Episode: 063
Title: Public Sector Cybersecurity
Aired: December 12, 2017
Featured Segments: Public Sector Cybersecurity
Synopsis:
Bret Piatt, CTR Host, and Larry Romo, candidate for Bexar County District Clerk, discuss public sector cybersecurity including leadership IT philosophy, U.S. Selective Service System IT and its cybersecurity program.
Follow Us & Stay Informed:
Bret Piatt (left), Larry Romo(right)
Tweet us: @cybertalkradio, @bpiatt / Stream on iHeartRadio: Android or iOS
Transcript:
00:00:06 welcome to cyber talk radio I'm your 00:00:09 host Brett Hyatt a 20-year internet 00:00:11 security veteran and joined this week by 00:00:13 Larry Romo 00:00:14 he's currently a candidate here for 00:00:17 district clerk in Barre County he's got 00:00:20 a long and storied a career background 00:00:21 and we're gonna be talking public sector 00:00:23 cybersecurity this week Larry thank you 00:00:26 for agreeing to join us they can 00:00:28 appreciate the opportunity to be here 00:00:30 I'm looking forward to our discussion 00:00:30 yeah so go ahead and share with our 00:00:33 audience your background and uh how did 00:00:36 you one learn a little bit of German and 00:00:38 then to end up here on this cyber talk 00:00:40 radio program today well thank you again 00:00:42 and my background is I'm a native San 00:00:46 Antonio warna raised here I went to 00:00:49 highlands high school and had the good 00:00:51 fortune of being first to go to college 00:00:53 for my family I went to the United 00:00:55 States Air Force Academy I got my 00:00:58 Master's tonight school in education but 00:01:00 one of the most interesting things that 00:01:01 I have to say is the technology that has 00:01:04 changed my lifetime and we were the last 00:01:08 class at the Air Force Academy to be 00:01:09 issued slide rules there you go the next 00:01:12 class got issued calculators that were 00:01:15 quite expensive there Texas Instruments 00:01:16 I think they cost like $140 for a basic 00:01:19 one back then yeah and now the cadets at 00:01:22 the Air Force cow and you get issued the 00:01:24 top-of-the-line personal computers they 00:01:27 have all kinds of functions that they 00:01:29 can do so it's amazing all the 00:01:31 technology that has changed I retired as 00:01:35 a lieutenant colonel from the Air Force 00:01:36 Reserves and I remember the basic 00:01:39 computers coming out around 1980 the 00:01:42 updated computers the scene of z1z 100's 00:01:47 and now they have the top of line 00:01:49 computers Dale's and other other ones 00:01:52 that they use but also I've almost 00:01:55 realized that computer security is very 00:01:57 important because I was a federal 00:01:59 employee and I got credit for a little 00:02:02 burr 40 years of federal service and one 00:02:06 thing about federal employees most 00:02:08 agencies they are all agencies now have 00:02:10 to they have to make sure they have 00:02:13 proper computer security training and 00:02:15 proper cybersecurity processes 00:02:18 and I knew when I worked at Fort Sam 00:02:21 Houston and I was appointed by the 00:02:22 President stated nominated by Congress 00:02:24 to be the director of Selective Service 00:02:27 where I serve seven years to two months 00:02:29 that from day one cyber security 00:02:31 computer security were important parts 00:02:35 of the process and that the ones that 00:02:39 could get you in the most trouble yeah 00:02:41 absolutely and I mean it's you we were 00:02:43 talking a little bit before we went on 00:02:45 air here about the OPM and that OPM hack 00:02:48 that happened a while ago your records 00:02:50 were contained in that along with 00:02:51 everyone else that worked for the 00:02:53 government and it's just it's 00:02:55 complicated when you've got this breadth 00:02:57 of systems you have staff turnover in 00:03:00 agencies on a pretty regular basis and 00:03:03 it makes these large complex systems 00:03:06 tricky to deal with so there's a series 00:03:09 of unique challenges on the public 00:03:11 sector cybersecurity side of things so 00:03:14 in is you even just look at large-scale 00:03:17 IT projects there's additional 00:03:19 complexity on the public sector side of 00:03:21 things as well I think we'll be able to 00:03:22 dive into one of the ones here in Barre 00:03:25 County a little bit later into the 00:03:26 program if you happen to be listening to 00:03:29 us live right now here on Saturday 00:03:31 evening I had congressman Hurd on the 00:03:34 program where we talked more about 00:03:35 public sector at the federal government 00:03:38 level along with that OPM hack you can 00:03:41 listen to that on our archives on our 00:03:43 website at wwlp.com or as well if you're 00:03:47 a an iPhone or an Android user on your 00:03:50 favorite podcasting app they're on 00:03:52 either of those platforms pocket casts 00:03:54 on an Android maybe or iTunes on your 00:03:57 iPhone you can pull up that episode and 00:03:59 I hear what congressman Hurd had to say 00:04:02 about some of the things they're doing 00:04:03 at the the federal legislative level 00:04:05 right now that it's a it's one where I 00:04:08 think that these challenges is you you 00:04:11 said you started off back in the Air 00:04:13 Force Academy with the slide rules and 00:04:15 now everything is moving towards 00:04:17 technology and being able to execute 00:04:19 these large-scale technology projects 00:04:22 are going to be critical to the success 00:04:24 of our public sector services over the 00:04:27 next decade yes you're exactly right and 00:04:30 it's a team effort 00:04:31 everyone in an agency has to be involved 00:04:34 all employees because anybody could make 00:04:38 a mistake and it could cost millions and 00:04:41 millions of dollars as we can see with 00:04:43 the Office of Personnel Management in 00:04:44 fact my wife and I we have to have a 00:04:46 protective security because we both got 00:04:51 hacked through OPM and it's cost the 00:04:54 taxpayers millions of dollars to protect 00:04:56 all the citizens that were affected by 00:04:58 that that's why it was important from 00:05:00 day one when I was director of Selective 00:05:02 Service that I got together our IT 00:05:05 people and see where we're at and 00:05:09 unfortunately we requested an audit and 00:05:12 we have an analyst required called a 00:05:14 federal information management security 00:05:16 act and within a few months I was there 00:05:18 we had an audit we saw that we had some 00:05:20 major material weaknesses and some other 00:05:23 issues with a modernization project that 00:05:25 I had inherited so unfortunately I had 00:05:27 to make some personnel changes get the 00:05:29 right people in there and get the 00:05:32 contractor for this program called 00:05:35 registration compliance verification a 00:05:38 multi-million dollar computer contract 00:05:40 and say we're going to have milestones 00:05:41 we're going to have meetings we're going 00:05:44 to have making sure we have the right 00:05:45 cyber security we're going to get 00:05:47 together we're going to make sure that 00:05:48 we do this within our budget and within 00:05:50 time it's important for the leadership 00:05:53 to to get involved and get their hands 00:05:55 in so they can know what's going on and 00:05:57 ask the right questions a leader doesn't 00:05:59 have to be an IT major I gotten our 19 00:06:02 major but a leader has to be 00:06:03 knowledgeable enough to know what's 00:06:05 going on and that's correct questions 00:06:07 and being involved to get hands on 00:06:09 that's very imperative with IT systems 00:06:12 we got a the right team together we had 00:06:16 our in-house people they're real good on 00:06:18 source coding we had our private 00:06:21 contractor involved we had some other IT 00:06:23 people and the lay people the people the 00:06:25 end-users it's important that the in 00:06:27 users be involved because they're the 00:06:28 ones going to get the product and you 00:06:30 have to get the input of the end users 00:06:31 and many of the end users are 90 majors 00:06:33 but they're the ones who can visually 00:06:35 see what they need that they need to 00:06:36 know and what information they need on 00:06:39 the computer screen and it's important 00:06:41 that they're involved with the techies 00:06:44 with the source code 00:06:46 the the contractors so they could they 00:06:49 can get the system correct and proper 00:06:53 what they need to know and get the bugs 00:06:55 out of the system but also what you have 00:06:57 to do is you have to make sure that the 00:06:59 system the new system which created an 00:07:02 ism with the old system you got to keep 00:07:04 it separate because you want to make 00:07:06 sure that you don't do something by 00:07:08 accident and open up to potential 00:07:10 hackers so you keep the system in-house 00:07:13 to ensure that you keep the right 00:07:16 security yeah now and it's that's a 00:07:20 really important one is you talk through 00:07:22 there it's kind of a as I think about 00:07:24 it's the least privileged principle 00:07:25 you're going through and asking the 00:07:27 users what information they need to see 00:07:28 and then not displaying or sharing 00:07:30 additional information out to folks and 00:07:33 getting that user input design as the 00:07:36 the application is going through and not 00:07:38 making necessarily assumptions on how 00:07:41 people are going to try to use that 00:07:42 technology and their job actually go in 00:07:44 and ask the people that are doing the 00:07:46 work where's this tech plugging into 00:07:47 their process and how is it going to be 00:07:50 used so that you build the system in a 00:07:52 way that makes that process more 00:07:54 efficient for them and with does it in a 00:07:58 way that minimizes again the amount of 00:08:00 information you have to share where do 00:08:02 you have to share it and and who gets 00:08:04 control over it while it's useful 00:08:07 exactly in humans sometimes you have to 00:08:09 have some sample customers come because 00:08:12 if it's a product as you're developing 00:08:14 uh dating users know but you have to 00:08:16 know what the customers are going to get 00:08:18 back from that so it's important that 00:08:19 you look at the whole total picture it's 00:08:23 a very complex and tedious process and 00:08:25 it's important that you have much more 00:08:27 prior planning before you go into the 00:08:29 project and obviously before you put a 00:08:32 bit out for the contractor you have to 00:08:34 give them as much thorough information 00:08:35 as possible because you know as I do 00:08:38 that if you have to amend a contract 00:08:40 that's where that private contractor is 00:08:42 going to really increase the price and 00:08:45 then the taxpayers the cadet negatively 00:08:47 say well you should own that right in 00:08:49 the first place that's important that 00:08:50 you give as much information as possible 00:08:53 so it's you talk through on the the 00:08:56 scope and time of one of these projects 00:08:58 is this a 00:08:59 six month one year how many how long do 00:09:02 one of these big projects take it all 00:09:04 depends on the complexity of the project 00:09:06 if it's real complex or if it's not as 00:09:09 complex let's say I would say you would 00:09:11 give it at least a year just for the 00:09:13 planning aspect but if you have a 00:09:15 multiply module complex project I would 00:09:20 say at least two years like for the bear 00:09:22 County one we can discuss later I would 00:09:24 say so at least take two years if you 00:09:26 want to do the proper planning for the 00:09:27 multi modules that they want to do with 00:09:30 the integration part yeah so for those 00:09:32 in the the private sector I think this 00:09:34 is a significant difference in the way 00:09:37 that things are handled and public 00:09:39 sector technology projects are often 00:09:42 multi-year and even even a year of 00:09:44 planning before you go and do two at the 00:09:46 execution phase where private sector 00:09:49 side I think that folks are rolling 00:09:52 projects on a much shorter time frame 00:09:53 these days versus the longer more 00:09:58 structured planning and I think even if 00:10:00 you get into large enterprise now 00:10:02 they're looking to break projects down 00:10:04 into smaller chunks so as you're out 00:10:08 there and looking at these public sector 00:10:10 projects that are having potentially 00:10:13 difficulties and you don't hear about 00:10:14 all the ones that go very well we only 00:10:17 hear about the ones that have issues I 00:10:20 think that the process for public sector 00:10:22 works with the way that the services are 00:10:26 designed it's kind of the complexity of 00:10:28 the number of departments a number of 00:10:30 personnel that get involved in each of 00:10:34 these is I mean if you think about even 00:10:36 bare County here is a large size 00:10:39 organization but at the the federal 00:10:42 government level you have millions of 00:10:45 potential users and on the system 00:10:48 whether it's us as citizens logging into 00:10:50 it if it's the healthcare.gov or ttle or 00:10:53 somewhere else versus if it's an 00:10:56 internal system even getting used by 00:10:58 multiple departments or multiple 00:10:59 agencies you may have hundreds of 00:11:01 thousands of users on an application 00:11:03 that's true and what I'm very proud 00:11:05 you're right usually you don't hear 00:11:07 success stories but we did have to soar 00:11:10 to success stories and select a server 00:11:12 system 00:11:13 in 2015 we were ranked first of all the 00:11:17 small federal agencies and I believe 00:11:18 there was well over 25 small federal 00:11:20 agencies of the government we received 00:11:22 the highest best audit score from the 00:11:25 Copeland Department Homeland Security on 00:11:27 our annual audit the FISMA audit so I'm 00:11:30 very proud of that and also our private 00:11:32 contractor actually received an award 00:11:33 for the quality of source coding they 00:11:36 did of all the contracts I had in the 00:11:40 government and they had zero cyber 00:11:42 incidents and zero source coding I 00:11:45 believe they had like 68 I'm not exactly 00:11:47 sure but I believe 68,000 lines of 00:11:49 source coding or something like that 00:11:51 yeah so you're listening to cyber talk 00:11:54 radio on 1200 W AI I'm your host Brett 00:11:58 Pyatt I'm joined this week by Larry Romo 00:12:00 a retired airforce officer and a 00:12:02 candidate for Baer County Clerk we're 00:12:04 talking public sector IT and public 00:12:06 sector cyber security if you just turned 00:12:08 the radio on right now you can listen to 00:12:10 the rebroadcast and replay of this 00:12:11 online on Tuesday you'll be able to find 00:12:14 it on our website at wwlp.com so larry 00:12:18 vans we've kind of going through and 00:12:20 talking when you say small federal 00:12:22 agencies so Selective Service as small 00:12:25 business I think in the private sector 00:12:27 world means maybe 50 employees or 100 00:12:29 employees or 200 employees for a small 00:12:30 federal agency what a small mean at the 00:12:33 federal government level off the top my 00:12:35 head and don't hold me to this number 00:12:36 but I believe it's under 250 somewhere 00:12:40 around there definitely under 500 so 00:12:41 that's a small violating okay and then 00:12:43 from a IT budget perspective on those 00:12:46 projects how much money were they 00:12:47 spending on each of those actually our 00:12:50 annual budget is 23 million dollars yeah 00:12:55 so we did spend much we we had an extra 00:12:57 few million dollars that we got for this 00:12:59 our project end up taking probably 00:13:02 approximately about five years to 00:13:04 complete but it is top notch now and it 00:13:07 is excellent it probably taking less 00:13:10 time but the first year and a half they 00:13:12 were sputtering until I got there and 00:13:14 then we get on the right track yeah so 00:13:16 on the right track three-year execution 00:13:18 which for me and and my experience is 00:13:21 well working alongside some public 00:13:25 sector IT projects through 00:13:26 my career three years is excellent from 00:13:30 an idea to execution perspective on 00:13:34 these yes it saving time money in 00:13:37 efficiencies which is really really 00:13:39 great for us yes like a server system 00:13:42 was definitely a success story for the 00:13:44 RCB project you know and the same things 00:13:47 happened at Bear County we had a 00:13:48 mainframe that we had our data millions 00:13:51 of minutes of records of young men for 00:13:53 select a server system on a 1980s error 00:13:56 mainframe and we were sharing that 00:13:58 mainframe with another federal agency 00:14:00 and they they weren't auditing at war 00:14:02 and they want to get rid of the 00:14:03 mainframe because it was obsolete and 00:14:05 high maintenance so we had to put ours 00:14:07 on servers so we were under on a 00:14:09 definite timeline because it would have 00:14:11 cost us an extra million dollars a year 00:14:12 to basically maintain that mainframe 00:14:15 which we really didn't have so we had to 00:14:18 really make sure that we got that done 00:14:20 in a timely fashion 00:14:22 yeah and for those listening as we've 00:14:25 selective service you said the records 00:14:28 on millions this so this is where when 00:14:30 you turn 18 you you go register 00:14:32 yes it's federal law for all males to 00:14:34 register they're 18 to 25 years old and 00:14:37 it's really tied to a lot of benefits 00:14:39 like federal benefits like Pell grants 00:14:41 federal jobs federal job training and 00:14:43 also even the save of Texas in order to 00:14:45 get a driver's license you have to make 00:14:47 sure that you register with the 00:14:49 Selective Service System and even some 00:14:51 municipalities you cannot be a fireman 00:14:54 or a policeman so there's many many 00:14:56 things tied to it and it's the right 00:14:58 thing to do because we have a council 00:15:00 emergency all males must register in 00:15:03 case we don't have enough volunteers and 00:15:05 they're actually looking at possibly 00:15:07 adding women to that yeah so this back 00:15:10 went when I did that it was a it was a 00:15:12 postcard so it's not a postcard any 00:15:13 longer it sounds like probably about 85 00:15:16 at least percent if not more do it 00:15:18 online it takes less than two minutes to 00:15:20 go on the website to do it online now we 00:15:22 do still have postcards at all the post 00:15:25 offices for people that that don't want 00:15:29 to do it that way and they can actually 00:15:31 go electronically now and print out one 00:15:34 of their Selective Service cards that 00:15:35 they want to yeah so you've we've gone 00:15:39 through and 00:15:40 done that with the Selective Service and 00:15:42 then you would kind of retired there 00:15:44 from the the Air Force worked for the 00:15:46 Selective Service what made you decide 00:15:47 to to get involved here in Bear County 00:15:50 well again I was born and raised in San 00:15:52 Antonio and I really enjoy our city and 00:15:55 the county and it's important that we 00:15:57 have leadership's 00:15:59 that are ethical transparent and 00:16:02 accountable and supported that we have 00:16:04 the right people that have the 00:16:06 qualifications and leadership skills and 00:16:08 I have the skills dealing with people 00:16:11 dealing with technology and dealing with 00:16:13 customer service and the district clerk 00:16:15 office is needs to have those processes 00:16:19 optimized so it support that we do that 00:16:22 and I try to match my talents what I did 00:16:25 in Selective Service in an arrest of my 00:16:27 career with some of the some of the 00:16:30 political offices here and I felt that 00:16:33 was the best match yeah so as you're 00:16:38 looking at a time frame so we just had 00:16:40 an election here in November when would 00:16:43 this next election be the primaries in 00:16:45 Texas for both the Republican and 00:16:47 Democratic Party or March two six 00:16:49 already voting starts 20 February so 00:16:51 really that's just some right right 00:16:53 around the corner and then the general 00:16:55 election will be in November okay so 00:16:57 this is in the the 2018 ballot in the 00:17:00 November ballot you'll folks there and 00:17:02 then there's primaries coming up just 00:17:04 after the holiday season here exactly 00:17:06 yeah so it's a it's one now I think 00:17:09 where everyone feels like there's 00:17:10 constant campaigning going on I mean as 00:17:14 soon as someone's elected they're 00:17:16 starting their campaign to rerun again 00:17:19 for election this is one as we talked 00:17:21 about this turnover in the ite and the 00:17:25 technology projects that are running for 00:17:26 multiple years from a county clerk 00:17:29 perspective how long would you be in 00:17:31 office they're those terms are four 00:17:33 years which is really good because in 00:17:35 four years time you should be able to 00:17:37 get a major project done I mean there's 00:17:40 no excuse not to have a major project 00:17:41 within four years yeah so in and out 00:17:45 there for listeners is we're thinking 00:17:48 about term limits or shortening terms or 00:17:51 shortening the length of different 00:17:53 things 00:17:54 it realizes you're forcing staff 00:17:56 turnover on those and so there's 00:17:58 trade-offs to all of these but if you 00:18:01 have a two-year term and as Larry had 00:18:03 said that most these projects it's a 00:18:04 year of planning and then at least a 00:18:07 year of execution unless that project 00:18:09 started the day somebody took office 00:18:10 it's not going to be done in a two year 00:18:12 time frame so if you're looking for 00:18:14 change and improvement in your 00:18:16 government given the folks there the 00:18:19 opportunity to have a four-year term is 00:18:22 important and then also being able to 00:18:24 give folks the opportunity to 00:18:25 potentially run for a reelection if 00:18:27 they're doing a good job just I don't 00:18:30 know anyone that says you know what 00:18:31 you've worked for me for four years it's 00:18:32 time for you to go on somewhere else if 00:18:35 you're in there and you're doing a good 00:18:36 job you should be able to have the 00:18:38 opportunity to go back so this is it's 00:18:40 one that's interesting to think about 00:18:42 and on a whole separate topic from a 00:18:46 long-run perspective but the public 00:18:49 policy side of things impacts how 00:18:53 technology projects can get done so if 00:18:55 as you look and you go well why hasn't 00:18:56 the government changed X Y or Z 00:18:59 technology system if you look at how 00:19:02 people are appointed into that agency or 00:19:04 how the leaders of that agency are 00:19:06 elected you may be able to see signs of 00:19:10 that feeding down through to the whole 00:19:13 thing I think what's important too is 00:19:16 the political leadership has to work 00:19:19 very closely with the careerist the 00:19:21 career people there whether be the IT 00:19:23 department or the end-users all 00:19:25 employees like I said it's a team effort 00:19:27 and that's one thing I did and select a 00:19:29 service and I would do at the county but 00:19:30 in select a service it's like having a 00:19:33 mechanic checking under the hood you got 00:19:35 to check the spark plugs the engine and 00:19:37 transmission the battery the radiator to 00:19:40 make sure everything is it's a top tip 00:19:42 top shape that's the same thing that's 00:19:44 what I did when I want Selective Service 00:19:45 I wanted to check to make sure it I had 00:19:48 the right careers they were doing the 00:19:49 right job learning there are job 00:19:51 responsibilities going over to them with 00:19:54 their job responsibilities making sure 00:19:56 they were doing what's right 00:19:57 checking out the audit the financial 00:20:00 picture to see what is right and that's 00:20:02 why I had to make some changes because 00:20:04 we didn't have the right people that 00:20:05 were doing the right thing 00:20:06 and he got a you got to have trust you 00:20:09 got to develop that trust between the 00:20:11 political leadership and the career 00:20:12 leadership and work as a team in a 00:20:15 positive direction you got to keep the 00:20:17 train running on the tracks you know so 00:20:21 we hinted a couple of times about this 00:20:23 bear county project we're gonna dive 00:20:26 into deeper we'll do that after the 00:20:28 bottom of the hour break but let's go 00:20:29 ahead and give everybody a little bit of 00:20:31 a background on it right now on what is 00:20:35 this project it's a good example of 00:20:36 something to talk about here on these 00:20:38 long term time frames that the train did 00:20:40 not stay on the tracks in this case the 00:20:42 bear County integrated justice system 00:20:44 was a contract that was let out in 2010 00:20:47 and started in 2011 it was a little over 00:20:51 18 million dollar contract that they 00:20:53 gave an award to call MCAD the company 00:20:56 and there was approximately 14 or 15 00:20:59 areas in bear county government that 00:21:01 they were going to have an integration 00:21:03 justice computer system plant for 00:21:06 example the sheriff's office District 00:21:07 Attorney office the bear County Courts 00:21:10 which the district clerk runs a 00:21:12 magistrate court the county courts and 00:21:15 some other areas that they were going to 00:21:17 look into I mean that they were gonna do 00:21:19 and it was a very complex project 00:21:20 because when you're talking about 14 00:21:22 areas and that's why I say it's a long 00:21:24 term project that needed a lot of detail 00:21:26 planning because it's hard to integrate 00:21:27 one module let alone 14 or 15 areas so 00:21:32 it's important that that they were on 00:21:34 the right track and that the leadership 00:21:36 was really involved from day one because 00:21:39 he talking about 00:21:40 a very detailed complex project that 00:21:43 need to be done right yeah so this 00:21:45 project started back in in 2010 and 00:21:48 still not done today 00:21:50 exactly they still haven't put out a 00:21:54 request for a proposal they recently and 00:21:57 July of 2017 put out a request for 00:22:00 information to people out worldwide I 00:22:04 guess to say hey this is a project that 00:22:06 we want to do so it's still being 00:22:08 planned and the reason it's being 00:22:10 planned this way in 2015 there was an 00:22:13 article in Express news saying that they 00:22:14 were that I'm about to do it but there 00:22:16 was a very very detailed audit done by 00:22:23 IBM that was led out of January 2016 and 00:22:26 it was very very detailed saying that 00:22:29 there was a lot of different places in 00:22:32 Bear County IT department that were very 00:22:35 lacking that really really were very 00:22:39 lacking the very poor performance in 00:22:41 many areas in almost in all areas so I 00:22:44 have to compliment the bear county 00:22:46 wherever asked for that audit to do that 00:22:48 was 216 page awed it because they want 00:22:50 to know where they were at so they 00:22:53 probably hit the bottom of the barrel so 00:22:54 now and are on their way up so I have to 00:22:56 compliment sometimes you got to face the 00:22:59 hard facts and the cold truth that's 00:23:01 what they did so they are there 00:23:04 rebounding but it's it's a slow process 00:23:06 yeah I know as I've noticed over the 00:23:09 last kind of 12 to 18 months you'll if 00:23:13 you go to the bear County website if 00:23:14 you're in the tech sector and you're 00:23:17 looking for work they've got a number of 00:23:20 job openings they've got new salary 00:23:22 bands for all those job openings which 00:23:24 should be I think much more competitive 00:23:26 than where they were if you rewind back 00:23:30 probably to win this this project 00:23:32 started they were having a hard time 00:23:34 attracting and retaining the talent they 00:23:36 needed because of the way that 00:23:37 technology was thought of inside of the 00:23:41 the county and those things that you've 00:23:44 learned from those lessons and make 00:23:45 those changes now that's true and you 00:23:47 got to hire the right people you got 00:23:49 already got to look into their 00:23:50 backgrounds because I was told by a very 00:23:52 reliable source that the person back 00:23:54 then was it even a 90 a major that run 00:23:57 in the IT department they had a 00:23:59 financial background so we're getting 00:24:01 ready to break here for news traffic and 00:24:04 whether if you just joined us you're 00:24:06 listening to 1200 W a I this is cyber 00:24:09 talk radio 00:24:09 I'm your host Brett pipe joined this 00:24:11 week by Larry Romo candidate for Baer 00:24:14 county district clerk they're coming up 00:24:16 here in the twenty 00:24:17 eighteen elections he's a retired Air 00:24:19 Force officer and I've done a number of 00:24:22 other things we're gonna have deep dive 00:24:23 into public sector IT planning and 00:24:26 projects and how do these things go and 00:24:28 get executed in a successful manner 00:24:30 [Music] 00:24:43 [Music] 00:24:49 you 00:25:13 welcome back to cyber talk radio 00:25:16 I'm your host Brett Pyatt a 20-year 00:25:18 internet security veteran joined this 00:25:20 year by Larry Romo he's a retired Air 00:25:23 Force officer and 40-year civil servant 00:25:26 as you have mentioned the first half of 00:25:28 the program between your enlisted time 00:25:31 and your service with other agencies 00:25:34 after that you've spent 40 years in a 00:25:36 career working for us all as taxpayers 00:25:39 that's true that's true and you and 00:25:41 you're looking for at least four more 00:25:43 years it's important that you have the 00:25:45 right people because it's not my money 00:25:46 it's a taxpayers money I was told our 00:25:49 employees that I said we got to make 00:25:51 sure that we optimize our processes and 00:25:53 assets and gave their due to the 00:25:55 taxpayers because we got to make sure 00:25:57 that we don't waste money likely 00:26:00 unfortunately they did with this initial 00:26:02 project on the bear County integrated 00:26:04 justice system yeah and so for those 00:26:08 that are just a tuning in here with us 00:26:09 after the break so you started back a 00:26:12 long time ago here Highlands High School 00:26:14 in San Antonio yes I do now so yeah that 00:26:18 was the first to going to college I'm 00:26:19 there to the Air Force Academy 00:26:20 graduating so what made you pick the Air 00:26:23 Force Academy out of the the different 00:26:25 service academies how did you find your 00:26:26 way to that my dad worked at Kelly Air 00:26:30 Force Base he was in the army an 00:26:32 occupation force in Germany and then Air 00:26:35 Force Reserves for a while but he works 00:26:37 in Slovenian akeli and I used to enjoy 00:26:39 going to Kelly Air Force Base and 00:26:40 watching the aircraft and the Air Force 00:26:43 enlisted and officers there and 00:26:44 basically that kind of stuck in my head 00:26:46 when I went to the picnic grounds that 00:26:48 Kelly and I always liked the Air Force 00:26:50 and like the other services too but I 00:26:52 liked the Air Force yeah so from you 00:26:54 graduate from high school here and then 00:26:56 you start school in the fall and 00:26:59 immediately you've got snow under your 00:27:01 feet on campus there for that first 00:27:03 winter how was that that first winter 00:27:05 out of San Antonio yes that was real 00:27:06 interesting because actually it snowed 00:27:08 either the last week in October and 00:27:09 early October 00:27:10 hey my my parka and really the first 00:27:12 time I ever flew an airplane is when I 00:27:13 flew up to Colorado Air Force Academy so 00:27:17 it was really interesting process 00:27:19 because we're at 70 300 feet above sea 00:27:22 levels at the foothill the Rocky 00:27:24 Mountains so it gets really cold up 00:27:26 there and I will say shooting Montana in 00:27:27 four and a half years it's even colder 00:27:29 there ya know it's a that Central Plains 00:27:32 definitely you get the the cold for sure 00:27:36 so up in an airbase in Montana you spent 00:27:38 some time in Germany as well no actually 00:27:40 I've just been tty in Germany yeah my 00:27:42 wife she's German but I met her here at 00:27:45 the Beethoven monocore interesting it's 00:27:47 a South town legend that's right yeah 00:27:50 great place it's it's a been down there 00:27:53 all the way since the very beginnings of 00:27:54 King William yes it's been there it's 00:27:58 just like 1850s ya know it's a really a 00:28:02 fun spot a great place to go hang out a 00:28:04 First Friday 00:28:05 there's a wonderful courtyard patio 00:28:06 where I've seen and been hanging out 00:28:09 with lots of kids running around all the 00:28:10 time so we'll get back to our topic 00:28:14 about IT projects in public sector and 00:28:18 specifically we're gonna dive into one 00:28:21 project around this Barre County 00:28:22 integrated justice system if you miss 00:28:24 the first half of the program you can 00:28:26 listen to the rebroadcast a replay of 00:28:27 that online on our website at wwlp.com 00:28:31 or on itunes podcast or pocket casts on 00:28:34 your Android device that'll be online on 00:28:36 Tuesday here after we've we air here on 00:28:39 Saturday so in this projects this is a 00:28:44 15 module project and if you were 00:28:48 elected as the bear County District 00:28:50 Clerk you would be involved in this 00:28:52 project as as the executive they're in 00:28:56 charge of at least one of these systems 00:28:58 and modules that are going to tie into 00:28:59 this whole integrated platform correct 00:29:01 exactly that is correct the district 00:29:04 courts and probably the Maastricht 00:29:05 courts for that matter are going to be 00:29:07 very involved along with the for example 00:29:09 the DA's office the county courts the 00:29:12 Sheriff's Office the jails so it's 00:29:14 important that we have the right people 00:29:16 with the module because I only connect 00:29:18 would I be able to help make sure my 00:29:20 module is done properly and correctly 00:29:22 because of my 00:29:23 forty that I received and Selective 00:29:25 Service but also I can help out the 00:29:27 other modules too because they 00:29:29 complement each other yeah all this 00:29:32 informations got to tie together and 00:29:33 work well or if you don't have an 00:29:36 integrated system that's the definition 00:29:37 of integrated so from a history of this 00:29:40 project so it's coming up now I'm gonna 00:29:43 call it on a reboot and it sounds like 00:29:45 they started back in 2010 and will have 00:29:47 some information online that'll go into 00:29:49 a little bit of the background of this 00:29:50 and I mean express-news ran some 00:29:52 articles many articles maybe over the 00:29:55 last few years about this project cuz it 00:29:58 was a big project right the initial 00:30:00 kickoff almost a twenty million dollar 00:30:01 budget exactly uh it was a little over 00:30:05 18 million dollar budget and they're 00:30:08 very excited about it this a was going 00:30:09 to save time efficiencies and there was 00:30:12 an old mainframe and I guess they're 00:30:13 still using the old mainframe 00:30:14 I mean eighties just like we had and 00:30:16 select a service and they might uh 00:30:18 upgrade and put it on servers and in the 00:30:21 cloud probably and it was important that 00:30:23 they were all excited and saying we got 00:30:25 the right company but unfortunately the 00:30:27 wheels fell off there was a two-page 00:30:30 memo from the bear county that went out 00:30:32 in 2013 saying hey to the contractor 00:30:35 what's up we don't have a plan we don't 00:30:38 know where it's going and then in 2014 00:30:41 about three years in the contract the 00:30:44 contractor just walk off and declared 00:30:46 bankruptcy and was really a slap in the 00:30:48 face that contractor received thirty two 00:30:50 million dollars a few months before from 00:30:52 a investor riverside funds and the CEO 00:30:55 got five point eight million dollars so 00:30:58 of course if they do stuff like that 00:31:00 they can declare bankruptcy somebody 00:31:02 made money on the deal 00:31:03 yeah but so it was going nowhere 00:31:07 and finally IBM did an audit in 2015 and 00:31:13 they released the results January 2016 00:31:14 and it was pretty damaging pretty pretty 00:31:17 bad you know and would you like to 00:31:20 discuss some of those items yeah we 00:31:22 should we should go through that that 00:31:23 audit findings so this is one from a 00:31:26 public sector perspective that audits 00:31:29 get done from an agency level in theory 00:31:32 an annual basis I'm not certain across 00:31:34 every agency in the government it really 00:31:36 happens on an annual basis at the the 00:31:38 level and depth that this IBM assessment 00:31:41 and audit of Behr County for this 00:31:43 project happened that the and they get 00:31:47 graded in a letter grade for the federal 00:31:49 agencies I don't know if this audit has 00:31:50 a letter rate attached to it or not but 00:31:53 across IT technology across the federal 00:31:56 government most of the agencies sadly 00:31:59 enough for not receiving passing letter 00:32:00 grades on their cybersecurity or passing 00:32:02 letter grades even on IT systems 00:32:05 availability and modernization in many 00:32:07 different areas right now so technology 00:32:09 has been a big area of struggle for the 00:32:12 the public sector for a number of 00:32:14 reasons we talked about the first half 00:32:16 of the program but let's go ahead and 00:32:17 dive into this this IBM audit on this 00:32:21 integrated Justice Center project ok I'm 00:32:24 just gonna read a few items here the 00:32:26 weekly Baer County IT leadership 00:32:29 meetings are ineffective due to poor 00:32:31 information lack of planning and weak 00:32:33 agenda the County integrated justice 00:32:35 steering committee does not establish 00:32:37 the metrics for evaluating the 00:32:39 performance of the County integrated 00:32:41 justice system program the selected 00:32:43 metrics should be readied readily 00:32:46 measurable and indicate of the value of 00:32:48 the county information justice system to 00:32:51 the business and then they observe some 00:32:56 items they saying that the governance 00:32:57 was working until 5 years ago and this 00:33:00 would be in 2016 so was working was 00:33:03 working at 2011 but since then it wasn't 00:33:05 currently the string committee electric 00:33:07 officials are focused on business not 00:33:09 policy matters and are not meeting 00:33:11 regularly no one is leading the vision 00:33:13 business architecture is largely 00:33:15 unchanged in 10 years 00:33:17 technical architectures dated based on 00:33:19 legacy technology and missing key 00:33:21 integrations obsolete security and 00:33:23 incomplete documentation resulted in a 00:33:26 recently failed Behr County integrated 00:33:29 justice system security audit most bear 00:33:33 County integrated justice system 00:33:34 projects are on hold or have not made 00:33:36 progress in years project management 00:33:39 appears undisciplined risks including 00:33:42 management costs facility lack of 00:33:45 ability gaps incompleteness accuracy and 00:33:48 timeliness of information 00:33:49 yeah so is you talk through some of 00:33:52 those audit findings so you you have a 00:33:54 budget for running the existing systems 00:33:57 and the maintenance on those systems and 00:34:01 you have a project budget to modernize 00:34:04 or transform it and as you're your going 00:34:07 through this modernization and 00:34:08 transformation project fails where where 00:34:12 does that leave the budget for the the 00:34:14 operating and maintenance if maybe they 00:34:15 plan to phase out maintaining this old 00:34:18 system as you said you kind of ran into 00:34:20 a situation like this and the Selective 00:34:22 Service where other folks are moving off 00:34:23 of that mainframe what ends up happening 00:34:26 in these kind of cases where you maybe 00:34:30 don't have the budget dollars now you 00:34:33 just have to ask taxpayers for more 00:34:35 money but when you maintain an older 00:34:38 mainframe it goes down more so you have 00:34:40 to either in-house or hire a contractor 00:34:43 for the maintenance costs you also have 00:34:45 more personnel that are involved so it's 00:34:47 more timing time time more takes more 00:34:49 time and more cost but they're actually 00:34:52 had some cost in the audit what it would 00:34:54 cost to four redo if they redo all the 00:34:58 modules have cost thirty million dollars 00:35:00 now if they like you said earlier if 00:35:02 they go one or two modules at a time it 00:35:06 would be less probably four or five 00:35:07 million dollars so that's where that 00:35:09 would be at but I think one of the keys 00:35:12 really is communication you can really 00:35:15 save dollar and see if you just 00:35:16 communicate from top to bottom again get 00:35:20 the right team in but you got to have 00:35:21 the leadership get involved if they send 00:35:24 a representative that Rosa 00:35:25 representative has to be knowledgeable 00:35:28 but brief back to the the head of the of 00:35:32 the a of the section of the department 00:35:34 so for the initial 18 million dollars 00:35:39 that the the county spent on this did 00:35:41 they get any systems deployed to 00:35:43 production or is that money just gone 00:35:45 now that's a good question that you 00:35:49 would have to ask the county because 00:35:51 what I could see little if anything was 00:35:54 was accomplished on it again it was just 00:35:58 unfortunate that they got it to that 00:36:02 debacle 00:36:03 I guess they just hired the wrong vendor 00:36:06 which is very unfortunate thing that 00:36:10 happened yeah and as we had mentioned 00:36:13 the first half of the program as well 00:36:15 it's you every time one of these 00:36:16 projects goes the the wrong way and has 00:36:19 a failure you read about in the 00:36:21 newspaper you hear about it on programs 00:36:24 like this all the projects that they're 00:36:27 executing correctly we no one talks 00:36:30 about those I mean it's it's the 00:36:31 traditional news of if it bleeds it 00:36:33 leads 00:36:34 and so that the bad news the 00:36:36 post-mortems on those get lots of talk 00:36:38 in conversation but all of the the 00:36:41 projects that are moving along well 00:36:42 don't get mentioned and folks don't 00:36:45 generally get credit for those which is 00:36:48 it's kind of unfortunate in a way I 00:36:51 think that the you don't have the the 00:36:54 positive sides of a lot of these stories 00:36:55 getting told at the same time though is 00:36:58 you look at twenty million dollars and 00:37:01 going and seven years and going nowhere 00:37:04 on that type of budget someone should be 00:37:07 held accountable for for that level of 00:37:12 ineffectiveness yes and I believe they 00:37:15 made some changes in the IT department 00:37:17 which is important because the IT 00:37:18 department should really be the lead on 00:37:21 that but you can't just say what's the 00:37:23 IT departments fault again you got to 00:37:24 have all the people that have have 00:37:27 ownership there because it's a team 00:37:29 effort 00:37:29 and so you have to complement the IT 00:37:32 department and if you see something 00:37:33 wrong you know you have to it'd be like 00:37:36 me saying well if I almost director 00:37:38 Selective Service it's the IDP or in 00:37:40 small it's not my fault if that would be 00:37:41 the case then the OPM director would 00:37:43 have still been there instead of being a 00:37:45 resigned from that position because of 00:37:47 the computer hacked so it's important 00:37:49 that we that we have that team effort 00:37:50 and my opponent has been there since 00:37:54 2011 when the contract started and I 00:37:57 think she probably should have been more 00:37:59 involved in my opinion maybe she could 00:38:02 have tracked at it I found that so if we 00:38:05 we go back now should the county award a 00:38:08 new integrator this contract are they 00:38:10 ready right now to start implementing 00:38:14 I think they're getting there what I've 00:38:17 read in the internet and Internet's 00:38:18 great tool for research they actually 00:38:20 hired a an integrator a person with 00:38:24 almost a 7,000 a month salary and I 00:38:26 believe that person's on board because 00:38:27 they hired somebody it's been well over 00:38:29 a year ago what I could see so again I 00:38:33 said as complex as that is it's probably 00:38:35 to your project and I know for a fact 00:38:37 that they do have a committee that's 00:38:40 meeting right now and they're looking to 00:38:44 see what it's going to take to put the 00:38:45 request for a proposal out and I read 00:38:48 that they had that request for 00:38:49 information already sent out to 00:38:51 contractors nationwide asking for who 00:38:56 could do a project like this and that 00:38:57 was a deadline with that was July of 00:39:00 2017 so I think they're getting there to 00:39:03 put the proposal out but as I said 00:39:05 there's it's a very complex project and 00:39:08 you need to get those any easier you 00:39:09 need to dig in and give us much 00:39:11 information to those contractors as 00:39:13 possible because you want to make sure 00:39:15 it's detail so that way you'll be fine 00:39:17 oh we missed this then they're going to 00:39:20 have to amend the contract and that's 00:39:22 where the price gets gets raised and 00:39:25 upsets the taxpayers yeah it's just like 00:39:27 if you're you're remodeling something at 00:39:30 your your house and you don't get into 00:39:33 the details with your your contractor 00:39:35 there and then you come back and you go 00:39:38 oh like I didn't want the sink in that 00:39:40 location they're happy to move it again 00:39:42 it's just gonna cost a bunch of money or 00:39:44 put the bathtub in a different spot or 00:39:46 any of those sorts of things if you 00:39:47 weren't specific when you had that 00:39:49 contractor doing remodeling on your 00:39:50 house same thing on an IT project so 00:39:53 it's just you've got to be specific and 00:39:55 you have to let them know what the 00:39:57 expectations of deliverables are and if 00:39:59 you're paying money out exactly what are 00:40:03 you getting for the dollars that are 00:40:05 prescribed there because if you leave it 00:40:07 up to discretion they may end up 00:40:10 building something that doesn't work for 00:40:11 your end user and then after the system 00:40:13 rolls out the end user will come back 00:40:15 and say hey this doesn't actually allow 00:40:16 me to achieve my business project 00:40:18 process I can't use this new technology 00:40:20 system or I have to do all these other 00:40:23 manual workarounds and you have the 00:40:24 option of funding and authorizing those 00:40:27 manual 00:40:27 or going back and redoing the technology 00:40:30 system again exactly one thing I want to 00:40:33 mention on one of the audit items that 00:40:35 really concerned me was failing their 00:40:37 security audit again 00:40:40 there was hecky's all around and where 00:40:42 connie has a lot of personal information 00:40:44 on people so we got to make sure that 00:40:46 they have a top-notch cybersecurity 00:40:48 program so that's one thing I will look 00:40:50 into making sure all my personnel have 00:40:52 was a proper cyber security but that we 00:40:55 have the right tools and the right 00:40:57 software to make sure that we can 00:40:59 prevent hacking because we do have a lot 00:41:01 of interfaces the district clerk and 00:41:04 with the attorneys out in the field the 00:41:06 state actually has something called 00:41:07 lectronimo transfers that they put into 00:41:09 place so now if somebody puts the 00:41:12 litigation like a lawsuit or even 00:41:14 criminal if they want to put in 00:41:16 information to the district clerk office 00:41:19 they could do it electronically but you 00:41:21 knows I do you got to have a secure 00:41:22 interface because if you get into the 00:41:25 system that way hacked that's gonna 00:41:26 create a lot of problems that you want 00:41:29 to have yeah because I mean that that 00:41:31 office is interfacing with confidential 00:41:34 records not necessarily attorney-client 00:41:36 privileged documentation but in some 00:41:38 cases it will because those things 00:41:39 they'll be going through to a judge for 00:41:41 review but documentation about minors 00:41:43 which should be sealed so not all court 00:41:45 records are all public record you can go 00:41:48 sit down in a courtroom and listen to 00:41:49 testimony you can listen to all sorts of 00:41:51 things but sometimes courtrooms are 00:41:53 closed because they're discussing things 00:41:55 about a minor and in lots of documents 00:41:57 there they get filed to deal with with 00:42:00 minors and with things that need to 00:42:02 remain confidential and as you go 00:42:05 through I mean even just outside the 00:42:07 courts you can think of you pay your 00:42:09 property taxes you're paying your 00:42:10 property taxes through a county system 00:42:11 online you might be paying it and 00:42:14 putting your bank account information in 00:42:16 there you might be paying it putting 00:42:17 credit card information in there is so 00:42:20 we all go through and as Bear County 00:42:22 residents interact with bear County 00:42:24 technology systems and they the share 00:42:26 and store confidential or sensitive 00:42:28 information about each one of us if you 00:42:31 would have a you're exactly right and 00:42:33 you want to have firewalls firewalls 00:42:35 obviously you don't want a hacker to get 00:42:37 into the system but whoever gets into 00:42:39 one system it's almost like I guess like 00:42:41 this 00:42:41 if someplace starts leaking they may 00:42:44 close the hatches so you won't get to 00:42:47 the other ones and it's important 00:42:48 because if somebody gets into the system 00:42:50 you don't want them to go to the the 00:42:52 records of your employees for example ya 00:42:55 know they have a lot of information 00:42:56 probably their social security account 00:42:57 numbers and stuff it was important that 00:42:59 you have the right firewalls that can't 00:43:01 be penetrated no and that's a 00:43:03 containment things that you learned 00:43:06 during a military career in a military 00:43:07 education for sure is that risk 00:43:09 mitigation and management and 00:43:10 containment of because you're gonna 00:43:12 always deal with things from a warfare 00:43:14 perspective nothing's ever going to go 00:43:16 exactly as planned but you every time 00:43:18 you do have damage you want to be able 00:43:19 to minimize that exactly we're all we're 00:43:22 all really warriors when it comes to a 00:43:24 cyber warfare even even people in their 00:43:26 home with their personal computers we 00:43:29 all have to have knowledge so we won't 00:43:30 get our information hacked yeah and you 00:43:34 can learn quite a bit more on that cyber 00:43:37 security from an individual perspective 00:43:39 or how to help secure your business on 00:43:41 our website at wwlp.com yeah I mean on 00:43:45 the awareness training that's the the 00:43:47 number one most important we've had some 00:43:49 guests on talking some cyber security 00:43:52 and security awareness training is if 00:43:53 you don't know what a phishing email is 00:43:56 you're probably fallen victim to one 00:43:58 already without even knowing about it I 00:43:59 was sent one from somebody pretending to 00:44:02 be our benefits provider I've run a tech 00:44:05 company and I do cyber security so I was 00:44:07 aware of this but they were asking for 00:44:09 all of our employees birthdates and 00:44:10 social cues never spilled out on a 00:44:11 spreadsheet no I didn't actually send it 00:44:14 but I'm aware of instances in the past 00:44:17 where this has happened where either 00:44:18 someone in your HR department or someone 00:44:20 with access to the information at a 00:44:22 company is fallen victim to these 00:44:23 end-of-the-year benefits enrollment 00:44:26 phishing attempts and there's all types 00:44:29 of attacks out there where the folks are 00:44:31 looking at a weakness in your process or 00:44:34 a weakness in your systems to to gain 00:44:36 access to as much information as they 00:44:38 can very damaging and we hear 00:44:42 unfortunately all these stories 00:44:43 worldwide and especially United States 00:44:46 about all these attacks they had it's 00:44:48 just amazing 00:44:50 we just heard one from ubirr I don't 00:44:52 know the details of that one and of 00:44:53 course the Democrat asked 00:44:54 you got hack really bad through an 00:44:56 attachment so it's important that we are 00:44:59 religion yeah 00:45:00 now they that uber hack and one is where 00:45:05 for those that get into the technical 00:45:08 nerdy details of it they one of their 00:45:11 engineers left credentials to a database 00:45:15 in something that their system had 00:45:19 access to and the attacker was able to 00:45:21 get those credentials from that engineer 00:45:24 and use them to go authenticate to a 00:45:25 database that pulled down 00:45:27 they said records about 57 million 00:45:30 riders and passengers but it didn't fall 00:45:33 into a bunch of the different PII 00:45:34 disclosure so it may be just our email 00:45:38 addresses and our name not something any 00:45:41 too damaging or sensitive from what's 00:45:44 been released thus far but this is a 00:45:47 somewhat a becoming commonplace yes 00:45:50 you're exactly right and it's important 00:45:52 that cyber security starts with your 00:45:55 team you know we had a small agency 125 00:45:58 people we had 10,000 board members from 00:46:03 and we had 76 176 reserve officers 56 00:46:09 part-time state directors to clear our 00:46:11 territories but cybersecurity was 00:46:13 important because like I said we had 00:46:14 millions of millions of young man's 00:46:16 records and but it's not that expensive 00:46:18 our probably our hardware and software 00:46:20 cost about a $500,000 in a security 00:46:24 operation center as big as your room 00:46:25 here which is probably with about 12 by 00:46:28 6 and we had three personnel that were 00:46:33 very well-qualified and also we had a 00:46:35 person that did our I know security 00:46:37 training and also security training when 00:46:40 we had exercised every periodically and 00:46:43 we had the right people and the right 00:46:45 products there was one and I want to 00:46:47 promote this Perot this but let me call 00:46:49 Q radar and we could we could see 00:46:53 worldwide which IP addresses people were 00:46:55 trying to attack us it almost looked 00:46:57 like a missile strike that electronic 00:47:00 that you saw on wargames 00:47:01 yeah it was real interesting but we had 00:47:05 the right people that had a software 00:47:06 program 00:47:07 by a company where if somebody tried to 00:47:10 hack it to us they would they would put 00:47:11 him in a black hole and they would just 00:47:14 go in there and they would get stuck and 00:47:16 it would be just and it wouldn't spend 00:47:19 anything back and supportin you had the 00:47:21 right people that they're all what's 00:47:22 going on and you know it's almost it's 00:47:25 almost fun keeping it keeping it out 00:47:27 because if you had right thing nobody's 00:47:30 gonna get in there yeah if you're 00:47:31 successful in the cybersecurity side of 00:47:32 stuff it's very rewarding and fun any 00:47:35 time that you you have something go awry 00:47:37 it's a it's pretty stressful in those 00:47:39 and so the the way that you you have fun 00:47:42 and enjoy that is proper planning 00:47:45 upfront ahead of time being reactive and 00:47:47 being on your heels trying to dig in 00:47:49 after someone's gotten inside a system 00:47:51 is much more complicated than preventing 00:47:55 things from happening upfront so 00:47:57 preventive medicine on the the cyber 00:48:00 security side of systems it's just think 00:48:03 about like with your house if you have 00:48:05 an alarm on your house if you can stop 00:48:07 somebody from breaking into your house 00:48:08 much easier than showing up at home and 00:48:11 realizing all your drawers and and 00:48:12 everything and the whole house is thrown 00:48:14 it's strewn all over the floor it's much 00:48:16 harder to clean up after the break-in 00:48:19 than it is to prevent it upfront if you 00:48:21 go to the Department of Homeland 00:48:22 Security website you can find a lot of 00:48:24 information out and also we're number 00:48:26 two here in San Antonio and 00:48:27 cybersecurity so we have a lot of tools 00:48:29 that and they'd be probably happy to to 00:48:31 help you out whether it be you TSA or 00:48:33 the Air Force a little bit but UTSA 00:48:35 there's a lot of programs and any 00:48:37 companies with our course are looking to 00:48:40 help you out 00:48:40 but if you want to find information for 00:48:42 most liable go to those sources yeah and 00:48:45 there's lots of things going on both 00:48:48 public and private sector here on the 00:48:49 cybersecurity side as well as if you 00:48:50 want to get into this growing field 00:48:52 there's hundreds of thousands of job 00:48:54 openings now we've covered cybersecurity 00:48:56 education here across a number of our 00:49:00 DHS and NSA certified Center of 00:49:03 Excellence at the universities and 00:49:05 colleges here in the San Antonio area so 00:49:07 this is a one where this is gonna 00:49:10 continue to be a growing issue from now 00:49:13 and on into the future as records move 00:49:15 from paper to digital and we try to use 00:49:18 technology to lead an efficient and easy 00:49:21 life there's bad guys out there trying 00:49:23 to take advantage of that 00:49:25 so Larry if folks wanted to learn more 00:49:27 about your campaign where can they go 00:49:29 Romo for district clerk comm I like to 00:49:33 wish everybody a Merry Christmas and 00:49:35 Happy New Year or any way to celebrate 00:49:37 the holidays yes and Happy Holidays to 00:49:40 all of you listeners out there enjoy 00:49:43 some Spurs basketball this evening and 00:49:45 we will be back with you I think at our 00:49:48 regular scheduled hour the following 00:49:51 Saturday here