That’s for sure. Yeah, maybe you’re used to a lot of high-speed car chases. That’s right.
And cyber security is sassy and honest the first time I was talking about this with Max. I thought he was talking about my attitude. Well, you may have been sassy in the past. But this time I was referring to the industry term. Yeah, but actually sassy stands for secure access service edge. Can you explain it? It’s basic form. What is Sassy? Yeah, absolutely and it can get a little bit confusing because sassy is is used interchangeably in in two different ways. So as you alluded to it’s an acronym that stands for secure access service edge and really that’s just a replacement of our traditional routers and our traditional firewalls that are protecting our fixed assets. So from that perspective, it’s an easy concept because what we’re talking about is really taking a centralized security model, right? So instead of having your security stack in one location and forcing all your traffic to that centralized location, Sassy allows us to take that centralized security model and distribute it to all the endpoints and those endpoints are being identified as SASE, but where the confusion comes in is the industry as a whole is also calling the overall strategy for our next evolution of security sassy, right and it’s a unified or uniform methodology that really is being introduced and pushed by Gartner to get all of the different vendors all of the different Technologies aligned so that we’re all together in lockstep to thwart a lot of the upcoming and emerging threats that we’re seeing in the industry.
While and I wonder then what’s behind why we’re seeing so much growth and traction with SASE what did companies do before? So, you know, it really started with sd-wan. So we have this centralized model for security and about 10 to 12 years ago. We started seeing sd-wan introduced into the into the environment and what sd-wan does for you is it really makes your network traffic more efficient it gets you to your applications a lot faster. But the way that sdn does that is it needs to Route differently, it needs to take a different path than that fixed centralized security model would accommodate for and so what we saw was a little bit of a conflict where we were investing in sd-wan we’re working to make our our traffic much more efficient, but through that what happened was we started bypassing our security stacks and and that really brought the industry together to stay guys. We can’t we need to to maintain our security but we want to keep driving this efficiency forward. So that’s really where the concept of SASE came down and said listen take that centralized security policy get it distributed to as many endpoints as possible. And then that way your endpoints can communicate directly and bypass lengthy Network segments and long Transit Halls to get to your applications. So the network becomes more secure. Faster more efficient and a lot more user friendly.
How did SASE benefit every day employees or consumers? Yeah, that that’s a that’s a great question. So so first off all of us are being impacted by these these cyber criminals. So I like to think of it a lot like shoplifting right shoplifting is not necessarily a victimless crime when the costs of shoplifting are passed on to us as the consumers. So for us having a good cybersecurity strategy is going to continue to keep companies costs down. It’s going to protect our assets. It’s going to protect our information our personal information, which is everywhere right? No matter where we go in today’s world your name your date of birth, your social security number is distributed and so for us protecting that data is about protecting all of us.
Wow, do you have a specific like a personal story where you’ve had to kind of be the you know, the receiving end of some of this as you said shoplifting but but on in a more digital form, absolutely I have so just recently somebody tried to to rent out my house and and I had some an unexpected guests coming to try to to rent my house. So that was most recently within the last few weeks. But the biggest one that was really impactful to myself and my family. I was closing on a house here in Colorado where I live and the title company that I was working with their network was actually hacked into and they took over their Office 365 environment. And so what was happening were these these, you know, thugs were watching and monitoring emails. They were manipulating files. And so the the particular Title Company what they did is they had wiring instructions that they stored in their Office 365 environment and And the Bad actors were able to get in change the wiring instructions and put fraudulent bank accounts. Oh, wow. So yeah and and it’s pretty incredible because you know, they’re very strict on on their rules.
So much money is involved there. They’re incentivized to get as sophisticated as possible. That’s amazing. Yeah, that’s I mean that sounds like Oceans 11 or something. I mean, that’s they really thought of everything right they did it really was and you know.
A lot of different organizations Gartner being one of them IBM. They’re predicting that by 2025, cyber crimes we’re going to cost the world 10.5 trillion dollars annually, so think about that, right? So you have thugs Mafia cartel terrorists enemies of the state that are making right more than double the world’s third-largest economy, which is Japan. Wow, every year. So these guys are bringing as much sophistication as the US government can bring your right to thwart these and so it’s it’s not a simple answer. It’s it’s not an easy topic because we’re really up against organizations that have much more money much more power and are much more organized than you know, then you would think we are and that’s just because of how dispersed we are how segregated we are how everybody has different strategies and that ties back to sassy and that’s why you see organizations like Gartner really pushing for a unified strategy amongst multiple providers Technologies. And that’s to combat. You know, this this very sophisticated environment that we’re moving towards. Oh, wow, I think your law enforcement background must have kicked in you there was like your Spidey senses told you something was probably not right and luckily you were able to recover but like you said, it’s it’s not just them stealing money. I mean that industry is the size of you know, a large economy with the amount of theft that that takes place.
Yeah, yeah, it’s it’s pretty significant. And one of the things that I do is I do some cybersecurity training and in one of my segments of training we talk about if you’re a victim. How do you report it? How do you get help? How do you get resources? And that’s really what benefited me the most because if you just pick up the phone and call your local FBI field office No One’s Gonna answer right? It’s an automated tree. You need to know the extension. It’s very extensive routing and you’re not really going to get to Human Resources immediately and I teach that in one of my segments and the best way to report the crime and the division with with the FBI is called ic3. And so if you go to their website and file a report, they’re very diligent at filtering and looking at the prioritization of the reports and luckily I was able to get somebody an investigator to call me back we’re able to freeze the assets and I was able to recover my my money, but unfortunately out of the 28 of us only only three of us were able to recover our funds. Wow, I was in the millions of dollars. That’s that’s unbelievable. I’m gonna remember that by the way, I see three that’s that’s a good tip. What about companies that use St. Wayne today? Do they just need to completely Place esteem was SASE. Is it like something they need to upgrade into? How does that work? Yeah, it’s more of a it’s more of an upgrade because that uniform strategy a you know that includes multiple Technologies sd-wan is one of those Technologies so really it is an upgrade and a lot of times the sd-wan platforms that are out there. They’re incorporating The Sassy elements in that security into their existing bundle. And so for a lot of organizations a lot of individuals, it’s just gonna be an upgrade and just kind of an evolution of moving forward to increasing their security abilities.
A lot of it too is gonna require a little bit of a different administrative approach to how we do cybersecurity. If you have any young kids any teenagers that that you’re mentoring definitely encourage them to look at the at cybersecurity as a profession. And the reason I say that is we’re not backing off of this. It’s not shrinking. This is a this is a growing industry. And one of the main drivers is the concepts are moving from this Black List Right. What can I not get to from network resources and applications to more of a whitelist? Meaning? Okay what is approved for me to get to because the list of bad sites and malicious sites is now much larger and much more advanced than the whitelists. So companies are taking a different approach and that’s one of the strategies The Sassy is Hey, let’s look at what we can get to instead of stop looking at what we can’t get to or shouldn’t get to. Another term we keep hearing about is zero trust. What is the difference between sassy and zero trust zero trust again, like sd-wan is another module inside of the sassy strategy, but zero trust is a little bit more around our Mobility asset. So earlier we mentioned that secure access service edge, right that was the acronym for sassy and that was really meant to protect our fixed assets. So if you if you look at a company, whether it’s small medium or Enterprise, they need the The SASE to protect fixed assets like printers TVs different types of assets that don’t necessarily have software or don’t necessarily have operating system that we can install software on to protect them. But there’s a lot of assets that do have that capabilities like our laptops like our cell phones and so zero trust is a software application that goes on those devices. And again, it takes that centralized security policy and now Puts it down to the endpoint. So when your mobile when you’re working from home when working from Starbucks, you’re able to get on the on an unsecure network, but have the same security and the same protection than if you were working at a corporate office behind a sassy device. So it’s really unifying that that security policy no matter where you go.
And again, it makes operations more efficiently and it makes your network more efficiently because now you’re not hairpinning. You’re not taking the long road to get to your destination sd-wan and the different Technologies allowing you to get to those resources as close as possible. So it just works better better end user experience. That’s interesting. So what is the difference between a traditional software-based firewall and zero trust? Yeah, you know I kind of alluded to it early right that that firewall is going to be more of a a Black List. Hey, I’m gonna stop you from from getting here where zero trust is more of okay, we’re not gonna let you get anywhere except for the whitelist. What where where are we gonna allow you to go. So it’s a little bit tighter control little, you know, more arduous as far as administration because we have to now know everywhere where our customers or our employees are going to go. But again, it’s much more beneficial because we’re blocking and stopping a majority of where the threats are coming from and what I mean by that is There have been studies on all of the Cyber crimes that we’ve observed over the years and what we have found is 95% of all successful hacks and and intrusions have been caused by human error. So it doesn’t matter how much you train your employees. How many how many you train your family the attackers or the Bad actors or always getting more and more sophisticated. They’re using more and more techniques to trick us and make us look like that email is authentic or the website is real. And so we’re always just a click away from causing a breach. And so what we need to do is we need to really move to more of a zero trust environment and zero trust strategy so that we can control where the assets are going to go where the users are going to go.
If my latency doubles from 40 milliseconds to 80 milliseconds my bandwidth capabilities goes from like 13 Meg to six Meg. I know that’s a little geeky, a little bit technical, but when we talk about, “Hey, my Netflix or my Hulu quality is bad,” what’s the first thing we all think of? Let’s go buy more bandwidth. And it doesn’t matter, you can have, you know, a hundred Meg at your house. You can have a gig at your house throwing more bandwidth at the problem doesn’t fix it. It’s all about how we move our traffic and make it more efficient to reduce that latency the lower latency the faster throughput we actually get so a lot of folks don’t know that and we see companies throw bandwidth spending a lot of extra money when they don’t need to. What they need to do is look at SD man and find out how to move that traffic more efficiently how to get to their resources more quickly and that solves the problem and that’s why SD-WAN is so critical, but at the same time that’s why Sassy is so critical because we need the convenience but we also need that security and pairing those together is really forward-looking. It looks like we’re going to be much more successful thwarting a lot of the security that we’re seeing today.
That’s great. So I guess SaaS in is a building block in that scenario as well. I just wanted to share a real example that I think a lot of people could associate with. I know that during the pandemic you were actually living in an urban city in Utah and recently moved to a ranch in rural Colorado. So I have to ask number one what’s behind the move because I’m excited to hear all about it and how can all the security that we’re talking about today be used in that type of example? Yeah, absolutely. So first up, I grew up on a ranch. So I’m used to Country Life and you know, human behavior you tend to always kind of fall back to what you know. So when the pandemic hit and you know, it was a year and a half I’m stuck in Urban Utah, you know, with very close neighbors stuck in our house not able to go to the gym not able to go to restaurants. It really motivated me to say okay, you know, let’s go back to your roots and let’s see if that’s a little bit of a better lifestyle for somebody like me and of course my family. I observe, you know, having kids that they didn’t necessarily have the same common sense that I did growing up because I had to depend on myself and so for me, it was a move to really say, “Okay, kids you need to be able to depend on yourself, you know, go drive your four wheelers your tractors go get on the horses. We need to go do some chores.” And we have the year and a half that we’ve been in Colorado. I’ve seen a lot of growth in my kids their school work believe it or not is actually improved their grades. So for us it’s been a good move and the wife. She didn’t grow up on the ranch, right? So she, I’m pulling her, pulling her a little bit. But yeah, and as far as digital security and how that ties into the ranch life, it’s all intertwined. Right if you look at what a Rancher does as far as buying, selling beef cattle raising horses, it’s a very expensive industry and it’s one of the industries that’s targeted by cybercriminals. So for me, I like the exposure of both that urban living, technical technology immersing myself in it at the same time being able to be a Rancher live out in the middle of nowhere. It works together and it’s very much intertwined cybercrimes apply to everybody no matter where you’re at where you live and just because I’m out in the country doesn’t mean I’m any less vulnerable than if I was in the city.
Wow a ranch. I was wondering what kind of animals do you raise on your Ranch? Horses cattle chickens goats dogs. Yeah, that’s amazing as an animal lover. I’ve always joked that I wanted to live on a farm but I think I meant a ranch. Isn’t it true that all ranches are farms, but not all Farms or ranches? That’s right. I’ve got quite the crop that I grow but I’m not considered a farm. I’m considered a ranch and really it’s because everything we grow is to support the animals and help keep them healthy and it’s quite the adventure. Wow. I didn’t know that the difference between a farm and a ranch. I know I never really thought about it myself until I was you talking about the animals because I guess Farms really do mostly grow crops. Yeah, ranches raise cattle and different animals. Yeah, the ranch will raise crops as well. But generally those crops and what you’re growing is to support and feed the animals that you’re raising versus a farm is really raising that food for human consumption. So that’s the biggest difference.
Wow, so how did you make the transition from urban living to country life and still keep your tech work going? That’s a great question and it’s been a challenge. I’m not going to lie but you know, I’ve got a fantastic team that helps me out and then technology, of course, has made it a little bit easier. But when I first moved out here, it was a challenge. I mean I had, you know, 25-meg internet and it’s like, “Oh, I can’t work with this!” But as I started to get involved with different projects with the community, we start working together to try to bring in better bandwidth. And so now we’ve got a tower with fiber just down the street from me that we put in about six months ago. So now I’ve got a gig connection. So, you know, I’ve been doing quite a bit of offloading some work to my team but for the most part, I’ve been able to keep my regular job and keep moving forward with my projects out here. That’s fantastic. I can’t imagine it was easy, but I’m glad to hear that you’ve been able to make it work and it sounds like you’ve got a good setup now with the gig internet. So yeah, it’s been a challenge but we’re here. And yeah, it’s a great lifestyle. I would recommend it to anybody who’s up for an adventure.
Wow. I didn’t know that the difference between a farm and a ranch. I know I never really thought about it myself until I was you talking about the animals because I guess farms really do mostly grow crops. Yeah, ranch raises cattle and different animals. Yeah, the ranch will raise crops as well. But generally those crops and what you’re growing is to support and feed the animals that you’re raising versus a farm is really raising that food for human consumption. So that’s the biggest difference and it is a little bit intertwined.
Roger Goodell, some may call him the most powerful man in sports commissioner of the National Football League. He is the man responsible for Decisions by the NFL and most recently the new updated concussion diagnosis and management protocol. He is most definitely a polarizing person right now. Bill Burns, director of the CIA in honor of the department 75th Anniversary. The CIA has opened a new Museum and launched a podcast.
So now you have all three interesting. Well, I definitely want to sit down and have dinner and socialize with anybody who is in the CIA. I want to know all the secrets so that’s an easy one for me. I would strike a deal with Roger Goodell and that deal would probably be making some changes to some of the platforms and the teams and last but not least I would defer with again with Ted Turner, you know enough of them been around him enough.
Wow, that’s cool. By the way, that CIA Museum. That sounds super cool. Yeah, where is that? Again? It’s actually in Virginia and there is like a variety of spy codes all over the ceilings and the CIA actually plans to put some of them online to see if they can be broken. Really? That sounds so fun. That doesn’t sound like yeah. Yeah, check that out.
Thanks, Zac, for talking us today about SASE, zero trust and network security. You bet. Thank you guys. Thanks, Zac to learn more about SASE or any other MetTel services go to mettel.net or contact your mettel sales representative.
