Cybersecurity, the Cloud, and Your Company: Everything You Need to Know

Intro 0:01

Welcome to the She Said Privacy/He Said Security podcast. Like any good marriage we will debate, evaluate and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels 0:20

HI, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, certified women’s privacy consultancy. I’m a privacy consultant and a certified informational privacy professional and I provide practical privacy advice to overwhelmed companies and I’m joined by

Justin Daniels 0:37

Justin Daniels here I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well as help them manage and recover from a breach it.

Jodi Daniels 0:54

And this episode is brought to you by Red Clover Advisors, we help companies to comply with data privacy laws, establish customer trust, so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, fast e commerce, media agencies, and professional and financial services. In short, we use data privacy to transform the way companies do business together, we’re creating a future where there’s greater trust between companies and consumers. To learn more, visit redcloveradvisors.com. Justin, who do we have with us today? Before I get into that, I just wanted her looking. Oh, debonair and you’ve rotated through one of your like, seven Colorado shirts. Yes, I have to account for it. Yes. Brian came and joined and the nice business clothing here. You’re just in like, work from home bill. Oh, my new this very lovely. Alright, appreciate it a collar collar. I’ll put up just I can latch it on. That would be a great work from home thing. transform the T shirt with a print 10s little color as a new business idea.

Justin Daniels 2:15

Right. I was here when it happened. So I gotta be. You got you got there you go. All right. Anyway, let’s dive in. Today we have a great guest. We have Brian Kirsch, chief revenue officer who is responsible for the profitable growth of CyberlinkASP, a purpose built cloud company enabling professional service firms to work from anywhere and any device securely and cost effective as the company’s sales and marketing leader. Brian is focused on penetrating new markets while deepening application partnerships where Cyberlink’s cloud platform. Welcome to the show. Thank you. I really like that bio.

Jodi Daniels 2:52

Yes. Okay, bio, you should really tell the person who who wrote it. Thank you. No need to look at that more often. Thank you, Justin. Well, so Brian, we’d love to hear kind of how you got started and what you know how you started in your career and how you came to Cyberlink?

Brian Kirsch 3:07

Now you bet you bet. Well, first, let me thank you guys, Justin, and Jodi for having me on the on the show. As I look back, you guys have had a lot of esteemed guests. Chris McKenna last week. And I’m just thrilled to be here as what I think I don’t know if I’m breaking this deal. But as a business development executive, you know, as a chief revenue officer and not someone who carries a different seat title in the technical world. And I think that’s great. And I appreciate it. Because and I think you agree having business development folks, as part of this narrative is really important. We need as many evangelists out there talking about security and privacy as possible to educate the market because we got a long, long way to go. Absolutely. We’re glad you’re here. So you asked about my background. You know, it’s relatively simple because it falls into kind of two buckets. At the end of the day. I’m an IT outsourcing managed services guy. I’ve been doing it for 23 years, either selling or managing IT outsourcing or cloud contracts for small to midsize businesses, helping them grow, keeping them secure. That’s one thing and the other one is I’m a pretty loyal egg. This is my third step and the kind of ice and cloud arena. I got my start with a great company that’s based in Atlanta, Georgia, called leapfrog back in the late 90s, early 2000s I think it was employee number four or five brought on to gin up a very kind of early sales and marketing organization. And it was total trial by fire. You know, the story I was thinking about the other day, I had a colleague who did all of the engineering dispatch all of the parts ordering, you know, IT support back then it was very much a break fix kind of computer business, and she had multiple sclerosis. And she had an MS flare up and had to be out of the office for six months. So who do you think took on and a four person organization ordering computer parts and dispatching engineers and I botched it terribly as you can imagine. But I learned a ton about engineers. I learned a ton about customer service. I learned a ton about technology. And what makes the machine work. And over the next 15 years with that, as my kind of starting point, I help leapfrog well into a high service, well known managed service provider and the Atlanta area, and I think, you know, learned and received more than I gave, but the very grateful and it was a great organization pivoted out of leapfrog in 2016, leaving as chief service officer and joined a larger technology services firm called one tap, that just had a much larger portfolio a lot more technology scale, build very much played in the managed services space, but had two different business units around Field Services and what we call building technologies, which was audio visual Internet of Things, etc. and Justin, you know, you know what that will appreciate your partnership over the years there, again, probably learned and got more than I gave, but help grow one path into a market leader. And I look back at that time, as it relates to our conversation today is within that five year period, I think that’s when kind of cyber security went from, you know, a lukewarm conversation to white hot, and the threats related to cybersecurity went from, you know, tangible to almost existential, and I think one path and a lot of it in SP world, along with the clients have done a decent job trying to keep up but a long way to go. And that brought me to CyberlinkASP, joined a little over a year ago as their chief revenue officer, and really was attracted to what I call gravity trends. You know, that’s a force that you cannot escape from. And that is, you know, cloud enablement, cybersecurity, and then enabling a mobile workforce.

Jodi Daniels 6:30

Well, thank you so much for sharing, it’s really interesting to see how you’ve progressed and continue to keep learning and taking from one step to the next really helpful.

Justin Daniels 6:39

talking a little bit about more about Cyberlink. Can you talk a little bit about how they help companies manage cybersecurity, and what kind of companies you help?

Brian Kirsch 6:47

Yeah, sure. Um, you know, so I’d first say is that we don’t talk about cyber security at CyberlinkASP, as an independent kind of standalone initiative, it business or otherwise, we really believe it’s just embedded and table stakes almost as fundamental as a company offering their employees health benefits, or a company providing access control cards to enter a building is a given. And so as the cloud provider, as the cybersecurity provider as the IT support provider. It’s not separate, and it’s not severable. And that’s really our core philosophy that we’re rooted in Now that said, How do you earn new business? And how do you actually execute on that strategy? You know, it starts with as a cloud provider, we reduce the risk surface area, for lack of better terms, the most of our cloud clients are leveraging what’s called Virtual Desktop technology used to be called virtual infrastructure, or desktop as a service. But virtual desktop technology that basically reduces if not eliminates the risk of people having data downloaded to their local machines being able to walk off and have data leakage. And so that’s the reduction of the risk surface area. Now beyond that, the whole Cyberlink experience is rooted in layered security, as you would imagine, on the front end is multi factor authentication, no matter what application you’re accessing staff based or legacy. And then, you know, I would share that, of course, we have all of the 24, seven Security Operations Center, the threat log monitoring, etc, that most of all businesses need but can’t afford, that’s embedded with us, you know, I’ll refrain from going into the actual solutions, I’ve been around long enough that broadcasting your agile architecture is not always the best thing to do. But just know that we’re investing heavily in that and bringing it to the small to midsize business, you know, at a price they can afford. And just I think that’s a segue into our target customer profile. We truly play in the SMB space small to midsize business. five employees on the smaller end 250 employees on the upper end of that profile, mostly in professional service firms who you know, want good support wants security at a fair price.

Jodi Daniels 8:49

Does that look like so maybe walk us through kind of a typical firm, and they have a variety of different applications? They’re looking to move? What would the process go through of incorporating, as you had said, privacy and security, it’s just a part of that whole process. It’d be great maybe share an example of a company you’ve been working with?

Brian Kirsch 9:08

Sure. So you know, legal is a big vertical for us, for a variety of different reasons, not going to touch on those, but take a firm that we just brought on boards about a 50 employee firm that translates to about, you know, 30, 35 attorneys and then the support staff relocations. Like so many businesses, they’re already embracing the cloud in some manner. They were already using some Microsoft technologies, but they had a practice management and time and billing software that truly ran their business. They had aging infrastructure, and what Cyberlink is enabling them to do is stay on the software that they know and love, not having them change their practice management of time and billing software. we migrate that to the Cyberlink cloud, serve it up to them and a fully web enabled any device manner, much like the SAS version, but we now have become their infrastructure partner, their cloud partner, they call us for all of them. Applications support. And in the process, both their software that was already in the cloud and their software that we moved to the cloud is now secured through multi factor authentication and the security features that we talked about before, all through Cyberlink. And so what that allows them to do is not only achieve, you know, vendor consolidation and partner consolidation, which we believe increases accountability, it also because there is that control allows us to be much more aggressive on the security front, and at the end of the day, provide some good cost predictability. And we fundamentally believe that if you’re operating in that model, midsize business space, cost, predictability is extraordinarily important. So God just a red button that up, you know, a process with Cyberlink. The discovery takes somewhere between two and four weeks to make sure we don’t leave any rock unturned. A migration takes somewhere between 30 to 60 days, depending on the size of your firm and your application profile. But relatively painless all within a 60 to 90 day period.

Jodi Daniels 10:55

At pretty swift turnaround time with a job, I would think so the small business owner, for me, that seems like a reasonable period of time,

Brian Kirsch 11:02

well, we probably have to be sensitive about is not disrupting the actual business operation. Of course, though, they want to do it faster, we’ll put kerosene on the fire, you know, but oftentimes, it may go a little bit slower, because we have to find the maintenance Windows, Windows and things that are actually conducive to the business. We’re a partner,

Justin Daniels 11:20

though, right, talking about the market, particularly in the last six or 12 months where ransomware has been in the news almost daily. How’s the market evolve for your services with the surge in ransomware? Well, it’s

Brian Kirsch 11:32

a good question. And we’ve seen a lot of evolution in our buyer profile and in our own ability to serve the market, not just because of ransomware, Justin, but just because this has been an absolutely wild and crazy 18 to 24 months, you know, and I’ll start with, you don’t mind, I find it a little bit distasteful, when I’m bothered by every time there is a ransomware, or cyber security of that it gets parlayed into a selling event. And this is coming from an SVP of sales, that anytime there’s blood in the water, people either try to sell to that void or take the opportunity to get on a soapbox and either boast or criticize in a non constructive way of how they would have done something different. My personal philosophy and Cyberlink philosophy is to approach this with humility, with empathy, and understand that we are battling an undefined enemy on a relatively undefined battlefield with no unified budget or military. And those are hard things for small businesses to navigate very hard. So I think we all have to just realize that this is hard and you know, hopefully Cyberlink providing, you know, a piece of the solution by no means the antidote to the entire problem. I mentioned gravity trends earlier. So let’s talk about what we know. So just this week, Microsoft announced a $61 billion profit in their fiscal year not not revenue, $61 billion profit due to their cloud and collaboration platforms booming. And so when we talk about this, the market adoption of office 365 is booming Azure teams, the business intelligence apps that can be layered on top of that, that’s one mega gravity trend that both Cyberlink participate again, whether we like it or not, but we’re in the cloud space. The second trend is what I would describe as a meaningful shift in the workforce dynamic. And I’m not just talking about folks working from home or hybrid workforces that’s real and obviously pandemic driven. I’m talking about a power shift, a leveraged shift from employer to employee, I do a lot of recruiting. We’re a growth firm, we support a lot of firms that are growing. The number one question that candidates are asking employers is, and I work from anywhere, can I work from anywhere it used to be? Tell me about the benefits going about the compensation? Now it’s Can I work from anywhere? And my impression, one man’s impression is if your answer to that is no good luck landing that candidate. As I bring up this cloud collaboration, booming, this workforce dynamic and leverage and power shift, changing, those are not a great formula. For organizations that are focused on cybersecurity, your data is becoming more fragmented, it’s residing in more places, while simultaneously your workforce is more distributed, more empowered, and more demanding. And just by physical proximity, you have less oversight. And so those are challenges for IT organizations. Those are challenges for business minded professionals who are trying to find that balance of enablement and being nimble, also security. So I think companies like cyber like to answer your question about the evolution, we’re in the virtual desktop and cloud space. But anyone who’s in this desktop as a service, that space is finding themselves at the intersection of these trends. And I think we can, you know, help companies have their cake and eat it too. You know, provide them a cloud platform that has a good security posture served up in this virtual desktop, McDonald’s technology allows people to use their own devices, you can turn it on and off, employees come and go, which they naturally do these days, you don’t have a bunch of logistical complexity associated with that. So again, we feel like we are well positioned, although the problem is is still relatively complex.

Jodi Daniels 14:53

You had mentioned, you know, the recruiting trends and oftentimes, it’s it’s a firm who’s looking to leverage their systems differently. So with that being said, Who’s typically the decision maker for these types of services, but I can imagine I’m the business side providing my core services. And I really want to be able to recruit that younger talent, I need different tools to be able to do so I might go the CFO and say I need more money, I might go to the CEO and say, This is my grand vision, I might go to whoever heads technology and say I need your technology support. Is it a collective effort? Is it one side that tends to own a little bit more than the other? We’d love to hear your thoughts?

Brian Kirsch 15:37

For? Great? It’s a great question. And I think it’s, I think we’re heading in the right direction that decisions around it are now discussed and made from a committee perspective. And with a strategic view versus the IT director doing it or the CFO doing it based on some perceived cost controls. It is being done by committee, not that the final decision is necessarily done by that, but what problems are we trying to solve? What opportunities are we trying to take advantage of to God to your point, HR, making sure that within their executive leadership, team meetings, no help the CEO and the CFO and the CEO and IT director know that there are challenges recruiting and retaining workforces due to technology limitations is hugely important to people making thoughtful decisions. And so who are our actual buyer profiles within Cyberlink, it really varies based on our go to market strategies. Let’s talk about direct. And I mentioned that we sell a lot within the legal community and serve legal professional services, financial services, oftentimes, those are going to be C suite executives that make the final decision not often the CEO, usually CFOs do just due to the natural intersection between operational efficiencies, financial efficiencies, or controls. And then where technology actually enables both of those. Maybe in some of our larger clients, you’re going to find a CIO on the IP side and influencer of not the decision maker is going to be an IT director, etc, that’s on the direct side, on the indirect side, which we really haven’t touched on. But, you know, we help software companies who have a meaningful footprint, and for whatever reason, don’t have their own bath strategy. You know, they’ve got 1000 customers in their software, we partner with those software companies and the consultants who implement that software and make a living off implementing it take that software to the cloud, so they remain relevant and viable to their existing clients. And so we have a, you know, a deep referral partnership with the software community, that once we establish that partnership, the application vendor or partner will bring us in, they’re often the trusted advisor. And so in that situation, the actual decision maker is the person or group who knows the most about who and how they want to access the application, though, we have a lot of experience hosting VRP, financial accounting packages. So oftentimes, the CFO says, Wait a second, you’re telling me I can stay on dynamics, Great Plains, or my version of sage, or my version of QuickBooks without going into it online. I don’t have to change any of my processes. I don’t have any change management, but I can go to the cloud, and it’s endorsed by my software vendor, it gives them a lot of peace of mind.

Jodi Daniels 18:09

Yeah, I can see that. I believe many of the decisions these days, I see it all the time, from a privacy point of view, it’s certainly a cross functional activity. And that’s because part of Justin’s favorite view is it’s an enterprise business risk. It’s across the board any of these things or an enterprise opportunity. So the ability to move online is an opportunity, it comes with a series of risks. So with that being said, Justin, I think your risk favorite questions to ask?

Justin Daniels 18:37

Yeah, I wanted to ask you a specific question that I’m seeing now as a real trend is customers asking for specific liability protection in their contracts for ransomware that might hit their vendors that has a critical impact on their business function. So I’d love to get your take on what you’re seeing as you take people down the sales funnel, and you get to the point where there’s a contract, how is this coming up? And how is it being resolved?

Brian Kirsch 19:02

Well, it’s a great question. And I anticipate it’s going to come up more and more often. Today, though, I understand the logic of why customer would ask for that. We are not getting that direct asked within our contracts today. Now either. That is because there is still a level of knives in the marketplace, or our contracts are easy to interpret or understand or we’re doing a good job in the sales process to encourage kind of mutual accountability when it comes to cybersecurity. It is not something that we’re having to proactively or embed in our contracts today. You know, God, I would say that confidentiality and privacy comes up as much as anything else. And then you have your classic audit rights and identification, jurisdiction type negotiations. So we try to get in front of it as much as possible in two ways through education and communication. One that we’re we ourselves are, you know, stock certified, and these are the multi layered security approaches that we’re doing on your behalf and then making sure We do not inherit a level of risk that is not acceptable for our own business. Because at the end of the day, it really is a mutually accountable structure that would say back to you. And I would also say that as we think about all of the cloud options, public and the Azure, AWS s private and the Cyberlink, and the other desktop as a service companies out there, and then maintaining your own infrastructure, very few, if any of those scenarios will provide inherit that entire risk just because of that mutual accountability. But I put it back to you, Justin, what are you seeing in

Justin Daniels 20:32

the in the legal field, me it comes up on every single deal where I represent the customer. And then the mssps that I represent, I had to have one conversation with the CEO, where I said, if you want to continue to work with this particular type of customer, I think you need to either vet them, and maybe you don’t do business with them. Because if they have bad cyber hygiene, where their password and they’re not using MFA the way they need to, and the threat actor laterally moves on to your cloud based network and somehow can get into other customers I was like, then they’re creating a risk for you. And either you need to re price what you’re serving, take a look at what are some additional network segmentation that you can do. But in my practice, I find this issue coming up a lot when I represent both sides of the transaction.

Brian Kirsch 21:20

It’s interesting, I think you’re at the tip of the spear. So good, good intel on that. I

Justin Daniels 21:24

mean, I assume, in parallel, as we think about liabilities, that those same companies are investing appropriately in cybersecurity insurance. Oh, that’s an interesting thing. Because a lot of times the issue comes up when they want the liability protection. So they want to carve out from the typical limitation, and it’s something related to insurance. So another area where I think things are evolving is the underwriting process to get insurance most carriers now, if you don’t use MFA, they will not insure you that is becoming now table stakes. So I think that is honestly a welcome development. So I think when you’re vetting your customers, now, if they want to have cyber insurance, the market in that area is now requiring that they do more, which also helps when they’re working with their cloud vendors. Because if your customer has better security, that helps everybody. So things that you’re seeing in other parts of the market that impact your firm, and just, you know, companies in general, are positive ones from a perspective.

Jodi Daniels 22:28

Well, switching gears away from Hmm, helping companies all day long. With all the cyber and privacy knowledge, Brian, what would you offer as your best cyber tip

Brian Kirsch 22:39

woke up looking into two areas, business, cyber death, and kind of personal cyber theft. And so just to, you know, continue to layer on to the multi factor authentication narrative, it is still shocking how many organizations do not have this that is an absolute ripe piece of low hanging fruit that every organization should pick immediately period, you do that I’m not an actuary, I’m not as smart as you to you have meaningfully reduce your exposure. And the good news is it’s very accessible, very affordable. And these organizations and software companies, whether it’s duo, or even the built in multi factor that Microsoft offers, it’s easy to use a lot of the obstacles around economic or workflow changes those type of things or mood, it’s really about taking action. So NFA is my business tip, personal tip, and I had not done this till about six months ago. So I didn’t really know what it was. But many of us who carry iPhones or androids are being prompted about data leakage or passwords where our information or password or user ID somehow made it out onto the, you know, the dark web, read those. And if there’s those either with your credit card, your business account, your bank account, you know, maybe you don’t care about your Spotify account. I do change those. And so I do think that consumer technology has become sophisticated enough to actually aggregate dark web information and serve it up as a notification on your on your own phone. Don’t ignore that. Get a cup of coffee on a Saturday morning and change your passwords.

Jodi Daniels 24:05

Good things. Yeah, make it make it a one event A a tall one. That’s right. That’s impressive for the non coffee person over here from my wife a few times that I’ve learned a little bit very good. And when you’re not doing privacy and security all day long, but you like to do for fun,

Brian Kirsch 24:25

fun. Can you repeat the question? Not sure what you mean? What do you like? I’m just kidding. I’m just getting. No I have this I’ve got three young boys 1614 and 10. And we’re a very active family. So they whether we want to be or not. So we’re always on the move. You know, for fun and stress relief. I’m a big time runner. As a family. We’re a lot of bad golfers, but we have a lot of fun out there four or five hours on the Lynx doing that and then what we’ve really had fun with over the last 18 months is we’ve had more time together Is pickable y’all play pickleball

Jodi Daniels 25:02

we do not but Justin’s mom has played pickleball before

Brian Kirsch 25:06

well sometimes sometimes gets wrongfully pigeonholed as a sport that is only done in senior living communities. It is not true. Imagine, imagine if tennis and ping pong had a baby. That’s Pickleball is a ton of fun, and it’s Age Friendly, and it’s competitive and you’re going to be sore and exhausted and competitive afterwards, but a lot of fun. So if you take anything away from this pickleball

Justin Daniels 25:31

pickleball There we go. pickleball Alright, that’s the one close up and what? Well, how do people find Brian? Oh, what’s that? Well, people find you and can connect with you.

Brian Kirsch 25:44

Yeah, absolutely. So LinkedIn is best I’m always on it very active on LinkedIn, but propagating information and consuming information and helping our clients and partners cannot find me on LinkedIn, Brian Kirsch. Add CyberlinkASP and you’re one Connect away from me. And we’re also on Facebook and Twitter and obviously CyberlinkASP.com.

Jodi Daniels 26:05

Excellent. Well, Brian, thank you so much for joining us today. We really appreciate it.

Outro 26:12

Thanks for listening to the She Said Privacy/He Said Security podcast. If you haven’t already, be sure to click subscribe to get future episodes and check us out on LinkedIn. See you next time.