00:00:06 welcome to cyber talk radio I'm your
00:00:09 host Brett Hyatt a 20-year internet
00:00:11 security veteran and joined this week by
00:00:13 Larry Romo
00:00:14 he's currently a candidate here for
00:00:17 district clerk in Barre County he's got
00:00:20 a long and storied a career background
00:00:21 and we're gonna be talking public sector
00:00:23 cybersecurity this week Larry thank you
00:00:26 for agreeing to join us they can
00:00:28 appreciate the opportunity to be here
00:00:30 I'm looking forward to our discussion
00:00:30 yeah so go ahead and share with our
00:00:33 audience your background and uh how did
00:00:36 you one learn a little bit of German and
00:00:38 then to end up here on this cyber talk
00:00:40 radio program today well thank you again
00:00:42 and my background is I'm a native San
00:00:46 Antonio warna raised here I went to
00:00:49 highlands high school and had the good
00:00:51 fortune of being first to go to college
00:00:53 for my family I went to the United
00:00:55 States Air Force Academy I got my
00:00:58 Master's tonight school in education but
00:01:00 one of the most interesting things that
00:01:01 I have to say is the technology that has
00:01:04 changed my lifetime and we were the last
00:01:08 class at the Air Force Academy to be
00:01:09 issued slide rules there you go the next
00:01:12 class got issued calculators that were
00:01:15 quite expensive there Texas Instruments
00:01:16 I think they cost like $140 for a basic
00:01:19 one back then yeah and now the cadets at
00:01:22 the Air Force cow and you get issued the
00:01:24 top-of-the-line personal computers they
00:01:27 have all kinds of functions that they
00:01:29 can do so it's amazing all the
00:01:31 technology that has changed I retired as
00:01:35 a lieutenant colonel from the Air Force
00:01:36 Reserves and I remember the basic
00:01:39 computers coming out around 1980 the
00:01:42 updated computers the scene of z1z 100's
00:01:47 and now they have the top of line
00:01:49 computers Dale's and other other ones
00:01:52 that they use but also I've almost
00:01:55 realized that computer security is very
00:01:57 important because I was a federal
00:01:59 employee and I got credit for a little
00:02:02 burr 40 years of federal service and one
00:02:06 thing about federal employees most
00:02:08 agencies they are all agencies now have
00:02:10 to they have to make sure they have
00:02:13 proper computer security training and
00:02:15 proper cybersecurity processes
00:02:18 and I knew when I worked at Fort Sam
00:02:21 Houston and I was appointed by the
00:02:22 President stated nominated by Congress
00:02:24 to be the director of Selective Service
00:02:27 where I serve seven years to two months
00:02:29 that from day one cyber security
00:02:31 computer security were important parts
00:02:35 of the process and that the ones that
00:02:39 could get you in the most trouble yeah
00:02:41 absolutely and I mean it's you we were
00:02:43 talking a little bit before we went on
00:02:45 air here about the OPM and that OPM hack
00:02:48 that happened a while ago your records
00:02:50 were contained in that along with
00:02:51 everyone else that worked for the
00:02:53 government and it's just it's
00:02:55 complicated when you've got this breadth
00:02:57 of systems you have staff turnover in
00:03:00 agencies on a pretty regular basis and
00:03:03 it makes these large complex systems
00:03:06 tricky to deal with so there's a series
00:03:09 of unique challenges on the public
00:03:11 sector cybersecurity side of things so
00:03:14 in is you even just look at large-scale
00:03:17 IT projects there's additional
00:03:19 complexity on the public sector side of
00:03:21 things as well I think we'll be able to
00:03:22 dive into one of the ones here in Barre
00:03:25 County a little bit later into the
00:03:26 program if you happen to be listening to
00:03:29 us live right now here on Saturday
00:03:31 evening I had congressman Hurd on the
00:03:34 program where we talked more about
00:03:35 public sector at the federal government
00:03:38 level along with that OPM hack you can
00:03:41 listen to that on our archives on our
00:03:43 website at wwlp.com or as well if you're
00:03:47 a an iPhone or an Android user on your
00:03:50 favorite podcasting app they're on
00:03:52 either of those platforms pocket casts
00:03:54 on an Android maybe or iTunes on your
00:03:57 iPhone you can pull up that episode and
00:03:59 I hear what congressman Hurd had to say
00:04:02 about some of the things they're doing
00:04:03 at the the federal legislative level
00:04:05 right now that it's a it's one where I
00:04:08 think that these challenges is you you
00:04:11 said you started off back in the Air
00:04:13 Force Academy with the slide rules and
00:04:15 now everything is moving towards
00:04:17 technology and being able to execute
00:04:19 these large-scale technology projects
00:04:22 are going to be critical to the success
00:04:24 of our public sector services over the
00:04:27 next decade yes you're exactly right and
00:04:30 it's a team effort
00:04:31 everyone in an agency has to be involved
00:04:34 all employees because anybody could make
00:04:38 a mistake and it could cost millions and
00:04:41 millions of dollars as we can see with
00:04:43 the Office of Personnel Management in
00:04:44 fact my wife and I we have to have a
00:04:46 protective security because we both got
00:04:51 hacked through OPM and it's cost the
00:04:54 taxpayers millions of dollars to protect
00:04:56 all the citizens that were affected by
00:04:58 that that's why it was important from
00:05:00 day one when I was director of Selective
00:05:02 Service that I got together our IT
00:05:05 people and see where we're at and
00:05:09 unfortunately we requested an audit and
00:05:12 we have an analyst required called a
00:05:14 federal information management security
00:05:16 act and within a few months I was there
00:05:18 we had an audit we saw that we had some
00:05:20 major material weaknesses and some other
00:05:23 issues with a modernization project that
00:05:25 I had inherited so unfortunately I had
00:05:27 to make some personnel changes get the
00:05:29 right people in there and get the
00:05:32 contractor for this program called
00:05:35 registration compliance verification a
00:05:38 multi-million dollar computer contract
00:05:40 and say we're going to have milestones
00:05:41 we're going to have meetings we're going
00:05:44 to have making sure we have the right
00:05:45 cyber security we're going to get
00:05:47 together we're going to make sure that
00:05:48 we do this within our budget and within
00:05:50 time it's important for the leadership
00:05:53 to to get involved and get their hands
00:05:55 in so they can know what's going on and
00:05:57 ask the right questions a leader doesn't
00:05:59 have to be an IT major I gotten our 19
00:06:02 major but a leader has to be
00:06:03 knowledgeable enough to know what's
00:06:05 going on and that's correct questions
00:06:07 and being involved to get hands on
00:06:09 that's very imperative with IT systems
00:06:12 we got a the right team together we had
00:06:16 our in-house people they're real good on
00:06:18 source coding we had our private
00:06:21 contractor involved we had some other IT
00:06:23 people and the lay people the people the
00:06:25 end-users it's important that the in
00:06:27 users be involved because they're the
00:06:28 ones going to get the product and you
00:06:30 have to get the input of the end users
00:06:31 and many of the end users are 90 majors
00:06:33 but they're the ones who can visually
00:06:35 see what they need that they need to
00:06:36 know and what information they need on
00:06:39 the computer screen and it's important
00:06:41 that they're involved with the techies
00:06:44 with the source code
00:06:46 the the contractors so they could they
00:06:49 can get the system correct and proper
00:06:53 what they need to know and get the bugs
00:06:55 out of the system but also what you have
00:06:57 to do is you have to make sure that the
00:06:59 system the new system which created an
00:07:02 ism with the old system you got to keep
00:07:04 it separate because you want to make
00:07:06 sure that you don't do something by
00:07:08 accident and open up to potential
00:07:10 hackers so you keep the system in-house
00:07:13 to ensure that you keep the right
00:07:16 security yeah now and it's that's a
00:07:20 really important one is you talk through
00:07:22 there it's kind of a as I think about
00:07:24 it's the least privileged principle
00:07:25 you're going through and asking the
00:07:27 users what information they need to see
00:07:28 and then not displaying or sharing
00:07:30 additional information out to folks and
00:07:33 getting that user input design as the
00:07:36 the application is going through and not
00:07:38 making necessarily assumptions on how
00:07:41 people are going to try to use that
00:07:42 technology and their job actually go in
00:07:44 and ask the people that are doing the
00:07:46 work where's this tech plugging into
00:07:47 their process and how is it going to be
00:07:50 used so that you build the system in a
00:07:52 way that makes that process more
00:07:54 efficient for them and with does it in a
00:07:58 way that minimizes again the amount of
00:08:00 information you have to share where do
00:08:02 you have to share it and and who gets
00:08:04 control over it while it's useful
00:08:07 exactly in humans sometimes you have to
00:08:09 have some sample customers come because
00:08:12 if it's a product as you're developing
00:08:14 uh dating users know but you have to
00:08:16 know what the customers are going to get
00:08:18 back from that so it's important that
00:08:19 you look at the whole total picture it's
00:08:23 a very complex and tedious process and
00:08:25 it's important that you have much more
00:08:27 prior planning before you go into the
00:08:29 project and obviously before you put a
00:08:32 bit out for the contractor you have to
00:08:34 give them as much thorough information
00:08:35 as possible because you know as I do
00:08:38 that if you have to amend a contract
00:08:40 that's where that private contractor is
00:08:42 going to really increase the price and
00:08:45 then the taxpayers the cadet negatively
00:08:47 say well you should own that right in
00:08:49 the first place that's important that
00:08:50 you give as much information as possible
00:08:53 so it's you talk through on the the
00:08:56 scope and time of one of these projects
00:08:58 is this a
00:08:59 six month one year how many how long do
00:09:02 one of these big projects take it all
00:09:04 depends on the complexity of the project
00:09:06 if it's real complex or if it's not as
00:09:09 complex let's say I would say you would
00:09:11 give it at least a year just for the
00:09:13 planning aspect but if you have a
00:09:15 multiply module complex project I would
00:09:20 say at least two years like for the bear
00:09:22 County one we can discuss later I would
00:09:24 say so at least take two years if you
00:09:26 want to do the proper planning for the
00:09:27 multi modules that they want to do with
00:09:30 the integration part yeah so for those
00:09:32 in the the private sector I think this
00:09:34 is a significant difference in the way
00:09:37 that things are handled and public
00:09:39 sector technology projects are often
00:09:42 multi-year and even even a year of
00:09:44 planning before you go and do two at the
00:09:46 execution phase where private sector
00:09:49 side I think that folks are rolling
00:09:52 projects on a much shorter time frame
00:09:53 these days versus the longer more
00:09:58 structured planning and I think even if
00:10:00 you get into large enterprise now
00:10:02 they're looking to break projects down
00:10:04 into smaller chunks so as you're out
00:10:08 there and looking at these public sector
00:10:10 projects that are having potentially
00:10:13 difficulties and you don't hear about
00:10:14 all the ones that go very well we only
00:10:17 hear about the ones that have issues I
00:10:20 think that the process for public sector
00:10:22 works with the way that the services are
00:10:26 designed it's kind of the complexity of
00:10:28 the number of departments a number of
00:10:30 personnel that get involved in each of
00:10:34 these is I mean if you think about even
00:10:36 bare County here is a large size
00:10:39 organization but at the the federal
00:10:42 government level you have millions of
00:10:45 potential users and on the system
00:10:48 whether it's us as citizens logging into
00:10:50 it if it's the healthcare.gov or ttle or
00:10:53 somewhere else versus if it's an
00:10:56 internal system even getting used by
00:10:58 multiple departments or multiple
00:10:59 agencies you may have hundreds of
00:11:01 thousands of users on an application
00:11:03 that's true and what I'm very proud
00:11:05 you're right usually you don't hear
00:11:07 success stories but we did have to soar
00:11:10 to success stories and select a server
00:11:12 system
00:11:13 in 2015 we were ranked first of all the
00:11:17 small federal agencies and I believe
00:11:18 there was well over 25 small federal
00:11:20 agencies of the government we received
00:11:22 the highest best audit score from the
00:11:25 Copeland Department Homeland Security on
00:11:27 our annual audit the FISMA audit so I'm
00:11:30 very proud of that and also our private
00:11:32 contractor actually received an award
00:11:33 for the quality of source coding they
00:11:36 did of all the contracts I had in the
00:11:40 government and they had zero cyber
00:11:42 incidents and zero source coding I
00:11:45 believe they had like 68 I'm not exactly
00:11:47 sure but I believe 68,000 lines of
00:11:49 source coding or something like that
00:11:51 yeah so you're listening to cyber talk
00:11:54 radio on 1200 W AI I'm your host Brett
00:11:58 Pyatt I'm joined this week by Larry Romo
00:12:00 a retired airforce officer and a
00:12:02 candidate for Baer County Clerk we're
00:12:04 talking public sector IT and public
00:12:06 sector cyber security if you just turned
00:12:08 the radio on right now you can listen to
00:12:10 the rebroadcast and replay of this
00:12:11 online on Tuesday you'll be able to find
00:12:14 it on our website at wwlp.com so larry
00:12:18 vans we've kind of going through and
00:12:20 talking when you say small federal
00:12:22 agencies so Selective Service as small
00:12:25 business I think in the private sector
00:12:27 world means maybe 50 employees or 100
00:12:29 employees or 200 employees for a small
00:12:30 federal agency what a small mean at the
00:12:33 federal government level off the top my
00:12:35 head and don't hold me to this number
00:12:36 but I believe it's under 250 somewhere
00:12:40 around there definitely under 500 so
00:12:41 that's a small violating okay and then
00:12:43 from a IT budget perspective on those
00:12:46 projects how much money were they
00:12:47 spending on each of those actually our
00:12:50 annual budget is 23 million dollars yeah
00:12:55 so we did spend much we we had an extra
00:12:57 few million dollars that we got for this
00:12:59 our project end up taking probably
00:13:02 approximately about five years to
00:13:04 complete but it is top notch now and it
00:13:07 is excellent it probably taking less
00:13:10 time but the first year and a half they
00:13:12 were sputtering until I got there and
00:13:14 then we get on the right track yeah so
00:13:16 on the right track three-year execution
00:13:18 which for me and and my experience is
00:13:21 well working alongside some public
00:13:25 sector IT projects through
00:13:26 my career three years is excellent from
00:13:30 an idea to execution perspective on
00:13:34 these yes it saving time money in
00:13:37 efficiencies which is really really
00:13:39 great for us yes like a server system
00:13:42 was definitely a success story for the
00:13:44 RCB project you know and the same things
00:13:47 happened at Bear County we had a
00:13:48 mainframe that we had our data millions
00:13:51 of minutes of records of young men for
00:13:53 select a server system on a 1980s error
00:13:56 mainframe and we were sharing that
00:13:58 mainframe with another federal agency
00:14:00 and they they weren't auditing at war
00:14:02 and they want to get rid of the
00:14:03 mainframe because it was obsolete and
00:14:05 high maintenance so we had to put ours
00:14:07 on servers so we were under on a
00:14:09 definite timeline because it would have
00:14:11 cost us an extra million dollars a year
00:14:12 to basically maintain that mainframe
00:14:15 which we really didn't have so we had to
00:14:18 really make sure that we got that done
00:14:20 in a timely fashion
00:14:22 yeah and for those listening as we've
00:14:25 selective service you said the records
00:14:28 on millions this so this is where when
00:14:30 you turn 18 you you go register
00:14:32 yes it's federal law for all males to
00:14:34 register they're 18 to 25 years old and
00:14:37 it's really tied to a lot of benefits
00:14:39 like federal benefits like Pell grants
00:14:41 federal jobs federal job training and
00:14:43 also even the save of Texas in order to
00:14:45 get a driver's license you have to make
00:14:47 sure that you register with the
00:14:49 Selective Service System and even some
00:14:51 municipalities you cannot be a fireman
00:14:54 or a policeman so there's many many
00:14:56 things tied to it and it's the right
00:14:58 thing to do because we have a council
00:15:00 emergency all males must register in
00:15:03 case we don't have enough volunteers and
00:15:05 they're actually looking at possibly
00:15:07 adding women to that yeah so this back
00:15:10 went when I did that it was a it was a
00:15:12 postcard so it's not a postcard any
00:15:13 longer it sounds like probably about 85
00:15:16 at least percent if not more do it
00:15:18 online it takes less than two minutes to
00:15:20 go on the website to do it online now we
00:15:22 do still have postcards at all the post
00:15:25 offices for people that that don't want
00:15:29 to do it that way and they can actually
00:15:31 go electronically now and print out one
00:15:34 of their Selective Service cards that
00:15:35 they want to yeah so you've we've gone
00:15:39 through and
00:15:40 done that with the Selective Service and
00:15:42 then you would kind of retired there
00:15:44 from the the Air Force worked for the
00:15:46 Selective Service what made you decide
00:15:47 to to get involved here in Bear County
00:15:50 well again I was born and raised in San
00:15:52 Antonio and I really enjoy our city and
00:15:55 the county and it's important that we
00:15:57 have leadership's
00:15:59 that are ethical transparent and
00:16:02 accountable and supported that we have
00:16:04 the right people that have the
00:16:06 qualifications and leadership skills and
00:16:08 I have the skills dealing with people
00:16:11 dealing with technology and dealing with
00:16:13 customer service and the district clerk
00:16:15 office is needs to have those processes
00:16:19 optimized so it support that we do that
00:16:22 and I try to match my talents what I did
00:16:25 in Selective Service in an arrest of my
00:16:27 career with some of the some of the
00:16:30 political offices here and I felt that
00:16:33 was the best match yeah so as you're
00:16:38 looking at a time frame so we just had
00:16:40 an election here in November when would
00:16:43 this next election be the primaries in
00:16:45 Texas for both the Republican and
00:16:47 Democratic Party or March two six
00:16:49 already voting starts 20 February so
00:16:51 really that's just some right right
00:16:53 around the corner and then the general
00:16:55 election will be in November okay so
00:16:57 this is in the the 2018 ballot in the
00:17:00 November ballot you'll folks there and
00:17:02 then there's primaries coming up just
00:17:04 after the holiday season here exactly
00:17:06 yeah so it's a it's one now I think
00:17:09 where everyone feels like there's
00:17:10 constant campaigning going on I mean as
00:17:14 soon as someone's elected they're
00:17:16 starting their campaign to rerun again
00:17:19 for election this is one as we talked
00:17:21 about this turnover in the ite and the
00:17:25 technology projects that are running for
00:17:26 multiple years from a county clerk
00:17:29 perspective how long would you be in
00:17:31 office they're those terms are four
00:17:33 years which is really good because in
00:17:35 four years time you should be able to
00:17:37 get a major project done I mean there's
00:17:40 no excuse not to have a major project
00:17:41 within four years yeah so in and out
00:17:45 there for listeners is we're thinking
00:17:48 about term limits or shortening terms or
00:17:51 shortening the length of different
00:17:53 things
00:17:54 it realizes you're forcing staff
00:17:56 turnover on those and so there's
00:17:58 trade-offs to all of these but if you
00:18:01 have a two-year term and as Larry had
00:18:03 said that most these projects it's a
00:18:04 year of planning and then at least a
00:18:07 year of execution unless that project
00:18:09 started the day somebody took office
00:18:10 it's not going to be done in a two year
00:18:12 time frame so if you're looking for
00:18:14 change and improvement in your
00:18:16 government given the folks there the
00:18:19 opportunity to have a four-year term is
00:18:22 important and then also being able to
00:18:24 give folks the opportunity to
00:18:25 potentially run for a reelection if
00:18:27 they're doing a good job just I don't
00:18:30 know anyone that says you know what
00:18:31 you've worked for me for four years it's
00:18:32 time for you to go on somewhere else if
00:18:35 you're in there and you're doing a good
00:18:36 job you should be able to have the
00:18:38 opportunity to go back so this is it's
00:18:40 one that's interesting to think about
00:18:42 and on a whole separate topic from a
00:18:46 long-run perspective but the public
00:18:49 policy side of things impacts how
00:18:53 technology projects can get done so if
00:18:55 as you look and you go well why hasn't
00:18:56 the government changed X Y or Z
00:18:59 technology system if you look at how
00:19:02 people are appointed into that agency or
00:19:04 how the leaders of that agency are
00:19:06 elected you may be able to see signs of
00:19:10 that feeding down through to the whole
00:19:13 thing I think what's important too is
00:19:16 the political leadership has to work
00:19:19 very closely with the careerist the
00:19:21 career people there whether be the IT
00:19:23 department or the end-users all
00:19:25 employees like I said it's a team effort
00:19:27 and that's one thing I did and select a
00:19:29 service and I would do at the county but
00:19:30 in select a service it's like having a
00:19:33 mechanic checking under the hood you got
00:19:35 to check the spark plugs the engine and
00:19:37 transmission the battery the radiator to
00:19:40 make sure everything is it's a top tip
00:19:42 top shape that's the same thing that's
00:19:44 what I did when I want Selective Service
00:19:45 I wanted to check to make sure it I had
00:19:48 the right careers they were doing the
00:19:49 right job learning there are job
00:19:51 responsibilities going over to them with
00:19:54 their job responsibilities making sure
00:19:56 they were doing what's right
00:19:57 checking out the audit the financial
00:20:00 picture to see what is right and that's
00:20:02 why I had to make some changes because
00:20:04 we didn't have the right people that
00:20:05 were doing the right thing
00:20:06 and he got a you got to have trust you
00:20:09 got to develop that trust between the
00:20:11 political leadership and the career
00:20:12 leadership and work as a team in a
00:20:15 positive direction you got to keep the
00:20:17 train running on the tracks you know so
00:20:21 we hinted a couple of times about this
00:20:23 bear county project we're gonna dive
00:20:26 into deeper we'll do that after the
00:20:28 bottom of the hour break but let's go
00:20:29 ahead and give everybody a little bit of
00:20:31 a background on it right now on what is
00:20:35 this project it's a good example of
00:20:36 something to talk about here on these
00:20:38 long term time frames that the train did
00:20:40 not stay on the tracks in this case the
00:20:42 bear County integrated justice system
00:20:44 was a contract that was let out in 2010
00:20:47 and started in 2011 it was a little over
00:20:51 18 million dollar contract that they
00:20:53 gave an award to call MCAD the company
00:20:56 and there was approximately 14 or 15
00:20:59 areas in bear county government that
00:21:01 they were going to have an integration
00:21:03 justice computer system plant for
00:21:06 example the sheriff's office District
00:21:07 Attorney office the bear County Courts
00:21:10 which the district clerk runs a
00:21:12 magistrate court the county courts and
00:21:15 some other areas that they were going to
00:21:17 look into I mean that they were gonna do
00:21:19 and it was a very complex project
00:21:20 because when you're talking about 14
00:21:22 areas and that's why I say it's a long
00:21:24 term project that needed a lot of detail
00:21:26 planning because it's hard to integrate
00:21:27 one module let alone 14 or 15 areas so
00:21:32 it's important that that they were on
00:21:34 the right track and that the leadership
00:21:36 was really involved from day one because
00:21:39 he talking about
00:21:40 a very detailed complex project that
00:21:43 need to be done right yeah so this
00:21:45 project started back in in 2010 and
00:21:48 still not done today
00:21:50 exactly they still haven't put out a
00:21:54 request for a proposal they recently and
00:21:57 July of 2017 put out a request for
00:22:00 information to people out worldwide I
00:22:04 guess to say hey this is a project that
00:22:06 we want to do so it's still being
00:22:08 planned and the reason it's being
00:22:10 planned this way in 2015 there was an
00:22:13 article in Express news saying that they
00:22:14 were that I'm about to do it but there
00:22:16 was a very very detailed audit done by
00:22:23 IBM that was led out of January 2016 and
00:22:26 it was very very detailed saying that
00:22:29 there was a lot of different places in
00:22:32 Bear County IT department that were very
00:22:35 lacking that really really were very
00:22:39 lacking the very poor performance in
00:22:41 many areas in almost in all areas so I
00:22:44 have to compliment the bear county
00:22:46 wherever asked for that audit to do that
00:22:48 was 216 page awed it because they want
00:22:50 to know where they were at so they
00:22:53 probably hit the bottom of the barrel so
00:22:54 now and are on their way up so I have to
00:22:56 compliment sometimes you got to face the
00:22:59 hard facts and the cold truth that's
00:23:01 what they did so they are there
00:23:04 rebounding but it's it's a slow process
00:23:06 yeah I know as I've noticed over the
00:23:09 last kind of 12 to 18 months you'll if
00:23:13 you go to the bear County website if
00:23:14 you're in the tech sector and you're
00:23:17 looking for work they've got a number of
00:23:20 job openings they've got new salary
00:23:22 bands for all those job openings which
00:23:24 should be I think much more competitive
00:23:26 than where they were if you rewind back
00:23:30 probably to win this this project
00:23:32 started they were having a hard time
00:23:34 attracting and retaining the talent they
00:23:36 needed because of the way that
00:23:37 technology was thought of inside of the
00:23:41 the county and those things that you've
00:23:44 learned from those lessons and make
00:23:45 those changes now that's true and you
00:23:47 got to hire the right people you got
00:23:49 already got to look into their
00:23:50 backgrounds because I was told by a very
00:23:52 reliable source that the person back
00:23:54 then was it even a 90 a major that run
00:23:57 in the IT department they had a
00:23:59 financial background so we're getting
00:24:01 ready to break here for news traffic and
00:24:04 whether if you just joined us you're
00:24:06 listening to 1200 W a I this is cyber
00:24:09 talk radio
00:24:09 I'm your host Brett pipe joined this
00:24:11 week by Larry Romo candidate for Baer
00:24:14 county district clerk they're coming up
00:24:16 here in the twenty
00:24:17 eighteen elections he's a retired Air
00:24:19 Force officer and I've done a number of
00:24:22 other things we're gonna have deep dive
00:24:23 into public sector IT planning and
00:24:26 projects and how do these things go and
00:24:28 get executed in a successful manner
00:24:30 [Music]
00:24:43 [Music]
00:24:49 you
00:25:13 welcome back to cyber talk radio
00:25:16 I'm your host Brett Pyatt a 20-year
00:25:18 internet security veteran joined this
00:25:20 year by Larry Romo he's a retired Air
00:25:23 Force officer and 40-year civil servant
00:25:26 as you have mentioned the first half of
00:25:28 the program between your enlisted time
00:25:31 and your service with other agencies
00:25:34 after that you've spent 40 years in a
00:25:36 career working for us all as taxpayers
00:25:39 that's true that's true and you and
00:25:41 you're looking for at least four more
00:25:43 years it's important that you have the
00:25:45 right people because it's not my money
00:25:46 it's a taxpayers money I was told our
00:25:49 employees that I said we got to make
00:25:51 sure that we optimize our processes and
00:25:53 assets and gave their due to the
00:25:55 taxpayers because we got to make sure
00:25:57 that we don't waste money likely
00:26:00 unfortunately they did with this initial
00:26:02 project on the bear County integrated
00:26:04 justice system yeah and so for those
00:26:08 that are just a tuning in here with us
00:26:09 after the break so you started back a
00:26:12 long time ago here Highlands High School
00:26:14 in San Antonio yes I do now so yeah that
00:26:18 was the first to going to college I'm
00:26:19 there to the Air Force Academy
00:26:20 graduating so what made you pick the Air
00:26:23 Force Academy out of the the different
00:26:25 service academies how did you find your
00:26:26 way to that my dad worked at Kelly Air
00:26:30 Force Base he was in the army an
00:26:32 occupation force in Germany and then Air
00:26:35 Force Reserves for a while but he works
00:26:37 in Slovenian akeli and I used to enjoy
00:26:39 going to Kelly Air Force Base and
00:26:40 watching the aircraft and the Air Force
00:26:43 enlisted and officers there and
00:26:44 basically that kind of stuck in my head
00:26:46 when I went to the picnic grounds that
00:26:48 Kelly and I always liked the Air Force
00:26:50 and like the other services too but I
00:26:52 liked the Air Force yeah so from you
00:26:54 graduate from high school here and then
00:26:56 you start school in the fall and
00:26:59 immediately you've got snow under your
00:27:01 feet on campus there for that first
00:27:03 winter how was that that first winter
00:27:05 out of San Antonio yes that was real
00:27:06 interesting because actually it snowed
00:27:08 either the last week in October and
00:27:09 early October
00:27:10 hey my my parka and really the first
00:27:12 time I ever flew an airplane is when I
00:27:13 flew up to Colorado Air Force Academy so
00:27:17 it was really interesting process
00:27:19 because we're at 70 300 feet above sea
00:27:22 levels at the foothill the Rocky
00:27:24 Mountains so it gets really cold up
00:27:26 there and I will say shooting Montana in
00:27:27 four and a half years it's even colder
00:27:29 there ya know it's a that Central Plains
00:27:32 definitely you get the the cold for sure
00:27:36 so up in an airbase in Montana you spent
00:27:38 some time in Germany as well no actually
00:27:40 I've just been tty in Germany yeah my
00:27:42 wife she's German but I met her here at
00:27:45 the Beethoven monocore interesting it's
00:27:47 a South town legend that's right yeah
00:27:50 great place it's it's a been down there
00:27:53 all the way since the very beginnings of
00:27:54 King William yes it's been there it's
00:27:58 just like 1850s ya know it's a really a
00:28:02 fun spot a great place to go hang out a
00:28:04 First Friday
00:28:05 there's a wonderful courtyard patio
00:28:06 where I've seen and been hanging out
00:28:09 with lots of kids running around all the
00:28:10 time so we'll get back to our topic
00:28:14 about IT projects in public sector and
00:28:18 specifically we're gonna dive into one
00:28:21 project around this Barre County
00:28:22 integrated justice system if you miss
00:28:24 the first half of the program you can
00:28:26 listen to the rebroadcast a replay of
00:28:27 that online on our website at wwlp.com
00:28:31 or on itunes podcast or pocket casts on
00:28:34 your Android device that'll be online on
00:28:36 Tuesday here after we've we air here on
00:28:39 Saturday so in this projects this is a
00:28:44 15 module project and if you were
00:28:48 elected as the bear County District
00:28:50 Clerk you would be involved in this
00:28:52 project as as the executive they're in
00:28:56 charge of at least one of these systems
00:28:58 and modules that are going to tie into
00:28:59 this whole integrated platform correct
00:29:01 exactly that is correct the district
00:29:04 courts and probably the Maastricht
00:29:05 courts for that matter are going to be
00:29:07 very involved along with the for example
00:29:09 the DA's office the county courts the
00:29:12 Sheriff's Office the jails so it's
00:29:14 important that we have the right people
00:29:16 with the module because I only connect
00:29:18 would I be able to help make sure my
00:29:20 module is done properly and correctly
00:29:22 because of my
00:29:23 forty that I received and Selective
00:29:25 Service but also I can help out the
00:29:27 other modules too because they
00:29:29 complement each other yeah all this
00:29:32 informations got to tie together and
00:29:33 work well or if you don't have an
00:29:36 integrated system that's the definition
00:29:37 of integrated so from a history of this
00:29:40 project so it's coming up now I'm gonna
00:29:43 call it on a reboot and it sounds like
00:29:45 they started back in 2010 and will have
00:29:47 some information online that'll go into
00:29:49 a little bit of the background of this
00:29:50 and I mean express-news ran some
00:29:52 articles many articles maybe over the
00:29:55 last few years about this project cuz it
00:29:58 was a big project right the initial
00:30:00 kickoff almost a twenty million dollar
00:30:01 budget exactly uh it was a little over
00:30:05 18 million dollar budget and they're
00:30:08 very excited about it this a was going
00:30:09 to save time efficiencies and there was
00:30:12 an old mainframe and I guess they're
00:30:13 still using the old mainframe
00:30:14 I mean eighties just like we had and
00:30:16 select a service and they might uh
00:30:18 upgrade and put it on servers and in the
00:30:21 cloud probably and it was important that
00:30:23 they were all excited and saying we got
00:30:25 the right company but unfortunately the
00:30:27 wheels fell off there was a two-page
00:30:30 memo from the bear county that went out
00:30:32 in 2013 saying hey to the contractor
00:30:35 what's up we don't have a plan we don't
00:30:38 know where it's going and then in 2014
00:30:41 about three years in the contract the
00:30:44 contractor just walk off and declared
00:30:46 bankruptcy and was really a slap in the
00:30:48 face that contractor received thirty two
00:30:50 million dollars a few months before from
00:30:52 a investor riverside funds and the CEO
00:30:55 got five point eight million dollars so
00:30:58 of course if they do stuff like that
00:31:00 they can declare bankruptcy somebody
00:31:02 made money on the deal
00:31:03 yeah but so it was going nowhere
00:31:07 and finally IBM did an audit in 2015 and
00:31:13 they released the results January 2016
00:31:14 and it was pretty damaging pretty pretty
00:31:17 bad you know and would you like to
00:31:20 discuss some of those items yeah we
00:31:22 should we should go through that that
00:31:23 audit findings so this is one from a
00:31:26 public sector perspective that audits
00:31:29 get done from an agency level in theory
00:31:32 an annual basis I'm not certain across
00:31:34 every agency in the government it really
00:31:36 happens on an annual basis at the the
00:31:38 level and depth that this IBM assessment
00:31:41 and audit of Behr County for this
00:31:43 project happened that the and they get
00:31:47 graded in a letter grade for the federal
00:31:49 agencies I don't know if this audit has
00:31:50 a letter rate attached to it or not but
00:31:53 across IT technology across the federal
00:31:56 government most of the agencies sadly
00:31:59 enough for not receiving passing letter
00:32:00 grades on their cybersecurity or passing
00:32:02 letter grades even on IT systems
00:32:05 availability and modernization in many
00:32:07 different areas right now so technology
00:32:09 has been a big area of struggle for the
00:32:12 the public sector for a number of
00:32:14 reasons we talked about the first half
00:32:16 of the program but let's go ahead and
00:32:17 dive into this this IBM audit on this
00:32:21 integrated Justice Center project ok I'm
00:32:24 just gonna read a few items here the
00:32:26 weekly Baer County IT leadership
00:32:29 meetings are ineffective due to poor
00:32:31 information lack of planning and weak
00:32:33 agenda the County integrated justice
00:32:35 steering committee does not establish
00:32:37 the metrics for evaluating the
00:32:39 performance of the County integrated
00:32:41 justice system program the selected
00:32:43 metrics should be readied readily
00:32:46 measurable and indicate of the value of
00:32:48 the county information justice system to
00:32:51 the business and then they observe some
00:32:56 items they saying that the governance
00:32:57 was working until 5 years ago and this
00:33:00 would be in 2016 so was working was
00:33:03 working at 2011 but since then it wasn't
00:33:05 currently the string committee electric
00:33:07 officials are focused on business not
00:33:09 policy matters and are not meeting
00:33:11 regularly no one is leading the vision
00:33:13 business architecture is largely
00:33:15 unchanged in 10 years
00:33:17 technical architectures dated based on
00:33:19 legacy technology and missing key
00:33:21 integrations obsolete security and
00:33:23 incomplete documentation resulted in a
00:33:26 recently failed Behr County integrated
00:33:29 justice system security audit most bear
00:33:33 County integrated justice system
00:33:34 projects are on hold or have not made
00:33:36 progress in years project management
00:33:39 appears undisciplined risks including
00:33:42 management costs facility lack of
00:33:45 ability gaps incompleteness accuracy and
00:33:48 timeliness of information
00:33:49 yeah so is you talk through some of
00:33:52 those audit findings so you you have a
00:33:54 budget for running the existing systems
00:33:57 and the maintenance on those systems and
00:34:01 you have a project budget to modernize
00:34:04 or transform it and as you're your going
00:34:07 through this modernization and
00:34:08 transformation project fails where where
00:34:12 does that leave the budget for the the
00:34:14 operating and maintenance if maybe they
00:34:15 plan to phase out maintaining this old
00:34:18 system as you said you kind of ran into
00:34:20 a situation like this and the Selective
00:34:22 Service where other folks are moving off
00:34:23 of that mainframe what ends up happening
00:34:26 in these kind of cases where you maybe
00:34:30 don't have the budget dollars now you
00:34:33 just have to ask taxpayers for more
00:34:35 money but when you maintain an older
00:34:38 mainframe it goes down more so you have
00:34:40 to either in-house or hire a contractor
00:34:43 for the maintenance costs you also have
00:34:45 more personnel that are involved so it's
00:34:47 more timing time time more takes more
00:34:49 time and more cost but they're actually
00:34:52 had some cost in the audit what it would
00:34:54 cost to four redo if they redo all the
00:34:58 modules have cost thirty million dollars
00:35:00 now if they like you said earlier if
00:35:02 they go one or two modules at a time it
00:35:06 would be less probably four or five
00:35:07 million dollars so that's where that
00:35:09 would be at but I think one of the keys
00:35:12 really is communication you can really
00:35:15 save dollar and see if you just
00:35:16 communicate from top to bottom again get
00:35:20 the right team in but you got to have
00:35:21 the leadership get involved if they send
00:35:24 a representative that Rosa
00:35:25 representative has to be knowledgeable
00:35:28 but brief back to the the head of the of
00:35:32 the a of the section of the department
00:35:34 so for the initial 18 million dollars
00:35:39 that the the county spent on this did
00:35:41 they get any systems deployed to
00:35:43 production or is that money just gone
00:35:45 now that's a good question that you
00:35:49 would have to ask the county because
00:35:51 what I could see little if anything was
00:35:54 was accomplished on it again it was just
00:35:58 unfortunate that they got it to that
00:36:02 debacle
00:36:03 I guess they just hired the wrong vendor
00:36:06 which is very unfortunate thing that
00:36:10 happened yeah and as we had mentioned
00:36:13 the first half of the program as well
00:36:15 it's you every time one of these
00:36:16 projects goes the the wrong way and has
00:36:19 a failure you read about in the
00:36:21 newspaper you hear about it on programs
00:36:24 like this all the projects that they're
00:36:27 executing correctly we no one talks
00:36:30 about those I mean it's it's the
00:36:31 traditional news of if it bleeds it
00:36:33 leads
00:36:34 and so that the bad news the
00:36:36 post-mortems on those get lots of talk
00:36:38 in conversation but all of the the
00:36:41 projects that are moving along well
00:36:42 don't get mentioned and folks don't
00:36:45 generally get credit for those which is
00:36:48 it's kind of unfortunate in a way I
00:36:51 think that the you don't have the the
00:36:54 positive sides of a lot of these stories
00:36:55 getting told at the same time though is
00:36:58 you look at twenty million dollars and
00:37:01 going and seven years and going nowhere
00:37:04 on that type of budget someone should be
00:37:07 held accountable for for that level of
00:37:12 ineffectiveness yes and I believe they
00:37:15 made some changes in the IT department
00:37:17 which is important because the IT
00:37:18 department should really be the lead on
00:37:21 that but you can't just say what's the
00:37:23 IT departments fault again you got to
00:37:24 have all the people that have have
00:37:27 ownership there because it's a team
00:37:29 effort
00:37:29 and so you have to complement the IT
00:37:32 department and if you see something
00:37:33 wrong you know you have to it'd be like
00:37:36 me saying well if I almost director
00:37:38 Selective Service it's the IDP or in
00:37:40 small it's not my fault if that would be
00:37:41 the case then the OPM director would
00:37:43 have still been there instead of being a
00:37:45 resigned from that position because of
00:37:47 the computer hacked so it's important
00:37:49 that we that we have that team effort
00:37:50 and my opponent has been there since
00:37:54 2011 when the contract started and I
00:37:57 think she probably should have been more
00:37:59 involved in my opinion maybe she could
00:38:02 have tracked at it I found that so if we
00:38:05 we go back now should the county award a
00:38:08 new integrator this contract are they
00:38:10 ready right now to start implementing
00:38:14 I think they're getting there what I've
00:38:17 read in the internet and Internet's
00:38:18 great tool for research they actually
00:38:20 hired a an integrator a person with
00:38:24 almost a 7,000 a month salary and I
00:38:26 believe that person's on board because
00:38:27 they hired somebody it's been well over
00:38:29 a year ago what I could see so again I
00:38:33 said as complex as that is it's probably
00:38:35 to your project and I know for a fact
00:38:37 that they do have a committee that's
00:38:40 meeting right now and they're looking to
00:38:44 see what it's going to take to put the
00:38:45 request for a proposal out and I read
00:38:48 that they had that request for
00:38:49 information already sent out to
00:38:51 contractors nationwide asking for who
00:38:56 could do a project like this and that
00:38:57 was a deadline with that was July of
00:39:00 2017 so I think they're getting there to
00:39:03 put the proposal out but as I said
00:39:05 there's it's a very complex project and
00:39:08 you need to get those any easier you
00:39:09 need to dig in and give us much
00:39:11 information to those contractors as
00:39:13 possible because you want to make sure
00:39:15 it's detail so that way you'll be fine
00:39:17 oh we missed this then they're going to
00:39:20 have to amend the contract and that's
00:39:22 where the price gets gets raised and
00:39:25 upsets the taxpayers yeah it's just like
00:39:27 if you're you're remodeling something at
00:39:30 your your house and you don't get into
00:39:33 the details with your your contractor
00:39:35 there and then you come back and you go
00:39:38 oh like I didn't want the sink in that
00:39:40 location they're happy to move it again
00:39:42 it's just gonna cost a bunch of money or
00:39:44 put the bathtub in a different spot or
00:39:46 any of those sorts of things if you
00:39:47 weren't specific when you had that
00:39:49 contractor doing remodeling on your
00:39:50 house same thing on an IT project so
00:39:53 it's just you've got to be specific and
00:39:55 you have to let them know what the
00:39:57 expectations of deliverables are and if
00:39:59 you're paying money out exactly what are
00:40:03 you getting for the dollars that are
00:40:05 prescribed there because if you leave it
00:40:07 up to discretion they may end up
00:40:10 building something that doesn't work for
00:40:11 your end user and then after the system
00:40:13 rolls out the end user will come back
00:40:15 and say hey this doesn't actually allow
00:40:16 me to achieve my business project
00:40:18 process I can't use this new technology
00:40:20 system or I have to do all these other
00:40:23 manual workarounds and you have the
00:40:24 option of funding and authorizing those
00:40:27 manual
00:40:27 or going back and redoing the technology
00:40:30 system again exactly one thing I want to
00:40:33 mention on one of the audit items that
00:40:35 really concerned me was failing their
00:40:37 security audit again
00:40:40 there was hecky's all around and where
00:40:42 connie has a lot of personal information
00:40:44 on people so we got to make sure that
00:40:46 they have a top-notch cybersecurity
00:40:48 program so that's one thing I will look
00:40:50 into making sure all my personnel have
00:40:52 was a proper cyber security but that we
00:40:55 have the right tools and the right
00:40:57 software to make sure that we can
00:40:59 prevent hacking because we do have a lot
00:41:01 of interfaces the district clerk and
00:41:04 with the attorneys out in the field the
00:41:06 state actually has something called
00:41:07 lectronimo transfers that they put into
00:41:09 place so now if somebody puts the
00:41:12 litigation like a lawsuit or even
00:41:14 criminal if they want to put in
00:41:16 information to the district clerk office
00:41:19 they could do it electronically but you
00:41:21 knows I do you got to have a secure
00:41:22 interface because if you get into the
00:41:25 system that way hacked that's gonna
00:41:26 create a lot of problems that you want
00:41:29 to have yeah because I mean that that
00:41:31 office is interfacing with confidential
00:41:34 records not necessarily attorney-client
00:41:36 privileged documentation but in some
00:41:38 cases it will because those things
00:41:39 they'll be going through to a judge for
00:41:41 review but documentation about minors
00:41:43 which should be sealed so not all court
00:41:45 records are all public record you can go
00:41:48 sit down in a courtroom and listen to
00:41:49 testimony you can listen to all sorts of
00:41:51 things but sometimes courtrooms are
00:41:53 closed because they're discussing things
00:41:55 about a minor and in lots of documents
00:41:57 there they get filed to deal with with
00:42:00 minors and with things that need to
00:42:02 remain confidential and as you go
00:42:05 through I mean even just outside the
00:42:07 courts you can think of you pay your
00:42:09 property taxes you're paying your
00:42:10 property taxes through a county system
00:42:11 online you might be paying it and
00:42:14 putting your bank account information in
00:42:16 there you might be paying it putting
00:42:17 credit card information in there is so
00:42:20 we all go through and as Bear County
00:42:22 residents interact with bear County
00:42:24 technology systems and they the share
00:42:26 and store confidential or sensitive
00:42:28 information about each one of us if you
00:42:31 would have a you're exactly right and
00:42:33 you want to have firewalls firewalls
00:42:35 obviously you don't want a hacker to get
00:42:37 into the system but whoever gets into
00:42:39 one system it's almost like I guess like
00:42:41 this
00:42:41 if someplace starts leaking they may
00:42:44 close the hatches so you won't get to
00:42:47 the other ones and it's important
00:42:48 because if somebody gets into the system
00:42:50 you don't want them to go to the the
00:42:52 records of your employees for example ya
00:42:55 know they have a lot of information
00:42:56 probably their social security account
00:42:57 numbers and stuff it was important that
00:42:59 you have the right firewalls that can't
00:43:01 be penetrated no and that's a
00:43:03 containment things that you learned
00:43:06 during a military career in a military
00:43:07 education for sure is that risk
00:43:09 mitigation and management and
00:43:10 containment of because you're gonna
00:43:12 always deal with things from a warfare
00:43:14 perspective nothing's ever going to go
00:43:16 exactly as planned but you every time
00:43:18 you do have damage you want to be able
00:43:19 to minimize that exactly we're all we're
00:43:22 all really warriors when it comes to a
00:43:24 cyber warfare even even people in their
00:43:26 home with their personal computers we
00:43:29 all have to have knowledge so we won't
00:43:30 get our information hacked yeah and you
00:43:34 can learn quite a bit more on that cyber
00:43:37 security from an individual perspective
00:43:39 or how to help secure your business on
00:43:41 our website at wwlp.com yeah I mean on
00:43:45 the awareness training that's the the
00:43:47 number one most important we've had some
00:43:49 guests on talking some cyber security
00:43:52 and security awareness training is if
00:43:53 you don't know what a phishing email is
00:43:56 you're probably fallen victim to one
00:43:58 already without even knowing about it I
00:43:59 was sent one from somebody pretending to
00:44:02 be our benefits provider I've run a tech
00:44:05 company and I do cyber security so I was
00:44:07 aware of this but they were asking for
00:44:09 all of our employees birthdates and
00:44:10 social cues never spilled out on a
00:44:11 spreadsheet no I didn't actually send it
00:44:14 but I'm aware of instances in the past
00:44:17 where this has happened where either
00:44:18 someone in your HR department or someone
00:44:20 with access to the information at a
00:44:22 company is fallen victim to these
00:44:23 end-of-the-year benefits enrollment
00:44:26 phishing attempts and there's all types
00:44:29 of attacks out there where the folks are
00:44:31 looking at a weakness in your process or
00:44:34 a weakness in your systems to to gain
00:44:36 access to as much information as they
00:44:38 can very damaging and we hear
00:44:42 unfortunately all these stories
00:44:43 worldwide and especially United States
00:44:46 about all these attacks they had it's
00:44:48 just amazing
00:44:50 we just heard one from ubirr I don't
00:44:52 know the details of that one and of
00:44:53 course the Democrat asked
00:44:54 you got hack really bad through an
00:44:56 attachment so it's important that we are
00:44:59 religion yeah
00:45:00 now they that uber hack and one is where
00:45:05 for those that get into the technical
00:45:08 nerdy details of it they one of their
00:45:11 engineers left credentials to a database
00:45:15 in something that their system had
00:45:19 access to and the attacker was able to
00:45:21 get those credentials from that engineer
00:45:24 and use them to go authenticate to a
00:45:25 database that pulled down
00:45:27 they said records about 57 million
00:45:30 riders and passengers but it didn't fall
00:45:33 into a bunch of the different PII
00:45:34 disclosure so it may be just our email
00:45:38 addresses and our name not something any
00:45:41 too damaging or sensitive from what's
00:45:44 been released thus far but this is a
00:45:47 somewhat a becoming commonplace yes
00:45:50 you're exactly right and it's important
00:45:52 that cyber security starts with your
00:45:55 team you know we had a small agency 125
00:45:58 people we had 10,000 board members from
00:46:03 and we had 76 176 reserve officers 56
00:46:09 part-time state directors to clear our
00:46:11 territories but cybersecurity was
00:46:13 important because like I said we had
00:46:14 millions of millions of young man's
00:46:16 records and but it's not that expensive
00:46:18 our probably our hardware and software
00:46:20 cost about a $500,000 in a security
00:46:24 operation center as big as your room
00:46:25 here which is probably with about 12 by
00:46:28 6 and we had three personnel that were
00:46:33 very well-qualified and also we had a
00:46:35 person that did our I know security
00:46:37 training and also security training when
00:46:40 we had exercised every periodically and
00:46:43 we had the right people and the right
00:46:45 products there was one and I want to
00:46:47 promote this Perot this but let me call
00:46:49 Q radar and we could we could see
00:46:53 worldwide which IP addresses people were
00:46:55 trying to attack us it almost looked
00:46:57 like a missile strike that electronic
00:47:00 that you saw on wargames
00:47:01 yeah it was real interesting but we had
00:47:05 the right people that had a software
00:47:06 program
00:47:07 by a company where if somebody tried to
00:47:10 hack it to us they would they would put
00:47:11 him in a black hole and they would just
00:47:14 go in there and they would get stuck and
00:47:16 it would be just and it wouldn't spend
00:47:19 anything back and supportin you had the
00:47:21 right people that they're all what's
00:47:22 going on and you know it's almost it's
00:47:25 almost fun keeping it keeping it out
00:47:27 because if you had right thing nobody's
00:47:30 gonna get in there yeah if you're
00:47:31 successful in the cybersecurity side of
00:47:32 stuff it's very rewarding and fun any
00:47:35 time that you you have something go awry
00:47:37 it's a it's pretty stressful in those
00:47:39 and so the the way that you you have fun
00:47:42 and enjoy that is proper planning
00:47:45 upfront ahead of time being reactive and
00:47:47 being on your heels trying to dig in
00:47:49 after someone's gotten inside a system
00:47:51 is much more complicated than preventing
00:47:55 things from happening upfront so
00:47:57 preventive medicine on the the cyber
00:48:00 security side of systems it's just think
00:48:03 about like with your house if you have
00:48:05 an alarm on your house if you can stop
00:48:07 somebody from breaking into your house
00:48:08 much easier than showing up at home and
00:48:11 realizing all your drawers and and
00:48:12 everything and the whole house is thrown
00:48:14 it's strewn all over the floor it's much
00:48:16 harder to clean up after the break-in
00:48:19 than it is to prevent it upfront if you
00:48:21 go to the Department of Homeland
00:48:22 Security website you can find a lot of
00:48:24 information out and also we're number
00:48:26 two here in San Antonio and
00:48:27 cybersecurity so we have a lot of tools
00:48:29 that and they'd be probably happy to to
00:48:31 help you out whether it be you TSA or
00:48:33 the Air Force a little bit but UTSA
00:48:35 there's a lot of programs and any
00:48:37 companies with our course are looking to
00:48:40 help you out
00:48:40 but if you want to find information for
00:48:42 most liable go to those sources yeah and
00:48:45 there's lots of things going on both
00:48:48 public and private sector here on the
00:48:49 cybersecurity side as well as if you
00:48:50 want to get into this growing field
00:48:52 there's hundreds of thousands of job
00:48:54 openings now we've covered cybersecurity
00:48:56 education here across a number of our
00:49:00 DHS and NSA certified Center of
00:49:03 Excellence at the universities and
00:49:05 colleges here in the San Antonio area so
00:49:07 this is a one where this is gonna
00:49:10 continue to be a growing issue from now
00:49:13 and on into the future as records move
00:49:15 from paper to digital and we try to use
00:49:18 technology to lead an efficient and easy
00:49:21 life there's bad guys out there trying
00:49:23 to take advantage of that
00:49:25 so Larry if folks wanted to learn more
00:49:27 about your campaign where can they go
00:49:29 Romo for district clerk comm I like to
00:49:33 wish everybody a Merry Christmas and
00:49:35 Happy New Year or any way to celebrate
00:49:37 the holidays yes and Happy Holidays to
00:49:40 all of you listeners out there enjoy
00:49:43 some Spurs basketball this evening and
00:49:45 we will be back with you I think at our
00:49:48 regular scheduled hour the following
00:49:51 Saturday here