500 Years in Prison? Meet The Human Behind AT&T Hack

[00:00:03] Ever notice it's always the overconfident leader that thinks cybercrime doesn't apply to them who gets selected and hurt the most? Moving Target. Books 1 and 2, out now. Hardcover, paperback, Kindle, and audiobook. Amazon, Barnes & Noble, and independent bookstores. Book 3, coming soon. Be a Moving Target.

[00:00:47] 50 Charges. 10 Years Each. 500 Years in Federal Prison he was facing. And he was only 18 years old. One kid, one payphone, one whistle. And he helped break AT&T wide open from a community pool over in California.

[00:01:06] And here's what nobody tells you about my next guest. The tactics that John Young used in the NEIS, social engineering, pretexting, those same tactics are now the backbone of organized cybercrime. The only difference between then and now? John was doing it for free long distance calls. Today, they're doing it for your entire bank account.

[00:01:32] He thought it was a bloodless crime. No victim, no harm. Then the FBI knocked on his grandmother's door. Twice. Those long distance calls? They were to his grandmother because he missed her. What happened next didn't scare him away from cybersecurity. It built the man who became one of only 11 people on Earth certified in all cybersecurity ISC2 disciplines.

[00:02:00] And he's about to tell you exactly why he did it.

[00:02:05] And this is Cybercrime Junkies. And now the show. Very good. All right. Welcome, everybody, to Cybercrime Junkies.

[00:02:34] I am your host, David Mauro. And in the studio today is John Young, one of the podcast's very first supporters, a good friend. He has returned. John has been in cybersecurity since before most of us knew the Internet existed. And today he's one of only 11 people on the planet certified in all nine ISC2 disciplines, which is remarkable.

[00:03:04] And he also serves as the COO of Quantum Emotion America. John, welcome back to Cybercrime Junkies Studio, my friend. I'm really excited to have you here. Thanks, David. It's an honor to be here with you again. It's been, what, three, four years? Yeah. You guys have done an incredible job. We've been busy. Got to give you your props and flowers on that. Yeah. Well, thanks. So you have a remarkable career. And I want to ask you a couple of questions about it.

[00:03:32] Back in the day, now we talked about this in one of our very first episodes because you were one of our very first guests. And for those who don't rewind that far back, because there's like 800 of them and stuff. So you tell us about the story. Like you hacked AT&T as a teenager and then the FBI showed up. Yeah. It's a crazy story.

[00:03:58] Yeah. Most people would walk away from that experience wanting nothing to do with cybersecurity and you walked right toward it. So tell us about what flipped there and tell us about the event. Tell us what happened. Yeah. I'll give you a little background. There was a guy I grew up with who had to be one of the sneakiest people I've ever met. He would figure out every way to cut a corner, to get an edge, to do something.

[00:04:23] And he was able to, at 16, you know, make old man voices and trick people with social engineering. And so I was like an equal with him. I was a couple of years younger, but I was a little behind, you know, intellectually and knowing all what's right and wrong and all of this. You know, I just kind of followed him. So we grew up in the same block in the story of Queens in New York. His name was E.F. Rooney, Dennis Rooney.

[00:04:52] He unfortunately passed away a few months ago, but he's the one that figured it all out. I mean, he was literally a pioneer in social engineering. What we did, I had three different ways that I could basically get free phone calls. People say, who cares? Free phone calls. Well, in those days. Back in the day, that was a lot of money. That was a big deal, right? Yeah. If you call the next town over, it could be $10 for a 10 minute call.

[00:05:21] Forget about calling across the United States. And we were active 1973 through 1977. So I read this article about phone freaks, and I kind of talked to him about that. And Dennis, man, that guy was amazing in certain things. He really wasn't computer literate, but I actually did an interview with him before he died.

[00:05:47] And I asked him what he would do if he was in this kind of situation now. He said, all the things that would absolutely make a successful hacker, as far as he'd go in there with pizza boxes and the hat. He'd grab laptops. He'd look under keyboards for passwords. You know, he'd do distraction. So he was very amazing.

[00:06:13] We actually came between like Steve Wozniak and Captain Crunch. And then Kevin Mitnick came like 10, 15 years after us. We were already completely done with it. And you said some people would walk away.

[00:06:27] Well, what happened was two FBI agents with full-on white shirts, black ties, six-footers showed up at my 4'11 Irish grandmother's place in New York asking who was making tens of thousands of dollars of calls from California to New York. And my grandmother just said she was lonely and, you know, she'd talk to anybody. She had that gift of gab. She could literally get a whole elevator of people talking or a bus.

[00:06:57] You know, she was really a special person. So at that point, while we were in California, one of the people that lived in the area said, hey, the FBI has sent a team here. And they're knocking on the doors saying who's making all these unbillable calls from California to New York using the community pool and the grocery store and all of this.

[00:07:22] And I immediately backed off and said, wow, this is a sure way to go to prison because they said, you know, when we were in New York, it wasn't that big a deal. It was just fraud, you know, making calls. But once we crossed state lines, that became interstate theft of services. Right. Which carried it. Just for everybody listening or watching, let's check this out for a second. The FBI showed up with like multiple people. At least twice. Yeah. Yeah. So this was a big deal back then.

[00:07:52] Like today with everything going on, we can't even imagine the FBI showing up for something like this. But this was big back then because all I mean, just think about it. Like everybody would. It was so expensive to communicate back then. I mean, it was a big deal and people were always trying to get around it. Yeah. I was actually an accidental criminal. I thought it was a bloodless crime.

[00:08:17] You know, I didn't realize the havoc we were wreaking on the businesses where we were charging these calls to. Like one was a toy store. Another was a butcher shop. And the administrative costs must have drove AT&T crazy. Yeah. You know? So I actually had three ways to do it. I had the whistle from, you know, you could blow on a whistle and get the tone from a payphone. That was well documented. The second was social engineering, which Dennis was so great at.

[00:08:45] And he basically taught me how to do it so well, too. The third way was I... Tell us about how that would work. Like just a typical, a sample one. All right. So in those days, this was 1973. There were no answering machines. There was no cell phones. There was nothing, right? So we would call... Yeah, we'd set up a meeting like with our friends on the East Coast and us on the West Coast.

[00:09:12] We'd say, okay, we'll call you 7 o'clock Eastern time to this payphone. It was a very organized thing we had going. And we would stay on the phone for an hour, you know, at a time, which was crazy in those days. So we'd set this up and then we'd call collect to that payphone and want to charge it to our home phone, right? We'd say, we'd like to do a collect call. And they'd say, that's not allowable. It's to a payphone. And we'd say, well, I'll charge it to my home phone then.

[00:09:40] And the operator should have disconnected immediately. That was the protocol, just not even talk anymore. But sometimes they would do it. So what we do is give this toy store's number. They were closed. It's 6 o'clock. So the operator would call and call. It would ring, ring. And they'd just put us through. So this literally happened hundreds of times over the years. So the FBI had said, you know, it was 10 years for each charge against us.

[00:10:07] And they said, they didn't know my name, but they said I had at least 50 charges against me. Oh, my God. So that, holy cow. Yeah. So I couldn't do 500 years, you know, at 18. Oh, my gosh. Right. For making phone calls. For making phone calls. For like wanting to talk to your friends for an hour. That's amazing. Yeah. Yeah. We really, well, what blew it up for me was my grandmother that I mentioned. I was dialing her number directly. So they were able to just go right to her house. And it was a big mess.

[00:10:37] She stopped answering the phone, wouldn't answer the, you know. I really regret that part of it because I didn't, you know, she was my favorite person in the world. Right, of course. Yeah, she was my number one person in my life. Yeah. So it really, that's why I was calling her. You know, I really missed her. You know, she was my biggest fan. So anyway, in this situation, right, you can go one of two ways. Like you said, you can lean into it and go that way or you could walk away from it completely.

[00:11:04] So what I did is what a lot of security experts have done. People say my life reminds them of catch me if you can with Leonardo DiCaprio where the FBI hired him and this and that. Well, no one was hiring me because they couldn't catch us. Right. We kind of stopped what we're doing. We cooled it off once we got there. And as you mentioned, there was a lot of stuff going on then. Nixon had just retired. The cities, we think we have a lot of political unrest now.

[00:11:30] I know there was the Watts riots that had happened shortly before then. Like there was a lot of things that were going on. Yeah. I mean, Patty Hearst, bank robberies, buildings blowing up, the weathermen, the move in Philadelphia. So right now people are complaining about the violence and this and that, you know, which is bad enough. Yeah, it's been going on since it was born. Yeah, in the 60s, 70s was a big deal. So it was really small potatoes, I think, to the FBI to face whoever this was.

[00:12:00] They made a good effort. They came out a few times. Well, they didn't have divisions either. They didn't have like a cybercrime division. There was no such thing then, right? There were no computers. Right. There really was. They weren't equipped or staffed, right, with protocols and policies and equipment and technologies to really be doing it. Oh, they would have thought of that so quick. If we would have done what we did now, you know, we wouldn't have lasted a few weeks. If they really wanted to get us, it would have been very easy.

[00:12:29] But this was, you know, eight, nine, ten years before PCs were even invented, right? Yeah. So there was no internet. You had mentioned that I was there before the internet. I actually was one of the first people that was on the ARPANET. There was very few of the predecessors of the internet. Yeah. You know, McDonnell Douglas, we had a site. And it was, I mean, networks. This was before routers were really popular. So we used bridges and repeaters.

[00:12:57] And this really will be considered primitive equipment now to get the signals across. But in those days, it was all we had. So basically, I went into a 40-plus year career of cybersecurity and IT operations with McDonnell Douglas and IBM. And Dennis actually went into the biggest fraud in American history at that point, something like $3 billion in today's money.

[00:13:26] The oil recertification fraud where the government was paying producers to drill for new oil in those days. And they were giving people more money as an incentive to drill for new oil. The problem was there was no chemical difference between the new oil and the old oil. So if you had the fraudulent certificates, then you could do it. So this was run by a guy, I think his name was Richard Sutton.

[00:13:54] And he was an Oklahoma oil man who got a four-year sentence. He owned the Zanadu Hotel, I believe, in the Caribbean. He was one of the first, like, real billionaires in those days. So that was, you know, a big, big deal. He was crying in court when he got convicted. And what happened was Dennis's brother-in-law was arrested by the FBI. And Dennis, he had such a baby face, which allowed us to get away with a lot because we both looked so young, you know, at that time.

[00:14:23] None of us could grow a mustache or a beard or anything. So the FBI comes there and they say, you know, says, come on, kid, get out of here. You know, he's going, you know, just stay out of there. So Dennis told me he grabbed $60,000 cash out of the closet, flew to Europe for a year. And that's how he avoided ever getting caught. So in his whole career, he never got caught. My whole career, I never got caught. But I wouldn't even spit on the street after that because I was so afraid of him.

[00:14:53] And now the statute of limitations for any of the phone freaking, all that's been, like, all that's long gone. It's glamorized. That's why fishing is spelled with a P-H. Right. Right? Because of the phone freaking. Yeah, that we did way back in those days. Very colorful thing. Sometimes, you know, I regret even mentioning it when I speak because people see me years later and that's what they remember is that particular thing.

[00:15:20] A lot of people in the audience don't understand it. They didn't even grow up with pay phones. They didn't grow up. You know what I mean? And so it's all a story to them. Right. But it was very real. I remember it. It was to me. In fact, it gave me the imposter syndrome for the rest of my career. I never knew if I was going to get walked out, the walk of shame. You know? At McDonald's, I saw people get walked out for lying on their resume. You know, in those days, no computers. It would take a while to catch up.

[00:15:50] You know, I have to call people and get back. So I remember this one lady who's walked out so quick that she used to change from high heels into sneakers, you know, when she was there. And I watched them walk around and her tight heels were still sitting on the desk, you know, and all her stuff. And they boxed it up. So for me, it was a very real thing. And it really affected how things, how I behaved in the way I was just like the model person. In fact, just so low key.

[00:16:20] But I got lucky. A lady that gave me my first job in the computer field, I actually went to an IBM trade school for a year. And I learned four languages. Fortran, COBOL, BASIC, Assembler. And those aren't even around anymore, right? It's all C++, Python, blah, blah, blah. So anyway, after all of this year-long 40-hour-a-week thing where I had to take a bus for two hours to get there,

[00:16:46] they gave me a bus pass and $200 a month, you know, which didn't go far even in the, you know, 1980. I figured I had to go back to school. So I went back to Orange Coast College in California, Costa Mesa. I wound up working in a hotel in this really horrible job where I was folding towels and checking people in at the same time while I was going to school. I didn't have a car.

[00:17:10] I used to take, you know, my 10 speed and go to college and then go to the hotel and rain. And it was just a nightmare at times. But you got to persevere, you know. That's where your character and integrity get built up. So I pushed it, as they're saying. And one day I went to the employment assistance program for students there, which I would advise anyone who's looking to break into cybersecurity. Go in to your college, use those resources.

[00:17:40] And those days they did it online. They had index cards on the wall. And I saw one that just caught my eye for a computer job. I went in. She tested me out kind of three interviews. And I got the job. So I went from working in this hotel and, you know, 100 degree heat, doing towels. I'm running up and checking people in. Night shift. Six days a week. They kept it six hours a day so I didn't get medical benefits.

[00:18:08] They really, you know, had it rigged. And I wound up going to the beautiful job. And there was only 15 people in this company. But he was my best mentor really ever. You know, that's why we do things through quantum motion. What was that first company? What type of company was it? It was called Infotech. It was the satellite imaging company for making maps. And we had a big map showing, you know, the different elevations and everything. And it was pretty successful.

[00:18:37] I was working on a Vax 11780 and a PDP 11. Those were digital equipment corporations way before Microsoft. There was no PCs at that time. So I wound up going to this 15-person company. She went to McDonnell Douglas and brought me in under her. And that took about a couple years from me starting at this 15-person company, her going and me going to McDonnell Douglas,

[00:19:04] which was a Fortune 50 company then. It was huge, you know? Right. So I went from a company with 15 people to 250,000 people. Wow. And she was the network director of the MD-11 program. And then she went to the C-17 program. So I became the network director of the MD-11 program. And then when she left, I took over this $41 billion C-17 program when I was only like 26, 27 years.

[00:19:32] I don't know why they would give someone. That's crazy. I don't even know why anyone would do that. But nobody knew that stuff. The whole thing is you were a pioneer. You were one of the first ones. It's kind of like the people that are advancing in AI right now. Like nobody's done this before. So what makes it exciting is you can be self-taught and learn this stuff. And you're creating a path that just really hasn't been forged before.

[00:20:00] Yeah, I feel like Forrest Gump in a way. Because you know how he was just like bouncing over from thing to thing. I was in the phone freaking thing. The FBI. Then I was in like the first computers before the internet. Then I was on this big, you know, military program. I actually was, my claim to fame was I was the first one to successfully cluster a digital equipment, you know, computers together. A couple of them.

[00:20:25] I started as a coder and went into operations, which VP was telling me, why are you doing this? It's all grief and no glory. Stay in development. But my heart was in, you know, the data centers. And it turned out to be a great thing for me because I really enjoyed that. Not being in the background doing the coding, which I did use in my career, which everyone should learn a little about. Yep. So at that point, you know, really changed everything. Yeah, you did? Oh, yeah.

[00:20:54] Yeah, no, I think learning the coding languages is so critical. It's still the reason. Again, just like being taught in school what the capitals of all 50 states are. It's not about being able to recite the answer. It's about learning how the process is to learn that data, right? It's the same thing with coding. Like, to me, learning a coding language teaches you how to think a certain way. And I think that is really critical.

[00:21:26] Stay with us. We'll be right back. Ever notice it's always the overconfident leader that thinks cybercrime doesn't apply to them who gets selected and hurt the most? Moving Target. Books one and two, out now. Hardcover, paperback, Kindle, and audiobook. Amazon, Barnes & Noble, and independent bookstores. Book three, coming soon.

[00:21:55] Be a moving target. This is called, you know, more structured programming where it wasn't just, you know, a bunch of spaghetti code we used to call it. It was really structured with, you know, additional statements. You did a lot of documentation. So that's the good thing about the IBM trade school I went to.

[00:22:26] You know, they really, you know, had us on a mainframe in 1980, you know, to be able to work on a mainframe was kind of crazy, you know, as a young guy. But from there, it actually helped me. That became my claim to fame in the other situation. Like, when I got laid off from McDonnell Douglas, they had a big problem when they laid off, like, half the people. And I took a package and left. But I couldn't get a job because I had all this supercomputer and mainframe experience and super minis. Which wasn't common.

[00:22:56] Yeah, now PCs were coming in. Well, it was the only thing for a while. But then people wanted PC experience, even though it was only a couple of years over. So I managed in, like, 1992, 93, when they first started to become more popular, to get into that. And because I had clustered the Vaxes, I was the first really in that area in L.A. to cluster, like, Microsoft servers. So that became my claim to fame.

[00:23:25] I would have redundant servers that were clustered if one went down and the other would stay up. But so it's funny because when I was at McDonnell Douglas, I was doing screenwriting. That I thought was going to be my career. I'd gone to NYU film school, director school, all this. Oh, really? Yeah, I'd written a bunch of scripts. So I thought, you know, that would be my way to go. So I actually wrote a screenwriting. You were in L.A., so, yeah. Yeah, yeah, exactly. That's how I met people. But I didn't have the personality for it.

[00:23:53] People might see me now and say, wow, you're, like, pretty extroverted and animated and all that. But then I was super shy and, you know, plus I had this fear that the FBI was going to grab me. You still had the – I still had that for 10. Even when I was at IBM, you know, every time I had to put in a resume, you know. The FBI actually investigated me three times for my clearance levels. That's another thing people don't realize. Oh, my gosh, they did. That's right. Yeah, to get the job.

[00:24:23] That's right, every time you had the clearance levels, they would do a full FBI background. Yeah, to work on the project, I had to do a pretty minimal one, which they just accepted. You must have been scared to death. I was because I – But now you're older and now you look back going, they wouldn't have done it. Like, come on. Right. But if it's you, you think differently. But if it's you, right. Well, because everything you're working for and you've developed could be gone, right? So – Well, people make a full career out of their criminal background.

[00:24:52] A lot of them, I think, are kind of like posers and blowing up the situation. Yeah. I was really in the middle of it. And it scared the hell out of me because I left home when I was 18 and went in the military and all of this. And, you know, I had no backup plan, you know. I was 2,500 miles away from my family in New York, the only one out here. So if I had some kind of problem, no one was going to be able to help me. I had to do it all myself. You know, money, whatever.

[00:25:21] I had to do – that's why I worked so hard was there was no backup plan. Is that how you got to L.A.? Is that how you got out there? Were you in like the – were you in the Marines or Army or Navy? I was in the Air Force, yeah. Oh, in the Air Force. Yeah, my – well, March Air Force Base is in Riverside. And I wanted to – my friend, this guy Dennis, I was saying, that taught me all – that brought the hacking thing to California. His sister got married in California and he moved out to stay with her. He invited us out.

[00:25:49] I was like, this is great, you know, compared to where I was living. You know, this is amazing. So I used to go back and forth between the base and, you know, hang out with them and everything. So that's how that all worked out, you know. Plus, I was really worried because I was like calling from the Air Force Base too and I was saying to myself – Oh, my gosh. Yeah, now that's another thing on top of it, you know. It's a government thing. I was like, oh. Oh, you were scared. Yeah, yeah. Yeah, I was. Scared to death. Yeah. Yeah, yeah.

[00:26:19] I was really worried about it. Look at the statute of limitations. Yeah, and, you know, no one would care now. It's kind of funny. And I see people that, like you say, lean into it. You know, they talk about their big badass career and everything. But it's so stupid. I have to brag about it and that's kind of a turnoff for me. That's what I hate is glamorizing this thing.

[00:26:41] Yeah, don't – because there's still a real victim on the other end even if it's – because companies are still made of people. You know what I mean? And so, like, at the end you're still hurting people. Yeah, and also you got to look at it this way too. You hear about these big, you know, rings that they make a few million dollars and everything. But you don't see in the background the guys driving around with a banana yellow, you know, Ferrari, no income, boom, tax evasion.

[00:27:11] He's caught. The neighbors will turn him in. Someone will turn him in. Or the fact that criminals turn on each other. They're like, hey, you know, there's an eight-way split. Let's make it a five-way split and take out these three. We'll drop a dime on them or we'll, you know, make them disappear. And that's what this whole glamorization thing is such nonsense. People get caught, changes everything, ruins it for their whole family. But look at the career I had instead, you know.

[00:27:39] I'm very proud of the fact that, you know, I can hold my head up. IBM, you were at IBM, McDonnell Douglas. Now you're involved in Quantum. Like, those are big deals. All of those are individual career arcs. And you've done three. Crazy, right? Yeah. Like far has come. I know, it's crazy. And the people that I met, you know. And I worked on two consulting projects between my McDonnell Douglas job.

[00:28:08] And actually, I worked for a company called Candle that got bought by IBM. So there, I had to put in another resume, you know, to protect my job. When they bought the company, I was like, oh, here we go again. Another background check. Yeah. Yeah. Well, the FBI, the second background check, they actually made phone calls. The third one, they went back to Astoria and were interviewing people about me like 10 years after I had left home. What? And were asking. Yeah. Yeah.

[00:28:36] And they actually were like, you know, walking into people's houses and asking about me. So anyone that thinks it ends, it doesn't. I passed. I had a great clearance. But as I went up to be like a network director, you know, your clearances have to go higher and higher and stuff like that. You got to be, you got to not burn bridges. You got to, in all the factors of your life, because you don't know when what you did 10 years ago is going to pop up and hurt you. Exactly.

[00:29:06] You know, there's a lot of life lessons in there. Yeah. You got to get a good mentor. You know, my mentor happened to be this guy, Dennis Rooney, who was my best friend at that time. But he was a kid, too. He didn't realize what he was doing. He wound up having this crazy career. You know, he just passed away, like I said. He was very proud of the things he had done, actually, you know, over the years. Because he was like the Forrest Gump of these con things, too, you know.

[00:29:34] So he saw all these big people, and they met people there. But with me, I stayed on the straight and narrow. And the two consulting projects I did, one was Unical headquarters in L.A., which was one of the – if it wasn't the tallest building in downtown L.A., it was one of the few tallest buildings. And we converted that out, and Unical left, and it became like a big movie studio conversion down there, a very famous project. Second was Kaiser Permanente.

[00:30:04] I worked on this call center in 1993-94 with such a great group. It was just growing into this mammoth, this behemoth. Yeah, they kind of had just invented the VRUs, which is dial one, you know, for patients, dial two, for – you know. So I actually was programming them, you know, at that time. And you just do a one-time, two-time deal, you know, and then move on, you know, record that and setting up Lotus Notes.

[00:30:31] And it was a great crew of people, you know, but it was so futuristic that they filmed Starship Troopers there. So I got to see them filming part of that there because the architecture for Kaiser Permanente, it was in Baldwin Park if anyone ever goes by it. Still looks amazing, you know. And the second one was Larry Flynt versus the U.S. Oh, yeah. With Woody Harrelson.

[00:30:54] You know, I got to watch Woody Harrelson, you know, they're running down the hospital hallway with him on a gurney, you know, after he got shot as Larry Flint. So you never know where you're going to be. So those are two very famous projects. But I did kind of get lucky with the way that the company I was with, they were the first to really do IBM mainframe monitoring. And IBM didn't want to start a whole division, you know, to do that. So they bought the company. And it was a privately owned company.

[00:31:23] And the owner of the company became fabulously wealthy, you know. And he also was in Digital Island, one of the first people that – you talk about cloud now, right? Right. Right. In 1997 or so, we started doing what was called co-location. Now you call it cloud. But it was called co-location there. So I had to move all our data center stuff into another facility. Different location. Like Digital Island, yeah.

[00:31:52] And then when the security became a problem, I had to pull it all back. The two of my projects were just moving it out and moving it back in. And so I was actually, again, on the cutting edge of VMware and virtualization. And 42 offices I managed worldwide. It was like up to 50 people is my report. Yeah, it was kind of a crazy, you know, situation. You don't think about it when you're in it, you know. Right. You're just working. You're busy, right? Yeah. And I loved that part of it.

[00:32:21] I didn't like the politics, you know. But, you know, as I moved up higher and higher, you know, that became a part of it. Right now I'm an executive. I'm on the board of Quantum Emotion, the parent company. I'm the COO. We started a subsidiary in America. Let's talk about that. So let's talk about Quantum. Explain for a small business owner, right, why, like people talk about Quantum.

[00:32:45] And basically Quantum are a certain, it's a type of computer that basically thinks different processes differently than traditional computers. It can break all of our standard encryption, which changes everything, right? And people always say it's about still 10 years away. But explain it, break it down to us simply for like a small midsize business owner.

[00:33:12] Like why do they need to pay attention to this now and start to get prepared? Because I believe they do. So walk us through kind of what it is, what your company is doing, what you see happening. Okay. The first thing is a small to midsize business. They should literally focus on cybersecurity fundamentals right now. 100%. Right. Because some money in them are, they still don't even, they're all like a startup.

[00:33:40] You know, they're putting all their money in growth, right? Growth, sales, revenue. And very little will go into what they consider overhead, which is cybersecurity. So my advice to them is definitely focus on that. The government is way ahead of the game on this. There was HR 7535 in December of 2022 that passed, which was a house resolution that became a law,

[00:34:07] the Quantum Computer Cybersecurity Preparedness Act. So people aren't aware of this, but the government has been preparing for over three and a half years for the day that you're talking about. Q day, they call it, where the quantum computers can break the encryption. And people had said, you know, it was 20 years away. When I talked about it a couple of years ago, people were saying, oh, it's science fiction. Last year, they were saying, well, it's 10, 20 years away.

[00:34:36] Now they're coming to me and saying, we need what you have. Okay. And when you go talk about encryption and certificates like the X.509 certificates, you know, encryption, stuff like that is the most automated, like boring things that most people don't really pay attention to because they're not involved behind the scenes. Right. Right. So with the quantum computers.

[00:35:05] There's a very real effect of why you have to pay attention to that. Right. Because everything that we have, every lock, every system, the passwords, our banking systems, our e-commerce, like everything is encrypted. Right. A certain way. And it's a math problem, basically. And quantum breaks that for lack of a, like a completely non-technical explanation.

[00:35:34] But that's basically what it does. Right. It's able to cut through all of it. Yeah. I advise anyone who has Apple TV plus to see Prime Target. Okay. They had one season, very successful. It was the number one show for a while about a math genius who was looking for what he called, you know, this prime finder that would be able to find all the prime numbers.

[00:35:58] Encryption, when it's math-based, okay, is basically two very large prime numbers times each other. That creates a 600-character string, you know, of encryption that makes it hard to break. Okay. So, the problem is these quantum computers, as they're developing, they go through pattern recognition and math problems, like a hot knife for butter. Google announced that they had solved a math problem that would take a supercomputer 100 years. It would solve it in eight hours.

[00:36:28] And it's constantly getting better. IBM started the IBM Starling computer to take the place of their system too. Quantum computer, which right now has to be cooled in like a super-cooled environment, sort of like the old data centers. When I was first in there, you'd go in there with a sweater and people would even bring gloves, you know. It was that cold. Now you don't need all that. You need it to be cool, but not freezing.

[00:36:53] Well, this computer, quantum computer, is very susceptible to heat and also other environmental factors, you know, magnetic. Magnetic pulses can throw it off, you know, so many factors that they're trying to normalize. So, IBM is putting $30 billion into the Starling project, which in three years, now less than three years because they announced it last year, is going to be 20,000 times faster than their system too. Wow.

[00:37:24] That could solve a problem in hours and minutes. So, a lot of people, you know, that used to say it was science fiction, that it's going to take a long time, now they're changing their tune. They're kind of backtracking. There's many famous cases of that. But my point is, why do you need the quantum computers to be the reason to go over to some kind of technology like we have? It's just better, you know, it's uncrackable encryption.

[00:37:51] The attack vector is the entropy or C generation, T generation areas, right? If you're using the math base, which is called PRNG, pseudo-random number generation, then that's what these quantum computers will be able to attack, you know? And what does quantum eMotion product do? The quantum random number generator, what does that do? Yeah, that's our base, you know, of everything.

[00:38:19] We have a whole suite of products now that do everything. The random number generation thing, it's only like a $3 to $5 billion, you know, industry. So, it's not that big a deal in certain ways. That's couch change for like Microsoft and Google. And the effect is way out of proportion to the, you know, amount of money that it'll bring in.

[00:38:42] But as the seed of all of our rest of our products, that's where, you know, our potential is unlimited with chips and stuff that can sit on the same board as a quantum chip, you know? And where we come in is we have the patented technology for a very famous experiment in 1984 called quantum tunneling that won the Nobel Prize in physics just last year. So, 1984 to 2025, right?

[00:39:12] 41 years later, they win the prize for this quantum tunneling experiments. And our technology is based on, you know, those seeds that they had generated with their research all the way back then as a technology. So, we've actually refined it because there's different molecular particles, right? There's photons and electrons. Photons, a lot of people went in that direction. It's not a new technology. It's been around 25 plus years. Right. But the difficulty is in miniaturizing.

[00:39:42] With the photons, they've always needed an optical device. They're trying to work around that. So, you can't miniaturize. It's slower. With ours, we use a thing called electron tunneling, which can absolutely be miniaturized, put on a chip, PCI board, and is magnitudes of order faster, you know, than what they were doing with the photon technology. So, right now, we're kind of what I call the mouse that roared.

[00:40:07] We're this tiny company that actually is the full circle of cybersecurity based on, you know, seed generation all the way through the chips and the VPN and all these other products that we have that the rest of the world is going to be catching up. So, I… So, now, who is… You don't have… Well, who are your competitors? Are there any… Yeah, there's a few.

[00:40:31] UID Quantique is actually the original one where they did the, you know, the photonics and everything. They're pretty famous and they focused on certain industries. The thing is, with us, we can be in any industry. We're in energy. We're in… We just had the world's first quantum space wallet for Bitcoin, you know, and crypto. We also are in healthcare.

[00:40:56] We're the provider for a company called Raybox in Canada that I think is revolutionizing telehealth because actually it's sad to me. My mom is an assisted living. She's 86. Right. And telehealth right now is just like a Zoom call, you know. So, either the doctor's there or it's a three-minute Zoom call. You know, how are you doing? Are you taking your… She can't really, you know, get to the heart of the problem.

[00:41:21] This company, Graybox, is actually using our platform for their security, but they can monitor any kind of device, whether it's an EKG machine, whether it's, you know, oxygen machines, all the FDA-regulated stuff. And they monitor at 7 by 24 and send out alerts, you know, based on the patient not even doing anything, right?

[00:41:47] But on top of that, they also do the Oura ring, the Apple Watch, all these wellness things too. All of the nodes, all of the alerts from regular, you know, all of the biometrics that a body goes through during the day and they can capture that, spot any outliers, things like that, and alert them proactively. Right. It's very easy for the patient too, you know. Yeah.

[00:42:14] If they're wearing an Apple Watch, you can monitor their pulse, their sleep, you know, all the – whatever it's set up for. So they have a dashboard and the caregiver can just monitor, you know, all of their patients and then set alerts based on these different devices because they're device agnostic. They'll do anything. So I really – yeah, I see a lot of revolutionary things in all of these different fields that we're in where it's not just our technology, it's changing the world.

[00:42:43] It's these other technologies that we're a part of too. So it's very satisfactory. So when you guys sell into a company, when you sell into a company, are you – do you sell the chip? Do you sell the encryption behind their product? What is it that you're selling them? Yeah, so that's the beautiful thing. Yeah, that's the beautiful thing is we have hardware, software services that people can use any piece that they want to fit in.

[00:43:12] Now, the big problem right now is when you talk about encryption and you talk about the PRNG, the math-based pseudorandom number generation, we're QRNG, which is not math-based. It's all in the quantum world. So it's quantum versus quantum. And it's pure what they call randomness. So there's no patterns that a quantum computer can focus in on.

[00:43:38] They can just go for infinity trying to solve these, you know, encryptions. And with any other kind of multi-factor authentication or any of your typical controls, like, you know, logging you out after five bad tries or whatever, you know, literally becomes impossible to be able to crack these.

[00:43:58] So what we can provide at the lowest level is the seed generation through this random number generation through the quantum QRNG that actually becomes the seed that sets up the keys. Keys are really the key to encryption, you know. It's not to be redundant about it, key-to-key.

[00:44:18] But if you could imagine, you know, I could simply, you know, give you a mental picture of what the way it is, is basically our technology will push electrons into a barricade. It's called a junction. When it comes to the barricade, it's very random, you know, and you can never tell what, you know, the amount of electrons we're going to get through. So it's going to be a completely random number that generates zeros and ones.

[00:44:45] And then from there, it's processed into all these other characters that, you know, turned it into, you know, perfect encryption. So there's really two steps to it. But it's very different from a prime number versus a prime number or some kind of box sitting on a system that could be impossible to crack. So we're ahead of the game with quantum versus quantum.

[00:45:10] And the beautiful thing is we also can back level into RSA ECC the existing encryption so a company can pull us in without tearing out everything they have as a bridge to, you know, since this is cyber security podcast, we could talk about the four NIST-approved post-quantum cryptography algorithms. You know, that's kind of the holy grail.

[00:45:40] And you talked about the government. Well, the government NIST has been looking at this since 2016. They're on 10 years now. And they've only got four approved. So you can see how intense, you know, that is. So if we are bundled with a PQC, post-quantum encryption, and we're pulled in as the seed or the key generator, you know, the entropy of that, then that's a pure stack of quantum safe algorithm with the QRNG.

[00:46:10] Whereas the weakness I see is even if you have PQC, those four algorithms, and you're still using the PRNG, not to get into all these acronyms and throw people off. But, you know, there's security seals. No, but it has to do with security and the encryption piece and actually in a post-quantum world being able to keep things secure. Right? That's what this is all about. Absolutely. But you can do it now, too. You know, why not get the best right now?

[00:46:39] But that's why I recommended Prime Target, too. You know, this Apple thing. It's all about math and all the encryption. Right. My view is I've got to think somebody like Apple or Google or Microsoft is going to want this technology. Like, why would they not buy you guys and roll it out across everything?

[00:47:03] Is it because the threat actors are really just honing in on AI right now and they're not addressing quantum yet? Because it's not... Well, I can't talk about what is... Yeah, I can't really talk about what's going on, you know, stuff like that. I'm on the public board, you know. We're on the New York Stock Exchange now, too. Right. You know, which was a big... Oh, okay. New York Stock Exchange. American, yeah. All right.

[00:47:30] But the thing is, my vision is, you know, forget acquisitions or whatever. This problem is so big. I know. Right? That even if... That's why I just... I would think one of the big guys want this, you know? Well, if all of our competitors and us got together, we still are so small. We couldn't level up and do it.

[00:47:52] That's where I envision, you know, not being quiet or doing licensing and stuff in the future would be the way to go. That way would be sort of like the Y2K initiative. Right. Which is, unfortunately, people are saying Y2K was a dud. It was a scare tactic. People made a fortune. Well, I worked for five years off and on on that project.

[00:48:15] And that's why it was a dud, because it was a half a trillion dollar worldwide effort between every government, every military, businesses around the world to make it a non-event. But younger people who may listen to the wrong, you know, people about this say, ah, that was nothing. It's a nothing burger. You know, they don't realize the effort that went into it. I was just going to say, I think it was a nothing burger because it was a huge success.

[00:48:42] Like, because all of the defense and adjustments and corrections that went into place so that when midnight came, it didn't have the impact. Right? Oh, I was in the data center, our headquarters in L.A., monitoring Malaysia, Australia, all our data centers around the world. Yeah, as they hit, you know.

[00:49:07] And we had our whole staff on December 31st, you know, 1999. None of us could go out to New Year's Eve celebration. We were all in the data center, all hands on deck, like 50, 60 people in one data center. Isn't that the story of cybersecurity? It's like when you're doing it right, it's a dud. Like, that's the whole point. When you're doing it right, there's silence.

[00:49:36] There's nothing bad that happens. That's the whole point, right? Yeah, we made it look too easy. Yeah. Right? That's always if you're too smooth, right? People don't appreciate it. It's the person that complains. That's, you know, oh, this was so hard. Oh, I barely made it. You know, they get all the credit for the effort they put out. But if someone makes it look too easy, then, you know, you get a Y2K situation, which 25 years later, people say was nothing. Look at what we had in the year 2000.

[00:50:05] 2000 businesses had computers for sure, but there was no Facebook. There was no YouTube. There was none. None of Apple hadn't even put out the iPhone yet. There was no online banking. There was no stock trading online. So 26 years later, you know, it's just an exponential leap from where society was compared to then.

[00:50:30] We're fully digital compared to then we were like, you know, kind of thinking we were, oh, wow, we're so advanced. You know, look how dumb they were in the 80s or how far behind they were. You know, now we look at the 90s and say, man, you know, that was really primitive, you know? Yeah, it was very primitive. Yeah. Yeah. And like I said, it was different. You do a lot of mentoring with people trying to break into cybersecurity, and that's great.

[00:50:56] What are some of the things that you're seeing about people that are trying to break in? We talk about this not very often on the show, but it is something that, you know, always interests me because part of me is like, well, cybersecurity isn't really – it's not really an entry-level job. It is essentially the policing of the technology.

[00:51:24] You need to – you need the experience in the technologies. You need the experience in the organizations to know what – in order to protect the people behind using it. But there are paths to directly go straight in, obviously, now. There's curriculums. There's degrees. There's all of this. How are you guiding people? Like what things are you seeing? What advice do you have to young people trying to break in?

[00:51:54] One of the things that really frustrates me is LinkedIn. There's a lot of doomsayers on there that, you know, I've got 20 years' experience, and there's no jobs out there, right? Right. And they just kill a lot of people's, you know, desire to get in or their motivation. Let me give a quick, you know, little – how should I put it? A little lesson right now in how I do it.

[00:52:20] As a hiring manager, I hired dozens of people and fortunately had to fire dozens of people over the years too, which was very heartbreaking to me when we had the layoffs after the dot-com boom and mergers and acquisitions and everything. But as a hiring manager, there's three pillars that you're looking for when you interview someone. It's experience. That's number one. Number two is advanced education like college. Number three, certifications. Okay?

[00:52:48] I had so many certifications in the past that were dead, like Novell, like Lotus, like Windows and NT. You know, so I really wasn't a big person on certifications, but the ones now have lakes. Okay? If you go to Glassdoor and look for CISSP, right, or Security Plus, you'll get tons of hits if you just put in that string, right, of people that are looking for that qualification.

[00:53:16] So, to all the naysayers, anyone that's looking at for a job, all you need is one job. Okay? Right. It may be the worst time in history, and believe me, it doesn't compare to 1980 when I was looking for a job, when there was all like mainframes and programmers. 2008 when the entire economy, you know, trillions of dollars evaporated. Yeah, the recession, right? That hit real estate. That hit everything. So, okay, just have that mind frame. All you need is one job. Okay?

[00:53:47] The second thing is, if you don't have the experience, okay, and you don't have the college, that could be things that people pick at. Okay? So, keep trying to go to college if you can. That's very helpful. Let's do it part-time. Expensive, but my route was community college. You know, I wound up eventually getting an MBA. It took me like 30 years to do it, but, you know. But it still can be done. Yeah, it can be done.

[00:54:12] So, basically, you know, if you don't have the experience in education, go for the certifications. Okay? Right now, Security Plus is big for entry level, which is CompTIA. And ISC2 has what I consider their, you know, CompTIA Security Plus killer, you know, which is a CC. Okay?

[00:54:35] So, if you have absolutely no money at all, ISC2 is giving free certified in cybersecurity CC exam and training. Okay? Who knows how long it'll last. They'll give it to you for a year before it expires. So, sign up for that. And that would also help if you're going for the Security Plus. Because once you pass the CC, you know, they're very similar. Okay? But the best advice is keep a good mindset.

[00:55:03] Don't listen to people that don't know what they're talking about. I've seen people have a four-year degree in cybersecurity and get talked out of it by their family who's saying, oh, just give up. You know? It's too hard to get in. I've seen there's no jobs. Well, you were saying about an entry-level. There are still entry-level jobs. Help desk, the SOC, you know. Right. Security operations centers, right? Yeah.

[00:55:30] That you will go in there and you won't be monitoring more than, you know, implementing. But if you have good coding skills, too, and you go into a situation like that, you know, my way of promoting people is usually I take people from the help desk. I'd make them a junior sysadmin, you know, on Linux or on Windows machines because they have some kind of experience. And then bring them up and eventually, you know, the pyramid goes like this in operations.

[00:55:59] It's, you know, SOC and help desk. And then above that, the junior sysadmin. Then eventually you get to the network engineers, senior network engineers. At the top of that pyramid is the network architects. Okay? Those are the guys that are banging, making the most money. You know, there's certifications for all of those things. You mentioned my ISD2 certifications. And, you know, why did I do that?

[00:56:26] Well, you were only 11 people on the planet that do that. So that is a lot. That's a huge achievement. Thanks. And I think for people that are going into an interview, you want to make yourself as bulletproof as possible. Right. The reason I even started the certifications because I had had so many that just they were in drawers and never looked at them. You know, I didn't know where they were for dead languages.

[00:56:50] But now they're taken to be really important by hiring managers. They weight these things. Right. So, you know, no matter what anyone says, getting a certification, that will give you a leg up from someone that doesn't have it. So if you're all things are equal and you have a certification. But what was my motivation? First of all, I have a big ego. Right. And I had I had help Ian Neal, who was a very famous author.

[00:57:19] He's done Security Plus and Network A Plus. He asked me to be a technical editor on his Security Plus 702 book, which I saw the blood, sweat and tears he put into it. It's 28 domains. You know, encryption. He gave great write-ups on encryption, which is like literally the weak point of most everybody. So anyway, I had written an 800-page book on cybersecurity myself that was general cybersecurity.

[00:57:47] So anyway, someone sneered at me because they had a CISSP and I didn't have anything. You know, they said my cybersecurity skills were probably stale. So that kind of gave me a incentive, you know, that, okay. That's all it takes usually is somebody to just sneer it to you. And you're like, all right, game on, I'll get it. Yeah, some people are motivated by, you know, praise.

[00:58:14] Other people are motivated by scorn and sneering at you. Well, I happen to be one of those people. Oh, yeah, I can't do it. So I got the CISSP. Then I started to say, well, you know, I did a lot of architecture work. How hard would that be? And I got that very quickly. And then, you know, the management I had down because I'd done management all those years with, you know, recovery plans and all kinds of stuff like that with disaster recoveries. I'd managed data centers. So I started to just accumulate them.

[00:58:44] And so as I was going, I was like, I think I could do this in six months, you know. And I just charted it out. I was working full time. I traveled to Italy, Montreal, New York, Las Vegas for the convention. And when I went to the ISV2 convention, one of the VPs said, oh, yeah, only 10 people in the world have ever done this. I was like, wow, I'm only four away, you know, five away. So that in the next few months.

[00:59:12] So from June 10th to December 7th of 2024, I got 11 certifications. You know, I also got CISM and I got blockchain too because I'm very into crypto and blockchain technology. One of my friends, David Carlson, he's a UCI University of Cal Irvine professor in blockchain. So we'd sit around talking all the time. I was like, wow, that's a good certification to get.

[00:59:37] But for people trying to get in there, don't listen to people that say, oh, it's all experience. It's, you know, education, who needs it, you know, and certification. Trust me, there's people on LinkedIn that have 100, 150,000 followers. They can't even hold a job, you know. I've only got 11,000, you know, people. I only had 7,000 until ISV2 did that article on me. And suddenly I got like 3,000, 4,000 more followers, you know.

[01:00:06] But there's people out there that are just giving the bad advice. But really as a hiring manager, there's three pillars. Experience, education, and certification. If you don't have the experience, like I didn't have the experience. So what did I do? I went back to college. I kept looking for an entry-level job. Yeah, it was a lot better than folding sheets and towels and 110-degree heat and checking people in this little hotel on Harbor Boulevard, you know.

[01:00:34] It was just you got to listen to your own, like, heart, really. Are you going to be happy if you give up because someone said there's no jobs? What did they get out of it, though, on LinkedIn saying, oh, it's the worst time ever, you know. Yeah, I don't know. The best time to be in cybersecurity was 10 years ago, right? The second best time is now and tomorrow, you know, and whenever you can get in. So if you want to have a long career that's, you know, economically— It's always cyclical, too. It's always cyclical.

[01:01:04] Yeah. I mean, the best time to be in anything, people can always talk or point to a bull run that happened. But you still have to—like, right now is still the best time to be in it because we don't know when the next bull run is going to happen. And you need to be ready for it when it happens. Yep. Well, another thing is to join in with like-minded people, okay? If you want to be a doctor, you hang out with people that want to be doctors, a lawyer. Right. You hang out with people that want to be a baseball player.

[01:01:33] You hang out with ballplayers, bodybuilders, you go to the gym. That's where all the knowledge is, right? Well, if you want to go in cybersecurity, join, you know, through these meetups, you know, cybersecurity groups. You'll find people who are actually motivated, like Olaas, you know, ISC2, ISACA, you know? That's where you meet the people. Another thing is if you're looking for a job, have a business card, you know?

[01:01:57] Where, like with me, after I left IBM, I was like looking to do consulting, so I joined a chamber of commerce. You don't have to be a big company to join the chamber of commerce. They're bread and butter. It's just individual businesses and, you know, mom and pops. You know, it's really cheap. It's like $600 a year. What does that do? You get to go to network with people that if you walked in off the street and gave you a resume, they wouldn't give you the time of day. They're too busy, you know?

[01:02:25] But if you're in a relaxed environment and you're a good person and you can talk, you know, and they see the passion. You think you're putting them? Right. That's exactly right. Yeah, you happen to click. I mean, that's how I've seen so many relationships happen. Networking is the fourth pillar, you know? Not for a hiring manager, you know, though that helped me by the fact— No, but to open the door for the opportunity to get to a hiring manager. Networking is key. Absolutely. Yeah, I give that advice all the time. Yeah.

[01:02:53] You know, I joined the ISC2 SoCal Inland Empire chapter. It just started last year. This guy, Neil Pardo, is the president. I met him at the Security Congress. And he said, yeah, I'm trying to start this chapter. And he did it. It's like you have to move mountains to do something like that. And then it became the largest growing chapter in the world. Why? Because a lot of the other chapters just want people in the region, you know?

[01:03:20] And they're kind of not doing too many meetings and this and that. But we're in this chapter international. We have people from all over the world, Africa, England, Italy, anywhere in the United States. Yeah, you're really active. I see your posts and your comments on it all the time. Yeah, well, right now I had shoulder surgery. So you see the sling I'm wearing. I haven't really been as active lately. I've been working. That took a lot of my time.

[01:03:47] We just opened a new development office in Temecula, California. So I've been down there opening that up and finding the office and setting it up. We just bought another company that actually completes the holy grail of cybersecurity defense, which most people don't have. The company we bought, the person that was headed that company, he was in the defense industry for 10 to 15 years. Oh, great.

[01:04:14] And one of the things people don't realize with encryption is that in volatile memory, RAM memory, you know, there's a brief period where the encryption is decrypted, you know, and that's where it's an attack vector. You know, if it's not done right, it'll be decrypted. In nanoseconds, there are actually, you know, a lot of time to a computer, right? So anyway, he had come up with a way to keep it encrypted throughout its journey all the way through. Yeah, throughout the journey. Yes, that's great.

[01:04:41] So we bought his company and brought him on. So he started, you know, he's going to be the head of this office in Temecula under, you know, our subsidiary of Quantum Emotion America. So I'm very excited about that. You know, when I talk about completing the circle, you know, we start off with this base product. Our CEO is brilliant. You know, he's got a PhD, two masters, MBA, speaks five languages. And he's also the nicest, most democratic person in the world.

[01:05:11] He lets us all talk and everything. So he, in the last five years when he came in, you know, has really, you know, set the company up for pure success. We're going for the FIPS 140-3, NIST, you know, the validation through there and the testing and all of that. So people think it's like too slow sometimes the progress, but that's why I joined from IBM. I'm kind of a coattail guy.

[01:05:36] I joined on the coattails of what they've been doing for many years, you know, with all the research and all of that. So he brought me in as an advisor and then elevated me to the board. And then now I became the COO of our, you know, American affiliate. Yeah, so that's what people need is a CEO with vision. Actually, when I was at RSA a couple of years ago, the keynote speaker had said there's a big disconnect on the boards with the people in cybersecurity.

[01:06:06] You know, you have to go through a CIO who garbles the communication or may keep it down because they want to hide stuff. You know, they're having problems and this and that. So he elevated me a couple of years ago when they were just talking about it. Now it's almost becoming, you know, you're going to have to have direct communication with someone on your board or a cybersecurity experience. So anyone out there who wants the long, long career, okay, there's no ceiling there. You can eventually get to the board.

[01:06:36] You're going to be a very important player on the board of directors of a company because of your cybersecurity experience. So, you know, you can stay as technical as you want. You know, that's one of the things I didn't like about being a big company. They want you to be a people manager. They move you all over the place. And I did that. But then I said, you know, the last 20 years, I just, I'm all technical now again because that's what really was my passion.

[01:07:01] So if you want to stay technical, you can actually elevate all over all the managers eventually and become an executive and become, you know, on the board or be the board whisperer, you know, where they have you report directly to them. So the future is unlimited for anybody in cybersecurity, you know, and anyone who gets talked out of it, you know. And also another thing is people are giving up their careers in HR.

[01:07:26] I've seen in healthcare to go into cybersecurity and work at a help desk for 20 bucks an hour. That's not where I would advise them. I'd advise them to just say what they're doing, become a hybrid, you know, don't give up a lucrative career that took you 15 years to develop. Instead, be the go-to person, you know, in HR who knows cybersecurity too. Right.

[01:07:48] Because they're starting to sort of migrate IT and cybersecurity teams away from this classified, you know, IP and secure information and confidential information. Because you see, like, the big thing that happened in Massachusetts where this young, like, low-level, he wasn't even an officer, you know, had the biggest break. Back East and giving up government secrets. Why?

[01:08:15] Because he knew how to connect people up, you know, that were skilled in other areas. But they're like, oh, I don't know how to, you know, log in people or do admin work. So if you can learn cybersecurity and add it to your stack, then you're going to be much more valuable than someone just going over and starting at a SOC and just leaving that beyond. So that's my other piece of advice too for people that are thinking into cybersecurity. Become a hybrid.

[01:08:42] Emphasize to your executives and the people above you, your boss, that you want to become a cybersecurity expert in your group. If that's your passion, you know. There's people that get into cybersecurity because they're like, oh, it's lucrative and, you know, it's this and that. And then they start struggling. Then they think any career and they're getting into it for the wrong reasons, right? Exactly. If you get into it because you're passionate about it, you will get very good at it and the money will come.

[01:09:08] You can't just go after the money no matter what it is, whether it's law, medicine, whatever, because you're really not going to get very good at it. You're not going to like people will see through it, you know. Right. Yeah. Yeah. Yeah. What is. Absolutely. Yep. John, thank you so much. Yeah. I mean, I got to tell you, we will have links to your LinkedIn. We encourage everybody to follow you. The information that you share is brilliant. We'll have links to your book, your books.

[01:09:37] You also have the hacker book, Kick Hackers to the Curb. And you've got the links to the quantum of emotion. Check them out. Thank you so much for catching up with us and being such a great supporter. Yeah. Yeah, no, we definitely will. I would love to have you on a panel too. I've been putting together several panels of like people from different expertise and you'd be great on a panel. So I will be in touch very soon.

[01:10:07] Yeah. Yeah. Right. I would love, I would love to set that up. I think that would be a great discussion. Exactly. Yeah, exactly. Like when. Right. Because it keeps speeding up. Yeah. Like it's, it's, it's, it's easy to dismiss something people don't fully understand. So it is going to, yeah, completely just as AI has. So that's, yeah, I agree. And no one's really. Yeah.

[01:10:37] Yeah. That's where I think it's, I think it's happening a lot sooner than people realize. Right. Right. Unbelievable. Unbelievable. I was just going to say, well, we'll, we'll, we'll, we'll catch up and we'll do it again because there's going to be a lot more developments on this. So we, we will, we will have you back again and it'll be very soon. I promise you. Thanks. Really wonderful. Yeah. Really fun. I, I, I, I, I really love writing them and I'm working on my third ones.

[01:11:08] Yeah. Yeah. It's really fun. Yeah. Thank you so much, buddy. All right, man, take care of yourself. We will talk again soon. And I mean that it won't be several years. I know we tried to do it about like a year ago and I just got busy and just, I just, I chased a lot of squirrels. So I will, I will hone down. We will get together again very soon. Thanks, buddy. Take care of yourself, man. All right, man. See ya. Bye.

[01:11:33] Hey everyone. David Dean Morrow, creator and host of Cybercrime Junkies and author of the new nonfiction moving target book series.

[01:11:59] If you're a leader in an organization, curious how to roll out AI safely, or if you have questions on your incident response plan, how to run tabletop exercises, or looking for 24-7 eyes on glass to protect you and keep you growing without interruption. And I invite you to sit down with me and my team at NetGain Technologies. We've been around since 1984 before cybersecurity even existed.

[01:12:25] A simple conversation, absolutely no pressure and no salesy fluff. And you will walk away with a great roadmap no matter what. So if improving your IT, bolstering your security, or rolling out AI interests you, contact me directly today at dmorrow at netgainit.com. That's D-M-A-U-R-O at netgainit.com.

[01:12:52] Find out more at our website at netgainit.com. That's netgainit.