AI Is Both the Problem and the Solution—This Cyber CEO Explains Why | Ep. 224 with Scott Alldridge, President and CEO of IP Services - Founder's Story

Summary5 min read

Founder’s Story: AI Is Both the Problem and the Solution—This Cyber CEO Explains Why | Ep. 224 with Scott Alldridge, President and CEO of IP Services

In episode 224 of "Founder’s Story" hosted by IBH Media, Scott Alldridge, President and CEO of IP Services, delves into the intricate relationship between artificial intelligence (AI) and cybersecurity. This in-depth conversation explores the challenges and strategies essential for sustaining a business in the fast-evolving tech landscape, the dual role of AI in cybersecurity, and the creation of a pivotal resource for businesses aiming to bolster their security measures.

1. Sustaining a Business Beyond Two Decades

[00:01 - 00:30]

The episode kicks off with host Daniel highlighting the daunting statistics surrounding business longevity, noting that "most companies fail within two years, five years, and it's like 90 something percent of companies do not exist after 10 years." He turns to Scott to uncover the secrets behind his company's impressive 20-year tenure.

Scott Alldridge responds by emphasizing the importance of reinvention:

“The big key there is, is basically being able to reinvent yourself. And I think that's one of the challenges that's really hard to do... we are constantly evolving and figuring out how to deliver the next... generation of services.”
[00:30]

Scott attributes his company's enduring success to the ability to adapt and innovate continuously, avoiding the pitfalls of stagnation that often lead to business failure.

2. Staying Ahead in a Rapidly Evolving Tech Landscape

[01:22 - 02:49]

Daniel raises a pertinent question about keeping pace with the relentless advancements in technology, especially from the dot-com era to the present day. Scott outlines a multifaceted approach to staying at the forefront of technological innovation.

He highlights the role of continuous research and strategic partnerships, particularly through his sister division, the IT Process Institute:

“We use a methodology called zero trust and there's multiple layers as how we deploy zero trust to protect organization.”
[01:41 - 02:49]

Scott explains that being deeply entrenched in the tech industry facilitates the assimilation of new information, further bolstered by proactive research and collaboration with organizations that drive technological advancements.

3. AI and Cybersecurity: A Double-Edged Sword

[03:15 - 05:16]

The conversation shifts to the intersection of AI and cybersecurity, a critical area where AI serves both as a tool for defense and a weapon for cyber threats. Scott draws an analogy to the traditional antivirus arms race:

“AI is, can be used both for the good and the bad... we have to utilize the latest technologies to keep up with the bad actors, but also understand that there are foundational layers of security.”
[03:15 - 05:16]

He elaborates on how malicious actors leverage AI to execute sophisticated, multi-tiered attacks, creating a complex "cat and mouse game." Conversely, cybersecurity professionals deploy proactive AI solutions to defend against these evolving threats. Scott underscores the necessity of foundational security layers, such as the zero trust methodology, to ensure robust protection.

4. Crafting a Comprehensive Cybersecurity Resource: The Visible Ops Series

[06:04 - 08:33]

Daniel segues into discussing Scott’s foray into authorship, particularly focusing on his acclaimed Visible Ops book series. Scott shares the inspiration behind his extensive research and subsequent publication efforts:

“If they can glean something to book... our research and the backdrop to promote the type of services that those vendors actually provide.”
[06:04 - 08:33]

The Visible Ops series, now spanning over 350,000 copies, aims to disseminate best practices in IT management and cybersecurity. Scott’s latest installment, "Visible Ops Cybersecurity," offers practical methodologies, including zero trust, tailored to enhance the cybersecurity posture of both small and large enterprises. The book distills complex cybersecurity concepts into actionable strategies, adhering to the 80/20 principle—where 20% of efforts yield 80% of the benefits.

5. Achieving Remarkable Book Sales Through Strategic Partnerships

[08:33 - 09:06]

Addressing the impressive sales figures of his book series, Scott attributes this success to a combination of altruistic goals, integrative business strategies, and strategic vendor partnerships. Collaborations with industry giants like HP and Red Hat facilitated widespread promotion through conferences and bulk purchases, significantly boosting the book’s visibility and reach.

“My book just became an Amazon bestseller... we are seeing that activity kick up like we've seen with the other books and hopefully start to really take off over the next few months.”
[08:33 - 09:06]

These partnerships not only enhanced book sales but also reinforced the practical applications of the book’s content within Scott’s business services.

6. Current Cybersecurity Threats and Essential Best Practices

[11:31 - 13:36]

Scott delves into the pressing cybersecurity threats that businesses face today, emphasizing that no organization is too small to be a target. He discusses the alarming rise of sophisticated ransomware attacks, including ransomware franchises that operate with professional toolsets and payment processes designed to evade detection.

“No business is too small... every business should have tried. And true immutable, separated backups that are tested regularly.”
[11:31 - 13:36]

Key takeaways from Scott’s insights include:

Assume Breach Mentality: Organizations should operate under the assumption that breaches will occur, necessitating robust backup and disaster recovery plans.
Immutable Backups: Implementing backups that are disconnected (air-gapped) and encrypted to prevent attackers from accessing them even if they infiltrate the network.
Zero Trust Architecture: Employing multiple security layers to protect organizational assets, ensuring that trust is never implicitly granted and always verified.

7. Accessing the Visible Ops Cybersecurity Book and Final Thoughts

[14:37 - 15:06]

As the conversation wraps up, Scott provides listeners with guidance on how to obtain his book, directing them to his personal website and Amazon:

“You can order the book right there through an Amazon link that's there. You can go to Amazon and just type invisible off cybersecurity.”
[14:43 - 15:06]

Host Daniel encourages industry professionals and business owners alike to read Scott’s book to enhance their cybersecurity measures, fostering a safer business environment.

Episode Takeaways:

Adaptability is Crucial: Continuous reinvention is essential for business longevity, especially in the tech industry.
AI's Dual Role: While AI enhances cybersecurity defenses, it also empowers cybercriminals, necessitating a balanced and strategic approach.
Practical Resources Matter: Comprehensive guides like the Visible Ops series provide invaluable strategies for businesses to bolster their cybersecurity posture.
No Business is Too Small: Every organization, regardless of size, must prioritize cybersecurity to protect against evolving threats.

Scott Alldridge's insights offer a compelling perspective on navigating the complexities of modern cybersecurity, emphasizing the importance of proactive measures and continuous learning in safeguarding organizational assets.

Loading summary

Transcript18 lines

[00:01]
A
So Scott, something that I've noticed that is a very, very hard thing to get in business is to be in business for over 20 years. I was reading some stats that most Companies fail within two years, five years, and it's like 90 something percent of companies do not exist after 10 years. What has been something that you've done that's been enabling you to, to be able to be in business over 20 years?
[00:30]
B
Yeah, well, thanks for having me, Daniel. And yeah, being in business for 20 years, it's actually been a little longer than that. I was actually kind of a teen entrepreneur when I started 19, my first business. But the big key there is, is basically being able to reinvent yourself. And I think that's one of the challenges that's really hard to do. Sometimes we get into norms and we get very hyper focused and myopic and we really aren't looking at what is the next potential shift in how we deliver service or what services we are delivering. And of course in technology it's an ever changing world out there. So we are constantly evolving and figuring out how to deliver the next, you know, kind of the next generation of services. So that's been a big, big part of the, I say success quotient, if you will, for establishing and longevity of 20 years of business us.
[01:23]
A
I imagine if you're in a technology focused business and technology is advancing at a, a rate that's. I don't know if we can even keep up mentally right now. It's so fast. How do you stay at the front and at the forefront? I mean you, you went through like the dot com era all the way to now.
[01:42]
B
Yeah, the Internet was just becoming a thing when we, when we first launched into some software, software, retail stores, that kind of thing way back in the day. But the idea there, staying up on stuff is first off, when you've kind of lived in this space and it really is your career and it's what you do, it is a little easier to assimilate new information, be able to take it in, understand it. We live in a world of acronyms like a lot of industries. So it's not quite as difficult to stay up on stuff if you're living it every day for years and years. However, with that said, yeah, constant research, constant looking for kind of, you know, working with organizations that do research that we partnered with. I have a little sister division that's called the IT Process Institute. So we do some research and development, really research, benchmarking and prescriptive guidance which is a little bit where the books and the thought leadership comes from. So that helps us stay at the forefront, kind of at the tip, if you will, of what is the latest technology landscape, digital transformation, how are you ready for it? And of course, in today's world, it's all about cybersecurity and artificial intelligence.
[02:50]
A
So how are you seeing the coming together now more mainstream? Because I'm sure it's been that way for a while, but it's becoming more and more mainstream. And now you had gen AI and stuff and I'm sure there's so many cybersecurity threats that are happening. How are you looking at AI now, cybersecurity, those two things morphing and merging as what could be a challenge or what could be a benefit?
[03:15]
B
Yeah. So not to oversimplify it, but it's a little bit back to the antivirus days where we get an antivirus piece of software to keep malware off our machines. And it would do a really good job. Whatever flavor you use, there were lots of them out there, Symantec, you know, antivirus, et cetera. And then of course they have an update you need to do because they figured out, you know, how to inject new malware that would go around the anti malware. And so it became a cat and mouse game. And you know, that's a little bit where we're at modern day with, you know, cybersecurity and particularly, you know, AI. The, you know, AI is, can be used both for the good and the bad. So the bad actors and the threat actors are using AI in ways they never have before. They're getting really smart. They're able to launch multi, you know, tiers and points of attack that they weren't capable of doing in the past. And that is definitely creating challenges in cybersecurity and cnapp. However, we also have the deployment of the proactive AI that's actually looking and defending at a much faster, higher rate. So we're kind of back a little bit to the cat and mouse game, chasing each other as to which one's doing what. But at the end of the day, good cybersecurity really is not necessarily about the next shiny toy or the next cool tool or even AI per se. Even though we're having to get better about AI itself, because even employing AI for other purposes in your organization can actually open up cybersecurity threats you may not have even thought about. So that's really kind of the tip right now of cyber security is really how do we know that the AI that we're introducing into our organizations is secure because everybody's trying to use it to be more efficient. So long answer. But the short form is, yeah, I think we have to utilize the latest technologies to keep up with the bad actors, but also understand that there are foundational layers of security. There's no point based one thing you can do, it's always layers. We use. We use a methodology called zero trust and there's multiple layers as how we deploy zero trust to protect organization.
[05:16]
A
I think it's good to have a business that is always changing. I think that, you know, if I look at what companies have survived over long periods of time, there's a lot of companies that have been dying the last few years and they're not really companies that had changed or they didn't adapt, they just kind of continued. But we're seeing, you know, tech companies and companies that are, that are adapting very quickly are the ones that are continuing to survive. Like you over 20 years in business. So you're in business over 20 years and you're in cybersecurity. And for some reason you're like, I'm going to write this book. What made you inspired, inspired to even write a book and how that was going to play into entrepreneurship or building your personal brand or whatever you hope to achieve from that book?
[06:04]
B
Yeah, great question. The reality is that as I referred to earlier, we really had spun back in the mid-2000s, kind of the IT process institute to really research and benchmark and deliver prescriptive guidance. There's kind of a lack of that. It's matured over the years to some degree, but there's still in it. It's kind of like Mike does it one way, Sarah does it another way. What is really the best way? What is the best practice? And so that's really where we camped with our research and borrowed research and partnered with research to find out that there are some foundational controls, processes and how you do things that really drive high performance in IT management. Interestingly enough, a lot of that came back to this one study that said that all IT failure, downtime, you know, lack of availability or issues in it is correlated. And this is 75%, 80% between them and between there, depending on which study is correlated to some unapproved, unauthorized, untested change. So the working thesis became let's do really good change management around how we do it and how we implement changes where we allow them to happen. And what we've come to find out more recently is that actually no security breach will happen without A change or a need for a change? Either I convince somebody by socially engineering them to become them or hack in or, or I just brute force hack in and I change something to be able to siphon data, to get personal data, you know, confidential data information, that kind of stuff. So that's the background and kind of living in that world for many years and that research and kind of having that insight really kept me thinking about how the earlier books and the core of what we call IT processes and IT process efficacy, which is the third chapter of my book, still applies to cybersecurity today. So I had this kind of brainstorm. We noodled on it for a couple of years, spent about eight months to really author the next version of the Visible Ops series of books. We did one called Visible Op security like over 10 years ago. This one's visible of cybersecurity because we didn't call it cybersecurity back then. And in this particular book I get into some very specific applications, if you will, methodologies, zero trust, as I referred to before, really giving practical guidance for how small companies and large companies can both sizes. Right. Smaller enterprise can actually use these methods to seriously increase their cybersecurity posture, make huge advancements. A lot of the things I refer to are kind of 80, 20 rules, if you will. 20% of the effort can give you 80% of the benefit and protection against the bad actors, the threat actors really enhance your cybersecurity. So that's the background on the book.
[08:34]
A
Generally speaking, you write this book series, you got the series now over 350,000 copies, which is insane. Most people sell like 200 copies. So to sell, you know, six figures of copies is very, very challenging. What helped you in that time because you're not like a full time author that's only focused on books. You got this business and then you have the book and then you have all these things, you know, supplementing each other. But what has been helping you in terms of getting your book out there and getting it heard?
[09:06]
B
Yeah, there's and you know, the IT Process Institute and the series of books, the Visible Op series really is somewhat of an altruistic goal. Raise the tide that floats the boats in terms of IT management, best practices, cybersecurity. We want to help everybody do better. And so if they can glean something to book. So first off, there's altruistic goal, right? Just we really want to help businesses across the US and the globe really increase, enhance against the bad guys. That's the first goal. The second Part of the book and what's kind of helped it is that it really is part and parcel to the types of services that we deliver. We kind of are the living breathing Visible Ops organization. That's kind of how we deliver our practice and our service around cybersecurity. So it helps my organization both internally, my people read and learn from it, we train in it. We actually have some online certification training for Visible Ops you can actually have access to. So there's a lot of things that are around the book that kind of feed off of kind of the ecosystem. But also we early on had partnered with several vendors, larger vendors, hp, Red Hat, some of those types of vendors, to help us promote the books. And so they actually would buy thousands of copies of them and help promote them through conferences and through different activities that they were doing to promote their businesses. Because a lot of the principal concepts and the principles of the book are really very simpatic, you know, simpatico, if you will. They, they complement the service. The types of software and services around security really gives the research and the backdrop to promote the type of services that those vendors actually provide. So that's. The vendor relationships also help really promote the book as well, besides, you know, being a part of our business. And of course it things at some point take on a little bit of a, if you will, viral. And so my book just became an Amazon bestseller. It's starting to get a little viral now. So we're seeing that activity kick up like we've seen with the other books and hopefully start to really take off over the next few months.
[11:03]
A
This is a very unique perspective on, on a book because many people, they write a book and they hope it builds their personal brand because maybe they want to speak. But the fact that you're, you're taking the book and then leveraging that within the organization and then also connecting that to other corporations, that's a very unique spin when you go. When you think about cybersecurity, what right now do you feel are like the biggest threat, threats that businesses need to know about?
[11:31]
B
So couple of things there. I could talk on and on about this one, but the first thing I would say is that no business is too small. The last couple of years, they're going crazy downstream to small organizations, you know, companies that Maybe only do 500,000 worth of sales, believe it or not. So a lot of belief out there is, well, we're just not a target, we're too small. They wouldn't want. They're not interested in us, but they are and, and they'll take five grand, ten grand. The other thing is that they're highly sophisticated, not only using AI, but ransomware. Franchises is a real thing. You can actually sign up for a franchise, they give you a tool set. If you're a smart high schooler with computers, you try to hack in, you get maybe a little bit into their network, you can then partner with the franchise, they'll come in and then they split the proceeds on the ransomware. It's that sophisticated. Then when you go to pay, they don't just have you pay some way, they actually send you their call center and their call center will take your payment. They want to convert typically crypto currencies into dollars because they don't want to be traced. So this is the world we live in. The threats are everywhere and they're going way downstream. One of the first principles we talk about with all companies that we work with is assume breach. Because if the bad guys really do want to get in, they generally will find a way to get in. About 99% chance. That's why we see some of the big, big corporations that have every tool deployed and all the experts in the world, and yet they're still getting hacked for millions of dollars. So the point is we start with assumed breach, which means you have to have backup and restore and what we call immutability, where your backups are not even connected to your network, they're privately, securely encrypted and stored so that when the bad guys get in, what they typically will do is they'll not only encrypt your current systems, but they'll find where your backups are, they'll encrypt those, and then people can't restore and then you're stuck and you have to pay. So the first principle, and I'll just give the one, is working on true business, business continuity, business disaster recovery, business backup and restore with immutability, air gapped backups. That's a really important principle. But there's a couple of things right there. No business is too small. That's the world we live in now. And every business should have tried. And true immutable, separated backups that are tested regularly.
[13:36]
A
I watch these YouTube videos where these hackers hack into these scam call centers and then they, they, they actually revert it back to them. Is very interesting. Yeah, I'm, I'm shocked. And I've listened to these calls and the sophistication I've been, It's happened to me before. I thought the same thing. Like, no, I'm too small. No one's going to reach out to me. And they did. And it took like a year before I even knew that we were sending money. The money was going to the wrong person, not us. It was a disaster. So, Scott, I could see that not only corporations, other IT companies, but even businesses need to read the book. And cybersecurity might be, you know, one of the things that we need to focus on that we are not focused on. We're always profitability, hiring, leadership. But many times business owners are just not focused on these threats. But Scott, if you want to get your book, hopefully there it is, the visible ops. Maybe you saw another half a million.
[14:37]
B
That'd be great. Yep. Thank you for the time. I really appreciate the energy.
[14:43]
A
How could people get the book?
[14:44]
B
Yeah. So my Author's website is scottaldridge.com S C-O T T A L L D R-I-G E.com and from there I've got links to the IT Process Institute, to IP Services, my company. But you can order the book right there through an Amazon link that's there. You can go to Amazon and just type invisible off cybersecurity. It'll pop right up. So Amazon's the best way to really get the book.
[15:06]
A
Scott, this has been great. Thanks for sharing. Today I learned something. I'm going to go back now and see what changes I can make. And I might need to just read that book. Scott, I think I need to read it. I hope everyone who's in the industry gets to read it too. And we can all be, we can all feel safer and not keep belonging these people, you know, to continue being a threat to us. But Scott, this has been great and thank you for joining us today on Founders Story.
[15:30]
B
Awesome. Thank you.