Summary6 min read

Episode Summary: Embracing Digital Transformation

Episode #341: The Hidden Cyber Threats in Printers and IoT Devices

Release Date: June 4, 2026
Host: Dr. Darren Pulsipher
Guest: Jim Lareau – CEO, Symphon and IoT Cybersecurity Expert

Main Theme:

This episode explores the often-overlooked cybersecurity risks inherent in enterprise printers and IoT devices. Dr. Pulsipher and guest Jim Lareau discuss why printers—still making up 20% of enterprise endpoints—are a critical but neglected attack vector, how cultural and organizational inertia creates vulnerability, and practical strategies organizations can adopt to mitigate these risks.

Key Discussion Points and Insights

1. Jim Lareau’s Origin Story and Perspective

Unique Background:
- Jim is an engineer (Rice University) turned trial lawyer, then entrepreneur in tech.
- He likens cybersecurity to a competitive courtroom, calling it a kind of "fight club" for the digital world.
  - "It’s a really competitive environment. You have adversaries that are well funded and experts... and you have controversy you have to convince someone about." — Jim (03:00)
Family of Trial Lawyers:
- His wife and three of his children are also trial lawyers, highlighting the importance of critical thinking and adversarial problem solving.

2. The Untold Story of Printer Endpoints

Printers Are Not Obsolete:
- Despite predictions from the 1990s, printers remain integral, especially in sectors like healthcare.
- "Printers ... account for 20% of their network endpoints... 20% is huge." — Jim (04:30)
Complex and Critical Devices:
- Modern printers are multifaceted, equipped with embedded web servers, email, fax, FTP servers, large hard drives, and numerous ports.
Vulnerabilities:
- 99% of enterprise printers are unprotected and often running factory-default configurations, making them prime targets for attackers.
- "It's a benign thought of as a benign endpoint, but it's in, you know, it's a complex business machine that's sitting out there unprotected." — Jim (04:44)

3. The Threat Landscape

Stories and Examples

Hacker Activity:
- Hackers have used tools like Shodan to find and exploit vulnerable printers, sometimes sending offensive or promotional materials nationally (see 2015 anti-Semitic hack, 11:08).
- "One guy pushed out anti-Semitic material to 150,000 printers coast to coast..." — Jim (09:45)
- Many exploits are enabled simply because printers are left at defaults and unmanaged.
Inside/Outside Threats:
- Threats can come from outside (network attacks), from inside (employee access), and via physical access (USB uploads).
- Printers have access to business systems (LDAP, file servers) and often store high-level credentials in cleartext.
- "Credentials for the ancillary systems are stored at an administrator credential level. So I could go get that off a printer that's sitting out in the X ray department and nobody will even know it." — Jim (00:00/17:47)

4. Organizational and Cultural Hurdles

Procurement Problem:
- Printers are seen as “business equipment” and often purchased/managed by supply chain departments, not IT or security.
- "They're procured like rubber gloves and syringes... multifunction devices have built-in servers, a huge hard drive, business-enabling ports... and they're all sitting wide open." — Jim (11:29)
Responsibility Vacuum:
- Security and IT teams lack ownership, budget, or expertise to manage printer security.
- "The risk needs an owner. It needs a budget, an enforcement standard, and someone to audit that enforcement." — Jim (22:18)
Industry Habits:
- Decades-old habits persist, such as resetting printers to factory defaults after maintenance, negating prior hardening.
- "The human behavior of the print industry for 40 years has been to reset to factory defaults after a service." — Jim (26:27)

5. The Real-World Impact in Healthcare and Beyond

Printers as Critical Infrastructure:
- In hospitals, printers are the “last mile” in digital transformation — essential for operations, patient admissions, and workflows.
- "Hospital cannot operate without the printer... it's still embedded in the revenue-at-risk workflows." — Jim (15:48)
Data Security and Compliance Risks:
- Printers routinely store or transmit protected health information and can threaten privacy and introduce compliance liabilities.

6. A Path Forward

Is There Hope?
- "Is this a hopeless cause? ...Or do I just get insurance for the ransomware attack that's going to happen?" — Darren (19:54)
Insurance Won’t Save You:
- Insurance underwriters now scrutinize endpoint security; a printer breach could void coverage.
- "If you had an event... it's really expensive... you can't fib in the underwriting because they'll use that to come deny coverage later." — Jim (20:20)
Strategy for Mitigation:
- Ownership, budget, and standards must be assigned.
- Regular inventory and management, including password management and certificate lifecycle automation, are essential.
- "We solved this IoT nature of the devices with software that controls across all the makes, models, versions, ages and firmwares..." — Jim (23:39)
Symphon’s Managed Service:
- Provides closed loop management including device inventory, certificate management, patching, and compliance reporting, tailored per customer.
- "We built a management consulting arm... helping decision-making... it’s like the old cafeteria — you get to choose what you want from lessons learned." — Jim (31:15)
Changing the Culture:
- Education and advocacy are required—Symphon creates white papers, consults, and provides pricing suitable for modest budgets.

7. Call to Action and Closing Thoughts

Cultural Issue at Heart:
- The main challenge is cultural and organizational, not purely technical.
- "You're not dealing with technical problems, you're dealing with cultural and people problems that are in the industry as a whole..." — Darren (27:12)
Steps for Listeners:
- Inventory your printers
- Assign risk ownership
- Treat printers as network endpoints
- Review service providers’ security practices

Notable Quotes & Memorable Moments

"During—across all enterprise, all industries, printers, current day 2026, account for 20% of their network endpoints, their known network endpoints." – Jim (04:30)
"All it takes is one to compromise your whole network." – Jim (07:38)
"The credentials for the ancillary systems are stored at an administrator credential level. So I could go get that off a printer that's sitting out in the X ray department and nobody will even know it." – Jim (00:00/17:47)
"Ownership, budget, and enforcement: That’s… like saying we need to breathe air." – Jim (22:18)
"The human behavior of the print industry for 40 years has been to reset to factory defaults after a service." – Jim (26:27)
"The attitude is: plug in the printer, configure once, and forget. That’s exactly how it always has been." – Darren (27:12)
"We're the only one doing this, Darren, in, in the market right now. The other options are inferior. ... It's more a programmatic approach... measurable, includes documentation, everything for basic cyber hygiene." – Jim (31:15)

Important Segment Timestamps

| Timestamp | Topic/Segment | |-----------|--------------| | 01:00 | Jim Lareau’s origin story and perspective | | 04:30 | 20% of network endpoints are printers—industry data | | 06:08 | The unseen vulnerability in printer fleets | | 09:15 | Historical attacks and notoriety on printers (Shodan, higher education hacks) | | 11:29 | Why manufacturers’ security features aren’t used | | 15:14 | Heterogeneity and legacy device challenges in print fleets | | 15:48 | Importance of printers in hospital workflows | | 17:47 | Printers as a reservoir for administrator credentials (attack scenario) | | 19:54 | Insurance and the exceptionally high risk of printer-based breaches | | 22:18 | Organizational challenges: ownership and budgeting for risk | | 23:39 | Closed-loop certificate and device management solutions | | 26:27 | Industry behavior: factory resets after service tech visits | | 27:12 | Culture vs. technology as the core issue | | 31:15 | Symphon's programmatic, managed approach to printer security |

Conclusion

This episode sounds the alarm on a critical digital transformation blind spot: enterprise printers and their unchecked cybersecurity risks. Jim Lareau and Dr. Pulsipher highlight both the technical complexity and the entrenched business culture that allows these vulnerable devices to persist across industries—especially in healthcare. The solution, they argue, is as much organizational as technological: assign ownership, budget, and follow standards, or risk disruption, data theft, and insurance denial.
Actionable message: Treat every printer as a serious endpoint. Don't "set and forget." Empower your IT and InfoSec teams with the tools, budget, and authority to secure every device on your network—including the humble printer.

For deeper insights or to contact Jim Lareau/Symphon:

Visit symphon.com and click “Take Action Now” (30:09)

Summary by Embracing Digital Transformation Podcast Summarizer—2026

Loading summary

Transcript91 lines

[00:00]
Jim Lareau
The credentials for the ancillary systems are stored at an administrator credential level. Okay. So they're stored as administrator. So I could go get that off a printer that's sitting out in the X ray department and nobody will even know it.
[00:18]
Darren
You know, I can totally clone that. I can totally clone that endpoint. Do whatever I want.
[00:25]
Podcast Host
Welcome to Embracing Digital Transformation, where we explore how people process policy and technology drive effective change. This is Dr. Darin, Chief Enterprise architect, educator, author, and most importantly, your host on this episode, the Hidden Cyber Threats in printers and IoT devices, with special guest Jim Lareau, IoT cybersecurity expert and CEO of Symphon.
[00:56]
Darren
Jim, welcome to the show.
[00:59]
Jim Lareau
Hey, Darren, how you doing?
[01:01]
Darren
I'm doing pretty good. Hey, before we dive into the subject today, which I think is pretty, pretty clever, I think you've created a really interesting business around a problem space. But everyone that listens to my show knows that I only have superheroes on the show, and every superhero has a background story. So, Jim, what's your origin story? What's your background story? Story?
[01:24]
Jim Lareau
So I'm a superhero, Darren.
[01:26]
Darren
Well, I don't have anyone that's not.
[01:29]
Jim Lareau
All right. So, I mean, I have to tell her that. Right. My background story is I'm a engineer by education from Rice University. You know, I'm. I'm from East Texas. I'm a fifth, sixth generation Texan. Okay. So I'm the son of an engineer, the grandson of an engineer and a trained engineer at Rice University. But I went to the dark side and became a Texas trial lawyer straight out of engineering school at Rice. So. And then in roll forward to about 1999, I started Syntheon. And we've been rolling pretty heavy since then. Now we're focused on the printer endpoint.
[02:17]
Darren
Wait, an engineer turned trial lawyer? Did I hear that right?
[02:22]
Jim Lareau
Yes, yes, I was. I played NCAA tennis, so it kind of, you know, scratched the itch of competition. Right. You know, there you go.
[02:35]
Darren
Well, all that, you know, that's the first time I've ever had an engineer turned lawyer on the show, so. You're first. You're unique, Jim. See, I knew you had a superhero.
[02:44]
Jim Lareau
Well, they're now up it a little bit. My wife's a trial lawyer. My three of my four children are now trial lawyers. So,
[02:54]
Darren
hey, is it the thrill of being in, in the debate, in the courtroom? Is that what drew you to it?
[02:59]
Jim Lareau
Well, it's a competitive environment. Right. You know, I mean, in that. And that leads into what we're talking about today. But it's a really competitive environment. You have adversaries that are well funded and experts and, you know, controversy that you got to convince someone about to do something, you know, and there's usually a lot of money in the. That's how we sell our. It's, we call it fight club, basically. You know, it's, it's how we settle our disputes in a civilized country.
[03:29]
Darren
Civilized guy. Yeah. No, there you go, man.
[03:31]
Jim Lareau
Right. I mean, it's, it's the form of conflict resolution.
[03:37]
Darren
That's awesome. All right, so where would you were going to talk about something that a lot of people think it's kind of like old school and. Oh, and it's printers. I mean, I, I remember in the late 90s when email was just, just starting to just go crazy in the early 2000s, it was going to be the death of Xerox completely. It was going to kill printers, it was going to kill copy machines, it was going to be the death of, you know, paper industry. That, that was going to happen. That's what everyone was saying. And you're telling me that's not the case at all, is that correct?
[04:20]
Jim Lareau
Correct.
[04:23]
Darren
So, I mean, that's, that's a little earth shattering, right? Because
[04:30]
Jim Lareau
let me give you a number. During. Okay. Across all enterprise, all industries, printers, current day 2026 account for 20% of their network endpoints, their known network endpoints.
[04:44]
Darren
20%.
[04:45]
Jim Lareau
20%. In healthcare, we're heavily focused in. It's infyon in the IDN space, the provider side. It's, they're, they're 20 plus percent on some of them and they're critical in the critical workflows. So it's a, it's a benign thought of as a benign endpoint, but it's in, you know, it's a complex business machine that's sitting out there unprotected.
[05:10]
Darren
Yeah, I was going to say, I mean, what's, I mean, 20% is huge because if you look at all the endpoints, especially like in my house, no, I have a printer sitting behind me. Right. I mean, but in my house I have 72 endpoints in my house. That's crazy, right? Because I'm a technologist.
[05:32]
Jim Lareau
You clearly are, Darren.
[05:36]
Darren
Because endpoints can be nowadays Iot devices, they can be laptops, they could be desktops, switches. There's a lot, there's a lot out there. So 20% is quite substantial. And you're saying that these are not passive devices, like we kind of pretend like they are. Right. Oh, I just hook them up and people don't even know that you used to hook a computer up directly to a printer. But people don't even know that anymore.
[06:09]
Jim Lareau
Well, they still do in some aspects with the USB plug, you know, those, those are not on the network. Those subsume the network protection of the device they're plugged into. But our fleets that we're protecting, you know, and governing for customers range, some of them over 30,000 printer endpoints. So it's a complex endpoint to be managed, especially since 99 of them are outside of protection. They're not. They're unprotected. You put that together with the stuff that we're hearing right now, like Stryker and all this other, you know, AI, agentic AI attacks on the perimeter, the edge and the valuable quarry that they can get from a printer or access they can get, and you've got a recipe for disaster.
[07:01]
Darren
Yeah. Okay, so let's talk about this as an input. I remember when I was in college that we could tap into other people's printers and print stuff out on their printers over the Internet. I remember the first time that we. I didn't call an attack, but we had some fun with some other sysadmins at another university. When we figured out their IP address where their printer was, we dumped like black pages onto the printer. Right. That was mean. Right. But this is not the kind of attack you're talking about. Right?
[07:38]
Jim Lareau
Well, that's part of it. I mean, so we give some numbers, we give 20% of the endpoints, 99% unprotected. All it takes is one to compromise your whole network. Okay. And then 360 degrees, because the threat landscape for a printer on the Network is really 360 degrees. It can be what you're talking about coming in from outside the network. It can be from internal network, it can be physical access, it can be hard drive access. It could be access from the systems that it has to communicate with, like email or ldap or you got a technical audience, right? LDAP or, you know, the file server system because of all the functions that this business machine that should be sitting in the glass house with the other servers, with the system administrators, you know, it's sitting out in the middle of a floor on a hospital, sitting at factory default, and nobody knows where it's at. So, you know, you got the guys managing the toner and the brake fix, but they're not, they're not dialed into firmware and certificates and configuration management, password manage, none of that.
[08:57]
Darren
Yeah, you hit an interesting point, because when I look at my printer that I have, it has a USB port on it. I could easily upload a virus onto my printer, but then scatters across the whole network a lot easier than I thought. And you're right. This is out in the open, in
[09:15]
Jim Lareau
the public, and they usually have multiple USB ports and they're not turned off. They're turned off for data access. And you know, I mean, not deliberately turned off. You know, back to your, your college day example in 2015. Okay, Darren, here's where we're at. I'm. I'm talking to guys like you, going around preaching the gospel of printer as an endpoint. Business complex business endpoint that something need to be. Needs to be protected and governed. Roll back to 2015. Okay. In 2015, these. Several hacktivists went different ones for different purposes, went to Showdown. You know, the, the hackers. The hackers hit list of everything is exposed on the Internet. And one guy pushed out anti Semitic material to 150,000 printers coast to coast, mainly in like what you're talking about in College in the EDUs, right. So, you know, higher ed. Did that wake anybody up? Not really. You know, the manufacturers, they built in all these great features to harden the devices and they're just not being used because the operational aspect of using those may cause outages and disruptions and things like that in the unlearned hands. So we've got, we've got other ones where they did like one. One group, Cyber News picked the first. They found 800,000 just in the cursory look on Shodan and printed out how to protect your printer manual on 28,000 of them. Okay, So I mean, it's. And then you had another kid promoting some, some YouTube channel doing the same thing. You know, I mean, it's just. Those are just the ones that are on show, Dan. You know, I mean, not the ones that open the perimeter now and you know, zero trust and identity is the new edge. Those concepts are lost on, on the printer. So.
[11:22]
Darren
So why do you think, why do you think that is? Because I.
[11:26]
Jim Lareau
This why it is.
[11:28]
Darren
Yeah, why is it, Jen?
[11:29]
Jim Lareau
Okay, because of the origins of what you just said. The origin of the printer is as business equipment that's procured from like in the hospital IDNs, supply chain procurement owns the endpoint, or they own the endpoint from buying it and the service around it. And we're talking tens of billions of dollars in the market for managed print services. Okay, that sell the hardware, sell the toner, sell the fix of the device. You know, those Kind of things, the management to drive the cost out of the, out of the print service, okay? But they've grown up and they're procured like rubber gloves and syringes and they're, you know, let me tell you, Darren, a multifunction device, okay? Every endpoint, a printer, anything makes the image electronic or otherwise. But a multifunction device has a built in web server. It has a built in email server, a fax server, a FTP server. It's got a huge hard drive. It's sitting with all these business enabling ports, protocol services that now allow remote control and remote communication. And they're all sitting wide open and it's got a giant hard drive that has the capability to wipe and encrypt and protect the device. And it's, it's not being utilized. Right.
[12:57]
Darren
You know what? This, this reminds me a lot of the research I did from my PhD on critical infrastructure. Same problem. And it comes from that same mentality as so because critical infrastructure is very much like a printer, right? It controls the real world, right? And it's got memory and it's got hard drives and it controls actuators and if I look at a printer, it's got motors and actuators. So it's very much like an operational technology or an OT device. So yes, you know, it's kind of maybe the poster child of, of what's wrong with critical infrastructure and cyber security.
[13:38]
Jim Lareau
Well, we use it. We use the analogy. My analogy, Darren, is that in the Internet of Things world, okay, yeah, it is the top of Mount Everest as far as the most mature, most configurable IoT endpoint. And it, it is. Manufacturers have competed on features to build in business. I hear now they're going to put AI in the printers. Okay. It's like, oh man,
[14:07]
Darren
now I've got, now I've got a rogue AI sitting there unprotected.
[14:12]
Jim Lareau
Yes, they're phone and home to the manufacturers. We get on accounts and we see that where's this activity coming from? This printer and it's phoning back to its manufacturer or its managed print service provider and unauthorized unwatched communications off network. So I mean, it's the absolute Mount Everest. And we believe that the rest of IoT is headed to that place from their building configurability. Like we're doing IP cameras, power supplies, things like that. OT follows suit too. OT is a little different. But you know, you guys out in California, y' all were the first to one of the first states to adopt mandatory administrator password resets and IoT devices. I mean, so, so the IoT nature is where we come in. Okay. Because a typical print fleet has older devices, it has newer devices, it has different. Different manufacturers, different models.
[15:14]
Darren
I was going to say it's probably a big mess of heterogeneous hardware,
[15:20]
Jim Lareau
but the manufacturers have the voice, they have loudest voice and they only talk about their brand. So we come into a fleet and some of them like end of life device where it's not supported with firmware anymore. It's about five years for a regular printer and seven for a thermal printer. And then like in the healthcare, 20% of the endpoints are thermals. Because the wristband. Think about. It's where.
[15:46]
Darren
Oh, yeah, where they're creating the little wristbands. I didn't even think of this.
[15:49]
Jim Lareau
Well, digital, okay? Digital. Embracing digital transformation. It's the last mile where digital meets the physical. Think about it. You go to the hospital, they can't admit anybody without having the printers. I mean, I'm, I'm a. I get a scan last year, okay. And I got this, I got this app. So download this app. Okay? Top hospital here in Dallas and download this app. Okay? Fill out all this stuff. Took me about 10 minutes or something like that. I'm thinking, great. You know, I go over there at six o' clock the next morning, I'm good. I show up, show them my id, it's me, all good. I get there and they hand me all these wet consents that I have to sign. They're printing them out and they've got like six bays going. The same thing, multiple printers and scanners, after I sign it, to put it back in. And then wristbands and then the labels for specimens or whatever they're doing. Pharmacy, emergency department, it can. Our hospital cannot operate without the printer. So it's the, it's still embedded in the revenue, at risk of workflows, you know.
[17:08]
Darren
So I have a question about the printers. Is, are the printers more like a data diode where the data only goes in? Or if I get access to a printer, can I impact other devices on the network?
[17:24]
Jim Lareau
Oh, you're good. You're good, Darren. Okay, so one of the ethical hackers out there in this, this is like the, the whole, you know, gut punch. Because think about, you come up, you scan something or you send it to the device and it emails it out to somebody. Right? Or you scan it to the file or some other activity.
[17:46]
Darren
Yeah.
[17:47]
Jim Lareau
So that, how do those, how do those printers communicate with those other enterprise systems?
[17:54]
Darren
How did, how does that sending data, right? Yeah.
[17:57]
Jim Lareau
User authenticate on that printer. Okay. That printer has to have credentials for those other systems stored in it. So one of the ethical hackers, I mean that look, this is the throwdown 38 from the old cop days of, of you know, the auditors, they can fail their printers every time and they do, you know, and, and it's like the, the one of the guys that did at ethical hacker did a, a presentation and he's like, first thing I'm going to do is I'm going to go in there and most of the printers are set at factory default passwords are sitting out there on the network or password or 83456 or you can look it up by model. And look all that stuff out there, the AI knows it already. It's not, hey, I'm going to hide obscurity or something like that. The first thing I'm going to go do in there is I'm going to harvest, I'm going to change it where it's pointing towards my servers or I'm going to change it where I'm going to harvest the. In lots of times he says the credentials for the ancillary systems are stored at an administrator credential level. Okay. So they're stored as administrator. So I could go get that off a printer that's sitting out in the X ray department and nobody will even know it.
[19:22]
Darren
You know, I can totally clone that. I can totally clone that endpoint. Do whatever I want.
[19:27]
Jim Lareau
Yeah. So man, mil attack. So it's like, look, you know, that 360 degree landscape is unbelievable. The data theft possibility that, you know, we spend all this time talking about EFI and EPI and the healthcare community, you know, protected health information, personally identifiable information. This thing, these devices are repositories for that, you know, unless they're, they're cleaned. So it's, it's, you know that.
[19:54]
Darren
Okay, now that you sufficiently scared us, Jim, I mean is because you are talking about old, old there, there are old printers out there and, and there's a lot of heterogeneity out there. What, what can I do about this? I mean, is this a hopeless cause and I just get insurance for the ransomware attack that's going to happen or.
[20:20]
Jim Lareau
No, you'll get denied coverage probably. If you, it's going to ask you about your endpoints, your workstations in the underwriting and they're looking for. You have a big event. It's hard enough to get cyber insurance now, right? I mean it's really expensive. And the, the. If you had an event, it's, it's. It's really expensive. But the underwriting piece of it, you can't, can't fib in the underwriting because they'll use that to come denied coverage later. So, you know, it's, it's something that needs to be addressed, especially if you know about it and you don't want to be in the hot seat by some lawyer that's asking you questions in a different.
[21:00]
Darren
Especially one of your kids. Right?
[21:02]
Jim Lareau
Exactly, man. I mean, it's like, I mean, I see this and it's like, you know, I'm on the protect side right now, okay? So it's like, I see this and it's almost like, you know, you're, it's. It's like you're negligent by. De facto negligent because of. You're not taking care of this endpoint. Okay.
[21:22]
Darren
Do you think most people just don't know that they needed to? Do you think that's kind of the attitude?
[21:27]
Jim Lareau
Let me break down the problem. It's more complex than that, okay? It's an organizational problem, Darren. It's, it's really, it's really that. You know, we talked about how the printer endpoints have grown up.
[21:40]
Darren
Yeah. They do come with you. Procurement, right?
[21:42]
Jim Lareau
Yes.
[21:42]
Darren
Probably never even land in it.
[21:45]
Jim Lareau
Never in it. Okay. Even the endpoint people, it's not something, you know, rarely do we see that. And if we see that, they don't understand the IoT endpoint. It's so complex with the firmwares and everything. Infosec, man, those guys and gals are getting crushed, okay? They're getting blamed for everything. Everything's a priority and there's no budget. Okay, so what am I going to risk my political capital on to go ask for money to protect? Right.
[22:16]
Darren
Jersey. I know. It's good.
[22:18]
Jim Lareau
What am I going to do? Okay, so it's so, you know, our writings and our, you know, tools that we provide or help help them. The risk needs an owner. It needs an owner for the risk. It needs a budget for the risk, and it needs an enforcement standard and, and, and someone to audit that enforcement. That's the, you know, those are. That's like saying we're. We need to breathe air. Right? I mean, those are. It's something that needs to be addressed. We have ways to address that. But, you know, so your IT folks, it hits them harder because you're, I'm sure you had on your podcast where others have talked about identity based Networking. Right. You know, 1x and you know, identities the new edge and all that. Well, the certificates are pretty important in that, right? The security certificates, printers will be an outage issue if they're not included in that project to upgrade it, if they're not having certificates installed, validated, maintained. And we're shrinking our lifespans down to, you know, like 47 days or something like that for renewals of certificates. And the devices, just managing, yeah, just
[23:37]
Darren
managing those certificates could be a nightmare.
[23:40]
Jim Lareau
Oh my gosh, it could be so much money to cost. So we built a close. One of the things we just launched in January is a closed loop system for that. We're already on the devices. We, we solved this IOT nature of the devices with software that controls across all the, makes, models, versions, ages and firmwares of devices. Okay. And we put it in a managed service so there's no operational lift for the customers, made it an affordable price, so it's easy for them to adopt it. Right. Well, that, that right there is a closed loop service for the certificates or where we go gather the information for the CSR off of the device and we have to be able. The software logs into it, gets it, identifies it. Is it even tls, you know, capable for the certificate, you know, the crypto of that company. Right. So, and then where is it going to apply? And we gather the csr, submit it to their ca, get it issued and put it back on, put it on the device and manage it.
[24:42]
Darren
A life cycle. So you, you, you put software in place that handles all that complexity. Yes, to make it easier for midsize companies and, and large companies too. I mean, if you're hitting hospital hospitals, right, they, they probably don't even have anyone that knows how to do that. You found a really interesting niche here, Jim.
[25:13]
Jim Lareau
I mean, we're kind of like Mike Rowe, Darren, you know, Mike Rowe, the dirty job guy.
[25:18]
Darren
Oh, yeah, yeah.
[25:20]
Jim Lareau
We're, we're not that we're dirty or anything, but it's, you know, it's, but
[25:25]
Darren
you're dealing with the real world stuff, right?
[25:28]
Jim Lareau
It's, nobody wants to do it, they don't want. I mean, they have some options of continuing to do nothing, ostrich head in the sand, right. Or to try to cobble together different OEM software, staff it, maintain it, train them on it, license that software and hope they don't break anything, you know, and it, and then a lot of times we see where they'll put the printer on the, on the network, configure it. One Time and we call that set and forget. And it's the change. You know, you put that with the, the industry habit. You know, like we've been, don't click on the email. The, the human behavior, quote, unquote, man, don't touch it. You know, all these warnings and everything. Well, the human behavior of the print industry for 40 years has been to reset to factory defaults after a service. Okay, clean it out. Yes.
[26:24]
Darren
Now, I did not know that. That is easy.
[26:27]
Jim Lareau
It's an ingrained human behavior of the industry. No fault of theirs. It means like, it's like, oh, they've
[26:34]
Darren
been doing it for 40 years, right?
[26:35]
Jim Lareau
Yeah, yeah, it's like your USB. Nobody's really cared. I mean, it's like, man, I can't log into this device. The password doesn't work because it's a Canon or Xerox or HP password. And it's like, no, man, that's been hardened and it's been changed every 90 days and the settings are busting you on the timeout tries and all the, you know, strength of the path, all that's changed. And it's like, you know, man, they don't want to do that because it's, it costs them more money. Right, Right.
[27:03]
Darren
Yeah, because, yeah.
[27:04]
Jim Lareau
So there has to be an owner assigned, a budget assigned, and an enforcement of a standard. And on this endpoint.
[27:13]
Darren
So this, this is really, this is really interesting because you're not dealing with technical problems, you're dealing with cultural and people problems that are in the industry as a whole and not just in one vertical, not just in like healthcare or manufacturing. This is across, this is across everything. Because it is. Everyone says, hey, I plug in my printer and it works. You know, configure once and forget. Right? That's exactly how it always has been. And so how. What are you guys doing to educate the world on this? Because this is besides coming on my podcast.
[27:48]
Jim Lareau
Because, you know, your podcast, the world is listening to you and no, we're, we, you know, I do. We're heavy on LinkedIn, educating. We've done, we've done white papers, Darren, to give to the, the chief information security officer, the information security officers that they can take to a board that is. Breaks it in terms of revenue at risk from an outage or an incident. Revenue risk, operational cost increase, regulatory cost, the data cost of the data that's. That's compromised. And all the, you know, all the long tail of all that stuff, the, the third party costs, a lot of lawyers, all that stuff, you know, and compared it to what we cost. It's like, you know, even in action, it's nothing, you know. So what we did is we put our price at a, at a, At a modest amount, all inclusive, no implementation fees. We do it all, we put manage PMO with it because you know, we have to. They don't know what to do. They don't know what to do and we gotta fit in. Everybody's IT ecosystem is like we're all humans, right? But we're all different and we're all, you know, some of them have the devices in change controls, some of them, you know, and some of them had never heard, man, I talked to CIO of a huge system, you know, what do you do? Hey, Jim LaRue, print security. What are you doing? Hey Jim, great to see you. I said what are y' all doing about printer security for your print flip, man? What do you mean do we still have printers? You know, and this guy's got, it's got 30 hospitals and it's like, you know, man, you know, he knows that, but he knows they think that they've got it covered with the managed Print Service Group group or something that's doing the tone in the break. So we're, man, we have to talk a lot Darren, about it.
[29:43]
Darren
Well, hopefully, hopefully this podcast will get out there because you know, when we first talked about this I thought this is interesting. But now you've, you've kind of rewoken my dissertation on my, my Ph.D. dissertation 100 because yeah, that's what I found was it's a cultural issue and we're seeing it in droves in the printer market. If people want to contact you, Jim, or want to find out more, where do they go to do that?
[30:10]
Jim Lareau
100% go to Symphon.com and hit the take action now button. S y m P-H-I-O-N.com Take action now. Set up a one on one. I personally or somebody else who's senior will go through, you know, we'll go through what are their issues. It's a briefing, it's 45 minutes. And they'll come away with a world of information including cost. And we'll talk about how to fit it into their it, you know, what are their constraints. You know, it can be someone in supply chain, someone in it, someone in. Is a cfo, anybody, you know, we got the materials to help them get the consensus to get the buy in, to get the budget.
[30:53]
Darren
Well, this sounds really important and Jim know, thanks for coming on my show this has been a great, a fun time and highly educational. I learned quite a bit.
[31:03]
Jim Lareau
Well, thank you for having me.
[31:05]
Darren
It sounds like there's hope. There's. As long as I take some steps to move forward which, you know, with you guys, you guys have a full package. So I kind of like that approach.
[31:16]
Jim Lareau
We're the leader in the mark. We're the only one doing this, Darren, in, in the market right now. The other options are inferior. You know, we base it on the technology, but it's more a programmatic approach to this. You know, it's a, it's a, it's a measurable, includes documentation, everything that you would want to include for basic cyber hygiene. It's a standards based program. So we could take it from starter kit, you know, just inventory and password. Some customers want to do that. You know, we closed one last week with 7,000 printers with just. They just want to do inventory and passwords, you know, all the way to the most stringent DoD standards that are out there and cadences for patching and certificates and all that and reporting, you know. So we built a management consulting arm in there. So we're helping them make decision. It's like the old cafeteria. You go get the chicken fried steak or the roast beef or the fried chicken. You know, you get to choose what you want from lessons learned and proven
[32:17]
Darren
from what you guys have done. I, I think that's, that's super cool. Jim, thanks again for coming on the show.
[32:23]
Jim Lareau
See you next time, man. Thank you.
[32:25]
Darren
All right,
[32:28]
Podcast Host
thanks for listening to Embracing Digital Transformation. If you enjoyed today's conversation, give us five stars on your favorite podcasting app or on YouTube. It really helps others discover the show.
[32:39]
Darren
If you want to go deeper or
[32:41]
Podcast Host
join our exclusive community@patreon.com embracingdigital where we share bonus content and you can always connect with other change makers like yourself. You can always find more resources@embracingdigital.org until next time, keep embracing the digital transformation.