Growing Lean
Growing Lean is aimed at helping entrepreneurs learn from other successful business owners who have successfully grown their business against all odds. Join our discussion to share the wealth of knowledge from people who have been in the trenches growing lean startups.
Have an app idea and need help bringing it to life?
Book a free discovery call here:
https://meetings.hubspot.com/ethan-halfhide/discovery-call
Growing Lean
From Rock and Roll to Cybersecurity: A Conversation with Michael Peters
Our conversation with Michael takes an intriguing turn as we navigate the future of cybersecurity. Brace yourself for an enlightening discussion on the role of Artificial Intelligence (AI) in our world increasingly dependent on digital security. Get the lowdown on the risks and rewards of AI in cybersecurity, and understand the integral role of these intelligent tools in security planning. But that's not all. We explore the thrilling potential of quantum computing and its mind-boggling implications on cybersecurity's landscape.
Fasten your seatbelts as we dive headlong into the complexities of identity validation and personal data protection. How do you prove you are who you say you are in the vast virtual world? Hear from Michael about the sophistication of biometrics and why it's the future of online identity validation. Get practical tips on how to safeguard your personal data and limit your exposure online. Closing off, Michael shares ways to connect with him on LinkedIn and his company websites. Don't miss out on this treasure trove of insights from a cybersecurity aficionado!
Have an app idea and dont know where to start? Book a Free Discovery Call Here
Learn more about our award winning app development firm Lean Discovery Group
Connect with me on linkedin
Welcome back to the growing Lean podcast sponsored by Lean Discovery Group. This is your host, dylan Burke, also known as Deage. I'm very happy to be here with Michael Peters, ceo and founder of Continuum GRC Inc. And CEO and founder of Lazarus Alliance Inc. Welcome, michael.
Speaker 2:Hey, dylan, it's a pleasure to be here, thank you.
Speaker 1:Awesome. Thanks for being here. So, michael, to get us started, can you give us a little bit of a background on yourself and how you ended up where you are today and in the business you're in today?
Speaker 2:Well, I guess you could say it all started with rock and roll. I know that sounds funny seeing how I'm in the cybersecurity industry business, but seriously, it basically started that way. And when I was a teenager, essentially I had my own little rock outfit and we do shows and things like that. And then I decided at some point in time that I wanted to join the US Air Force. Well, I couldn't take my band with me, so I thought, hey, let's get some gear. You know, I'll get myself a PC. It was my first PC and I can program this stuff. You know, get some software and things like that.
Speaker 2:You know, at that point I had a pretty strong electronics background. I was in college to be an electrical engineer. I had electronics career field. So you know that was me. You know a very engineering type of inquisitive mindset.
Speaker 2:And you know, I get this brand new PC and, like I said, I never really had one before of my own. So I like to know what makes a tick. So you know, it got me to experiment with the electronic side, the hardware side, of this new machine and then the software that is on it. And of course I started experimenting with well, what if I change this or what if I flip that bit or that address and stuff. So essentially nowadays we call that hacking. So I was, you know, basically learning how to interact with this machine, get it to do what I wanted, how to get around you know passwords and do networking and things like that.
Speaker 2:So one thing left, you know, led to another. So, and you know, having a good, solid foundation in the electronics, the hardware side of it, it got me inspired. You know, I thought you know, man, this is really interesting. You know, how can I prevent people from breaking the controls of the system? How can I get around the controls of the system? So, you know, that led me on a pursuit and then, both in my career field but also in my academics, I shifted from electrical engineering over into computer science. At that time there were only two degrees One was for management boring and the other was for programming Sounds like fun. So I started there and at a certain point in time, you know, I am where I am today because of rock and roll.
Speaker 1:Amazing. I love that origin story. You found the tools that could have been dangerous in the wrong hand, so you turned to be a hero and tried to prevent it. I love that. And so what exactly does your two businesses do? Can you run us through what they do?
Speaker 2:So the more mature of the two companies is Lazarus Alliance. We've been officially around since 2000,. So it's hard to believe 23 years now. But that's a service firm, so you know we there was a little finding our way in the beginning, a little evolution of things.
Speaker 2:In the beginning, you know, when we had less defined capabilities, you know it wasn't I wouldn't say it was a jack of all trades type of a security service firm, but there was a lot more hands on building systems, advisory services, things like that. So you know a larger mix of mishmash type services. But then, you know, I decided, you know, let's define our mission. Let's, you know, because I realized that you know technology in general, the proliferation of tech security also, you know, was becoming pace following suit. To address those challenges also was becoming much more complex. And there's officially, as you know, by my definition, really two sides of cyber security. One is the proactive side of things, that's doing the things to prevent bad things from happening, right, to keep their hackers out. And then there's the reactive side of things, that's when the proverbial dookie hits the fan you've been breached, you're in the papers for the wrong reasons. So there's that cleanup. I'd much rather be proactive. So, being on the proactive side, you know, to turn those rocks over the methodical, less glamorous, unsung hero type of an activity, you know it's a good day when nobody knows that we're there or have been there. You know we we've done our job. We've secured that customers environment. You know we're protecting their life's, work, their shareholders, their employees, their customers and we're doing it in a way that nobody really knows that, that this work has been done.
Speaker 2:So we focused on audit, compliance, risk assessments, testing all of those things that you want to do to stay ahead of those. You know the bad things that you know being exposed, being hacked, being compromised you know that's, that's where business damage occurs reputational damage and things like that. So we're really trying to protect that. So we just started to hone that mission. We started adding capabilities and by that I mean bona fide accreditation to. You know, perform certain audits, so you have to be certified, you have to be qualified to do these things. So there's a lot of you know, a lot of time and expense and diligence in these pursuits.
Speaker 2:So you know, now, flash forward, we've really accumulated more accreditation, more capabilities that are bona fide and certified than any other competitor that I can, I can think of and I challenge anybody to to find one. But so we're pretty proud of where we are and this has kind of created a bit of a one stop shop opportunity for our customers. So many customers have multiple compliance drivers, things that they have to do or want to do to protect their business, to promote their business and, let's face it, cybersecurity has gotten a little sexy edge to it now because it is marketable, it's, it's something that people expect and the last thing anybody wants is to, you know, be in the news feeds for for the wrong thing. So there's a there's a lot of good business risk avoidance and marketing benefits to what we do. We try to, you know, try to help companies in that respect. But anyways, that's kind of where we are today.
Speaker 1:Okay, 100%, and so I assume that the cyber risk was very different in the 2000s than it is today. So how have you adapted to changes in the industry and what have the biggest changes been over the years?
Speaker 2:Well, you know, I'd say fundamentally. You know, our philosophy has always been basically data-centric. So, no matter how technology changes, you know the basic concept of. You know basically my core business assets are in data. You know my employee records, my, you know my business plans, my customer records, financial records. You know it's all database right. So you know how do we go about protecting that. Well, you know there are also just a handful of real.
Speaker 2:You know vectors that could pose a threat to that data. You know so fundamentally, even though technology has changed. You know proliferation, so more data, more systems, more interconnections, more reliance on. You know plethora of different service providers and interconnected systems and things. You know that volume may have increased but fundamentally the way you go about evaluating that, the potential risks, you know that doesn't really change. You know natural disasters will always be natural disasters, no matter what time in history. You know that's fundamentally unchanged. Adversarial threats fundamentally the same. You know tools change, defenses change, people change, but you know that aspect of it is really, you know, kind of fundamentally easy to master if you will.
Speaker 2:Now. You know you have to be creative. You know creative problem solving, creative thinking in order, I think, to be successful in this line of work, you know you have to. You know take all, you know all aspects into account. You know attack vectors, motivations, things like that. But you know human nature hasn't really changed a lot. We can still count on people being the biggest threat to even their own organization.
Speaker 2:One of the things that we talk about is you know you can throw a lot of money and time at hardware, all of the best hardware in the world, all of the best software to protect your organization but at the end of the day it's the wetwear, the humans who they click that link or they've been given too much privilege. You know to. Hey, I'm at work and totally, you know BYOD or social media or email. You know when it's not a, you know a business requirement, things like that. That's where risks are introduced to the organization. It's still the number one risk for things like fishing. You know fishing exercises, ransomware and things like that. You know that was brought in because of people and you know they were protected or they were behind really expertly built. You know systems of protection and still, you know still these bad things happen. So a lot of the fundamentals they haven't really changed.
Speaker 1:Okay, and in the last couple of years there's been this kind of like artificial intelligence revolution, and as wonderful as these tools are for us to use, I can believe they are equally as wonderful to the villains out there. And do you see the threat getting higher with artificial intelligence and are you confident that you guys can protect us or that the cybersecurity world can protect us from these villains?
Speaker 2:Well, you know, cybersecurity is a bit of a game of cat and mouse, right, Blackamul, however you like to describe it. You know, for every measure there's a countermeasure that's developed. So you know it's just back and forth and that really is not going away. Yes, now we have AI tools. We ourselves, we utilize AI tools for assisting, you know, companies in creating their system security plans and policies and procedures and things there's. You know, the great thing about AI is a lot of the elimination of mundane, repetitive, you know activities. You know the machines don't, you know, don't mentally zone out when they're bored right, they just process and, you know, do it diligently. There's some advantages to using these tools to improve things like you know log analysis, you know thread analysis, the repetitive compliance tasks and things like that. So, if you know, if I, if I'm not mentally stimulated, if I'm not really, you know this is not a, you know I'm making the donuts, the proverbial donuts. It's not interesting stuff. So, you know, my mind isn't most, in most instances, probably not on my a game to begin with, there's, you know, and then, when you have a massive of data, you know logs and events and things like that. I mean it's just overwhelming to a, you know, to the human mind, is because it's not an interesting stuff but it's necessary stuff. So having these systems do that sort of mundane you know processing well, it's really good at doing things like that, so you know, so we can improve those tools to to improve our outcomes. We're less likely to miss that proverbial needle in the haystack, if you will, with that massive data, because we've had a machine who just cold calculations. You know now, yeah, there's, there's, there's a downside to things. I mean part of it is in, in how these systems are put together. You know the old saying garbage in, garbage out. These, these systems, the machine learning systems, are trained. They have a base data set that humans are training. So if that information that goes in isn't great, well, the outputs are not going to be so great either. So I don't know, it's pretty interesting, interesting space.
Speaker 2:I'm personally excited about it. We, like I said, we utilize it in our continuum and GRC. You know SAS application for, for, you know, eliminating some of the mundane tasks. I find it pretty, pretty useful in business. You know, sometimes writing contracts or you know, different narratives for, you know, for business drivers and things like that. It's pretty interesting stuff. It's just yet another permutation of technology. It'll have its. You know it's the upside, the downside and and we just keep marching forward. I can't wait for quantum computing to come around. I just think, you know, the AI aspect is really interesting. It's all the rage right now, but quantum is really. I think that'll be the biggest challenge to security.
Speaker 1:But you tell us a bit more about that.
Speaker 2:Well, I mean the sheer, sheer speed. Computational power, you know. You know cutting through like simple things like password cracking, right now, you know this takes years or lifetime or so, but but once we switch over to quantum, I mean it's already been proven, you know the they do the benchmark testing every year and stuff. And now these tasks which standard, you know, traditional computing platforms take years and years to do, now are being done in seconds. So you know that's that speed to. You know to, to make these transitions to, to do these things, you know we're going to have to come up with better encryption, ciphers as an example, better networking. You know it's nothing. Nothing can be over the air. It's all going to have to be encapsulated in secure channels and things like that.
Speaker 1:It's going to be really interesting for the world 100%, and I think we can both agree that we're at kind of a pivotal point in technological evolution, right? So so where do you see the industry heading in the next couple years and what do you think the biggest challenges will be?
Speaker 2:Well, the next couple years, that's that's kind of like short term, right. I mean, obviously, ai is it's not, it's it's not totally in its infancy, but let's face it, you know, a lot of these tools are have just gotten into our hands over the last, you know, year or two. So, as a technology change, that's its infancy stage. So there's going to be a whole lot of exploration and testing and different permutations of that and lots of improvements. I mean it's getting into the realm where things like the deep fakes and the ability to create content of all types visual content, audio content where it's going to be very difficult to really okay, what's real, what's not I mean that's going to be a big challenge.
Speaker 2:How you validate a person, their identity. We're getting to the point where all of that can be largely synthesized to a high quality level. The challenge in the future is how do you validate humanity? How do you validate how do I know it's you, I think sophisticated biometrics that are genetically based. That could be a place that we're going. But then, okay, who manages that data? Who exploits that data? Holy cow, it's fascinating, it's scary, and but we can't hold back. We just always have to push forward.
Speaker 1:Yeah, 100%. I think it's going to be a scary but also a beautiful thing in the future. I actually interviewed this man a couple of weeks ago and he's founded I'm not sure if I can say it on here because it hasn't been released yet, but he's founded this AI tool that's basically going to be out there to verify. It started off to verify reviews and what's content driven I mean, what's made by AI but he says it's going to be able to identify deep fakes by voice, by face and ideas for protection of the people, because he sees a huge risk in terms of scamming and fraud and he wanted a way to overcome that, and I think, as many villains and problems there'll be.
Speaker 1:There's going to be as many and more heroes trying to solve those issues, and that's humanity and I love it.
Speaker 2:Yeah, yeah, couldn't agree more.
Speaker 1:Awesome, so we are running out of time here. But just before we sign off, what advice would you give to other business owners looking to succeed in your industry and what advice can you give to the listeners to protect their personal data?
Speaker 2:So I guess, from a business standpoint, the making the leap, basically believing in yourself, as well as the idea that is, the formation of your business endeavor, you know it's I would like to say, oh, it's easy, you just believe in yourself, jump in the net will appear right. And so that's partially true. I mean, you have to be brave, you have to be bold, I think. But the other part is you have to have something that people want to buy, right, it just can't be some I don't even know what, but it has to be something that's useful, right? People, you know you could have the greatest idea in the world, but if nobody cares, nobody knows, well, then it doesn't amount to anything. So you know, like they say, you know dreams, you know, the dreams of today become tomorrow's regrets, right? So you have to have something that people want, you know. And the other thing is and I've encountered this in my own, you know, entrepreneurial this is not the first company I've ever created, you know, and some of it's how do you get that message out there? So you know, that's important because you know, if you just head down and you, man, I got this great idea. But if nobody knows, nobody cares, right. So you know that's. You know, having that ability to promote, you know that maybe even requires other people to be involved. You know I'm not a terribly extroverted type of a person. I tend to love to sit in my layer here in Arizona and, you know, come up with what's next. But if I didn't, if I kept that to myself, or if I just, you know, didn't focus on some of the promotable aspects of this business, I wouldn't succeed. So I think that's important.
Speaker 2:You know, as far as advice to people and I think you wanted to know how to protect themselves Well, there's the answer that I would say today things like mandatory multi-factor, don't rely on email for your system of filing, of transmission of information, like your passwords and pin codes and things like that. I mean there's, there's a lot of things to look out for. You know a lot of folks are on social media, so you know they're sharing information about themselves. You know you got to keep in mind that there are people that are watching and collecting and collating information and at a certain point in time, you reveal too much about yourself. I'll give you an example that always cracks me up.
Speaker 2:You know you go, you work with a bank. They probably have these security questions that you get to define. And what are these security questions? You know, where were you born? What's your pet's name? Where'd you meet your spouse? I mean so much of that stuff you posted on Facebook, you know. So you know we're we're not thinking about the bigger picture ramifications.
Speaker 2:So my, my simple piece of advice is, when you're answering these types of security questions, lie, no, I wasn't. I wasn't born in in areas you know, in Scottsdale, arizona. I was born on Mars. You know you can do things like that, just as long as you know you remember your lies. You know tracking lies, but you know that's that's a much better thing to do to protect yourself. You know, just because of the exposure that our technologically connected world you know that's proliferating on cameras and websites and you know all these different avenues and these different parties that are collecting about each and every one of us. So you know you can't get away from that. So just come up with strategies to try to, you know, be the reality of that 100%.
Speaker 1:I appreciate that and I love that. That lying thing I've never actually thought about it in that much depth, but it makes a lot of sense. I'm actually deleted social media, just not for a cybersecurity reason, but now I'm glad I made that decision. Yeah, yeah, but anyway, michael, I really appreciate your time and thank you for being on the show. What's the best way for people to get in touch with Michael Peters if you have any offers for them or if they just want to follow your story?
Speaker 2:Well, we will certainly promote this. I'm easy to find on LinkedIn. I'm one of their. I don't know. They say I'm in the 1%, whatever that means. I just post every week, but anyways, I'm easy to find there. My websites for the companies Lazarus Alliance dot com for our cybersecurity audit services. We built the continuum GRC platform along the way to make these things easier less error prone, reduce costs, things like that. So continuum GRC dot com. Always happy to have a conversation. Appreciate the time, dylan. Thank you very much.
Speaker 1:Amazing. Thank you, Michael.